#!/bin/sh
#
#  snort-mergesidmaps
#
#  Create single list of Snort SID's from multiple sources.
#  Written at Nov 2005 by evseev@altlinux.org
#

# These files are created in the current directory
DEST_STAMP="sid"
DEST_FNAME="sid-msg.map"
# These files are used for processing when command line contain no filenames
SOURCES_FMASK="sid-msg*.map*"

main()
{
	local sources= old_exists= dest_fname=$DEST_FNAME
	if [ $# = 0 ]; then
		sources=$(eval echo $SOURCES_FMASK)
		if [ "$sources" = "$SOURCES_FMASK" ]; then
			echo "Cannot find source maps $SOURCES_FMASK, stopped."
			return 1
		fi
	fi
	for f in "$@" $sources; do
		[ $f = "$DEST_FNAME" ] || continue
		old_exists=1
		break;
	done
	[ -n "$old_exists" ] && dest_fname=$dest_fname.new
	cat "$@" $sources | egrep '^[0-9]+ \|\| ' | sort -n | uniq --check-chars=12 > $dest_fname
	if [ "$dest_fname" != "$DEST_FNAME" ]; then
		cat $dest_fname > $DEST_FNAME
		/bin/rm $dest_fname
	fi
	local last_line=$(tail -1 $DEST_FNAME)
	echo ${last_line%% *} > $DEST_STAMP
}

main "$@"

## EOF ##
