Updated with latest version of Gene engine v1.2.1

makefile

@@ -1,6 +1,6 @@
 RELEASE=$(GOPATH)/release
 MAIN_BASEN_SRC=whids
-VERSION=v1.2
+VERSION=v1.2.1
 
 # Strips symbols and dwarf to make binary smaller
 OPTS=-ldflags "-s -w"

utils/utils.go

@@ -98,6 +98,12 @@ func EnableDNSLogs() error {
 	return cmd.Run()
 }
 
+// FlushDNSCache executes windows command to flush the DNS cache
+func FlushDNSCache() error {
+	cmd := exec.Command("ipconfig.exe", "/flushdns")
+	return cmd.Run()
+}
+
 /////////////////////////////// Windows Logger ////////////////////////////////
 
 const (

whids.go

@@ -97,6 +97,7 @@ var (
 		"all":      "All aliased channels",
 	}
 	ruleExts = args.ListVar{".gen", ".gene"}
+	tplExt   = ".tpl"
 )
 
 func printInfo(writer io.Writer) {
@@ -253,6 +254,25 @@ func main() {
 		log.LogErrorAndExit(err, exitFail)
 	}
 
+	// Loading the templates first
+	templateDir := realPath
+	if fsutil.IsFile(realPath) {
+		templateDir = filepath.Dir(realPath)
+	}
+	for wi := range fswalker.Walk(templateDir) {
+		for _, fi := range wi.Files {
+			ext := filepath.Ext(fi.Name())
+			templateFile := filepath.Join(wi.Dirpath, fi.Name())
+			if ext == tplExt {
+				log.Infof("Loading regexp templates from file: %s", templateFile)
+				err := e.LoadTemplate(templateFile)
+				if err != nil {
+					log.Errorf("Error loading %s: %s", templateFile, err)
+				}
+			}
+		}
+	}
+
 	// Handle both rules argument as file or directory
 	switch {
 	case fsutil.IsFile(realPath):
@@ -316,6 +336,13 @@ func main() {
 
 	for i := range listeningChannels {
 		winChan := listeningChannels[i]
+
+		// We flush DNS cache before monitoring DNS channel
+		if winChan == "dns" || winChan == channelAliases["dns"] {
+			log.Info("Flushing DNS Cache")
+			utils.FlushDNSCache()
+		}
+
 		waitGr.Add(1)
 		// New go routine per channel
 		go func() {