From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Fri, 5 Mar 2021 20:33:40 +0000 (+0000)
Subject: Merge pull request #2776 in SNORT/snort3 from ~MDAGON/snort3:rep_peg to master
X-Git-Tag: 3.1.2.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b312ad48f33b2c6359ce5faa95c7ef1aa457c86c;p=thirdparty%2Fsnort3.git

Merge pull request #2776 in SNORT/snort3 from ~MDAGON/snort3:rep_peg to master

Squashed commit of the following:

commit 0ac10d96c7da3c9bb9055c3915380f7c5b934726
Author: mdagon <mdagon@cisco.com>
Date:   Wed Mar 3 10:03:58 2021 -0500

    reputation: add peg count for total alerts
---

diff --git a/src/network_inspectors/reputation/reputation_config.h b/src/network_inspectors/reputation/reputation_config.h
index 83869faab..9ef911fcc 100644
--- a/src/network_inspectors/reputation/reputation_config.h
+++ b/src/network_inspectors/reputation/reputation_config.h
@@ -109,6 +109,7 @@ struct ReputationStats
     PegCount trusted;
     PegCount monitored;
     PegCount memory_allocated;
+    PegCount total_alerts;
 };
 
 extern const PegInfo reputation_peg_names[];
diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc
index d9bdd71ac..ce17ce5f2 100644
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -49,7 +49,7 @@ const PegInfo reputation_peg_names[] =
 { CountType::SUM, "trusted", "number of packets trusted" },
 { CountType::SUM, "monitored", "number of packets monitored" },
 { CountType::SUM, "memory_allocated", "total memory allocated" },
-
+{ CountType::SUM, "total_alerts", "total alerts triggered" },
 { CountType::END, nullptr, nullptr }
 };
 
@@ -277,6 +277,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
         act->block_session(p, true);
         act->set_drop_reason("reputation");
         reputationstats.blocked++;
+        reputationstats.total_alerts++;
         if (PacketTracer::is_active())
             PacketTracer::log("Reputation: packet blocked, drop\n");
     }
@@ -294,6 +295,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
 
         DetectionEngine::queue_event(GID_REPUTATION, monitor_event);
         reputationstats.monitored++;
+        reputationstats.total_alerts++;
     }
 
     else if (TRUSTED_SRC == decision or TRUSTED_DST == decision)
@@ -310,6 +312,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
         DetectionEngine::queue_event(GID_REPUTATION, allowlist_event);
         act->trust_session(p, true);
         reputationstats.trusted++;
+        reputationstats.total_alerts++;
     }
 }