Added DNS Extra info to DNS alerts (#6036)

2026-04-29 07:29:32 +00:00 · 2021-11-05 12:39:55 +01:00 · 2021-11-05 12:39:55 +01:00 · 2deb7c57f6
commit 2deb7c57f6
parent 23aa5d2a70
2 changed files with 38 additions and 7 deletions
--- a/scripts/lua/modules/lua_utils.lua
+++ b/scripts/lua/modules/lua_utils.lua
@ -4663,19 +4663,19 @@ function addHTTPInfoToAlertDescr(msg, alert_json)
      
      if alert_json["http"]["protos.http.last_method"] then
         msg = msg .. string.format(" [%s: %s]", 
-            i18n("last_http_method"), 
+            i18n("last_method"), 
            alert_json["http"]["protos.http.last_method"])
      end

      if alert_json["http"]["protos.http.last_return_code"] then
         msg = msg .. string.format(" [%s: %s]", 
-            i18n("last_http_return_code"),
+            i18n("last_return_code"),
            alert_json["http"]["protos.http.last_return_code"])
      end

      if alert_json["http"]["protos.http.last_url"] then
         msg = msg .. string.format(" [%s: %s]", 
-            i18n("last_http_url"),
+            i18n("last_url"),
            i18n("external_link_url", { url = alert_json["http"]["protos.http.last_url"], 
                                        url_name = alert_json["http"]["protos.http.last_url"]}))
      end
@ -4686,6 +4686,35 @@ end

 -- ##############################################

+function addDNSInfoToAlertDescr(msg, alert_json)
+   if ((alert_json) 
+      and (table.len(alert_json["dns"] or {}) > 0)) then
+      
+      if alert_json["dns"]["last_query_type"] then
+         msg = msg .. string.format(" [%s: %s]", 
+            i18n("last_query_type"), 
+            alert_json["dns"]["last_query_type"])
+      end
+
+      if alert_json["dns"]["last_return_code"] then
+         msg = msg .. string.format(" [%s: %s]", 
+            i18n("last_return_code"),
+            alert_json["dns"]["last_return_code"])
+      end
+
+      if alert_json["dns"]["last_query"] then
+         msg = msg .. string.format(" [%s: %s]", 
+            i18n("last_url"),
+            i18n("external_link_url", { url = alert_json["dns"]["last_query"], 
+                                        url_name = alert_json["dns"]["last_query"]}))
+      end
+   end
+
+   return msg
+end
+
+-- ##############################################
+
 function addBytesInfoToAlertDescr(msg, value)
   local predominant_bytes = i18n("traffic_srv_to_cli")
   if (value["cli2srv_bytes"] or 0) > (value["srv2cli_bytes"] or 0) then
@ -4704,6 +4733,7 @@ end
 function addExtraFlowInfo(msg, alert_json, value)
   msg = addScoreToAlertDescr(msg, ntop.getFlowAlertScore((tonumber(value["alert_id"]))))
   msg = addHTTPInfoToAlertDescr(msg, alert_json)   
+   msg = addDNSInfoToAlertDescr(msg, alert_json)
   msg = addBytesInfoToAlertDescr(msg, value)

   return msg