reporter: Add more event data into the email headers

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/suricata-reporter.in b/src/suricata-reporter.in
index 5bddf6ab30e27c669b1d340895adbbe2051101a0..28b55bc39616f1af2769fb7935a972a1288f69bd 100644 (file)
--- a/src/suricata-reporter.in
+++ b/src/suricata-reporter.in
@@ -385,8 +385,9 @@ class Reporter(object):
                # Generate a Message ID
                msg.add_header("Message-ID", email.utils.make_msgid())
 
-               # Add the severity as a header for email filtering
-               msg.add_header("X-Alert-Severity", "%s" % event.alert_severity)
+               # Add any custom event headers
+               for key, value in event.headers:
+                       msg.add_header(key, value)
 
                # Compose the content
                content = [
@@ -579,6 +580,35 @@ class Event(object):
 
                return " ".join(s)
 
+       @property
+       def headers(self):
+               """
+                       Returns headers that will be included in the email
+               """
+               # Type
+               yield "X-Event-Type", self.type
+
+               # Alert Stuff
+               if self.is_alert():
+                       yield "X-Event-Alert-GID", "%s" % self.alert_gid
+                       yield "X-Event-Alert-SID", "%s" % self.alert_signature_id
+                       yield "X-Event-Alert-Rev", "%s" % self.alert_rev
+
+                       # Signature
+                       yield "X-Event-Signature", self.alert_signature
+
+                       # Category
+                       yield "X-Event-Category", self.alert_category
+
+                       # Severity
+                       yield "X-Event-Severity", "%s" % self.alert_severity
+
+               # Protocol
+               yield "X-Event-Protocol", self.protocol
+
+               # Application Protocol
+               yield "X-Event-Application-Protocol", self.app_protocol
+
        def dump(self):
                """
                        Dumps any relevant fields of this event in a human-readable way