2010-09-04 21:33:53 +02:00
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" >
< head >
< meta http-equiv = "Content-Type" content = "text/xhtml;charset=UTF-8" / >
< title > Snort AI preprocessor module: Manage the clustering of alarms< / title >
< link href = "tabs.css" rel = "stylesheet" type = "text/css" / >
< link href = "search/search.css" rel = "stylesheet" type = "text/css" / >
< script type = "text/javaScript" src = "search/search.js" > < / script >
< link href = "doxygen.css" rel = "stylesheet" type = "text/css" / >
< / head >
< body onload = 'searchBox.OnSelectItem(0);' >
<!-- Generated by Doxygen 1.7.1 -->
< script type = "text/javascript" > < ! - -
var searchBox = new SearchBox("searchBox", "search",false,'Search');
-->< / script >
< div class = "navigation" id = "top" >
< div class = "tabs" >
< ul class = "tablist" >
< li > < a href = "index.html" > < span > Main Page< / span > < / a > < / li >
< li > < a href = "modules.html" > < span > Modules< / span > < / a > < / li >
< li > < a href = "annotated.html" > < span > Data Structures< / span > < / a > < / li >
< li > < a href = "files.html" > < span > Files< / span > < / a > < / li >
< li id = "searchli" >
< div id = "MSearchBox" class = "MSearchBoxInactive" >
< span class = "left" >
< img id = "MSearchSelect" src = "search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
< input type = "text" id = "MSearchField" value = "Search" accesskey = "S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
< / span > < span class = "right" >
< a id = "MSearchClose" href = "javascript:searchBox.CloseResultsWindow()" > < img id = "MSearchCloseImg" border = "0" src = "search/close.png" alt = "" / > < / a >
< / span >
< / div >
< / li >
< / ul >
< / div >
< / div >
< div class = "header" >
< div class = "summary" >
< a href = "#nested-classes" > Data Structures< / a > |
< a href = "#func-members" > Functions< / a > |
< a href = "#var-members" > Variables< / a > < / div >
< div class = "headertitle" >
< h1 > Manage the clustering of alarms< / h1 > < / div >
< / div >
< div class = "contents" >
< table class = "memberdecls" >
< tr > < td colspan = "2" > < h2 > < a name = "nested-classes" > < / a >
Data Structures< / h2 > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > struct < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "structattribute__key.html" > attribute_key< / a > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > struct < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "structattribute__value.html" > attribute_value< / a > < / td > < / tr >
< tr > < td colspan = "2" > < h2 > < a name = "func-members" > < / a >
Functions< / h2 > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE int < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga81f5fa721719fdb281595a568eef2101" > _heuristic_func< / a > (< a class = "el" href = "spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640" > cluster_type< / a > type)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). < a href = "#ga81f5fa721719fdb281595a568eef2101" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" > _hierarchy_node_new< / a > (char *label, int min_val, int max_val)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Create a new clustering hierarchy node. < a href = "#ga2f1a22cfea64e4669da0467620c3e3b3" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" > _hierarchy_node_append< / a > (< a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *parent, < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *child)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Append a node to a clustering hierarchy node. < a href = "#ga5601a1f603d9c870ef6e2df192e30c30" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" > _AI_get_min_hierarchy_node< / a > (int val, < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *root)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Get the minimum node in a hierarchy tree that matches a certain value. < a href = "#ga6ddddcd505b1f763c339e81fc143e079" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" > _AI_equal_alarms< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *a1, < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *a2)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Check if two alerts are semantically equal. < a href = "#ga0f91c8bfc37a3975f5c26b19fd6c5cba" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE int < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" > _AI_merge_alerts< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > **log)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Merge the alerts marked as equal in the log. < a href = "#ga8ce8e5a5d8954672297fa2dedb380dcd" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga7d151880080470b542e99643dc0426a7" > _AI_print_clustered_alerts< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *log, FILE *fp)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Print the clustered alerts to a log file. < a href = "#ga7d151880080470b542e99643dc0426a7" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE void * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2" > _AI_cluster_thread< / a > (void *arg)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Thread for periodically clustering the log information. < a href = "#ga8a5eae61dc9fd0f13e0acdfa5f4478e2" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a" > _AI_check_duplicate< / a > (< a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *node, < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *root)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. < a href = "#ga29c35cd6c56f54e27b5b190c6d6c487a" > < / a > < br / > < / td > < / tr >
2010-09-11 02:12:39 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > void < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga1445818b37483f78cc3fb2890155842c" > AI_hierarchies_build< / a > (< a class = "el" href = "structAI__config.html" > AI_config< / a > *< a class = "el" href = "group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca" > conf< / a > , < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > **nodes, int n_nodes)< / td > < / tr >
2010-09-04 21:33:53 +02:00
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Build the clustering hierarchy trees. < a href = "#ga1445818b37483f78cc3fb2890155842c" > < / a > < br / > < / td > < / tr >
2010-09-11 02:12:39 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd" > _AI_copy_clustered_alerts< / a > (< a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *node)< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Return a copy of the clustered alerts. < a href = "#gab4c8ab92691e85a6f0ac4abb122712fd" > < / a > < br / > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" > AI_get_clustered_alerts< / a > ()< / td > < / tr >
< tr > < td class = "mdescLeft" > < / td > < td class = "mdescRight" > Return the alerts parsed so far as a linked list. < a href = "#ga2553c678eeb83282c230d649a0e8fcd4" > < / a > < br / > < / td > < / tr >
2010-09-04 21:33:53 +02:00
< tr > < td colspan = "2" > < h2 > < a name = "var-members" > < / a >
Variables< / h2 > < / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82" > h_root< / a > [CLUSTER_TYPES] = { NULL }< / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "structAI__config.html" > AI_config< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#ga91458e2d34595688e39fcb63ba418849" > _config< / a > = NULL< / td > < / tr >
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" > alert_log< / a > = NULL< / td > < / tr >
2010-09-11 12:45:30 +02:00
< tr > < td class = "memItemLeft" align = "right" valign = "top" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < / td > < td class = "memItemRight" valign = "bottom" > < a class = "el" href = "group__cluster.html#gafebc81c042a632dc987e113b7f390274" > lock_flag< / a > = false< / td > < / tr >
2010-09-04 21:33:53 +02:00
< / table >
< hr / > < h2 > Function Documentation< / h2 >
< a class = "anchor" id = "ga29c35cd6c56f54e27b5b190c6d6c487a" > < / a > <!-- doxytag: member="cluster.c::_AI_check_duplicate" ref="ga29c35cd6c56f54e27b5b190c6d6c487a" args="(hierarchy_node *node, hierarchy_node *root)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > _AI_check_duplicate < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td >
< td class = "paramname" > < em > node< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td >
< td class = "paramname" > < em > root< / em > < / td > < td > < / td >
< / tr >
< tr >
< td > < / td >
< td > )< / td >
< td > < / td > < td > < / td > < td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > node< / em > < / td > < td > Node to be checked < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > root< / em > < / td > < td > Clustering hierarchy < / td > < / tr >
< / table >
< / dd >
< / dl >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > True if 'node' is already in 'root', false otherwise < / dd > < / dl >
< / div >
< / div >
< a class = "anchor" id = "ga8a5eae61dc9fd0f13e0acdfa5f4478e2" > < / a > <!-- doxytag: member="cluster.c::_AI_cluster_thread" ref="ga8a5eae61dc9fd0f13e0acdfa5f4478e2" args="(void *arg)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE void* _AI_cluster_thread < / td >
< td > (< / td >
< td class = "paramtype" > void * < / td >
< td class = "paramname" > < em > arg< / em > < / td >
< td > ) < / td >
< td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Thread for periodically clustering the log information. < / p >
2010-09-11 02:12:39 +02:00
< / div >
< / div >
< a class = "anchor" id = "gab4c8ab92691e85a6f0ac4abb122712fd" > < / a > <!-- doxytag: member="cluster.c::_AI_copy_clustered_alerts" ref="gab4c8ab92691e85a6f0ac4abb122712fd" args="(AI_snort_alert *node)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * _AI_copy_clustered_alerts < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td >
< td class = "paramname" > < em > node< / em > < / td >
< td > ) < / td >
< td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Return a copy of the clustered alerts. < / p >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > An AI_snort_alert pointer identifying the list of clustered alerts < / dd > < / dl >
2010-09-04 21:33:53 +02:00
< / div >
< / div >
< a class = "anchor" id = "ga0f91c8bfc37a3975f5c26b19fd6c5cba" > < / a > <!-- doxytag: member="cluster.c::_AI_equal_alarms" ref="ga0f91c8bfc37a3975f5c26b19fd6c5cba" args="(AI_snort_alert *a1, AI_snort_alert *a2)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > _AI_equal_alarms < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td >
< td class = "paramname" > < em > a1< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td >
< td class = "paramname" > < em > a2< / em > < / td > < td > < / td >
< / tr >
< tr >
< td > < / td >
< td > )< / td >
< td > < / td > < td > < / td > < td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Check if two alerts are semantically equal. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > a1< / em > < / td > < td > First alert < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > a2< / em > < / td > < td > Second alert < / td > < / tr >
< / table >
< / dd >
< / dl >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > True if they are equal, false otherwise < / dd > < / dl >
< / div >
< / div >
< a class = "anchor" id = "ga6ddddcd505b1f763c339e81fc143e079" > < / a > <!-- doxytag: member="cluster.c::_AI_get_min_hierarchy_node" ref="ga6ddddcd505b1f763c339e81fc143e079" args="(int val, hierarchy_node *root)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * _AI_get_min_hierarchy_node < / td >
< td > (< / td >
< td class = "paramtype" > int < / td >
< td class = "paramname" > < em > val< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td >
< td class = "paramname" > < em > root< / em > < / td > < td > < / td >
< / tr >
< tr >
< td > < / td >
< td > )< / td >
< td > < / td > < td > < / td > < td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Get the minimum node in a hierarchy tree that matches a certain value. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > val< / em > < / td > < td > Value to be matched in the range < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > root< / em > < / td > < td > Root of the hierarchy < / td > < / tr >
< / table >
< / dd >
< / dl >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > The minimum node that matches the value if any, NULL otherwise < / dd > < / dl >
< / div >
< / div >
< a class = "anchor" id = "ga8ce8e5a5d8954672297fa2dedb380dcd" > < / a > <!-- doxytag: member="cluster.c::_AI_merge_alerts" ref="ga8ce8e5a5d8954672297fa2dedb380dcd" args="(AI_snort_alert **log)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE int _AI_merge_alerts < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > ** < / td >
< td class = "paramname" > < em > log< / em > < / td >
< td > ) < / td >
< td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Merge the alerts marked as equal in the log. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > log< / em > < / td > < td > Alert log reference < / td > < / tr >
< / table >
< / dd >
< / dl >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > The number of merged couples < / dd > < / dl >
< / div >
< / div >
< a class = "anchor" id = "ga7d151880080470b542e99643dc0426a7" > < / a > <!-- doxytag: member="cluster.c::_AI_print_clustered_alerts" ref="ga7d151880080470b542e99643dc0426a7" args="(AI_snort_alert *log, FILE *fp)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE void _AI_print_clustered_alerts < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < / td >
< td class = "paramname" > < em > log< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > FILE * < / td >
< td class = "paramname" > < em > fp< / em > < / td > < td > < / td >
< / tr >
< tr >
< td > < / td >
< td > )< / td >
< td > < / td > < td > < / td > < td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Print the clustered alerts to a log file. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > log< / em > < / td > < td > Log containing the alerts < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > fp< / em > < / td > < td > File pointer where the alerts will be printed < / td > < / tr >
< / table >
< / dd >
< / dl >
< / div >
< / div >
< a class = "anchor" id = "ga81f5fa721719fdb281595a568eef2101" > < / a > <!-- doxytag: member="cluster.c::_heuristic_func" ref="ga81f5fa721719fdb281595a568eef2101" args="(cluster_type type)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE int _heuristic_func < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640" > cluster_type< / a > < / td >
< td class = "paramname" > < em > type< / em > < / td >
< td > ) < / td >
< td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > type< / em > < / td > < td > Attribute type < / td > < / tr >
< / table >
< / dd >
< / dl >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute < / dd > < / dl >
< / div >
< / div >
< a class = "anchor" id = "ga5601a1f603d9c870ef6e2df192e30c30" > < / a > <!-- doxytag: member="cluster.c::_hierarchy_node_append" ref="ga5601a1f603d9c870ef6e2df192e30c30" args="(hierarchy_node *parent, hierarchy_node *child)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE void _hierarchy_node_append < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td >
< td class = "paramname" > < em > parent< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < / td >
< td class = "paramname" > < em > child< / em > < / td > < td > < / td >
< / tr >
< tr >
< td > < / td >
< td > )< / td >
< td > < / td > < td > < / td > < td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Append a node to a clustering hierarchy node. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > parent< / em > < / td > < td > Parent node < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > child< / em > < / td > < td > Child node < / td > < / tr >
< / table >
< / dd >
< / dl >
< / div >
< / div >
< a class = "anchor" id = "ga2f1a22cfea64e4669da0467620c3e3b3" > < / a > <!-- doxytag: member="cluster.c::_hierarchy_node_new" ref="ga2f1a22cfea64e4669da0467620c3e3b3" args="(char *label, int min_val, int max_val)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * _hierarchy_node_new < / td >
< td > (< / td >
< td class = "paramtype" > char * < / td >
< td class = "paramname" > < em > label< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > int < / td >
< td class = "paramname" > < em > min_val< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > int < / td >
< td class = "paramname" > < em > max_val< / em > < / td > < td > < / td >
< / tr >
< tr >
< td > < / td >
< td > )< / td >
< td > < / td > < td > < / td > < td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Create a new clustering hierarchy node. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > label< / em > < / td > < td > Label for the node < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > min_val< / em > < / td > < td > Minimum value for the range represented by the node < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > max_val< / em > < / td > < td > Maximum value for the range represented by the node < / td > < / tr >
< / table >
< / dd >
< / dl >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > The brand new node if the allocation was ok, otherwise abort the application < / dd > < / dl >
2010-09-11 02:12:39 +02:00
< / div >
< / div >
< a class = "anchor" id = "ga2553c678eeb83282c230d649a0e8fcd4" > < / a > <!-- doxytag: member="cluster.c::AI_get_clustered_alerts" ref="ga2553c678eeb83282c230d649a0e8fcd4" args="()" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * AI_get_clustered_alerts < / td >
< td > (< / td >
< td class = "paramtype" > void < / td >
< td class = "paramname" > < / td >
< td > ) < / td >
< td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Return the alerts parsed so far as a linked list. < / p >
< dl class = "return" > < dt > < b > Returns:< / b > < / dt > < dd > An AI_snort_alert pointer identifying the list of clustered alerts < / dd > < / dl >
2010-09-04 21:33:53 +02:00
< / div >
< / div >
< a class = "anchor" id = "ga1445818b37483f78cc3fb2890155842c" > < / a > <!-- doxytag: member="cluster.c::AI_hierarchies_build" ref="ga1445818b37483f78cc3fb2890155842c" args="(AI_config *conf, hierarchy_node **nodes, int n_nodes)" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > void AI_hierarchies_build < / td >
< td > (< / td >
< td class = "paramtype" > < a class = "el" href = "structAI__config.html" > AI_config< / a > * < / td >
< td class = "paramname" > < em > conf< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > ** < / td >
< td class = "paramname" > < em > nodes< / em > , < / td >
< / tr >
< tr >
< td class = "paramkey" > < / td >
< td > < / td >
< td class = "paramtype" > int < / td >
< td class = "paramname" > < em > n_nodes< / em > < / td > < td > < / td >
< / tr >
< tr >
< td > < / td >
< td > )< / td >
< td > < / td > < td > < / td > < td > < / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< p > Build the clustering hierarchy trees. < / p >
< dl > < dt > < b > Parameters:< / b > < / dt > < dd >
< table border = "0" cellspacing = "2" cellpadding = "0" >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > conf< / em > < / td > < td > Reference to the configuration of the module < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > nodes< / em > < / td > < td > Nodes containing the information about the clustering ranges < / td > < / tr >
< tr > < td valign = "top" > < / td > < td valign = "top" > < em > n_nodes< / em > < / td > < td > Number of nodes < / td > < / tr >
< / table >
< / dd >
< / dl >
< / div >
< / div >
< hr / > < h2 > Variable Documentation< / h2 >
< a class = "anchor" id = "ga91458e2d34595688e39fcb63ba418849" > < / a > <!-- doxytag: member="cluster.c::_config" ref="ga91458e2d34595688e39fcb63ba418849" args="" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "structAI__config.html" > AI_config< / a > * < a class = "el" href = "group__cluster.html#ga91458e2d34595688e39fcb63ba418849" > _config< / a > = NULL< / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< / div >
< / div >
< a class = "anchor" id = "gaaf4c19f60f48741b0890c6114dcff7d9" > < / a > <!-- doxytag: member="cluster.c::alert_log" ref="gaaf4c19f60f48741b0890c6114dcff7d9" args="" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < a class = "el" href = "group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" > alert_log< / a > = NULL< / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
< / div >
< / div >
< a class = "anchor" id = "ga97d35425cf5a0207fb50b64ee8cdda82" > < / a > <!-- doxytag: member="cluster.c::h_root" ref="ga97d35425cf5a0207fb50b64ee8cdda82" args="[CLUSTER_TYPES]" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "struct__hierarchy__node.html" > hierarchy_node< / a > * < a class = "el" href = "group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82" > h_root< / a > [CLUSTER_TYPES] = { NULL }< / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
2010-09-11 12:45:30 +02:00
< / div >
< / div >
< a class = "anchor" id = "gafebc81c042a632dc987e113b7f390274" > < / a > <!-- doxytag: member="cluster.c::lock_flag" ref="gafebc81c042a632dc987e113b7f390274" args="" -->
< div class = "memitem" >
< div class = "memproto" >
< table class = "memname" >
< tr >
< td class = "memname" > PRIVATE < a class = "el" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < a class = "el" href = "group__correlation.html#gafebc81c042a632dc987e113b7f390274" > lock_flag< / a > = false< / td >
< / tr >
< / table >
< / div >
< div class = "memdoc" >
2010-09-04 21:33:53 +02:00
< / div >
< / div >
< / div >
<!-- - window showing the filter options -->
< div id = "MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
< a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(0)" > < span class = "SelectionMark" > < / span > All< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(1)" > < span class = "SelectionMark" > < / span > Data Structures< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(2)" > < span class = "SelectionMark" > < / span > Files< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(3)" > < span class = "SelectionMark" > < / span > Functions< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(4)" > < span class = "SelectionMark" > < / span > Variables< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(5)" > < span class = "SelectionMark" > < / span > Typedefs< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(6)" > < span class = "SelectionMark" > < / span > Enumerations< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(7)" > < span class = "SelectionMark" > < / span > Enumerator< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(8)" > < span class = "SelectionMark" > < / span > Defines< / a > < / div >
<!-- iframe showing the search results (closed by default) -->
< div id = "MSearchResultsWindow" >
< iframe src = "" frameborder = "0"
name="MSearchResults" id="MSearchResults">
< / iframe >
< / div >
2010-09-11 12:45:30 +02:00
< hr class = "footer" / > < address class = "footer" > < small > Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by
2010-09-04 21:33:53 +02:00
< a href = "http://www.doxygen.org/index.html" >
< img class = "footer" src = "doxygen.png" alt = "doxygen" / > < / a > 1.7.1 < / small > < / address >
< / body >
< / html >