2 files changed, 20 insertions, 12 deletions

diff --git a/samples/services/snort_ids/docker/grpc/snort_alerts.py b/samples/services/snort_ids/docker/grpc/snort_alerts.py
index 4cb87e2..25d1738 100644
--- a/samples/services/snort_ids/docker/grpc/snort_alerts.py
+++ b/samples/services/snort_ids/docker/grpc/snort_alerts.py
@@ -14,7 +14,7 @@ from idstools import unified2
 
 
 HOST_IP = 'redis'
-PROXY_GRPC = 'proxy-access-control:50054'
+# PROXY_GRPC = 'proxy-access-control:50054'
 
 logging.basicConfig(filename='alert.log', level=logging.DEBUG)
 
@@ -34,7 +34,7 @@ reader = unified2.SpoolRecordReader("/var/log/snort",
 
 def sendGrpcAlert(event_id, redis_key):
     try:
-        channel = grpc.insecure_channel(PROXY_GRPC)
+        channel = grpc.insecure_channel('proxy-access-control:50054')
         stub = nginx_pb2_grpc.ControllerStub(channel)
         stub.ProcessAlerts(nginx_pb2.AlertMessage(
             event_id=event_id, redis_key=redis_key))
@@ -45,13 +45,15 @@ def sendGrpcAlert(event_id, redis_key):
 for record in reader:
     try:
         if isinstance(record, unified2.Event):
-            snort_event = "snort_event:" + str(record['event-id'])
-            r.sadd('snort_events', str(record['event-id']))
-            r.hmset(snort_event, record)
-            sendGrpcAlert(str(record['event-id']), 'snort_events')
-        # elif isinstance(record, unified2.Packet):
-            # print("Packet:")
+            event = record
+        elif isinstance(record, unified2.Packet):
+            packet = record
         # elif isinstance(record, unified2.ExtraData):
             # print("Extra-Data:")
+        snort_event = "snort_event:" + str(record['event-id'])
+        r.sadd('snort_events', str(record['event-id']))
+        event.update(packet)
+        r.hmset(snort_event, event)
+        sendGrpcAlert(str(record['event-id']), 'snort_events')
     except Exception as e:
         logging.debug(e)
diff --git a/samples/services/snort_ids/docker/grpc/snort_server.py b/samples/services/snort_ids/docker/grpc/snort_server.py
index 9ece832..223461a 100644
--- a/samples/services/snort_ids/docker/grpc/snort_server.py
+++ b/samples/services/snort_ids/docker/grpc/snort_server.py
@@ -33,10 +33,16 @@ class Controller(snort_pb2_grpc.ControllerServicer):
             # file_local = 'testfile'
             file_local = '/etc/snort/rules/local.rules'
             f = open(file_local, 'a')
-            rule = 'alert {} {} {} -> {} {} '.format(
-                r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
-                + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format(
-                                      r.msg, r.content, r.sid, r.rev)
+            if r.content:
+                rule = 'alert {} {} {} -> {} {} '.format(
+                    r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
+                    + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format(
+                                          r.msg, r.content, r.sid, r.rev)
+            else:
+                rule = 'alert {} {} {} -> {} {} '.format(
+                    r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
+                    + '(msg:"{}"; sid:{}; rev:{};)\n'.format(
+                                          r.msg, r.sid, r.rev)
             f.write(rule)
             f.close
             msg = "Added to local rules"