Skip to content
Snippets Groups Projects
Commit eaf4b57b authored by Tomáš Plesník's avatar Tomáš Plesník
Browse files

upraveno zalogovani zmenenych polozek udalosti serverem

parent f7fde0e2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/warden-server/lib/Warden.pm
+ 25
0
View file @ eaf4b57b
...@@ -232,24 +232,49 @@ sub saveNewEvent ...@@ -232,24 +232,49 @@ sub saveNewEvent
"Unknown source type: '$source_type'"); "Unknown source type: '$source_type'");
} }
} }
# http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571 # http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) { if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
sendMsg("err", sendMsg("err",
"Unknown detected time format from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Detected: '$detected']", "Unknown detected time format from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Detected: '$detected']",
"Unknown detected time format: '$detected'"); "Unknown detected time format: '$detected'");
} }
my $change_string = "";
if ($target_port !~ /^\d+\z/) { if ($target_port !~ /^\d+\z/) {
$change_string = $change_string . "target_port: $target_port";
$target_port = undef; $target_port = undef;
} }
if ($attack_scale !~ /^\d+\z/) { if ($attack_scale !~ /^\d+\z/) {
if ($change_string eq "") {
$change_string = $change_string . "attack_scale: $attack_scale";
} else {
$change_string = $change_string . ", attack_scale: $attack_scale";
}
$attack_scale = undef; $attack_scale = undef;
} }
if ($priority !~ /^\d+\z/) { if ($priority !~ /^\d+\z/) {
if ($change_string eq "") {
$change_string = $change_string . "priority: $priority";
} else {
$change_string = $change_string . ", priority: $priority";
}
$priority = undef; $priority = undef;
} }
if ($timeout !~ /^\d+\z/) { if ($timeout !~ /^\d+\z/) {
if ($change_string eq "") {
$change_string = $change_string . "attack_scale: $timeout";
} else {
$change_string = $change_string . ", attack_scale: $timeout";
}
$timeout = undef; $timeout = undef;
} }
if ($change_string ne ""){
sendMsg("info",
"Unknown event items detected {originaly - $change_string} received in $received from [IP '$ip'; CN(AN): $alt_names; Service: '$service'; Type: '$type'; Detected: $detected]",
undef);
}
$sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);"); $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
if (!defined $sth) { if (!defined $sth) {
sendMsg("err", sendMsg("err",
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment