|
|
|
|
@ -37,10 +37,8 @@ def process_rules(data):
|
|
|
|
|
for rule in all_rules:
|
|
|
|
|
parsed_rule = rule.parse()
|
|
|
|
|
if "index" not in parsed_rule:
|
|
|
|
|
log.debug("No index specified in rule, skipping")
|
|
|
|
|
continue
|
|
|
|
|
if "source" not in parsed_rule:
|
|
|
|
|
log.debug("No source specified in rule, skipping")
|
|
|
|
|
continue
|
|
|
|
|
rule_index = parsed_rule["index"]
|
|
|
|
|
rule_source = parsed_rule["source"]
|
|
|
|
|
@ -49,10 +47,8 @@ def process_rules(data):
|
|
|
|
|
if not type(rule_source) == list:
|
|
|
|
|
rule_source = [rule_source]
|
|
|
|
|
if index not in rule_index:
|
|
|
|
|
log.debug(f"{index} not in {rule_index}")
|
|
|
|
|
continue
|
|
|
|
|
if message["src"] not in rule_source:
|
|
|
|
|
log.debug(f"{message['src']} not in {rule_source}")
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
rule_field_length = len(parsed_rule.keys())
|
|
|
|
|
@ -66,7 +62,6 @@ def process_rules(data):
|
|
|
|
|
if field in message and message[field] in value:
|
|
|
|
|
matched_field_number += 1
|
|
|
|
|
matched_fields.append(field)
|
|
|
|
|
print("Matched field", field, message[field], value)
|
|
|
|
|
if matched_field_number == rule_field_length - 2:
|
|
|
|
|
rule_matched(rule, message, matched_fields)
|
|
|
|
|
|
|
|
|
|
|
