Snort_AIPreproc/doc/latex/cluster_8c.tex

\hypertarget{cluster_8c}{
\section{cluster.c File Reference}
\label{cluster_8c}\index{cluster.c@{cluster.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include $<$stdio.h$>$}\par
{\ttfamily \#include $<$unistd.h$>$}\par
{\ttfamily \#include $<$limits.h$>$}\par
{\ttfamily \#include $<$pthread.h$>$}\par
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item 
struct \hyperlink{structattribute__key}{attribute\_\-key}
\item 
struct \hyperlink{structattribute__value}{attribute\_\-value}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item 
PRIVATE int \hyperlink{group__cluster_ga81f5fa721719fdb281595a568eef2101}{\_\-heuristic\_\-func} (\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} type)
\begin{DoxyCompactList}\small\item\em Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). \item\end{DoxyCompactList}\item 
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga2f1a22cfea64e4669da0467620c3e3b3}{\_\-hierarchy\_\-node\_\-new} (char $\ast$label, int min\_\-val, int max\_\-val)
\begin{DoxyCompactList}\small\item\em Create a new clustering hierarchy node. \item\end{DoxyCompactList}\item 
PRIVATE void \hyperlink{group__cluster_ga5601a1f603d9c870ef6e2df192e30c30}{\_\-hierarchy\_\-node\_\-append} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$parent, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$child)
\begin{DoxyCompactList}\small\item\em Append a node to a clustering hierarchy node. \item\end{DoxyCompactList}\item 
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga6ddddcd505b1f763c339e81fc143e079}{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node} (int val, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Get the minimum node in a hierarchy tree that matches a certain value. \item\end{DoxyCompactList}\item 
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga0f91c8bfc37a3975f5c26b19fd6c5cba}{\_\-AI\_\-equal\_\-alarms} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a1, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a2)
\begin{DoxyCompactList}\small\item\em Check if two alerts are semantically equal. \item\end{DoxyCompactList}\item 
PRIVATE int \hyperlink{group__cluster_ga8ce8e5a5d8954672297fa2dedb380dcd}{\_\-AI\_\-merge\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$log)
\begin{DoxyCompactList}\small\item\em Merge the alerts marked as equal in the log. \item\end{DoxyCompactList}\item 
PRIVATE void \hyperlink{group__cluster_ga7d151880080470b542e99643dc0426a7}{\_\-AI\_\-print\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$log, FILE $\ast$fp)
\begin{DoxyCompactList}\small\item\em Print the clustered alerts to a log file. \item\end{DoxyCompactList}\item 
PRIVATE void $\ast$ \hyperlink{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2}{\_\-AI\_\-cluster\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for periodically clustering the log information. \item\end{DoxyCompactList}\item 
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. \item\end{DoxyCompactList}\item 
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$\hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf}, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\item 
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gab4c8ab92691e85a6f0ac4abb122712fd}{\_\-AI\_\-copy\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Return a copy of the clustered alerts. \item\end{DoxyCompactList}\item 
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_ga2553c678eeb83282c230d649a0e8fcd4}{AI\_\-get\_\-clustered\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item 
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga97d35425cf5a0207fb50b64ee8cdda82}{h\_\-root} \mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}
\item 
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__cluster_ga91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL
\item 
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL
\item 
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false
\end{DoxyCompactItemize}
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\hypertarget{cluster_8c}{`
			`\section{cluster.c File Reference}`
			`\label{cluster_8c}\index{cluster.c@{cluster.c}}`
			`}`
			{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
			`{\ttfamily \#include $<$stdio.h$>$}\par`
			`{\ttfamily \#include $<$unistd.h$>$}\par`
			`{\ttfamily \#include $<$limits.h$>$}\par`
			`{\ttfamily \#include $<$pthread.h$>$}\par`
			`\subsection*{Data Structures}`
			`\begin{DoxyCompactItemize}`
			`\item`
			`struct \hyperlink{structattribute__key}{attribute\_\-key}`
			`\item`
			`struct \hyperlink{structattribute__value}{attribute\_\-value}`
			`\end{DoxyCompactItemize}`
			`\subsection*{Functions}`
			`\begin{DoxyCompactItemize}`
			`\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE int \hyperlink{group__cluster_ga81f5fa721719fdb281595a568eef2101}{\_\-heuristic\_\-func} (\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} type)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga2f1a22cfea64e4669da0467620c3e3b3}{\_\-hierarchy\_\-node\_\-new} (char $\ast$label, int min\_\-val, int max\_\-val)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Create a new clustering hierarchy node. \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE void \hyperlink{group__cluster_ga5601a1f603d9c870ef6e2df192e30c30}{\_\-hierarchy\_\-node\_\-append} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$parent, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$child)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Append a node to a clustering hierarchy node. \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga6ddddcd505b1f763c339e81fc143e079}{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node} (int val, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Get the minimum node in a hierarchy tree that matches a certain value. \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga0f91c8bfc37a3975f5c26b19fd6c5cba}{\_\-AI\_\-equal\_\-alarms} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a1, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a2)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Check if two alerts are semantically equal. \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE int \hyperlink{group__cluster_ga8ce8e5a5d8954672297fa2dedb380dcd}{\_\-AI\_\-merge\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$log)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Merge the alerts marked as equal in the log. \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE void \hyperlink{group__cluster_ga7d151880080470b542e99643dc0426a7}{\_\-AI\_\-print\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$log, FILE $\ast$fp)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Print the clustered alerts to a log file. \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE void $\ast$ \hyperlink{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2}{\_\-AI\_\-cluster\_\-thread} (void $\ast$arg)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Thread for periodically clustering the log information. \item\end{DoxyCompactList}\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\begin{DoxyCompactList}\small\item\em Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. \item\end{DoxyCompactList}\item`
10 sept 2010 commit 2010-09-11 02:12:39 +02:00			`void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$\hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf}, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)`
			`\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\item`
			`PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gab4c8ab92691e85a6f0ac4abb122712fd}{\_\-AI\_\-copy\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)`
			`\begin{DoxyCompactList}\small\item\em Return a copy of the clustered alerts. \item\end{DoxyCompactList}\item`
			`\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_ga2553c678eeb83282c230d649a0e8fcd4}{AI\_\-get\_\-clustered\_\-alerts} ()`
			`\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\subsection*{Variables}`
			`\begin{DoxyCompactItemize}`
			`\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga97d35425cf5a0207fb50b64ee8cdda82}{h\_\-root} \mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__cluster_ga91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\item`
Full support for MySQL (and any?) database alerts 2010-09-04 21:33:53 +02:00			`PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL`
Sept 11 2010 commit 2010-09-11 12:45:30 +02:00			`\item`
			`PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false`
16 ago 2010 commit 2010-08-16 22:09:34 +02:00			`\end{DoxyCompactItemize}`