From a063d21c74808a7b274c7c423807b952ab24862b Mon Sep 17 00:00:00 2001
From: Thanasis Naskos <naskos@abe.gr>
Date: Fri, 14 Jan 2022 15:29:37 +0200
Subject: [PATCH] Adding incident messages to Rsyslog report

---
 MLTD/src/ReportSyslog.py                                          | 2 +-
 OD/src/main/java/edu/auth/od_pcap_mcod/report/RsyslogHandler.java | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/MLTD/src/ReportSyslog.py b/MLTD/src/ReportSyslog.py
index 4196ae4..b4c6a91 100644
--- a/MLTD/src/ReportSyslog.py
+++ b/MLTD/src/ReportSyslog.py
@@ -10,6 +10,6 @@ def report(asset_id, risk, timeframe, source_ip, target_ip):
     formatter = logging.Formatter(' %(message)s')
     handler.setFormatter(formatter)
     my_logger.addHandler(handler)
-    my_logger.critical(f'source_ip: {source_ip} target_ip: {target_ip} asset: {asset_id} risk: {risk} timeframe: {timeframe}')
+    my_logger.critical(f'source_ip: {source_ip} target_ip: {target_ip} asset: {asset_id} risk: {risk} incident: A possible risk is predicted timeframe: {timeframe}')
 
 
diff --git a/OD/src/main/java/edu/auth/od_pcap_mcod/report/RsyslogHandler.java b/OD/src/main/java/edu/auth/od_pcap_mcod/report/RsyslogHandler.java
index 6e4ea6d..7e130ac 100644
--- a/OD/src/main/java/edu/auth/od_pcap_mcod/report/RsyslogHandler.java
+++ b/OD/src/main/java/edu/auth/od_pcap_mcod/report/RsyslogHandler.java
@@ -34,6 +34,7 @@ public class RsyslogHandler implements IReporter {
                     + " Target_IP: " + outlier.getPacket().getTargetIP()
                     + " Risk: " + outlier.getValues()[0]
                     + " IncidentDate: " + outlier.getActualTime()
+                    + " Incident: Packet loss increased - Possible indication of Dos attack"
                     + " Timeframe: 0 ");
         } catch (Exception e) {
             e.printStackTrace();
-- 
2.2.2