From fdb1d6257cb9871c687e13b1ac1ec038ed2529e4 Mon Sep 17 00:00:00 2001
From: William Heimbigner <william.heimbigner@gmail.com>
Date: Thu, 7 Mar 2013 10:35:43 +0000
Subject: Added logging of kicks/bans/quiets/removes/klines/kills to a special
 SQL table and corresponding text files Enabled SQL debugging Bugfix: Only
 attempt to determine a host's IP if it doesn't contain a '/' Updates to
 channels.xml and users.xml Adjusted ;userx add and ;userx flags such that A
 cannot give B a flag that A doesn't already have Tweaked the ;help command
 Fixed ;mship such that it will respond even if it can't see the nick
 provided. Tweaked ;status to give output in format like 7d22h18m3s instead of
 9814798712 seconds Added a ;teredo helper command to give info on IPv6
 teredo-tunneled connections Added a nick blacklist file (to counter bot
 nicklists). Added a english wordlist file, for "garbage" detection. Added
 ;investigate and ;investigate2 commands Added a way to not throttle info-risk
 threats Added special detection for a cycling botnet Added special detection
 for bots that join, say something, and immediately quit Added detection for
 ascii art Added detection for "garbage" text Added fuzzy-matching against a
 set of nicks Added "real IP" to state tracking and logging, which "decrypts"
 gateway/web and teredo IPs Moved sigalarm code into meta.pl Improved statsp
 tracking, and logs it to a file Ping-pong every 30 seconds, auto-reconnect on
 persistent lag. Ensure inspector routine is always called AFTER log-handling
 routines Fixed a state-tracking bug in topic change handling Fixed a
 state-tracking bug with nick changes Fixed some state-tracking bugs with mode
 changes Determine who is impacted when a quiet/ban mask is placed Fixed
 handling of CTCP SOURCE requests Added feature where it keeps a 30 line
 "backlog" of each channel in memory. Added the reason for parts and quits to
 text logging

---
 modules/inspect.pl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'modules/inspect.pl')

diff --git a/modules/inspect.pl b/modules/inspect.pl
index 24d93d8..4466d69 100644
--- a/modules/inspect.pl
+++ b/modules/inspect.pl
@@ -31,7 +31,7 @@ sub inspect {
     }
   }
   else {
-    $iaddr = gethostbyname($event->{host});
+    $iaddr = gethostbyname($event->{host}) if ($event->{host} !~ /\//);
     $rev = join('.', reverse(unpack('C4', $iaddr))).'.' if (defined $iaddr);
   }
   ## NB: isn't there a better way to do this with grep, somehow?
@@ -74,12 +74,16 @@ sub inspect {
       if ($id eq 'last_measure_regex') { #TODO: Note that this is another example of things that shouldn't be hardcoded, but are.
 
       }
-      unless (defined($::ignored{$chan}) && ($::ignored{$chan} >= $::RISKS{$dct{$id}{risk}})) {
+      if (
+          (!(defined($::ignored{$chan}) && ($::ignored{$chan} >= $::RISKS{$dct{$id}{risk}}))) ||
+          (($::pacealerts == 0) && ($dct{$id}{risk} eq 'info'))
+         ) {
         my @tgts = ASM::Util->getAlert($chan, $dct{$id}{risk}, 'msgs');
         ASM::Util->sendLongMsg($conn, \@tgts, $txtz);
         $::ignored{$chan} = $::RISKS{$dct{$id}{risk}};
         $conn->schedule(45, sub { delete($::ignored{$chan})});
       }
+      $::log->incident($chan, "$chan: $dct{$id}{risk} risk: $event->{nick} - $nicereason\n");
       delete $dct{$id}{xresult};
     }
   }
-- 
cgit v1.2.3