Snort_AIPreproc/doc/html/structAI__config.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: AI_config Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
  <div class="tabs">
    <ul class="tablist">
      <li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
      <li><a href="modules.html"><span>Modules</span></a></li>
      <li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
      <li><a href="files.html"><span>Files</span></a></li>
      <li id="searchli">
        <div id="MSearchBox" class="MSearchBoxInactive">
        <span class="left">
          <img id="MSearchSelect" src="search/mag_sel.png"
               onmouseover="return searchBox.OnSearchSelectShow()"
               onmouseout="return searchBox.OnSearchSelectHide()"
               alt=""/>
          <input type="text" id="MSearchField" value="Search" accesskey="S"
               onfocus="searchBox.OnSearchFieldFocus(true)" 
               onblur="searchBox.OnSearchFieldFocus(false)" 
               onkeyup="searchBox.OnSearchFieldChange(event)"/>
          </span><span class="right">
            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
          </span>
        </div>
      </li>
    </ul>
  </div>
  <div class="tabs2">
    <ul class="tablist">
      <li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
      <li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
      <li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
    </ul>
  </div>
</div>
<div class="header">
  <div class="summary">
<a href="#pub-attribs">Data Fields</a>  </div>
  <div class="headertitle">
<h1>AI_config Struct Reference</h1>  </div>
</div>
<div class="contents">
<!-- doxytag: class="AI_config" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">hashCleanupInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">streamExpireInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">alertClusteringInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">databaseParsingInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">correlationGraphInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">double&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#adf6ef0faedfb4dea0a1353e781b14883">correlationThresholdCoefficient</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">alertfile</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">clusterfile</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">corr_rules_dir</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ae68f5489e2ec9ea1408f98fe36d050c9">corr_alerts_dir</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">dbname</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">dbuser</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">dbpass</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">dbhost</a> [256]</td></tr>
</table>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a7d0d098b8263aa3d8415b11d1ec7f93d"></a><!-- doxytag: member="AI_config::alertClusteringInterval" ref="a7d0d098b8263aa3d8415b11d1ec7f93d" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">unsigned long <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config::alertClusteringInterval</a></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Interval in seconds for the alert clustering thread </p>

</div>
</div>
<a class="anchor" id="a2efa9590d7eea6dce8b5dd9aa76ed8ca"></a><!-- doxytag: member="AI_config::alertfile" ref="a2efa9590d7eea6dce8b5dd9aa76ed8ca" args="[1024]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">AI_config::alertfile</a>[1024]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Alert file </p>

</div>
</div>
<a class="anchor" id="a6da02a3f7116fd3810a41b738e8883a3"></a><!-- doxytag: member="AI_config::clusterfile" ref="a6da02a3f7116fd3810a41b738e8883a3" args="[1024]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">AI_config::clusterfile</a>[1024]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Clustered alerts file </p>

</div>
</div>
<a class="anchor" id="ae68f5489e2ec9ea1408f98fe36d050c9"></a><!-- doxytag: member="AI_config::corr_alerts_dir" ref="ae68f5489e2ec9ea1408f98fe36d050c9" args="[1024]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#ae68f5489e2ec9ea1408f98fe36d050c9">AI_config::corr_alerts_dir</a>[1024]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Directory where the correlated alerts' information will be placed </p>

</div>
</div>
<a class="anchor" id="ab7ea93bbe72b85c4019b4f5656ad62fc"></a><!-- doxytag: member="AI_config::corr_rules_dir" ref="ab7ea93bbe72b85c4019b4f5656ad62fc" args="[1024]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">AI_config::corr_rules_dir</a>[1024]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Correlation rules path </p>

</div>
</div>
<a class="anchor" id="aa736375e57a59936e2e782b7cd200e41"></a><!-- doxytag: member="AI_config::correlationGraphInterval" ref="aa736375e57a59936e2e782b7cd200e41" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">unsigned long <a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">AI_config::correlationGraphInterval</a></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Interval in seconds for running the thread for building alert correlation graphs </p>

</div>
</div>
<a class="anchor" id="adf6ef0faedfb4dea0a1353e781b14883"></a><!-- doxytag: member="AI_config::correlationThresholdCoefficient" ref="adf6ef0faedfb4dea0a1353e781b14883" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">double <a class="el" href="structAI__config.html#adf6ef0faedfb4dea0a1353e781b14883">AI_config::correlationThresholdCoefficient</a></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Correlation threshold coefficient for correlating two hyperalerts. Two hyperalerts are 'correlated' to each other in a multi-step attack graph if and only if their correlation value is &gt;= m + ks, where m is the average correlation coefficient, s is the standard deviation over this coefficient, and k is this threshold coefficient. Its value can be &gt;= 0. A value in [0,1] is strongly suggested, but this value mostly depends on how accurate the correlation rules where defined. Be careful, defining a correlation coefficient &gt; or &gt;&gt; 1 no correlation may occur at all! </p>

</div>
</div>
<a class="anchor" id="ae6ca715cab1d90b70c3aad443133c263"></a><!-- doxytag: member="AI_config::databaseParsingInterval" ref="ae6ca715cab1d90b70c3aad443133c263" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">unsigned long <a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">AI_config::databaseParsingInterval</a></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Interval in seconds for reading the alert database, if database logging is used </p>

</div>
</div>
<a class="anchor" id="a8e56f1a1b2095d3d329c8068ea0f3aab"></a><!-- doxytag: member="AI_config::dbhost" ref="a8e56f1a1b2095d3d329c8068ea0f3aab" args="[256]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">AI_config::dbhost</a>[256]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Database host, if database logging is used </p>

</div>
</div>
<a class="anchor" id="ac8a93607f12106e2f5c9b43af27107da"></a><!-- doxytag: member="AI_config::dbname" ref="ac8a93607f12106e2f5c9b43af27107da" args="[256]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">AI_config::dbname</a>[256]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Database name, if database logging is used </p>

</div>
</div>
<a class="anchor" id="aa1cda349763faf60b2ebdbf2d187ae7d"></a><!-- doxytag: member="AI_config::dbpass" ref="aa1cda349763faf60b2ebdbf2d187ae7d" args="[256]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">AI_config::dbpass</a>[256]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Database password, if database logging is used </p>

</div>
</div>
<a class="anchor" id="aa004adebfdafb6d14092aecd7f4912b0"></a><!-- doxytag: member="AI_config::dbuser" ref="aa004adebfdafb6d14092aecd7f4912b0" args="[256]" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">char <a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">AI_config::dbuser</a>[256]</td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Database user, if database logging is used </p>

</div>
</div>
<a class="anchor" id="a9f7680615027d4fb74b4aa144a7028a4"></a><!-- doxytag: member="AI_config::hashCleanupInterval" ref="a9f7680615027d4fb74b4aa144a7028a4" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">unsigned long <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config::hashCleanupInterval</a></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Interval in seconds for the stream cleanup thread </p>

</div>
</div>
<a class="anchor" id="abbe77d5f94b8c5164bea47acba09c98b"></a><!-- doxytag: member="AI_config::streamExpireInterval" ref="abbe77d5f94b8c5164bea47acba09c98b" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">unsigned long <a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">AI_config::streamExpireInterval</a></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Interval in seconds for considering an idle stream timed out </p>

</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
     onmouseover="return searchBox.OnSearchSelectShow()"
     onmouseout="return searchBox.OnSearchSelectHide()"
     onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>

<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0" 
        name="MSearchResults" id="MSearchResults">
</iframe>
</div>

<hr class="footer"/><address class="footer"><small>Generated on Tue Sep 14 2010 19:23:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html xmlns="http://www.w3.org/1999/xhtml">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>`
			`<title>Snort AI preprocessor module: AI_config Struct Reference</title>`
			`<link href="tabs.css" rel="stylesheet" type="text/css"/>`
			`<link href="search/search.css" rel="stylesheet" type="text/css"/>`
			`<script type="text/javaScript" src="search/search.js"></script>`
			`<link href="doxygen.css" rel="stylesheet" type="text/css"/>`
			`</head>`
			`<body onload='searchBox.OnSelectItem(0);'>`
			`<!-- Generated by Doxygen 1.7.1 -->`
			`<script type="text/javascript"><!--`
			`var searchBox = new SearchBox("searchBox", "search",false,'Search');`
			`--></script>`
			`<div class="navigation" id="top">`
			`<div class="tabs">`
			`<ul class="tablist">`
			`<li><a href="index.html"><span>Main Page</span></a></li>`
			`<li><a href="modules.html"><span>Modules</span></a></li>`
			`<li class="current"><a href="annotated.html"><span>Data Structures</span></a></li>`
			`<li><a href="files.html"><span>Files</span></a></li>`
			`<li id="searchli">`
			`<div id="MSearchBox" class="MSearchBoxInactive">`
			`<span class="left">`
			`<img id="MSearchSelect" src="search/mag_sel.png"`
			`onmouseover="return searchBox.OnSearchSelectShow()"`
			`onmouseout="return searchBox.OnSearchSelectHide()"`
			`alt=""/>`
			`<input type="text" id="MSearchField" value="Search" accesskey="S"`
			`onfocus="searchBox.OnSearchFieldFocus(true)"`
			`onblur="searchBox.OnSearchFieldFocus(false)"`
			`onkeyup="searchBox.OnSearchFieldChange(event)"/>`
			`</span><span class="right">`
			`<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>`
			`</span>`
			`</div>`
			`</li>`
			`</ul>`
			`</div>`
			`<div class="tabs2">`
			`<ul class="tablist">`
			`<li><a href="annotated.html"><span>Data Structures</span></a></li>`
			`<li><a href="classes.html"><span>Data Structure Index</span></a></li>`
			`<li><a href="functions.html"><span>Data Fields</span></a></li>`
			`</ul>`
			`</div>`
			`</div>`
			`<div class="header">`
			`<div class="summary">`
			`<a href="#pub-attribs">Data Fields</a> </div>`
			`<div class="headertitle">`
			`<h1>AI_config Struct Reference</h1> </div>`
			`</div>`
			`<div class="contents">`
			`<!-- doxytag: class="AI_config" -->`
			`<p><code>#include <<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>></code></p>`
			`<table class="memberdecls">`
			`<tr><td colspan="2"><h2><a name="pub-attribs"></a>`
			`Data Fields</h2></td></tr>`
			`<tr><td class="memItemLeft" align="right" valign="top">unsigned long </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">hashCleanupInterval</a></td></tr>`
			`<tr><td class="memItemLeft" align="right" valign="top">unsigned long </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">streamExpireInterval</a></td></tr>`
			`<tr><td class="memItemLeft" align="right" valign="top">unsigned long </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">alertClusteringInterval</a></td></tr>`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`<tr><td class="memItemLeft" align="right" valign="top">unsigned long </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">databaseParsingInterval</a></td></tr>`
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`<tr><td class="memItemLeft" align="right" valign="top">unsigned long </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">correlationGraphInterval</a></td></tr>`
Correlation graphs, macro substitution improved 2010-09-14 19:24:03 +02:00			`<tr><td class="memItemLeft" align="right" valign="top">double </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#adf6ef0faedfb4dea0a1353e781b14883">correlationThresholdCoefficient</a></td></tr>`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">alertfile</a> [1024]</td></tr>`
			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">clusterfile</a> [1024]</td></tr>`
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">corr_rules_dir</a> [1024]</td></tr>`
Correlation graphs, macro substitution improved 2010-09-14 19:24:03 +02:00			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ae68f5489e2ec9ea1408f98fe36d050c9">corr_alerts_dir</a> [1024]</td></tr>`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">dbname</a> [256]</td></tr>`
			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">dbuser</a> [256]</td></tr>`
			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">dbpass</a> [256]</td></tr>`
			`<tr><td class="memItemLeft" align="right" valign="top">char </td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">dbhost</a> [256]</td></tr>`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`</table>`
			`<hr/><h2>Field Documentation</h2>`
			`<a class="anchor" id="a7d0d098b8263aa3d8415b11d1ec7f93d"></a><!-- doxytag: member="AI_config::alertClusteringInterval" ref="a7d0d098b8263aa3d8415b11d1ec7f93d" args="" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">unsigned long <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config::alertClusteringInterval</a></td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`<p>Interval in seconds for the alert clustering thread </p>`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00
			`</div>`
			`</div>`
			`<a class="anchor" id="a2efa9590d7eea6dce8b5dd9aa76ed8ca"></a><!-- doxytag: member="AI_config::alertfile" ref="a2efa9590d7eea6dce8b5dd9aa76ed8ca" args="[1024]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">AI_config::alertfile</a>[1024]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`<p>Alert file </p>`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00
			`</div>`
			`</div>`
			`<a class="anchor" id="a6da02a3f7116fd3810a41b738e8883a3"></a><!-- doxytag: member="AI_config::clusterfile" ref="a6da02a3f7116fd3810a41b738e8883a3" args="[1024]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">AI_config::clusterfile</a>[1024]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`<p>Clustered alerts file </p>`

Correlation graphs, macro substitution improved 2010-09-14 19:24:03 +02:00			`</div>`
			`</div>`
			`<a class="anchor" id="ae68f5489e2ec9ea1408f98fe36d050c9"></a><!-- doxytag: member="AI_config::corr_alerts_dir" ref="ae68f5489e2ec9ea1408f98fe36d050c9" args="[1024]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#ae68f5489e2ec9ea1408f98fe36d050c9">AI_config::corr_alerts_dir</a>[1024]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Directory where the correlated alerts' information will be placed </p>`

10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`</div>`
			`</div>`
			`<a class="anchor" id="ab7ea93bbe72b85c4019b4f5656ad62fc"></a><!-- doxytag: member="AI_config::corr_rules_dir" ref="ab7ea93bbe72b85c4019b4f5656ad62fc" args="[1024]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">AI_config::corr_rules_dir</a>[1024]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Correlation rules path </p>`

			`</div>`
			`</div>`
			`<a class="anchor" id="aa736375e57a59936e2e782b7cd200e41"></a><!-- doxytag: member="AI_config::correlationGraphInterval" ref="aa736375e57a59936e2e782b7cd200e41" args="" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">unsigned long <a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">AI_config::correlationGraphInterval</a></td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Interval in seconds for running the thread for building alert correlation graphs </p>`

Correlation graphs, macro substitution improved 2010-09-14 19:24:03 +02:00			`</div>`
			`</div>`
			`<a class="anchor" id="adf6ef0faedfb4dea0a1353e781b14883"></a><!-- doxytag: member="AI_config::correlationThresholdCoefficient" ref="adf6ef0faedfb4dea0a1353e781b14883" args="" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">double <a class="el" href="structAI__config.html#adf6ef0faedfb4dea0a1353e781b14883">AI_config::correlationThresholdCoefficient</a></td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			<p>Correlation threshold coefficient for correlating two hyperalerts. Two hyperalerts are 'correlated' to each other in a multi-step attack graph if and only if their correlation value is >= m + ks, where m is the average correlation coefficient, s is the standard deviation over this coefficient, and k is this threshold coefficient. Its value can be >= 0. A value in [0,1] is strongly suggested, but this value mostly depends on how accurate the correlation rules where defined. Be careful, defining a correlation coefficient > or >> 1 no correlation may occur at all! </p>

Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`</div>`
			`</div>`
			`<a class="anchor" id="ae6ca715cab1d90b70c3aad443133c263"></a><!-- doxytag: member="AI_config::databaseParsingInterval" ref="ae6ca715cab1d90b70c3aad443133c263" args="" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">unsigned long <a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">AI_config::databaseParsingInterval</a></td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Interval in seconds for reading the alert database, if database logging is used </p>`

			`</div>`
			`</div>`
			`<a class="anchor" id="a8e56f1a1b2095d3d329c8068ea0f3aab"></a><!-- doxytag: member="AI_config::dbhost" ref="a8e56f1a1b2095d3d329c8068ea0f3aab" args="[256]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">AI_config::dbhost</a>[256]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Database host, if database logging is used </p>`

			`</div>`
			`</div>`
			`<a class="anchor" id="ac8a93607f12106e2f5c9b43af27107da"></a><!-- doxytag: member="AI_config::dbname" ref="ac8a93607f12106e2f5c9b43af27107da" args="[256]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">AI_config::dbname</a>[256]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Database name, if database logging is used </p>`

			`</div>`
			`</div>`
			`<a class="anchor" id="aa1cda349763faf60b2ebdbf2d187ae7d"></a><!-- doxytag: member="AI_config::dbpass" ref="aa1cda349763faf60b2ebdbf2d187ae7d" args="[256]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">AI_config::dbpass</a>[256]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Database password, if database logging is used </p>`

			`</div>`
			`</div>`
			`<a class="anchor" id="aa004adebfdafb6d14092aecd7f4912b0"></a><!-- doxytag: member="AI_config::dbuser" ref="aa004adebfdafb6d14092aecd7f4912b0" args="[256]" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">char <a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">AI_config::dbuser</a>[256]</td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
			`<p>Database user, if database logging is used </p>`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00
			`</div>`
			`</div>`
			`<a class="anchor" id="a9f7680615027d4fb74b4aa144a7028a4"></a><!-- doxytag: member="AI_config::hashCleanupInterval" ref="a9f7680615027d4fb74b4aa144a7028a4" args="" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">unsigned long <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config::hashCleanupInterval</a></td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`<p>Interval in seconds for the stream cleanup thread </p>`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00
			`</div>`
			`</div>`
			`<a class="anchor" id="abbe77d5f94b8c5164bea47acba09c98b"></a><!-- doxytag: member="AI_config::streamExpireInterval" ref="abbe77d5f94b8c5164bea47acba09c98b" args="" -->`
			`<div class="memitem">`
			`<div class="memproto">`
			`<table class="memname">`
			`<tr>`
			`<td class="memname">unsigned long <a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">AI_config::streamExpireInterval</a></td>`
			`</tr>`
			`</table>`
			`</div>`
			`<div class="memdoc">`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`<p>Interval in seconds for considering an idle stream timed out </p>`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00
			`</div>`
			`</div>`
			`<hr/>The documentation for this struct was generated from the following file:<ul>`
			`<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>`
			`</ul>`
			`</div>`
			`<!--- window showing the filter options -->`
			`<div id="MSearchSelectWindow"`
			`onmouseover="return searchBox.OnSearchSelectShow()"`
			`onmouseout="return searchBox.OnSearchSelectHide()"`
			`onkeydown="return searchBox.OnSearchSelectKey(event)">`
			<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark"> </span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark"> </span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark"> </span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark"> </span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark"> </span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark"> </span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark"> </span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark"> </span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark"> </span>Defines</a></div>

			`<!-- iframe showing the search results (closed by default) -->`
			`<div id="MSearchResultsWindow">`
			`<iframe src="" frameborder="0"`
			`name="MSearchResults" id="MSearchResults">`
			`</iframe>`
			`</div>`

Correlation graphs, macro substitution improved 2010-09-14 19:24:03 +02:00			`<hr class="footer"/><address class="footer"><small>Generated on Tue Sep 14 2010 19:23:42 for Snort AI preprocessor module by `
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`<a href="http://www.doxygen.org/index.html">`
			`<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>`
			`</body>`
			`</html>`