From eaf4b57bff86c6db05b70bc065b5505e55c647a7 Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Wed, 30 Jan 2013 10:26:39 +0100
Subject: [PATCH] upraveno zalogovani zmenenych polozek udalosti serverem

---
 src/warden-server/lib/Warden.pm | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index f342b4c..d2fad32 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -232,24 +232,49 @@ sub saveNewEvent
                 "Unknown source type: '$source_type'");
       }
     }
+
     # http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
     if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
       sendMsg("err",
               "Unknown detected time format from [IP: '$ip'; CN(AN): $alt_names; Service: '$service'; Detected: '$detected']",
               "Unknown detected time format: '$detected'");
     }
+
+    my $change_string = "";
     if ($target_port !~ /^\d+\z/) {
+      $change_string = $change_string . "target_port: $target_port";
       $target_port = undef;
     }
     if ($attack_scale !~ /^\d+\z/) {
+      if ($change_string eq "") {
+        $change_string = $change_string . "attack_scale: $attack_scale";
+      } else {
+        $change_string = $change_string . ", attack_scale: $attack_scale";
+      }
       $attack_scale = undef;
     }
     if ($priority !~ /^\d+\z/) {
+      if ($change_string eq "") {
+        $change_string = $change_string . "priority: $priority";
+      } else {
+        $change_string = $change_string . ", priority: $priority";
+      }
       $priority = undef;
     }
     if ($timeout !~ /^\d+\z/) {
+      if ($change_string eq "") {
+        $change_string = $change_string . "attack_scale: $timeout";
+      } else {
+        $change_string = $change_string . ", attack_scale: $timeout";
+      }
       $timeout = undef;
     }
+    if ($change_string ne ""){
+      sendMsg("info",
+              "Unknown event items detected {originaly - $change_string} received in $received from [IP '$ip'; CN(AN): $alt_names; Service: '$service'; Type: '$type'; Detected: $detected]",
+              undef);
+    }
+
     $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
     if (!defined $sth) {
       sendMsg("err",
-- 
GitLab