2010-08-16 22:09:34 +02:00
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" >
< head >
< meta http-equiv = "Content-Type" content = "text/xhtml;charset=UTF-8" / >
< title > Snort AI preprocessor module: cluster.c File Reference< / title >
< link href = "tabs.css" rel = "stylesheet" type = "text/css" / >
< link href = "search/search.css" rel = "stylesheet" type = "text/css" / >
< script type = "text/javaScript" src = "search/search.js" > < / script >
< link href = "doxygen.css" rel = "stylesheet" type = "text/css" / >
< / head >
< body onload = 'searchBox.OnSelectItem(0);' >
<!-- Generated by Doxygen 1.7.1 -->
< script type = "text/javascript" > < ! - -
var searchBox = new SearchBox("searchBox", "search",false,'Search');
-->< / script >
< div class = "navigation" id = "top" >
< div class = "tabs" >
< ul class = "tablist" >
< li > < a href = "index.html" > < span > Main Page< / span > < / a > < / li >
< li > < a href = "modules.html" > < span > Modules< / span > < / a > < / li >
< li > < a href = "annotated.html" > < span > Data Structures< / span > < / a > < / li >
< li class = "current" > < a href = "files.html" > < span > Files< / span > < / a > < / li >
< li id = "searchli" >
< div id = "MSearchBox" class = "MSearchBoxInactive" >
< span class = "left" >
< img id = "MSearchSelect" src = "search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
< input type = "text" id = "MSearchField" value = "Search" accesskey = "S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
< / span > < span class = "right" >
< a id = "MSearchClose" href = "javascript:searchBox.CloseResultsWindow()" > < img id = "MSearchCloseImg" border = "0" src = "search/close.png" alt = "" / > < / a >
< / span >
< / div >
< / li >
< / ul >
< / div >
< div class = "tabs2" >
< ul class = "tablist" >
< li > < a href = "files.html" > < span > File List< / span > < / a > < / li >
< li > < a href = "globals.html" > < span > Globals< / span > < / a > < / li >
< / ul >
< / div >
< / div >
< div class = "header" >
< div class = "summary" >
< a href = "#nested-classes" > Data Structures< / a > |
< a href = "#func-members" > Functions< / a > |
< a href = "#var-members" > Variables< / a > < / div >
< div class = "headertitle" >
< h1 > cluster.c File Reference< / h1 > < / div >
< / div >
< div class = "contents" >
< code > #include " < a class = "el" href = "spp__ai_8h_source.html" > spp_ai.h< / a > " < / code > < br / >
< code > #include < stdio.h> < / code > < br / >
< code > #include < unistd.h> < / code > < br / >
< code > #include < limits.h> < / code > < br / >
< code > #include < pthread.h> < / code > < br / >
< table class = "memberdecls" >
< tr > < td colspan = "2" > < h2 > < a name = "nested-classes" > < / a >
Data Structures< / h2 > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > struct < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "structattribute__key.html" > attribute_key< / a > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > struct < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "structattribute__value.html" > attribute_value< / a > < / td > < / tr >
< tr > < td colspan = "2" > < h2 > < a name = "func-members" > < / a >
Functions< / h2 > < / td > < / tr >
2010-09-04 21:33:53 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE int < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga81f5fa721719fdb281595a568eef2101" > _heuristic_func< / a > (< a class = "el" href = "spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640" > cluster_type< / a > type)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). < a href = "group__cluster.html#ga81f5fa721719fdb281595a568eef2101" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" > _hierarchy_node_new< / a > (char *label, int min_val, int max_val)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Create a new clustering hierarchy node. < a href = "group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" > _hierarchy_node_append< / a > (< a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *parent, < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *child)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Append a node to a clustering hierarchy node. < a href = "group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" > _AI_get_min_hierarchy_node< / a > (int val, < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *root)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Get the minimum node in a hierarchy tree that matches a certain value. < a href = "group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" > _AI_equal_alarms< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *a1, < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *a2)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Check if two alerts are semantically equal. < a href = "group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE int < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" > _AI_merge_alerts< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > **log)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Merge the alerts marked as equal in the log. < a href = "group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga7d151880080470b542e99643dc0426a7" > _AI_print_clustered_alerts< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *log, FILE *fp)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Print the clustered alerts to a log file. < a href = "group__cluster.html#ga7d151880080470b542e99643dc0426a7" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2" > _AI_cluster_thread< / a > (void *arg)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Thread for periodically clustering the log information. < a href = "group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a" > _AI_check_duplicate< / a > (< a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *node, < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *root)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. < a href = "group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga1445818b37483f78cc3fb2890155842c" > AI_hierarchies_build< / a > (< a class = "el" href = "structAI__config.html" > AI_config< / a > *conf, < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > **nodes, int n_nodes)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Build the clustering hierarchy trees. < a href = "group__cluster.html#ga1445818b37483f78cc3fb2890155842c" > < / a > < br / > < / td > < / tr >
2010-08-16 22:09:34 +02:00
< tr > < td colspan = "2" > < h2 > < a name = "var-members" > < / a >
Variables< / h2 > < / td > < / tr >
2010-09-04 21:33:53 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82" > h_root< / a > [CLUSTER_TYPES] = { NULL }< / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "structAI__config.html" > AI_config< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga91458e2d34595688e39fcb63ba418849" > _config< / a > = NULL< / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" > alert_log< / a > = NULL< / td > < / tr >
2010-08-16 22:09:34 +02:00
< / table >
< / div >
<!-- - window showing the filter options -->
< div id = "MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
< a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(0)" > < span class = "SelectionMark" > < / span > All< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(1)" > < span class = "SelectionMark" > < / span > Data Structures< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(2)" > < span class = "SelectionMark" > < / span > Files< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(3)" > < span class = "SelectionMark" > < / span > Functions< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(4)" > < span class = "SelectionMark" > < / span > Variables< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(5)" > < span class = "SelectionMark" > < / span > Typedefs< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(6)" > < span class = "SelectionMark" > < / span > Enumerations< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(7)" > < span class = "SelectionMark" > < / span > Enumerator< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(8)" > < span class = "SelectionMark" > < / span > Defines< / a > < / div >
<!-- iframe showing the search results (closed by default) -->
< div id = "MSearchResultsWindow" >
< iframe src = "" frameborder = "0"
name="MSearchResults" id="MSearchResults">
< / iframe >
< / div >
2010-09-04 21:33:53 +02:00
< hr class = "footer" / > < address class = "footer" > < small > Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by
2010-08-16 22:09:34 +02:00
< a href = "http://www.doxygen.org/index.html" >
< img class = "footer" src = "doxygen.png" alt = "doxygen" / > < / a > 1.7.1 < / small > < / address >
< / body >
< / html >