diff --git a/src/afterfact.rs b/src/afterfact.rs index 9ee23bb9..3ea91a20 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -217,6 +217,13 @@ fn emit_csv( "informational", "undefined", ]); + let level_abbr: HashMap = HashMap::from([ + (String::from("cruitical"), String::from("crit")), + (String::from("high"), String::from("high")), + (String::from("medium"), String::from("med ")), + (String::from("low"), String::from("low ")), + (String::from("informational"), String::from("info")), + ]); // レベル別、日ごとの集計用変数の初期化 for level_init in levels { detect_counts_by_date_and_level.insert(level_init.to_string(), HashMap::new()); @@ -233,10 +240,7 @@ fn emit_csv( timestamps.push(_get_timestamp(time)); for detect_info in detect_infos { detected_record_idset.insert(format!("{}_{}", time, detect_info.eventid)); - let mut level = detect_info.level.to_string(); - if level == "informational" { - level = "info".to_string(); - } + let level = detect_info.level.to_string(); let time_str = format_time(time, false); if displayflag { let record_id = detect_info @@ -253,9 +257,9 @@ fn emit_csv( .filter(|&c| !c.is_control()) .collect::(); - let dispformat = DisplayFormat { + let dispformat: _ = DisplayFormat { timestamp: &_format_cellpos(&time_str, ColPos::First), - level: &_format_cellpos(&level, ColPos::Other), + level: &_format_cellpos(level_abbr.get(&level).unwrap_or(&level), ColPos::Other), computer: &_format_cellpos(&detect_info.computername, ColPos::Other), event_i_d: &_format_cellpos(&detect_info.eventid, ColPos::Other), channel: &_format_cellpos(&detect_info.channel, ColPos::Other),