From 8bbbf387c52faafc17217741f23028f4557b933f Mon Sep 17 00:00:00 2001 From: Jeff Bryner Date: Tue, 24 Jun 2014 09:13:18 -0700 Subject: [PATCH] standardize the field names --- mq/plugins/rt_flow.py | 34 +++++++++++++++++----------------- mq/plugins/snmptt.py | 2 +- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/mq/plugins/rt_flow.py b/mq/plugins/rt_flow.py index 58b5ea4d..bc0b5d62 100644 --- a/mq/plugins/rt_flow.py +++ b/mq/plugins/rt_flow.py @@ -29,33 +29,33 @@ class message(object): deny_search = re.search(self.deny_regex, msg_unparsed) if deny_search: message['details']['action'] = 'denied' - message['details']['src'] = deny_search.group('src') - message['details']['srcport_int'] = deny_search.group('srcport') - message['details']['dst'] = deny_search.group('dst') - message['details']['dstport_int'] = deny_search.group('dstport') + message['details']['sourceipaddress'] = deny_search.group('src') + message['details']['sourceport'] = deny_search.group('srcport') + message['details']['destinationipaddress'] = deny_search.group('dst') + message['details']['destinationport'] = deny_search.group('dstport') message['details']['service'] = deny_search.group('service') - message['details']['proto_int'] = deny_search.group('proto') - message['details']['prototype_int'] = deny_search.group('prototype') + message['details']['protocol'] = deny_search.group('proto') + message['details']['protocoltype'] = deny_search.group('prototype') message['details']['policy'] = deny_search.group('policy') - message['details']['srczone'] = deny_search.group('srczone') - message['details']['dstzone'] = deny_search.group('dstzone') + message['details']['sourcezone'] = deny_search.group('srczone') + message['details']['destinationzone'] = deny_search.group('dstzone') message['details']['interface'] = deny_search.group('interface') if msg_unparsed.startswith('%-RT_FLOW_SESSION_CREATE:'): create_search = re.search(self.create_regex, msg_unparsed) if create_search: message['details']['action'] = 'created' - message['details']['src'] = create_search.group('src') - message['details']['srcport_int'] = create_search.group('srcport') - message['details']['dst'] = create_search.group('dst') - message['details']['dstport_int'] = create_search.group('dstport') + message['details']['sourceipaddress'] = create_search.group('src') + message['details']['sourceport'] = create_search.group('srcport') + message['details']['destinationipaddress'] = create_search.group('dst') + message['details']['destinationport'] = create_search.group('dstport') message['details']['service'] = create_search.group('service') - message['details']['srcnatrule'] = create_search.group('srcnatrule') - message['details']['dstnatrule'] = create_search.group('dstnatrule') + message['details']['sourcenatrule'] = create_search.group('srcnatrule') + message['details']['destinationnatrule'] = create_search.group('dstnatrule') message['details']['protocol'] = create_search.group('protocol') message['details']['policy'] = create_search.group('policy') - message['details']['srczone'] = create_search.group('srczone') - message['details']['dstzone'] = create_search.group('dstzone') - message['details']['sessionid_int'] = create_search.group('sessionid') + message['details']['sourcezone'] = create_search.group('srczone') + message['details']['destinationzone'] = create_search.group('dstzone') + message['details']['sessionid'] = create_search.group('sessionid') message['details']['interface'] = create_search.group('interface') return (message, metadata) \ No newline at end of file diff --git a/mq/plugins/snmptt.py b/mq/plugins/snmptt.py index 0a9d0fa7..239ffacf 100644 --- a/mq/plugins/snmptt.py +++ b/mq/plugins/snmptt.py @@ -28,7 +28,7 @@ class message(object): if search: message['details']['trapname'] = search.group('trapname') message['details']['trapseverity'] = search.group('trapseverity') - message['details']['source_host'] = search.group('source_host') + message['details']['sourcehostname'] = search.group('source_host') message['details']['trappayload'] = search.group('trappayload') message['details']['hostname'] = search.group('source_host')