reporter: Implement filtering email alerts by severity

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/reporter.conf.in b/src/reporter.conf.in
index 4498c6c97393ede2a4a05ce3627dc141b48d8ec4..ba16d21cfe59f4379835c53e3dc8064bb0c81c46 100644 (file)
--- a/src/reporter.conf.in
+++ b/src/reporter.conf.in
@@ -32,3 +32,12 @@
 
 ; The recipient email addresses. Use comma separation for more reciepients.
 ;recipients = john.doe@example.com, jane.doe@example.com
+
+; Filter by severity
+; If set, only alerts of this severity or more severe will be emailed.
+; Otherwise all alerts will be emailed.
+; 1 = High Severity
+; 2 = Medium Severity
+; 3 = Low Severity
+; 4 = Informational
+;severity = 3

diff --git a/src/suricata-reporter.in b/src/suricata-reporter.in
index f4aa886b0046a537f6c2f6d81ac55ac4dc137ca8..b1ed4db98a7818ea0777dc2be2de45a2c88753e9 100644 (file)
--- a/src/suricata-reporter.in
+++ b/src/suricata-reporter.in
@@ -381,6 +381,12 @@ class Worker(threading.Thread):
                """
                        Generates a new email with the alert
                """
+               # Allow to filter by severity (so that only more important
+               # alerts will be emailed)
+               severity = self.config.getint("email", "severity", fallback=None)
+               if severity and event.alert_severity > severity:
+                       return
+
                # Create a new message
                msg = email.message.EmailMessage()