From b70bce8fcf06b81cc9eb6654773f4b95d0117b1e Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Wed, 11 Jul 2012 20:27:21 +0000
Subject: Unify description extraction from snort alerts

---
 config/snort/snort_blocked.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/snort/snort_blocked.php')

diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php
index b9a5a471..465e5804 100644
--- a/config/snort/snort_blocked.php
+++ b/config/snort/snort_blocked.php
@@ -131,7 +131,7 @@ function get_snort_alert_ip_src($fileline)
 function get_snort_alert_disc($fileline)
 {
 	/* disc */
-	if (preg_match("/\[\*\*\]\s+(\[[0-9:]+\])\s+(.+)\s+(\[\*\*\])/", $fileline, $matches))
+	if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
 		return "{$matches[2]}";
 
 	return "";
-- 
cgit v1.2.3