"",
_("The IPFire Intrusion Prevention System has raised the following alert:"),
"",
- " %-20s : %s" % (_("Signature"), event.alert_signature),
- " %-20s : %s" % (_("Category"), event.alert_category),
- " %-20s : %s" % (_("Severity"), self.translate_severity(event.alert_severity)),
- " %-20s : %s" % (_("Timestamp"),
- event.timestamp.strftime("%A, %d %B %Y at %H:%M:%S %Z")),
- " %-20s : %s:%s" % (_("Source"),
- event.source_address, event.source_port or event.icmp_code),
- " %-20s : %s:%s" % (_("Destination"),
- event.destination_address, event.destination_port or event.icmp_type),
- " %-20s : %s" % (_("Protocol"), event.protocol),
- "",
]
+ # Add all information from the event
+ content += (" %-20s : %s" % (key, value) for key, value in event.dump())
+
+ # Newline
+ content.append("")
+
# Show if something was blocked
if event.alert_action == "blocked":
content += (
log.debug("Successfully send email to %s" % \
", ".join(address for name, address in email_recipients))
- def translate_severity(self, severity):
- """
- Translates the severity into a human-readable string
- """
- if severity == 1:
- return _("High Severity")
- elif severity == 2:
- return _("Medium Severity")
- elif severity == 3:
- return _("Low Severity")
- elif severity == 4:
- return _("Informational")
- else:
- return "%s" % severity
-
class Event(object):
def __init__(self, event):
def protocol(self):
return self.data.get("proto")
+ @property
+ def app_protocol(self):
+ return self.data.get("app_proto", None)
+
@property
def icmp_code(self):
return self.data.get("icmp_code", None)
return " ".join(s)
+ def dump(self):
+ """
+ Dumps any relevant fields of this event in a human-readable way
+ """
+ # Add the signature name
+ yield _("Signature"), self.alert_signature,
+
+ # Add the alert category
+ yield _("Category"), self.alert_category,
+
+ # Add the alert severity
+ yield _("Severity"), self.translate_severity(self.alert_severity),
+
+ # Add the event timestamp
+ yield _("Timestamp"), self.timestamp.strftime("%A, %d %B %Y at %H:%M:%S %Z"),
+
+ # Add the source
+ yield _("Source"), "%s:%s" % (
+ self.source_address, self.source_port or self.icmp_code,
+ ),
+
+ # Add the destination
+ yield _("Destination"), "%s:%s" % (
+ self.destination_address, self.destination_port or self.icmp_type,
+ ),
+
+ # Add the protocol
+ yield _("Protocol"), self.protocol,
+
+ def translate_severity(self, severity):
+ """
+ Translates the severity into a human-readable string
+ """
+ if severity == 1:
+ return _("High Severity")
+ elif severity == 2:
+ return _("Medium Severity")
+ elif severity == 3:
+ return _("Low Severity")
+ elif severity == 4:
+ return _("Informational")
+ else:
+ return "%s" % severity
+
+
def setup_logging(loglevel=logging.INFO):
log.setLevel(loglevel)
projects / suricata-reporter.git / commitdiff
