From 62786f032600c89aca4fdd2446629c904991dc09 Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Fri, 23 May 2014 16:06:25 +0200
Subject: [PATCH] uprava hlavicky souboru; nastavovani kontaktu u jednotlivych
 queries pomoci nove pridane promenne $contact

---
 src/warden-server/etc/warden-watchdog.conf | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/warden-server/etc/warden-watchdog.conf b/src/warden-server/etc/warden-watchdog.conf
index 0fbf761..6bfa397 100644
--- a/src/warden-server/etc/warden-watchdog.conf
+++ b/src/warden-server/etc/warden-watchdog.conf
@@ -1,7 +1,7 @@
 #
 # warden-watchdog.conf - configuration file for Wachdog script
 #
-# Copyright (C) 2011-2013 Cesnet z.s.p.o
+# Copyright (C) 2011-2014 Cesnet z.s.p.o
 #
 # Use of this source is governed by a BSD-style license, see LICENSE file.
 
@@ -10,6 +10,11 @@
 #-------------------------------------------------------------------------------
 $domain_name = "warden-dev.cesnet.cz";
 
+#-------------------------------------------------------------------------------
+# contact - contact to server administrator
+#-------------------------------------------------------------------------------
+$contact = "jakubcegan@cesnet.cz, ph@cesnet.cz";
+
 #-------------------------------------------------------------------------------
 # email_subject - ...
 #-------------------------------------------------------------------------------
@@ -59,10 +64,10 @@ END;');
 #                          in a database table.
 #-------------------------------------------------------------------------------
 @sql_queries = (
- {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '\$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'},
- {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => 'jakubcegan@cesnet.cz, ph@cesnet.cz'});
+ {query => "SELECT hostname, service, MAX(received) FROM events WHERE valid = 't' GROUP BY hostname, service ORDER BY MAX(received) ASC;", text => "These clients do not report any events for a long time. It is possible, that they are misconfigured or not running.", contact => "$contact"},
+ {query => "SELECT clients.* FROM clients JOIN events ON clients.service=events.service WHERE events.detected > '$date' AND NOT FIND_IN_SET(events.type, 'portscan,bruteforce,probe,spam,phishing,botnet_c_c,dos,malware,copyright,webattack,test,other') AND events.valid = 't' GROUP BY requestor;", text => "Following client(s) report unsupported or obsolete type of event to a Warden server.", contact => "$contact"},
+ {query => "SELECT hostname, service, type, COUNT(*) FROM events WHERE detected - received > 0 AND received > '$date' GROUP BY hostname, service, type;", text => "Following client(s) report events to a Warden server with a timestamp from future. Server timestamp (received) has to be always greater or equal to a timestam of detection.", contact => "$contact"},
+ {query => "SELECT hostname, service, received, source, count(source) AS c, min(received), max(received) FROM events WHERE valid = 't' AND source_type = 'IP' AND iptest(source) GROUP BY hostname, service, source ORDER BY c DESC;", text => "Following client(s) report events to a Warden server with a private or invalid IPv4 address.", contact => "$contact"});
 
 #-------------------------------------------------------------------------------
 # sql_postcondition - array of procedures which are executed "after" main action
-- 
GitLab