int parse_proto_program( char *program )
{
int i;
for (i = 0; i < counters->mapcount_program; i++)
{
if ( map_program[i].nocase == 1 )
{
if (Sagan_stristr(program, map_program[i].program, TRUE)) return(map_program[i].proto);
}
else
{
if (Sagan_strstr(program, map_program[i].program)) return(map_program[i].proto);
}
}
return(0);
}
int parse_proto( char *msg )
{
int i;
for (i = 0; i < counters->mapcount_message; i++)
{
if ( map_message[i].nocase == 1 )
{
if (Sagan_stristr(msg, map_message[i].search, TRUE)) return(map_message[i].proto);
}
else
{
if (Sagan_strstr(msg, map_message[i].search)) return(map_message[i].proto);
}
}
return(0);
}
sbool Sagan_BroIntel_CERT_HASH ( char *syslog_message )
{
int i;
for ( i = 0; i < counters->brointel_cert_hash_count; i++)
{
if ( Sagan_stristr(syslog_message, Sagan_BroIntel_Intel_Cert_Hash[i].cert_hash, false) )
{
if ( debug->debugbrointel )
{
Sagan_Log(S_DEBUG, "[%s, line %d] Found the CERT_HASH \"%s\".", __FILE__, __LINE__, Sagan_BroIntel_Intel_Cert_Hash[i].cert_hash);
}
return(true);
}
}
return(false);
}
sbool Sagan_BroIntel_FILE_NAME ( char *syslog_message )
{
int i;
for ( i = 0; i < counters->brointel_file_name_count; i++)
{
if ( Sagan_stristr(syslog_message, Sagan_BroIntel_Intel_File_Name[i].file_name, false) )
{
if ( debug->debugbrointel )
{
Sagan_Log(S_DEBUG, "[%s, line %d] Found the file name \"%s\".", __FILE__, __LINE__, Sagan_BroIntel_Intel_File_Name[i].file_name);
}
return(true);
}
}
return(false);
}
sbool Sagan_BroIntel_EMAIL ( char *syslog_message )
{
int i;
for ( i = 0; i < counters->brointel_email_count; i++)
{
if ( Sagan_stristr(syslog_message, Sagan_BroIntel_Intel_Email[i].email, false) )
{
if ( debug->debugbrointel )
{
Sagan_Log(S_DEBUG, "[%s, line %d] Found e-mail address \"%s\".", __FILE__, __LINE__, Sagan_BroIntel_Intel_Email[i].email);
}
return(true);
}
}
return(false);
}
sbool Sagan_BroIntel_SOFTWARE ( char *syslog_message )
{
int i;
for ( i = 0; i < counters->brointel_software_count; i++)
{
if ( Sagan_stristr(syslog_message, Sagan_BroIntel_Intel_Software[i].software, false) )
{
if ( debug->debugbrointel )
{
Sagan_Log(S_DEBUG, "[%s, line %d] Found software \"%s\".", __FILE__, __LINE__, Sagan_BroIntel_Intel_Software[i].software);
}
return(true);
}
}
return(false);
}
sbool Sagan_BroIntel_URL ( char *syslog_message )
{
int i;
for ( i = 0; i < counters->brointel_url_count; i++)
{
if ( Sagan_stristr(syslog_message, Sagan_BroIntel_Intel_URL[i].url, false) )
{
if ( debug->debugbrointel )
{
Sagan_Log(S_DEBUG, "[%s, line %d] Found URL \"%s\".", __FILE__, __LINE__, Sagan_BroIntel_Intel_URL[i].url);
}
return(true);
}
}
return(false);
}
sbool Sagan_BroIntel_FILE_HASH ( char *syslog_message )
{
int i;
for ( i = 0; i < counters->brointel_file_hash_count; i++)
{
if ( Sagan_stristr(syslog_message, Sagan_BroIntel_Intel_File_Hash[i].hash, false) )
{
if ( debug->debugbrointel )
{
Sagan_Log(S_DEBUG, "[%s, line %d] Found file hash %s.", __FILE__, __LINE__, Sagan_BroIntel_Intel_File_Hash[i].hash);
}
return(true);
}
}
return(false);
}
sbool Sagan_BroIntel_DOMAIN ( char *syslog_message )
{
int i;
for ( i = 0; i < counters->brointel_domain_count; i++)
{
if ( Sagan_stristr(syslog_message, Sagan_BroIntel_Intel_Domain[i].domain, false) )
{
if ( debug->debugbrointel )
{
Sagan_Log(S_DEBUG, "[%s, line %d] Found domain %s.", __FILE__, __LINE__, Sagan_BroIntel_Intel_Domain[i].domain);
}
return(true);
}
}
return(false);
}
