#!/usr/bin/perl

# extr_alert_set_details.pl, distributed as part of Snortsnarf v020516.1
# Author: James Hoagland, Silicon Defense (hoagland@SiliconDefense.com)
# copyright (c) 2000 by Silicon Defense (http://www.silicondefense.com/)
# Released under GNU General Public License, see the COPYING file included
# with the distribution or http://www.silicondefense.com/software/snortsnarf/
# for details.

# extr_alert_set_details.pl is a Pipeline module to load all the alerts in
#   a labeled alert set into a list ref; these alerts are in a hash created
#   by the event_details routine in alertset_xml.pl. 
# pipeline args: set name, alert set database file path, output loc (may
#   need to be an env var)
# side effect: in the output loc, a reference to a list of parsed events
#   (alerts) is stored

# Please send complaints, kudos, and especially improvements and bugfixes to
# hoagland@SiliconDefense.com.  As described in GNU General Public License, no
# warranty is expressed for this program.

sub process {
    require "sisr_utils.pl";
    require "alertset_xml.pl";
    my ($input)= shift;
    @_ == 3 || (&reporterr("extr_alert_set_details.pl takes 3 arguments (set file path,set name,output field/envvar), but got:".join(' ',@_),0) && return 0);
    my($outloc)= pop;
    
    my ($setfile,$setname)= &arg_to_val($input,@_);

    my $tree= &load_XML_tree($setfile);
    my @events= &get_set_event_details($tree,$setname);
    
    &write_out_to_arg($input,$outloc,\@events);
};

\&process;

# $Id: extr_alert_set_details.pl,v 1.11 2001/10/18 18:23:25 jim Exp $