Update for an Issue #13

stamparm · Jan 12, 2016 · ebc480d · ebc480d
1 parent 17d8877
commit ebc480d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/core/settings.py b/core/settings.py
@@ -21,7 +21,7 @@
 trails = TrailsDict()
 
 NAME = "Maltrail"
-VERSION = "0.9.24"
+VERSION = "0.9.25"
 SERVER_HEADER = "%s/%s" % (NAME, VERSION)
 DATE_FORMAT = "%Y-%m-%d"
 ROTATING_CHARS = ('\\', '|', '|', '/', '-')

diff --git a/sensor.py b/sensor.py
@@ -227,8 +227,8 @@ def _process_ip(ip_data, sec, usec):
                         host = tcp_data[index:tcp_data.find("\r\n", index)]
                         host = host.strip()
                         host = re.sub(r":80\Z", "", host)
-                        if dst_ip in trails and not (host[-1].isdigit() and ':' not in host):
-                            log_event((sec, usec, src_ip, src_port, dst_ip, dst_port, PROTO.TCP, TRAIL.IP, dst_ip, trails[dst_ip][0], trails[dst_ip][1]))
+                        if not host.split(':')[0][-1].isdigit() and dst_ip in trails:
+                            log_event((sec, usec, src_ip, src_port, dst_ip, dst_port, PROTO.TCP, TRAIL.IP, "%s (%s)" % (dst_ip, host.split(':')[0]), trails[dst_ip][0], trails[dst_ip][1]))
                     elif config.USE_HEURISTICS and config.CHECK_MISSING_HOST:
                         log_event((sec, usec, src_ip, src_port, dst_ip, dst_port, PROTO.TCP, TRAIL.HTTP, "%s%s" % (host, path), "suspicious http request (missing host header)", "(heuristic)"))