#!/usr/bin/perl

# extr_alert_ids.pl, distributed as part of Snortsnarf v020516.1
# Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com)
# copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/)
# Released under GNU General Public License, see the COPYING file included
# with the distribution or http://www.silicondefense.com/software/snortsnarf/
# for details.

# extr_alert_ids.pl is a Pipeline module extract a set of alert ids from
#   a given input modules specification string.
# pipeline args: input modules specification string, alert ids, output loc
# side effect: in the output loc, the parsed alerts indicated 

# Please send complaints, kudos, and especially improvements and bugfixes to
# hoagland@SiliconDefense.com.  As described in GNU General Public License, no
# warranty is expressed for this program.

sub process {
    # avoid needing to refer to SnortSnarf packages as SnortSnarf::*, even if
    # that is where they really are
    push(@INC,map("$_/SnortSnarf",grep(-d "$_/SnortSnarf",@INC)));

    require "sisr_utils.pl";
    require Input;
    require AllMods;
    
    my ($input)= shift;
    @_ == 3 || (&reporterr("extr_alert_ids.pl takes 3 arguments (input modules specification,alert ids,output field/envvar), but got:".join(' ',@_),0) && return 0);
    my($outloc)= pop;
    
    my ($modspec,$alertids)= &arg_to_val($input,@_);

    &AllMods::load_all_input_modules();
    my @alerts= &Input::grab_alert_ids_from_mods([split(';',$alertids)],&Input::recreate_input_mods($modspec));
    
    &write_out_to_arg($input,$outloc,\@alerts);
};

\&process;