blacklight/Snort_AIPreproc
1
0
Fork 0
mirror of https://github.com/BlackLight/Snort_AIPreproc.git synced 2024-11-14 20:57:15 +01:00
Code Issues Projects Releases Packages Wiki Activity
Snort_AIPreproc/doc/html/spp__ai_8h.html

465 lines
31 KiB
HTML
Raw Normal View History

First commit for spp_ai
2010-08-14 14:30:41 +02:00
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: spp_ai.h File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<a href="#define-members">Defines</a> &#124;
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<a href="#typedef-members">Typedefs</a> &#124;
<a href="#enum-members">Enumerations</a> &#124;
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<div class="headertitle">
<h1>spp_ai.h File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;sf_snort_packet.h&quot;</code><br/>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<code>#include &quot;sf_dynamic_preprocessor.h&quot;</code><br/>
<code>#include &quot;uthash.h&quot;</code><br/>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<p><a href="spp__ai_8h_source.html">Go to the source code of this file.</a></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__key.html">pkt_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html">pkt_info</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html">AI_config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a></td></tr>
Sept 11 2010 commit
2010-09-11 12:45:30 +02:00
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a></td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a></td></tr>
<tr><td colspan="2"><h2><a name="define-members"></a>
Defines</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">PRIVATE</a>&nbsp;&nbsp;&nbsp;static</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">DEFAULT_HASH_CLEANUP_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">DEFAULT_STREAM_EXPIRE_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">DEFAULT_DATABASE_INTERVAL</a>&nbsp;&nbsp;&nbsp;30</td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>&nbsp;&nbsp;&nbsp;3600</td></tr>
10 sept 2010 commit
2010-09-11 02:12:39 +02:00
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af0edda6cc018d9674b6822f6df4abe74">DEFAULT_ALERT_CORRELATION_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">DEFAULT_ALERT_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">DEFAULT_CLUSTER_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td></tr>
10 sept 2010 commit
2010-09-11 02:12:39 +02:00
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a89448386cad5d5533992ae7ee84f4f1d">DEFAULT_CORR_RULES_DIR</a>&nbsp;&nbsp;&nbsp;&quot;/etc/snort/corr_rules&quot;</td></tr>
Correlation graphs, macro substitution improved
2010-09-14 19:24:03 +02:00
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a7bbeccba60012abcc98db33d39294829">DEFAULT_CORR_ALERTS_DIR</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/correlated_alerts&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#aaedb0b7dc2bdf8d44d3fee2189a55a19">DEFAULT_CORR_THRESHOLD</a>&nbsp;&nbsp;&nbsp;0.5</td></tr>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<tr><td colspan="2"><h2><a name="typedef-members"></a>
Typedefs</h2></td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a></td></tr>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned short&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a></td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">hierarchy_node</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897">AI_snort_alert</a></td></tr>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> { <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c">false</a>,
<a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">true</a>
}</td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> { <br/>
&nbsp;&nbsp;<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0">none</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f">src_addr</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c">dst_addr</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">src_port</a>,
<br/>
&nbsp;&nbsp;<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9">dst_port</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<br/>
}</td></tr>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *, char *, char ***, int *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
Sept 11 2010 commit
2010-09-11 12:45:30 +02:00
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">str_replace</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace the content of 'orig' in 'str' with 'rep'. <a href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">str_replace_all</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace all of the occurrences of 'orig' in 'str' with 'rep'. <a href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4"></a><br/></td></tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">AI_hashcleanup_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">AI_file_alertparser_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f"></a><br/></td></tr>
10 sept 2010 commit
2010-09-11 02:12:39 +02:00
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">AI_alert_correlation_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for correlating clustered alerts. <a href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be"></a><br/></td></tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">AI_pkt_enqueue</a> (SFSnortPacket *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="group__stream.html#ga8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **, int)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
10 sept 2010 commit
2010-09-11 02:12:39 +02:00
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a>)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">AI_get_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f"></a><br/></td></tr>
10 sept 2010 commit
2010-09-11 02:12:39 +02:00
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">AI_get_clustered_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4"></a><br/></td></tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">DynamicPreprocessorData&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td></tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *(*&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">get_alerts</a> )(void)</td></tr>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
</table>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<hr/><h2>Define Documentation</h2>
<a class="anchor" id="a0c4b6fce670e46083e33b9f53b78f39e"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_CLUSTERING_INTERVAL" ref="a0c4b6fce670e46083e33b9f53b78f39e" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_ALERT_CLUSTERING_INTERVAL&nbsp;&nbsp;&nbsp;3600</td>
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Default interval in seconds for the thread clustering alerts </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
10 sept 2010 commit
2010-09-11 02:12:39 +02:00
</div>
</div>
<a class="anchor" id="af0edda6cc018d9674b6822f6df4abe74"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_CORRELATION_INTERVAL" ref="af0edda6cc018d9674b6822f6df4abe74" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_ALERT_CORRELATION_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default interval in seconds for running the graph correlation thread </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="a6d9bf552c32371e0144dc6a6209c7e4a"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_LOG_FILE" ref="a6d9bf552c32371e0144dc6a6209c7e4a" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_ALERT_LOG_FILE&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Default path to Snort's log file </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="a803dc913297ccdace9e604dbfecda97d"></a><!-- doxytag: member="spp_ai.h::DEFAULT_CLUSTER_LOG_FILE" ref="a803dc913297ccdace9e604dbfecda97d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_CLUSTER_LOG_FILE&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Default path to Snort's clustered alerts file </p>
Correlation graphs, macro substitution improved
2010-09-14 19:24:03 +02:00
</div>
</div>
<a class="anchor" id="a7bbeccba60012abcc98db33d39294829"></a><!-- doxytag: member="spp_ai.h::DEFAULT_CORR_ALERTS_DIR" ref="a7bbeccba60012abcc98db33d39294829" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_CORR_ALERTS_DIR&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/correlated_alerts&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default directory for placing correlated alerts information (.dot and possibly .png files) </p>
10 sept 2010 commit
2010-09-11 02:12:39 +02:00
</div>
</div>
<a class="anchor" id="a89448386cad5d5533992ae7ee84f4f1d"></a><!-- doxytag: member="spp_ai.h::DEFAULT_CORR_RULES_DIR" ref="a89448386cad5d5533992ae7ee84f4f1d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_CORR_RULES_DIR&nbsp;&nbsp;&nbsp;&quot;/etc/snort/corr_rules&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default path to alert correlation rules directory </p>
Correlation graphs, macro substitution improved
2010-09-14 19:24:03 +02:00
</div>
</div>
<a class="anchor" id="aaedb0b7dc2bdf8d44d3fee2189a55a19"></a><!-- doxytag: member="spp_ai.h::DEFAULT_CORR_THRESHOLD" ref="aaedb0b7dc2bdf8d44d3fee2189a55a19" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_CORR_THRESHOLD&nbsp;&nbsp;&nbsp;0.5</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default correlation threshold coefficient for correlating two hyperalerts </p>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
</div>
</div>
<a class="anchor" id="a3c4984a0ee515fbc091ac6e33b05e310"></a><!-- doxytag: member="spp_ai.h::DEFAULT_DATABASE_INTERVAL" ref="a3c4984a0ee515fbc091ac6e33b05e310" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_DATABASE_INTERVAL&nbsp;&nbsp;&nbsp;30</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default interval in seconds for reading alerts from the alert database, if used </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="a5f555c0ebd29ce2771a3e2dd4f526746"></a><!-- doxytag: member="spp_ai.h::DEFAULT_HASH_CLEANUP_INTERVAL" ref="a5f555c0ebd29ce2771a3e2dd4f526746" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_HASH_CLEANUP_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Default interval in seconds for the thread cleaning up TCP streams </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="a0f6a189af15ef783fb46ed37c144e031"></a><!-- doxytag: member="spp_ai.h::DEFAULT_STREAM_EXPIRE_INTERVAL" ref="a0f6a189af15ef783fb46ed37c144e031" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_STREAM_EXPIRE_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Default interval in seconds before a stream without any packet is considered timed out </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="a5e151c615eda34903514212f05a5ccf8"></a><!-- doxytag: member="spp_ai.h::PRIVATE" ref="a5e151c615eda34903514212f05a5ccf8" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define PRIVATE&nbsp;&nbsp;&nbsp;static</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<hr/><h2>Typedef Documentation</h2>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<a class="anchor" id="a982be90e72362e88d09f28336c9a1897"></a><!-- doxytag: member="spp_ai.h::AI_snort_alert" ref="a982be90e72362e88d09f28336c9a1897" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a> <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a></td>
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Data type for Snort alerts </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="a466391129919ef12366d311d501552fa"></a><!-- doxytag: member="spp_ai.h::hierarchy_node" ref="a466391129919ef12366d311d501552fa" args="" -->
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<td class="memname">typedef struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a> <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a></td>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
</tr>
</table>
</div>
<div class="memdoc">
Sept 11 2010 commit
2010-09-11 12:45:30 +02:00
<p>Data type for hierarchies used for clustering </p>
First commit for spp_ai
2010-08-14 14:30:41 +02:00
</div>
</div>
<a class="anchor" id="a273cf69d639a59973b6019625df33e30"></a><!-- doxytag: member="spp_ai.h::uint16_t" ref="a273cf69d639a59973b6019625df33e30" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef unsigned short <a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a435d1572bf3f880d55459d9805097f62"></a><!-- doxytag: member="spp_ai.h::uint32_t" ref="a435d1572bf3f880d55459d9805097f62" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef unsigned int <a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a></td>
</tr>
</table>
</div>
<div class="memdoc">
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="aba7bc1797add20fe3efdf37ced1182c5"></a><!-- doxytag: member="spp_ai.h::uint8_t" ref="aba7bc1797add20fe3efdf37ced1182c5" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef unsigned char <a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a></td>
</tr>
</table>
</div>
<div class="memdoc">
First commit for spp_ai
2010-08-14 14:30:41 +02:00
</div>
</div>
<hr/><h2>Enumeration Type Documentation</h2>
<a class="anchor" id="a3e5b8192e7d9ffaf3542f1210aec18dd"></a><!-- doxytag: member="spp_ai.h::BOOL" ref="a3e5b8192e7d9ffaf3542f1210aec18dd" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">enum <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c"></a><!-- doxytag: member="false" ref="a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c" args="" -->false</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b"></a><!-- doxytag: member="true" ref="a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" args="" -->true</em>&nbsp;</td><td>
</td></tr>
</table>
</dd>
</dl>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</div>
</div>
<a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640"></a><!-- doxytag: member="spp_ai.h::cluster_type" ref="ae2ff3c6586aa2ab211a102abfde86640" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">enum <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a></td>
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Possible types of clustering attributes </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0"></a><!-- doxytag: member="none" ref="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" args="" -->none</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f"></a><!-- doxytag: member="src_addr" ref="ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f" args="" -->src_addr</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c"></a><!-- doxytag: member="dst_addr" ref="ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" args="" -->dst_addr</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b"></a><!-- doxytag: member="src_port" ref="ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" args="" -->src_port</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9"></a><!-- doxytag: member="dst_port" ref="ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" args="" -->dst_port</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451"></a><!-- doxytag: member="CLUSTER_TYPES" ref="ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451" args="" -->CLUSTER_TYPES</em>&nbsp;</td><td>
</td></tr>
</table>
</dd>
</dl>
</div>
</div>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="ab46420126c43c1aac5eabc5db266a71c"></a><!-- doxytag: member="spp_ai.h::_dpd" ref="ab46420126c43c1aac5eabc5db266a71c" args="" -->
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<td class="memname">DynamicPreprocessorData <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<a class="anchor" id="ab184b676360ce03035801284a2bd1ea7"></a><!-- doxytag: member="spp_ai.h::get_alerts" ref="ab184b676360ce03035801284a2bd1ea7" args=")(void)" -->
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>*(* <a class="el" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">get_alerts</a>)(void)</td>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
</tr>
</table>
</div>
<div class="memdoc">
Full support for MySQL (and any?) database alerts
2010-09-04 21:33:53 +02:00
<p>Function pointer to the function used for getting the alert list (from log file, db, ...) </p>
16 ago 2010 commit
2010-08-16 22:09:34 +02:00
First commit for spp_ai
2010-08-14 14:30:41 +02:00
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
Correlation graphs, macro substitution improved
2010-09-14 19:24:03 +02:00
<hr class="footer"/><address class="footer"><small>Generated on Tue Sep 14 2010 19:23:42 for Snort AI preprocessor module by&nbsp;
First commit for spp_ai
2010-08-14 14:30:41 +02:00
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>
Reference in a new issue Copy permalink