From: Michael Tremer Date: Mon, 26 Jan 2026 18:09:09 +0000 (+0000) Subject: reporter: Simplify the code that generates the info fields X-Git-Tag: 0.6~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be66a554086a85ce1845e26f7f41ee36969b2ddc;p=suricata-reporter.git reporter: Simplify the code that generates the info fields Signed-off-by: Michael Tremer --- diff --git a/src/suricata-reporter.in b/src/suricata-reporter.in index 3afcedf..f4b529b 100644 --- a/src/suricata-reporter.in +++ b/src/suricata-reporter.in @@ -502,19 +502,14 @@ class Worker(threading.Thread): "", _("The IPFire Intrusion Prevention System has raised the following alert:"), "", - " %-20s : %s" % (_("Signature"), event.alert_signature), - " %-20s : %s" % (_("Category"), event.alert_category), - " %-20s : %s" % (_("Severity"), self.translate_severity(event.alert_severity)), - " %-20s : %s" % (_("Timestamp"), - event.timestamp.strftime("%A, %d %B %Y at %H:%M:%S %Z")), - " %-20s : %s:%s" % (_("Source"), - event.source_address, event.source_port or event.icmp_code), - " %-20s : %s:%s" % (_("Destination"), - event.destination_address, event.destination_port or event.icmp_type), - " %-20s : %s" % (_("Protocol"), event.protocol), - "", ] + # Add all information from the event + content += (" %-20s : %s" % (key, value) for key, value in event.dump()) + + # Newline + content.append("") + # Show if something was blocked if event.alert_action == "blocked": content += ( @@ -547,21 +542,6 @@ class Worker(threading.Thread): log.debug("Successfully send email to %s" % \ ", ".join(address for name, address in email_recipients)) - def translate_severity(self, severity): - """ - Translates the severity into a human-readable string - """ - if severity == 1: - return _("High Severity") - elif severity == 2: - return _("Medium Severity") - elif severity == 3: - return _("Low Severity") - elif severity == 4: - return _("Informational") - else: - return "%s" % severity - class Event(object): def __init__(self, event): @@ -614,6 +594,10 @@ class Event(object): def protocol(self): return self.data.get("proto") + @property + def app_protocol(self): + return self.data.get("app_proto", None) + @property def icmp_code(self): return self.data.get("icmp_code", None) @@ -698,6 +682,51 @@ class Event(object): return " ".join(s) + def dump(self): + """ + Dumps any relevant fields of this event in a human-readable way + """ + # Add the signature name + yield _("Signature"), self.alert_signature, + + # Add the alert category + yield _("Category"), self.alert_category, + + # Add the alert severity + yield _("Severity"), self.translate_severity(self.alert_severity), + + # Add the event timestamp + yield _("Timestamp"), self.timestamp.strftime("%A, %d %B %Y at %H:%M:%S %Z"), + + # Add the source + yield _("Source"), "%s:%s" % ( + self.source_address, self.source_port or self.icmp_code, + ), + + # Add the destination + yield _("Destination"), "%s:%s" % ( + self.destination_address, self.destination_port or self.icmp_type, + ), + + # Add the protocol + yield _("Protocol"), self.protocol, + + def translate_severity(self, severity): + """ + Translates the severity into a human-readable string + """ + if severity == 1: + return _("High Severity") + elif severity == 2: + return _("Medium Severity") + elif severity == 3: + return _("Low Severity") + elif severity == 4: + return _("Informational") + else: + return "%s" % severity + + def setup_logging(loglevel=logging.INFO): log.setLevel(loglevel)