diff -urN snort-2.1.2_orig/src/generators.h snort-2.1.2/src/generators.h --- snort-2.1.2_orig/src/generators.h 2003-10-20 15:03:19.000000000 +0000 +++ snort-2.1.2/src/generators.h 2004-05-22 23:01:52.000000000 +0000 @@ -316,6 +316,7 @@ #define DECODE_BAD_TRHMR_STR "(snort_decoder) WARNING: Bad Token Ring MR Header!" +#define FLOWPS_PREFIX_STR "(flow_ps) Portscan detected from " #define SCAN2_PREFIX_STR "(spp_portscan2) Portscan detected from " #define CONV_BAD_IP_PROTOCOL_STR "(spp_conversation) Bad IP protocol!" diff -urN snort-2.1.2_orig/src/preprocessors/flow/portscan/flowps_snort.c snort-2.1.2/src/preprocessors/flow/portscan/flowps_snort.c --- snort-2.1.2_orig/src/preprocessors/flow/portscan/flowps_snort.c 2004-03-31 18:09:47.000000000 +0000 +++ snort-2.1.2/src/preprocessors/flow/portscan/flowps_snort.c 2004-05-22 23:04:00.000000000 +0000 @@ -811,6 +811,8 @@ char buf[1024 + 1]; u_int32_t event_id; u_int32_t event_type; /* the sid for the gid */ + Event event; + /* Assign an event type to the display */ if(sep->flags & ALERT_FIXED_SCANNER) @@ -837,18 +839,21 @@ switch(output_type) { case PKTKLUDGE: + DEBUG_WRAP(DebugMessage(DEBUG_FLOWSYS, FLOWPS_PREFIX_STR "%s %s\n", + inet_ntoa(*(struct in_addr *) address), "logged using pktkludge.");); /* log a packet to the output system */ p = flowps_mkpacket(sep, orig_packet, address, cur); case VARIABLEMSG: - snprintf(buf, 1024, - "Portscan detected from %s Talker(fixed: %u sliding: %u) Scanner(fixed: %u sliding: %u)", + snprintf(buf, 1024, FLOWPS_PREFIX_STR + "%s Talker(fixed: %u sliding: %u) Scanner(fixed: %u sliding: %u)", inet_ntoa(*(struct in_addr *) address), sep->fixed_talker.score, sep->sliding_talker.score, sep->fixed_scanner.score, sep->sliding_scanner.score); buf[1024] = '\0'; - /* p is NULL w/ the VARIABLEMSG fmt */ - event_id = GenerateSnortEvent(p, + DEBUG_WRAP(DebugMessage(DEBUG_FLOWSYS, "%s\n", buf);); + + event_id = GenerateSnortEvent(orig_packet, GENERATOR_FLOW_PORTSCAN, event_type, 1, /* revision */