blacklight
/
Snort_AIPreproc
mirror of https://github.com/BlackLight/Snort_AIPreproc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sept 11 2010 commit

This commit is contained in:
BlackLight 2010-09-11 12:45:30 +02:00
parent e62d6e44bf
commit 997ebcbcd8
92 changed files with 1856 additions and 456 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
TODO
View File

@ -1,4 +1,6 @@
- Correlation macros valid also for hierarchies flags
- Bayesian learning among alerts in alert log
- Managing clusters for addresses, timestamps (and more?)
- Dynamic cluster_min_size algorithm
- Alerts for port scan, grouped alerts, UDP and ICMP too

7
alert_parser.c
View File

@ -29,6 +29,7 @@
PRIVATE AI_snort_alert *alerts = NULL;
PRIVATE FILE *alert_fp = NULL;
PRIVATE BOOL lock_flag = false;
/** \defgroup alert_parser Parse the alert log into binary structures
* @{ */
@ -105,6 +106,9 @@ AI_file_alertparser_thread ( void* arg )
inotify_rm_watch ( ifd, wd );
close ( ifd );
/* Set the lock flag to true until it's done with alert parsing */
lock_flag = true;
while ( !feof ( alert_fp ))
{
fgets ( line, sizeof(line), alert_fp );
@ -300,6 +304,8 @@ AI_file_alertparser_thread ( void* arg )
matches = NULL;
}
}
lock_flag = false;
}
pthread_exit ((void*) 0 );
@ -345,6 +351,7 @@ _AI_copy_alerts ( AI_snort_alert *node )
AI_snort_alert*
AI_get_alerts ()
{
while ( lock_flag );
return _AI_copy_alerts ( alerts );
} /* ----- end of function AI_get_alerts ----- */

14
cluster.c
View File

@ -45,6 +45,7 @@ typedef struct {
PRIVATE hierarchy_node *h_root[CLUSTER_TYPES] = { NULL };
PRIVATE AI_config *_config = NULL;
PRIVATE AI_snort_alert *alert_log = NULL;
PRIVATE BOOL lock_flag = false;
/**
@ -373,11 +374,19 @@ _AI_cluster_thread ( void* arg )
/* Between an execution of the thread and the next one, sleep for alert_clustering_interval seconds */
sleep ( _config->alertClusteringInterval );
/* Set the lock over the alert log until it's done with the clustering operation */
lock_flag = true;
/* Free the current alert log and get the latest one */
AI_free_alerts ( alert_log );
if ( alert_log )
{
AI_free_alerts ( alert_log );
alert_log = NULL;
}
if ( !( alert_log = get_alerts() ))
{
lock_flag = false;
continue;
}
@ -481,6 +490,8 @@ _AI_cluster_thread ( void* arg )
/* break; */
} while ( old_alert_count != alert_count );
lock_flag = false;
if ( !( cluster_fp = fopen ( _config->clusterfile, "w" )) )
{
pthread_exit ((void*) 0 );
@ -650,6 +661,7 @@ _AI_copy_clustered_alerts ( AI_snort_alert *node )
AI_snort_alert*
AI_get_clustered_alerts ()
{
while ( lock_flag );
return _AI_copy_clustered_alerts ( alert_log );
} /* ----- end of function AI_get_clustered_alerts ----- */

136
correlation.c
View File

@ -34,9 +34,62 @@
/** Enumeration for the types of XML tags */
enum { inHyperAlert, inSnortIdTag, inPreTag, inPostTag, TAG_NUM };
PRIVATE AI_hyperalert_info *hyperalerts = NULL;
PRIVATE AI_config *conf = NULL;
PRIVATE AI_snort_alert *alerts = NULL;
/** Struct representing the correlation between all the couples of alerts */
typedef struct {
/** First alert */
AI_snort_alert *a;
/** Second alert */
AI_snort_alert *b;
/** Correlation coefficient */
double correlation;
/** Make the struct 'hashable' */
UT_hash_handle hh;
} AI_alert_correlation;
PRIVATE AI_hyperalert_info *hyperalerts = NULL;
PRIVATE AI_config *conf = NULL;
PRIVATE AI_snort_alert *alerts = NULL;
PRIVATE AI_alert_correlation *correlation_table = NULL;
PRIVATE BOOL lock_flag = false;
/**
* \brief Compute the correlation coefficient between two alerts, as #INTERSECTION(pre(B), post(A) / #UNION(pre(B), post(A))
* \param a Alert a
* \param b Alert b
* \return The correlation coefficient between A and B as coefficient in [0,1]
*/
double
_AI_correlation_coefficient ( AI_snort_alert *a, AI_snort_alert *b )
{
unsigned int i, j,
n_intersection = 0,
n_union = 0;
if ( !a->hyperalert || !b->hyperalert )
return 0.0;
if ( a->hyperalert->n_postconds == 0 || b->hyperalert->n_preconds == 0 )
return 0.0;
n_union = a->hyperalert->n_postconds + b->hyperalert->n_preconds;
for ( i=0; i < a->hyperalert->n_postconds; i++ )
{
for ( j=0; j < b->hyperalert->n_preconds; j++ )
{
if ( !strcasecmp ( a->hyperalert->postconds[i], b->hyperalert->preconds[j] ))
{
n_intersection += 2;
}
}
}
return (double) ((double) n_intersection / (double) n_union );
} /* ----- end of function _AI_correlation_coefficient ----- */
/**
* \brief Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values
@ -300,9 +353,13 @@ AI_alert_correlation_thread ( void *arg )
int i;
struct stat st;
AI_hyperalert_key key;
AI_hyperalert_info *hyp = NULL;
AI_snort_alert *tmp = NULL;
FILE *fp;
AI_hyperalert_info *hyp = NULL;
AI_snort_alert *alert_iterator = NULL,
*alert_iterator2 = NULL;
FILE *fp = fopen ( "/home/blacklight/LOG", "w" );
fclose ( fp );
conf = (AI_config*) arg;
while ( 1 )
@ -317,15 +374,27 @@ AI_alert_correlation_thread ( void *arg )
return ( void* ) 0;
}
if ( !( alerts = AI_get_clustered_alerts() ))
continue;
/* Set the lock flag to true, and keep it this way until I've done with generating the new hyperalerts */
lock_flag = true;
for ( tmp = alerts; tmp; tmp = tmp->next )
if ( alerts )
{
AI_free_alerts ( alerts );
alerts = NULL;
}
if ( !( alerts = AI_get_clustered_alerts() ))
{
lock_flag = false;
continue;
}
for ( alert_iterator = alerts; alert_iterator; alert_iterator = alert_iterator->next )
{
/* Check if my hash table of hyperalerts already contains info about this alert */
key.gid = tmp->gid;
key.sid = tmp->sid;
key.rev = tmp->rev;
key.gid = alert_iterator->gid;
key.sid = alert_iterator->sid;
key.rev = alert_iterator->rev;
HASH_FIND ( hh, hyperalerts, &key, sizeof ( AI_hyperalert_key ), hyp );
/* If not, try to read info from the XML file, if it exists */
@ -340,34 +409,43 @@ AI_alert_correlation_thread ( void *arg )
}
/* Fill the hyper alert info for the current alert */
if ( !( tmp->hyperalert = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info ))))
if ( !( alert_iterator->hyperalert = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ );
tmp->hyperalert->key = hyp->key;
tmp->hyperalert->n_preconds = hyp->n_preconds;
tmp->hyperalert->n_postconds = hyp->n_postconds;
alert_iterator->hyperalert->key = hyp->key;
alert_iterator->hyperalert->n_preconds = hyp->n_preconds;
alert_iterator->hyperalert->n_postconds = hyp->n_postconds;
if ( !( tmp->hyperalert->preconds = ( char** ) malloc ( tmp->hyperalert->n_preconds * sizeof ( char* ))))
if ( !( alert_iterator->hyperalert->preconds = ( char** ) malloc ( alert_iterator->hyperalert->n_preconds * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ );
for ( i=0; i < tmp->hyperalert->n_preconds; i++ )
tmp->hyperalert->preconds[i] = strdup ( hyp->preconds[i] );
for ( i=0; i < alert_iterator->hyperalert->n_preconds; i++ )
alert_iterator->hyperalert->preconds[i] = strdup ( hyp->preconds[i] );
if ( !( tmp->hyperalert->postconds = ( char** ) malloc ( tmp->hyperalert->n_postconds * sizeof ( char* ))))
if ( !( alert_iterator->hyperalert->postconds = ( char** ) malloc ( alert_iterator->hyperalert->n_postconds * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ );
for ( i=0; i < tmp->hyperalert->n_postconds; i++ )
tmp->hyperalert->postconds[i] = strdup ( hyp->postconds[i] );
for ( i=0; i < alert_iterator->hyperalert->n_postconds; i++ )
alert_iterator->hyperalert->postconds[i] = strdup ( hyp->postconds[i] );
_AI_macro_subst ( &tmp );
fp = fopen ( "/home/blacklight/LOG", "a" );
fprintf ( fp, "pre: %s\n", (tmp->hyperalert->n_preconds > 0) ? tmp->hyperalert->preconds[0] : "()" );
fprintf ( fp, "post: %s\n", (tmp->hyperalert->n_postconds > 0) ? tmp->hyperalert->postconds[0] : "()" );
fclose ( fp );
_AI_macro_subst ( &alert_iterator );
}
AI_free_alerts ( alerts );
for ( alert_iterator = alerts; alert_iterator; alert_iterator = alert_iterator->next )
{
for ( alert_iterator2 = alerts; alert_iterator2; alert_iterator2 = alert_iterator2->next )
{
if ( alert_iterator != alert_iterator2 )
{
fp = fopen ( "/home/blacklight/LOG", "a" );
fprintf ( fp, "alert1: (%s), alert2: (%s)\n", alert_iterator->desc, alert_iterator2->desc );
fprintf ( fp, "correlation (alert1, alert2): %f\n\n", _AI_correlation_coefficient ( alert_iterator, alert_iterator2 ));
fclose ( fp );
}
}
}
lock_flag = false;
}
pthread_exit (( void* ) 0 );

10
db.c
View File

@ -31,7 +31,8 @@
PRIVATE AI_config *config;
PRIVATE AI_snort_alert *alerts = NULL;
PRIVATE AI_snort_alert *alerts = NULL;
PRIVATE BOOL lock_flag = false;
/** pthread mutex for accessing database data */
PRIVATE pthread_mutex_t db_mutex = PTHREAD_MUTEX_INITIALIZER;
@ -77,6 +78,10 @@ AI_db_alertparser_thread ( void *arg )
while ( 1 )
{
sleep ( config->databaseParsingInterval );
/* Set the lock flag to true until it's done with alert parsing */
lock_flag = true;
memset ( query, 0, sizeof ( query ));
snprintf ( query, sizeof (query), "select cid, unix_timestamp(timestamp), signature from event where cid > %d "
"and unix_timestamp(timestamp) > %ld order by cid", latest_cid, latest_time );
@ -93,6 +98,7 @@ AI_db_alertparser_thread ( void *arg )
DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ );
} else if ( rows == 0 ) {
lock_flag = false;
continue;
}
@ -218,6 +224,7 @@ AI_db_alertparser_thread ( void *arg )
}
}
lock_flag = false;
DB_free_result ( res );
latest_time = time ( NULL );
}
@ -265,6 +272,7 @@ _AI_db_copy_alerts ( AI_snort_alert *node )
AI_snort_alert*
AI_db_get_alerts ()
{
while ( lock_flag );
return _AI_db_copy_alerts ( alerts );
} /* ----- end of function AI_db_get_alerts ----- */

18
doc/html/alert__parser_8c.html
View File

@ -75,6 +75,7 @@ Functions</h2></td></tr>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE FILE *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_fp</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#afebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td></tr>
</table>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="abee2a33368912d9288c76b51160a9ed6"></a><!-- doxytag: member="alert_parser.c::alert_fp" ref="abee2a33368912d9288c76b51160a9ed6" args="" -->
@ -95,7 +96,20 @@ Variables</h2></td></tr>
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="afebc81c042a632dc987e113b7f390274"></a><!-- doxytag: member="alert_parser.c::lock_flag" ref="afebc81c042a632dc987e113b7f390274" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td>
</tr>
</table>
</div>
@ -118,7 +132,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

7
doc/html/annotated.html
View File

@ -54,11 +54,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Here are the data structures with brief descriptions:<table>
<tr><td class="indexkey"><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structAI__config.html">AI_config</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structattribute__key.html">attribute_key</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structattribute__value.html">attribute_value</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structhyperalert.html">hyperalert</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structhyperalert__key.html">hyperalert_key</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structpkt__info.html">pkt_info</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structpkt__key.html">pkt_key</a></td><td class="indexvalue"></td></tr>
</table>
@ -77,7 +78,7 @@ Here are the data structures with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

9
doc/html/classes.html
View File

@ -51,13 +51,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h1>Data Structure Index</h1> </div>
</div>
<div class="contents">
<div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_H">H</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
<div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
<table align="center" width="95%" border="0" cellspacing="0" cellpadding="0">
<tr><td><a name="letter_A"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;A&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="structattribute__value.html">attribute_value</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structhyperalert__key.html">hyperalert_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structAI__config.html">AI_config</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter_H"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;H&nbsp;&nbsp;</div></td></tr></table>
</td><td><a name="letter_P"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;P&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structattribute__value.html">attribute_value</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter_P"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;P&nbsp;&nbsp;</div></td></tr></table>
</td><td><a name="letter__"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;_&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structattribute__key.html">attribute_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structhyperalert.html">hyperalert</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__info.html">pkt_info</a>&nbsp;&nbsp;&nbsp;</td></tr></table><div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_H">H</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
</td><td><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structAI__config.html">AI_config</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structattribute__key.html">attribute_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__info.html">pkt_info</a>&nbsp;&nbsp;&nbsp;</td></tr></table><div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -73,7 +72,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

3
doc/html/cluster_8c.html
View File

@ -95,6 +95,7 @@ Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td></tr>
</table>
</div>
<!--- window showing the filter options -->
@ -111,7 +112,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

18
doc/html/correlation_8c.html
View File

@ -63,8 +63,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert__key.html">hyperalert_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html">hyperalert</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a></td></tr>
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom">{ <br/>
@ -78,14 +77,21 @@ Enumerations</h2></td></tr>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">_AI_hyperalert_from_XML</a> (<a class="el" href="structhyperalert__key.html">hyperalert_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse info about a hyperalert from a correlation XML file, if it exists. <a href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">double&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga130e82017fc0abcb76b1a7740ae2f4df">_AI_correlation_coefficient</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *b)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). <a href="group__correlation.html#ga130e82017fc0abcb76b1a7740ae2f4df"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga0d094eae1d014d89a2de21263fa747da">_AI_macro_subst</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **alert)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. <a href="group__correlation.html#ga0d094eae1d014d89a2de21263fa747da"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65">_AI_hyperalert_from_XML</a> (<a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse info about a hyperalert from a correlation XML file, if it exists. <a href="group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">AI_alert_correlation_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for correlating clustered alerts. <a href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">hyperalerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2">hyperalerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021">correlation_table</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td></tr>
</table>
</div>
<!--- window showing the filter options -->
@ -102,7 +108,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/db_8c.html
View File

@ -68,7 +68,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/db_8h.html
View File

@ -69,7 +69,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/db_8h_source.html
View File

@ -111,7 +111,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/files.html
View File

@ -78,7 +78,7 @@ Here is a list of all files with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

40
doc/html/functions.html
View File

@ -54,6 +54,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<div class="tabs3">
<ul class="tablist">
<li><a href="#index_a"><span>a</span></a></li>
<li><a href="#index_b"><span>b</span></a></li>
<li><a href="#index_c"><span>c</span></a></li>
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_g"><span>g</span></a></li>
@ -75,6 +76,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Here is a list of all struct and union fields with links to the structures/unions they belong to:
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>a
: <a class="el" href="structAI__alert__correlation.html#a8737f171e1c1b2305c8fe77101d6aeb7">AI_alert_correlation</a>
</li>
<li>alertClusteringInterval
: <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config</a>
</li>
@ -84,6 +88,13 @@ Here is a list of all struct and union fields with links to the structures/union
</ul>
<h3><a class="anchor" id="index_b"></a>- b -</h3><ul>
<li>b
: <a class="el" href="structAI__alert__correlation.html#a478f1a6f18f9c083b203efdf776379cd">AI_alert_correlation</a>
</li>
</ul>
<h3><a class="anchor" id="index_c"></a>- c -</h3><ul>
<li>children
: <a class="el" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">_hierarchy_node</a>
@ -97,6 +108,9 @@ Here is a list of all struct and union fields with links to the structures/union
<li>corr_rules_dir
: <a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">AI_config</a>
</li>
<li>correlation
: <a class="el" href="structAI__alert__correlation.html#aad417b2126ae26d7576f006a3dbcdc81">AI_alert_correlation</a>
</li>
<li>correlationGraphInterval
: <a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">AI_config</a>
</li>
@ -133,7 +147,7 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>gid
: <a class="el" href="structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4">hyperalert_key</a>
: <a class="el" href="structAI__hyperalert__key.html#a711afeb45b534480e85bf9abe569a602">AI_hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
</li>
<li>grouped_alarms_count
@ -150,9 +164,13 @@ Here is a list of all struct and union fields with links to the structures/union
: <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config</a>
</li>
<li>hh
: <a class="el" href="structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04">hyperalert</a>
, <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
: <a class="el" href="structAI__hyperalert__info.html#a6915bec67d383f374e758b44f50b48ff">AI_hyperalert_info</a>
, <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
, <a class="el" href="structAI__alert__correlation.html#ad3020a87936a2193a92f09331401ad42">AI_alert_correlation</a>
, <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
</li>
<li>hyperalert
: <a class="el" href="struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a">_AI_snort_alert</a>
</li>
</ul>
@ -185,8 +203,8 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_k"></a>- k -</h3><ul>
<li>key
: <a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">attribute_value</a>
, <a class="el" href="structAI__hyperalert__info.html#a9d461da8f00415ef03b24edb3bbd6cf8">AI_hyperalert_info</a>
, <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
, <a class="el" href="structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d">hyperalert</a>
</li>
</ul>
@ -216,10 +234,10 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_n"></a>- n -</h3><ul>
<li>n_postconds
: <a class="el" href="structhyperalert.html#a16c46535e62397b5ef394b014943f58a">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a73322b6cad3e883abed03b62c6c21719">AI_hyperalert_info</a>
</li>
<li>n_preconds
: <a class="el" href="structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a616c16f364dbb2d726e88df6b364ea40">AI_hyperalert_info</a>
</li>
<li>nchildren
: <a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">_hierarchy_node</a>
@ -246,10 +264,10 @@ Here is a list of all struct and union fields with links to the structures/union
: <a class="el" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt_info</a>
</li>
<li>postconds
: <a class="el" href="structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a6a63385397bf814153d7bb20b52840d9">AI_hyperalert_info</a>
</li>
<li>preconds
: <a class="el" href="structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a8ac4e028c47a98a8be5afd4363164031">AI_hyperalert_info</a>
</li>
<li>priority
: <a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">_AI_snort_alert</a>
@ -259,7 +277,7 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_r"></a>- r -</h3><ul>
<li>rev
: <a class="el" href="structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87">hyperalert_key</a>
: <a class="el" href="structAI__hyperalert__key.html#a3aa6fed74469f1f2c08573c5d7298670">AI_hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
</li>
</ul>
@ -267,7 +285,7 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sid
: <a class="el" href="structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc">hyperalert_key</a>
: <a class="el" href="structAI__hyperalert__key.html#a854676c9125ae0aeaeaef2b201ce542f">AI_hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_ip
@ -328,7 +346,7 @@ Here is a list of all struct and union fields with links to the structures/union
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

40
doc/html/functions_vars.html
View File

@ -54,6 +54,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<div class="tabs3">
<ul class="tablist">
<li><a href="#index_a"><span>a</span></a></li>
<li><a href="#index_b"><span>b</span></a></li>
<li><a href="#index_c"><span>c</span></a></li>
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_g"><span>g</span></a></li>
@ -75,6 +76,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
&nbsp;
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>a
: <a class="el" href="structAI__alert__correlation.html#a8737f171e1c1b2305c8fe77101d6aeb7">AI_alert_correlation</a>
</li>
<li>alertClusteringInterval
: <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config</a>
</li>
@ -84,6 +88,13 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</ul>
<h3><a class="anchor" id="index_b"></a>- b -</h3><ul>
<li>b
: <a class="el" href="structAI__alert__correlation.html#a478f1a6f18f9c083b203efdf776379cd">AI_alert_correlation</a>
</li>
</ul>
<h3><a class="anchor" id="index_c"></a>- c -</h3><ul>
<li>children
: <a class="el" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">_hierarchy_node</a>
@ -97,6 +108,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>corr_rules_dir
: <a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">AI_config</a>
</li>
<li>correlation
: <a class="el" href="structAI__alert__correlation.html#aad417b2126ae26d7576f006a3dbcdc81">AI_alert_correlation</a>
</li>
<li>correlationGraphInterval
: <a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">AI_config</a>
</li>
@ -133,7 +147,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>gid
: <a class="el" href="structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4">hyperalert_key</a>
: <a class="el" href="structAI__hyperalert__key.html#a711afeb45b534480e85bf9abe569a602">AI_hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
</li>
<li>grouped_alarms_count
@ -150,9 +164,13 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config</a>
</li>
<li>hh
: <a class="el" href="structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04">hyperalert</a>
, <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
: <a class="el" href="structAI__hyperalert__info.html#a6915bec67d383f374e758b44f50b48ff">AI_hyperalert_info</a>
, <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
, <a class="el" href="structAI__alert__correlation.html#ad3020a87936a2193a92f09331401ad42">AI_alert_correlation</a>
, <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
</li>
<li>hyperalert
: <a class="el" href="struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a">_AI_snort_alert</a>
</li>
</ul>
@ -185,8 +203,8 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_k"></a>- k -</h3><ul>
<li>key
: <a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">attribute_value</a>
, <a class="el" href="structAI__hyperalert__info.html#a9d461da8f00415ef03b24edb3bbd6cf8">AI_hyperalert_info</a>
, <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
, <a class="el" href="structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d">hyperalert</a>
</li>
</ul>
@ -216,10 +234,10 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_n"></a>- n -</h3><ul>
<li>n_postconds
: <a class="el" href="structhyperalert.html#a16c46535e62397b5ef394b014943f58a">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a73322b6cad3e883abed03b62c6c21719">AI_hyperalert_info</a>
</li>
<li>n_preconds
: <a class="el" href="structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a616c16f364dbb2d726e88df6b364ea40">AI_hyperalert_info</a>
</li>
<li>nchildren
: <a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">_hierarchy_node</a>
@ -246,10 +264,10 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt_info</a>
</li>
<li>postconds
: <a class="el" href="structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a6a63385397bf814153d7bb20b52840d9">AI_hyperalert_info</a>
</li>
<li>preconds
: <a class="el" href="structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66">hyperalert</a>
: <a class="el" href="structAI__hyperalert__info.html#a8ac4e028c47a98a8be5afd4363164031">AI_hyperalert_info</a>
</li>
<li>priority
: <a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">_AI_snort_alert</a>
@ -259,7 +277,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_r"></a>- r -</h3><ul>
<li>rev
: <a class="el" href="structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87">hyperalert_key</a>
: <a class="el" href="structAI__hyperalert__key.html#a3aa6fed74469f1f2c08573c5d7298670">AI_hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
</li>
</ul>
@ -267,7 +285,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sid
: <a class="el" href="structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc">hyperalert_key</a>
: <a class="el" href="structAI__hyperalert__key.html#a854676c9125ae0aeaeaef2b201ce542f">AI_hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_ip
@ -328,7 +346,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

38
doc/html/globals.html
View File

@ -67,6 +67,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index_g"><span>g</span></a></li>
<li><a href="#index_h"><span>h</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_m"><span>m</span></a></li>
<li><a href="#index_n"><span>n</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
@ -92,6 +93,9 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>_AI_copy_clustered_alerts()
: <a class="el" href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd">cluster.c</a>
</li>
<li>_AI_correlation_coefficient()
: <a class="el" href="group__correlation.html#ga130e82017fc0abcb76b1a7740ae2f4df">correlation.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
@ -99,7 +103,10 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
: <a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_hyperalert_from_XML()
: <a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">correlation.c</a>
: <a class="el" href="group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65">correlation.c</a>
</li>
<li>_AI_macro_subst()
: <a class="el" href="group__correlation.html#ga0d094eae1d014d89a2de21263fa747da">correlation.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
@ -179,8 +186,8 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
, <a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">stream.c</a>
</li>
<li>AI_setup()
: <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
, <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">sf_preproc_info.h</a>
: <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">sf_preproc_info.h</a>
, <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
</li>
<li>AI_snort_alert
: <a class="el" href="spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897">spp_ai.h</a>
@ -196,6 +203,7 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</li>
<li>alerts
: <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
, <a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">correlation.c</a>
</li>
</ul>
@ -220,6 +228,9 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>conf
: <a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">correlation.c</a>
</li>
<li>correlation_table
: <a class="el" href="group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021">correlation.c</a>
</li>
</ul>
@ -295,7 +306,7 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
: <a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">spp_ai.h</a>
</li>
<li>hyperalerts
: <a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">correlation.c</a>
: <a class="el" href="group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2">correlation.c</a>
</li>
</ul>
@ -316,6 +327,15 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</ul>
<h3><a class="anchor" id="index_l"></a>- l -</h3><ul>
<li>lock_flag
: <a class="el" href="alert__parser_8c.html#afebc81c042a632dc987e113b7f390274">alert_parser.c</a>
, <a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">correlation.c</a>
, <a class="el" href="group__cluster.html#gafebc81c042a632dc987e113b7f390274">cluster.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_m"></a>- m -</h3><ul>
<li>MAJOR_VERSION
: <a class="el" href="sf__preproc__info_8h.html#aa9e8f3bb466bb421d13913df7aeaa20c">sf_preproc_info.h</a>
@ -357,6 +377,14 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>start_time
: <a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">stream.c</a>
</li>
<li>str_replace()
: <a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">spp_ai.h</a>
, <a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">regex.c</a>
</li>
<li>str_replace_all()
: <a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">regex.c</a>
, <a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">spp_ai.h</a>
</li>
</ul>
@ -396,7 +424,7 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_defs.html
View File

@ -116,7 +116,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_enum.html
View File

@ -80,7 +80,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_eval.html
View File

@ -113,7 +113,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

23
doc/html/globals_func.html
View File

@ -60,6 +60,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index__"><span>_</span></a></li>
<li><a href="#index_a"><span>a</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
</ul>
</div>
</div>
@ -79,6 +80,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>_AI_copy_clustered_alerts()
: <a class="el" href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd">cluster.c</a>
</li>
<li>_AI_correlation_coefficient()
: <a class="el" href="group__correlation.html#ga130e82017fc0abcb76b1a7740ae2f4df">correlation.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
@ -86,7 +90,10 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_hyperalert_from_XML()
: <a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">correlation.c</a>
: <a class="el" href="group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65">correlation.c</a>
</li>
<li>_AI_macro_subst()
: <a class="el" href="group__correlation.html#ga0d094eae1d014d89a2de21263fa747da">correlation.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
@ -172,6 +179,18 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
, <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">spp_ai.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>str_replace()
: <a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">regex.c</a>
, <a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">spp_ai.h</a>
</li>
<li>str_replace_all()
: <a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">regex.c</a>
, <a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">spp_ai.h</a>
</li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -187,7 +206,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_type.html
View File

@ -89,7 +89,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

13
doc/html/globals_vars.html
View File

@ -75,10 +75,14 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</li>
<li>alerts
: <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
, <a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">correlation.c</a>
</li>
<li>conf
: <a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">correlation.c</a>
</li>
<li>correlation_table
: <a class="el" href="group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021">correlation.c</a>
</li>
<li>ex_config
: <a class="el" href="group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628">spp_ai.c</a>
</li>
@ -95,7 +99,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="stream_8c.html#a4e01edd07102e71480b323db2b8f57c8">stream.c</a>
</li>
<li>hyperalerts
: <a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">correlation.c</a>
: <a class="el" href="group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2">correlation.c</a>
</li>
<li>lock_flag
: <a class="el" href="alert__parser_8c.html#afebc81c042a632dc987e113b7f390274">alert_parser.c</a>
, <a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">correlation.c</a>
, <a class="el" href="group__cluster.html#gafebc81c042a632dc987e113b7f390274">cluster.c</a>
</li>
<li>start_time
: <a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">stream.c</a>
@ -116,7 +125,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/group__alert__parser.html
View File

@ -174,7 +174,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

16
doc/html/group__cluster.html
View File

@ -84,6 +84,7 @@ Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga29c35cd6c56f54e27b5b190c6d6c487a"></a><!-- doxytag: member="cluster.c::_AI_check_duplicate" ref="ga29c35cd6c56f54e27b5b190c6d6c487a" args="(hierarchy_node *node, hierarchy_node *root)" -->
@ -510,6 +511,19 @@ Variables</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gafebc81c042a632dc987e113b7f390274"></a><!-- doxytag: member="cluster.c::lock_flag" ref="gafebc81c042a632dc987e113b7f390274" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
@ -527,7 +541,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

131
doc/html/group__correlation.html
View File

@ -52,8 +52,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert__key.html">hyperalert_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html">hyperalert</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a></td></tr>
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom">{ <br/>
@ -67,14 +66,21 @@ Enumerations</h2></td></tr>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">_AI_hyperalert_from_XML</a> (<a class="el" href="structhyperalert__key.html">hyperalert_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse info about a hyperalert from a correlation XML file, if it exists. <a href="#gacb46174cec5a2cce0a9bb1ca2b0f6850"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">double&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga130e82017fc0abcb76b1a7740ae2f4df">_AI_correlation_coefficient</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *b)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). <a href="#ga130e82017fc0abcb76b1a7740ae2f4df"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga0d094eae1d014d89a2de21263fa747da">_AI_macro_subst</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **alert)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. <a href="#ga0d094eae1d014d89a2de21263fa747da"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65">_AI_hyperalert_from_XML</a> (<a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse info about a hyperalert from a correlation XML file, if it exists. <a href="#ga929e5c17fdb247a998d83ed6a4ae5a65"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">AI_alert_correlation_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for correlating clustered alerts. <a href="#ga939353a4e15de7a8f4145ab986f584be"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">hyperalerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2">hyperalerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021">correlation_table</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td></tr>
</table>
<hr/><h2>Enumeration Type Documentation</h2>
<a class="anchor" id="ga06fc87d81c62e9abb8790b6e5713c55b"></a><!-- doxytag: member="correlation.c::@0" ref="ga06fc87d81c62e9abb8790b6e5713c55b" args="" -->
@ -106,14 +112,51 @@ Variables</h2></td></tr>
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="gacb46174cec5a2cce0a9bb1ca2b0f6850"></a><!-- doxytag: member="correlation.c::_AI_hyperalert_from_XML" ref="gacb46174cec5a2cce0a9bb1ca2b0f6850" args="(hyperalert_key key)" -->
<a class="anchor" id="ga130e82017fc0abcb76b1a7740ae2f4df"></a><!-- doxytag: member="correlation.c::_AI_correlation_coefficient" ref="ga130e82017fc0abcb76b1a7740ae2f4df" args="(AI_snort_alert *a, AI_snort_alert *b)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a>* _AI_hyperalert_from_XML </td>
<td class="memname">double _AI_correlation_coefficient </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structhyperalert__key.html">hyperalert_key</a>&nbsp;</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>b</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>a</em>&nbsp;</td><td>Alert a </td></tr>
<tr><td valign="top"></td><td valign="top"><em>b</em>&nbsp;</td><td>Alert b </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The correlation coefficient between A and B as coefficient in [0,1] </dd></dl>
</div>
</div>
<a class="anchor" id="ga929e5c17fdb247a998d83ed6a4ae5a65"></a><!-- doxytag: member="correlation.c::_AI_hyperalert_from_XML" ref="ga929e5c17fdb247a998d83ed6a4ae5a65" args="(AI_hyperalert_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a>* _AI_hyperalert_from_XML </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
@ -123,7 +166,6 @@ Variables</h2></td></tr>
<div class="memdoc">
<p>Parse info about a hyperalert from a correlation XML file, if it exists. </p>
<p>FUNCTION: _AI_hyperalert_from_XML </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key (gid, sid, rev) identifying the alert </td></tr>
@ -132,6 +174,32 @@ Variables</h2></td></tr>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A hyperalert structure containing the info about the current alert, if the XML file was found </dd></dl>
</div>
</div>
<a class="anchor" id="ga0d094eae1d014d89a2de21263fa747da"></a><!-- doxytag: member="correlation.c::_AI_macro_subst" ref="ga0d094eae1d014d89a2de21263fa747da" args="(AI_snort_alert **alert)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void _AI_macro_subst </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **&nbsp;</td>
<td class="paramname"> <em>alert</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>alert</em>&nbsp;</td><td>Reference to the hyperalert to work on </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga939353a4e15de7a8f4145ab986f584be"></a><!-- doxytag: member="correlation.c::AI_alert_correlation_thread" ref="ga939353a4e15de7a8f4145ab986f584be" args="(void *arg)" -->
@ -161,6 +229,19 @@ Variables</h2></td></tr>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="gae837fc04e61c0eb052f997c54b4fd9fe"></a><!-- doxytag: member="correlation.c::alerts" ref="gae837fc04e61c0eb052f997c54b4fd9fe" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gaad7a982b6016390e7cd1164bd7db8bca"></a><!-- doxytag: member="correlation.c::conf" ref="gaad7a982b6016390e7cd1164bd7db8bca" args="" -->
<div class="memitem">
<div class="memproto">
@ -174,12 +255,38 @@ Variables</h2></td></tr>
</div>
</div>
<a class="anchor" id="ga343192ed5e938536f3dc150e51f8acf6"></a><!-- doxytag: member="correlation.c::hyperalerts" ref="ga343192ed5e938536f3dc150e51f8acf6" args="" -->
<a class="anchor" id="ga701934a296c51f2397d24e8bf4a9f021"></a><!-- doxytag: member="correlation.c::correlation_table" ref="ga701934a296c51f2397d24e8bf4a9f021" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a>* <a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">hyperalerts</a> = NULL</td>
<td class="memname">PRIVATE <a class="el" href="structAI__alert__correlation.html">AI_alert_correlation</a>* <a class="el" href="group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021">correlation_table</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gae56c79aa018caaeebeeb709a9e51c9c2"></a><!-- doxytag: member="correlation.c::hyperalerts" ref="gae56c79aa018caaeebeeb709a9e51c9c2" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a>* <a class="el" href="group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2">hyperalerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gafebc81c042a632dc987e113b7f390274"></a><!-- doxytag: member="correlation.c::lock_flag" ref="gafebc81c042a632dc987e113b7f390274" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="el" href="group__correlation.html#gafebc81c042a632dc987e113b7f390274">lock_flag</a> = false</td>
</tr>
</table>
</div>
@ -202,7 +309,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

94
doc/html/group__regex.html
View File

@ -51,6 +51,10 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *expr, char *str, char ***matches, int *nmatches)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="#ga35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">str_replace</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace the content of 'orig' in 'str' with 'rep'. <a href="#ga736ba1abdc4938cbb1bf5861e7dbfd50"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">str_replace_all</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace all of the occurrences of 'orig' in 'str' with 'rep'. <a href="#gaff6c55cd04fc08dd582e244590dc25a4"></a><br/></td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga35f57c052a7de1ded54b67a1f7819791"></a><!-- doxytag: member="regex.c::preg_match" ref="ga35f57c052a7de1ded54b67a1f7819791" args="(const char *expr, char *str, char ***matches, int *nmatches)" -->
@ -102,6 +106,94 @@ Functions</h2></td></tr>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>-1 if the regex is wrong, 0 if no match was found, 1 otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ga736ba1abdc4938cbb1bf5861e7dbfd50"></a><!-- doxytag: member="regex.c::str_replace" ref="ga736ba1abdc4938cbb1bf5861e7dbfd50" args="(char *str, char *orig, char *rep)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char* str_replace </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>orig</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>rep</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Replace the content of 'orig' in 'str' with 'rep'. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to work on </td></tr>
<tr><td valign="top"></td><td valign="top"><em>orig</em>&nbsp;</td><td>String to be replaced </td></tr>
<tr><td valign="top"></td><td valign="top"><em>rep</em>&nbsp;</td><td>Replacement for 'orig' </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The string with the replacement </dd></dl>
</div>
</div>
<a class="anchor" id="gaff6c55cd04fc08dd582e244590dc25a4"></a><!-- doxytag: member="regex.c::str_replace_all" ref="gaff6c55cd04fc08dd582e244590dc25a4" args="(char *str, char *orig, char *rep)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char* str_replace_all </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>orig</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>rep</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Replace all of the occurrences of 'orig' in 'str' with 'rep'. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to work on </td></tr>
<tr><td valign="top"></td><td valign="top"><em>orig</em>&nbsp;</td><td>String to be replaced </td></tr>
<tr><td valign="top"></td><td valign="top"><em>rep</em>&nbsp;</td><td>Replacement for 'orig' </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The string with the replacement </dd></dl>
</div>
</div>
</div>
@ -119,7 +211,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/group__spp__ai.html
View File

@ -215,7 +215,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/group__stream.html
View File

@ -207,7 +207,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/index.html
View File

@ -59,7 +59,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/modules.html
View File

@ -67,7 +67,7 @@ Here is a list of all modules:<ul>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/mysql_8c.html
View File

@ -68,7 +68,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

6
doc/html/regex_8c.html
View File

@ -62,6 +62,10 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *expr, char *str, char ***matches, int *nmatches)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">str_replace</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace the content of 'orig' in 'str' with 'rep'. <a href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">str_replace_all</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace all of the occurrences of 'orig' in 'str' with 'rep'. <a href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4"></a><br/></td></tr>
</table>
</div>
<!--- window showing the filter options -->
@ -78,7 +82,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

38
doc/html/search/all_5f.html
View File

@ -31,79 +31,91 @@
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcorrelation_5fcoefficient">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__correlation.html#ga130e82017fc0abcb76b1a7740ae2f4df" target="_parent">_AI_correlation_coefficient</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fhyperalert_5ffrom_5fxml">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850" target="_parent">_AI_hyperalert_from_XML</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65" target="_parent">_AI_hyperalert_from_XML</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmacro_5fsubst">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__correlation.html#ga0d094eae1d014d89a2de21263fa747da" target="_parent">_AI_macro_subst</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fsnort_5falert">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fconfig">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__cluster.html#ga91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../group__cluster.html#ga91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fdpd">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>

120
doc/html/search/all_61.html
View File

@ -7,183 +7,207 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_a">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__alert__correlation.html#a8737f171e1c1b2305c8fe77101d6aeb7" target="_parent">a</a>
<span class="SRScope">AI_alert_correlation</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5falert_5fcorrelation">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structAI__alert__correlation.html" target="_parent">AI_alert_correlation</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5falert_5fcorrelation_5fthread">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falert_5fcorrelation_5fthread')">AI_alert_correlation_thread</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falert_5fcorrelation_5fthread')">AI_alert_correlation_thread</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *arg):&nbsp;correlation.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *):&nbsp;correlation.c</a>
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *arg):&nbsp;correlation.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *):&nbsp;correlation.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fconfig">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffile_5falertparser_5fthread">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffree_5falerts">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5falerts">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fclustered_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fclustered_5falerts')">AI_get_clustered_alerts</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fclustered_5falerts')">AI_get_clustered_alerts</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts():&nbsp;cluster.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts(void):&nbsp;cluster.c</a>
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts():&nbsp;cluster.c</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts(void):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fstream_5fby_5fkey">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhashcleanup_5fthread">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<div class="SRChildren">
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
<a id="Item9_c0" onkeydown="return searchResults.NavChild(event,9,0)" onkeypress="return searchResults.NavChild(event,9,0)" onkeyup="return searchResults.NavChild(event,9,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item9_c1" onkeydown="return searchResults.NavChild(event,9,1)" onkeypress="return searchResults.NavChild(event,9,1)" onkeyup="return searchResults.NavChild(event,9,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhierarchies_5fbuild">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<div class="SRChildren">
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhyperalert_5finfo">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../structAI__hyperalert__info.html" target="_parent">AI_hyperalert_info</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhyperalert_5fkey">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../structAI__hyperalert__key.html" target="_parent">AI_hyperalert_key</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5finit">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fparse">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fpkt_5fenqueue">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<div class="SRChildren">
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
<a id="Item15_c0" onkeydown="return searchResults.NavChild(event,15,0)" onkeypress="return searchResults.NavChild(event,15,0)" onkeyup="return searchResults.NavChild(event,15,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item15_c1" onkeydown="return searchResults.NavChild(event,15,1)" onkeypress="return searchResults.NavChild(event,15,1)" onkeyup="return searchResults.NavChild(event,15,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fprocess">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fset_5fstream_5fobserved">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<div class="SRChildren">
<a id="Item13_c0" onkeydown="return searchResults.NavChild(event,13,0)" onkeypress="return searchResults.NavChild(event,13,0)" onkeyup="return searchResults.NavChild(event,13,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item13_c1" onkeydown="return searchResults.NavChild(event,13,1)" onkeypress="return searchResults.NavChild(event,13,1)" onkeyup="return searchResults.NavChild(event,13,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item17_c0" onkeydown="return searchResults.NavChild(event,17,0)" onkeypress="return searchResults.NavChild(event,17,0)" onkeyup="return searchResults.NavChild(event,17,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item17_c1" onkeydown="return searchResults.NavChild(event,17,1)" onkeypress="return searchResults.NavChild(event,17,1)" onkeyup="return searchResults.NavChild(event,17,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsetup">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<div class="SRChildren">
<a id="Item14_c0" onkeydown="return searchResults.NavChild(event,14,0)" onkeypress="return searchResults.NavChild(event,14,0)" onkeyup="return searchResults.NavChild(event,14,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item14_c1" onkeydown="return searchResults.NavChild(event,14,1)" onkeypress="return searchResults.NavChild(event,14,1)" onkeyup="return searchResults.NavChild(event,14,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
<a id="Item18_c0" onkeydown="return searchResults.NavChild(event,18,0)" onkeypress="return searchResults.NavChild(event,18,0)" onkeyup="return searchResults.NavChild(event,18,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item18_c1" onkeydown="return searchResults.NavChild(event,18,1)" onkeypress="return searchResults.NavChild(event,18,1)" onkeyup="return searchResults.NavChild(event,18,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsnort_5falert">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5ffp">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5flog">
<div class="SREntry">
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5fparser_2ec">
<div class="SREntry">
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
</div>
</div>
<div class="SRResult" id="SR_alertclusteringinterval">
<div class="SREntry">
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<a id="Item23" onkeydown="return searchResults.Nav(event,23)" onkeypress="return searchResults.Nav(event,23)" onkeyup="return searchResults.Nav(event,23)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertfile">
<div class="SREntry">
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<a id="Item24" onkeydown="return searchResults.Nav(event,24)" onkeypress="return searchResults.Nav(event,24)" onkeyup="return searchResults.Nav(event,24)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertparser_5fthread">
<div class="SREntry">
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<a id="Item25" onkeydown="return searchResults.Nav(event,25)" onkeypress="return searchResults.Nav(event,25)" onkeyup="return searchResults.Nav(event,25)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_alerts">
<div class="SREntry">
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<span class="SRScope">alert_parser.c</span>
<a id="Item26" onkeydown="return searchResults.Nav(event,26)" onkeypress="return searchResults.Nav(event,26)" onkeyup="return searchResults.Nav(event,26)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_alerts')">alerts</a>
<div class="SRChildren">
<a id="Item26_c0" onkeydown="return searchResults.NavChild(event,26,0)" onkeypress="return searchResults.NavChild(event,26,0)" onkeyup="return searchResults.NavChild(event,26,0)" class="SRScope" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;alert_parser.c</a>
<a id="Item26_c1" onkeydown="return searchResults.NavChild(event,26,1)" onkeypress="return searchResults.NavChild(event,26,1)" onkeyup="return searchResults.NavChild(event,26,1)" class="SRScope" href="../group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;correlation.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fkey">
<div class="SREntry">
<a id="Item23" onkeydown="return searchResults.Nav(event,23)" onkeypress="return searchResults.Nav(event,23)" onkeyup="return searchResults.Nav(event,23)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
<a id="Item27" onkeydown="return searchResults.Nav(event,27)" onkeypress="return searchResults.Nav(event,27)" onkeyup="return searchResults.Nav(event,27)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fvalue">
<div class="SREntry">
<a id="Item24" onkeydown="return searchResults.Nav(event,24)" onkeypress="return searchResults.Nav(event,24)" onkeyup="return searchResults.Nav(event,24)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
<a id="Item28" onkeydown="return searchResults.Nav(event,28)" onkeypress="return searchResults.Nav(event,28)" onkeyup="return searchResults.Nav(event,28)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

10
doc/html/search/all_62.html
View File

@ -7,15 +7,21 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_b">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__alert__correlation.html#a478f1a6f18f9c083b203efdf776379cd" target="_parent">b</a>
<span class="SRScope">AI_alert_correlation</span>
</div>
</div>
<div class="SRResult" id="SR_bool">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" target="_parent">BOOL</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" target="_parent">BOOL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_build_5fversion">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__preproc__info_8h.html#ad7a967dd260384e94010b31b1412a0b4" target="_parent">BUILD_VERSION</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../sf__preproc__info_8h.html#ad7a967dd260384e94010b31b1412a0b4" target="_parent">BUILD_VERSION</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>

18
doc/html/search/all_63.html
View File

@ -54,20 +54,32 @@
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_correlation">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../structAI__alert__correlation.html#aad417b2126ae26d7576f006a3dbcdc81" target="_parent">correlation</a>
<span class="SRScope">AI_alert_correlation</span>
</div>
</div>
<div class="SRResult" id="SR_correlation_2ec">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../correlation_8c.html" target="_parent">correlation.c</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../correlation_8c.html" target="_parent">correlation.c</a>
</div>
</div>
<div class="SRResult" id="SR_correlation_5ftable">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021" target="_parent">correlation_table</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_correlationgraphinterval">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../structAI__config.html#aa736375e57a59936e2e782b7cd200e41" target="_parent">correlationGraphInterval</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../structAI__config.html#aa736375e57a59936e2e782b7cd200e41" target="_parent">correlationGraphInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>

2
doc/html/search/all_67.html
View File

@ -17,7 +17,7 @@
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_gid')">gid</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4" target="_parent">hyperalert_key::gid()</a>
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structAI__hyperalert__key.html#a711afeb45b534480e85bf9abe569a602" target="_parent">AI_hyperalert_key::gid()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">_AI_snort_alert::gid()</a>
</div>
</div>

13
doc/html/search/all_68.html
View File

@ -42,8 +42,9 @@
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04" target="_parent">hyperalert::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structAI__alert__correlation.html#ad3020a87936a2193a92f09331401ad42" target="_parent">AI_alert_correlation::hh()</a>
<a id="Item5_c2" onkeydown="return searchResults.NavChild(event,5,2)" onkeypress="return searchResults.NavChild(event,5,2)" onkeyup="return searchResults.NavChild(event,5,2)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
<a id="Item5_c3" onkeydown="return searchResults.NavChild(event,5,3)" onkeypress="return searchResults.NavChild(event,5,3)" onkeyup="return searchResults.NavChild(event,5,3)" class="SRScope" href="../structAI__hyperalert__info.html#a6915bec67d383f374e758b44f50b48ff" target="_parent">AI_hyperalert_info::hh()</a>
</div>
</div>
</div>
@ -55,17 +56,13 @@
</div>
<div class="SRResult" id="SR_hyperalert">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structhyperalert.html" target="_parent">hyperalert</a>
</div>
</div>
<div class="SRResult" id="SR_hyperalert_5fkey">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../structhyperalert__key.html" target="_parent">hyperalert_key</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a" target="_parent">hyperalert</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_hyperalerts">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6" target="_parent">hyperalerts</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2" target="_parent">hyperalerts</a>
<span class="SRScope">correlation.c</span>
</div>
</div>

4
doc/html/search/all_6b.html
View File

@ -12,8 +12,8 @@
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_key')">key</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d" target="_parent">attribute_value::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d" target="_parent">hyperalert::key()</a>
<a id="Item0_c2" onkeydown="return searchResults.NavChild(event,0,2)" onkeypress="return searchResults.NavChild(event,0,2)" onkeyup="return searchResults.NavChild(event,0,2)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
<a id="Item0_c2" onkeydown="return searchResults.NavChild(event,0,2)" onkeypress="return searchResults.NavChild(event,0,2)" onkeyup="return searchResults.NavChild(event,0,2)" class="SRScope" href="../structAI__hyperalert__info.html#a9d461da8f00415ef03b24edb3bbd6cf8" target="_parent">AI_hyperalert_info::key()</a>
</div>
</div>
</div>

10
doc/html/search/all_6c.html
View File

@ -13,6 +13,16 @@
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_lock_5fflag">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_lock_5fflag')">lock_flag</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../alert__parser_8c.html#afebc81c042a632dc987e113b7f390274" target="_parent">lock_flag():&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__cluster.html#gafebc81c042a632dc987e113b7f390274" target="_parent">lock_flag():&nbsp;cluster.c</a>
<a id="Item1_c2" onkeydown="return searchResults.NavChild(event,1,2)" onkeypress="return searchResults.NavChild(event,1,2)" onkeyup="return searchResults.NavChild(event,1,2)" class="SRScope" href="../group__correlation.html#gafebc81c042a632dc987e113b7f390274" target="_parent">lock_flag():&nbsp;correlation.c</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

8
doc/html/search/all_6e.html
View File

@ -9,14 +9,14 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_n_5fpostconds">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structhyperalert.html#a16c46535e62397b5ef394b014943f58a" target="_parent">n_postconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__hyperalert__info.html#a73322b6cad3e883abed03b62c6c21719" target="_parent">n_postconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_n_5fpreconds">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70" target="_parent">n_preconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structAI__hyperalert__info.html#a616c16f364dbb2d726e88df6b364ea40" target="_parent">n_preconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_nchildren">

8
doc/html/search/all_70.html
View File

@ -31,14 +31,14 @@
</div>
<div class="SRResult" id="SR_postconds">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863" target="_parent">postconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__hyperalert__info.html#a6a63385397bf814153d7bb20b52840d9" target="_parent">postconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_preconds">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66" target="_parent">preconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structAI__hyperalert__info.html#a8ac4e028c47a98a8be5afd4363164031" target="_parent">preconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_preg_5fmatch">

2
doc/html/search/all_72.html
View File

@ -16,7 +16,7 @@
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_rev')">rev</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87" target="_parent">hyperalert_key::rev()</a>
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structAI__hyperalert__key.html#a3aa6fed74469f1f2c08573c5d7298670" target="_parent">AI_hyperalert_key::rev()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">_AI_snort_alert::rev()</a>
</div>
</div>

26
doc/html/search/all_73.html
View File

@ -16,7 +16,7 @@
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_sid')">sid</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc" target="_parent">hyperalert_key::sid()</a>
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structAI__hyperalert__key.html#a854676c9125ae0aeaeaef2b201ce542f" target="_parent">AI_hyperalert_key::sid()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">_AI_snort_alert::sid()</a>
</div>
</div>
@ -55,20 +55,38 @@
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_str_5freplace">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_str_5freplace')">str_replace</a>
<div class="SRChildren">
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50" target="_parent">str_replace(char *str, char *orig, char *rep):&nbsp;regex.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50" target="_parent">str_replace(char *str, char *orig, char *rep):&nbsp;regex.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_str_5freplace_5fall">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_str_5freplace_5fall')">str_replace_all</a>
<div class="SRChildren">
<a id="Item9_c0" onkeydown="return searchResults.NavChild(event,9,0)" onkeypress="return searchResults.NavChild(event,9,0)" onkeyup="return searchResults.NavChild(event,9,0)" class="SRScope" href="../group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4" target="_parent">str_replace_all(char *str, char *orig, char *rep):&nbsp;regex.c</a>
<a id="Item9_c1" onkeydown="return searchResults.NavChild(event,9,1)" onkeypress="return searchResults.NavChild(event,9,1)" onkeyup="return searchResults.NavChild(event,9,1)" class="SRScope" href="../group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4" target="_parent">str_replace_all(char *str, char *orig, char *rep):&nbsp;regex.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_stream">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_stream_2ec">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
</div>
</div>
<div class="SRResult" id="SR_streamexpireinterval">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>

21
doc/html/search/classes_61.html
View File

@ -7,19 +7,34 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ai_5falert_5fcorrelation">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__alert__correlation.html" target="_parent">AI_alert_correlation</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhyperalert_5finfo">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structAI__hyperalert__info.html" target="_parent">AI_hyperalert_info</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhyperalert_5fkey">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__hyperalert__key.html" target="_parent">AI_hyperalert_key</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fkey">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fvalue">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

30
doc/html/search/functions_5f.html
View File

@ -31,57 +31,69 @@
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcorrelation_5fcoefficient">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__correlation.html#ga130e82017fc0abcb76b1a7740ae2f4df" target="_parent">_AI_correlation_coefficient</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fhyperalert_5ffrom_5fxml">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850" target="_parent">_AI_hyperalert_from_XML</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__correlation.html#ga929e5c17fdb247a998d83ed6a4ae5a65" target="_parent">_AI_hyperalert_from_XML</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmacro_5fsubst">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__correlation.html#ga0d094eae1d014d89a2de21263fa747da" target="_parent">_AI_macro_subst</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>

36
doc/html/search/functions_73.html
View File

@ -7,34 +7,22 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_sfpolicyconfigcreate">
<div class="SRResult" id="SR_str_5freplace">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd" target="_parent">sfPolicyConfigCreate</a>
<span class="SRScope">sfPolicyUserData.c</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_str_5freplace')">str_replace</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50" target="_parent">str_replace(char *str, char *orig, char *rep):&nbsp;regex.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50" target="_parent">str_replace(char *str, char *orig, char *rep):&nbsp;regex.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyconfigdelete">
<div class="SRResult" id="SR_str_5freplace_5fall">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga189d09ed6d1203ebace6ea2c2aafc1b8" target="_parent">sfPolicyConfigDelete</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataclear">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__sfPolicyConfig.html#gae8f2ae426b1f1a50eabfade6d22c2c85" target="_parent">sfPolicyUserDataClear</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataiterate">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17" target="_parent">sfPolicyUserDataIterate</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataset">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b" target="_parent">sfPolicyUserDataSet</a>
<span class="SRScope">sfPolicyUserData.c</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_str_5freplace_5fall')">str_replace_all</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4" target="_parent">str_replace_all(char *str, char *orig, char *rep):&nbsp;regex.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4" target="_parent">str_replace_all(char *str, char *orig, char *rep):&nbsp;regex.c</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

6
doc/html/search/search.js
View File

@ -8,10 +8,10 @@
var indexSectionsWithContent =
{
0: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111111011111101111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
1: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000010000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
1: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
2: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101100000000100001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
3: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101110111011111101110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
3: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111110111011111101110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
5: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000010000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
6: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
7: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001101001000010000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",

23
doc/html/search/variables_61.html
View File

@ -7,40 +7,49 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_a">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__alert__correlation.html#a8737f171e1c1b2305c8fe77101d6aeb7" target="_parent">a</a>
<span class="SRScope">AI_alert_correlation</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5ffp">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5flog">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_alertclusteringinterval">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertfile">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertparser_5fthread">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_alerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<span class="SRScope">alert_parser.c</span>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_alerts')">alerts</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;alert_parser.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__correlation.html#gae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;correlation.c</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

26
doc/html/search/variables_62.html Normal file
View File

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_b">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__alert__correlation.html#a478f1a6f18f9c083b203efdf776379cd" target="_parent">b</a>
<span class="SRScope">AI_alert_correlation</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

16
doc/html/search/variables_63.html
View File

@ -37,15 +37,27 @@
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_correlation">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structAI__alert__correlation.html#aad417b2126ae26d7576f006a3dbcdc81" target="_parent">correlation</a>
<span class="SRScope">AI_alert_correlation</span>
</div>
</div>
<div class="SRResult" id="SR_correlation_5ftable">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#ga701934a296c51f2397d24e8bf4a9f021" target="_parent">correlation_table</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_correlationgraphinterval">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structAI__config.html#aa736375e57a59936e2e782b7cd200e41" target="_parent">correlationGraphInterval</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structAI__config.html#aa736375e57a59936e2e782b7cd200e41" target="_parent">correlationGraphInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>

2
doc/html/search/variables_67.html
View File

@ -17,7 +17,7 @@
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_gid')">gid</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4" target="_parent">hyperalert_key::gid()</a>
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structAI__hyperalert__key.html#a711afeb45b534480e85bf9abe569a602" target="_parent">AI_hyperalert_key::gid()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">_AI_snort_alert::gid()</a>
</div>
</div>

11
doc/html/search/variables_68.html
View File

@ -42,14 +42,21 @@
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04" target="_parent">hyperalert::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structAI__alert__correlation.html#ad3020a87936a2193a92f09331401ad42" target="_parent">AI_alert_correlation::hh()</a>
<a id="Item5_c2" onkeydown="return searchResults.NavChild(event,5,2)" onkeypress="return searchResults.NavChild(event,5,2)" onkeyup="return searchResults.NavChild(event,5,2)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
<a id="Item5_c3" onkeydown="return searchResults.NavChild(event,5,3)" onkeypress="return searchResults.NavChild(event,5,3)" onkeyup="return searchResults.NavChild(event,5,3)" class="SRScope" href="../structAI__hyperalert__info.html#a6915bec67d383f374e758b44f50b48ff" target="_parent">AI_hyperalert_info::hh()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_hyperalert">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a" target="_parent">hyperalert</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_hyperalerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6" target="_parent">hyperalerts</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__correlation.html#gae56c79aa018caaeebeeb709a9e51c9c2" target="_parent">hyperalerts</a>
<span class="SRScope">correlation.c</span>
</div>
</div>

4
doc/html/search/variables_6b.html
View File

@ -12,8 +12,8 @@
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_key')">key</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d" target="_parent">attribute_value::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d" target="_parent">hyperalert::key()</a>
<a id="Item0_c2" onkeydown="return searchResults.NavChild(event,0,2)" onkeypress="return searchResults.NavChild(event,0,2)" onkeyup="return searchResults.NavChild(event,0,2)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
<a id="Item0_c2" onkeydown="return searchResults.NavChild(event,0,2)" onkeypress="return searchResults.NavChild(event,0,2)" onkeyup="return searchResults.NavChild(event,0,2)" class="SRScope" href="../structAI__hyperalert__info.html#a9d461da8f00415ef03b24edb3bbd6cf8" target="_parent">AI_hyperalert_info::key()</a>
</div>
</div>
</div>

10
doc/html/search/variables_6c.html
View File

@ -13,6 +13,16 @@
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_lock_5fflag">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_lock_5fflag')">lock_flag</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../alert__parser_8c.html#afebc81c042a632dc987e113b7f390274" target="_parent">lock_flag():&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__cluster.html#gafebc81c042a632dc987e113b7f390274" target="_parent">lock_flag():&nbsp;cluster.c</a>
<a id="Item1_c2" onkeydown="return searchResults.NavChild(event,1,2)" onkeypress="return searchResults.NavChild(event,1,2)" onkeyup="return searchResults.NavChild(event,1,2)" class="SRScope" href="../group__correlation.html#gafebc81c042a632dc987e113b7f390274" target="_parent">lock_flag():&nbsp;correlation.c</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

8
doc/html/search/variables_6e.html
View File

@ -9,14 +9,14 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_n_5fpostconds">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structhyperalert.html#a16c46535e62397b5ef394b014943f58a" target="_parent">n_postconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__hyperalert__info.html#a73322b6cad3e883abed03b62c6c21719" target="_parent">n_postconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_n_5fpreconds">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70" target="_parent">n_preconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structAI__hyperalert__info.html#a616c16f364dbb2d726e88df6b364ea40" target="_parent">n_preconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_nchildren">

8
doc/html/search/variables_70.html
View File

@ -21,14 +21,14 @@
</div>
<div class="SRResult" id="SR_postconds">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863" target="_parent">postconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structAI__hyperalert__info.html#a6a63385397bf814153d7bb20b52840d9" target="_parent">postconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_preconds">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66" target="_parent">preconds</a>
<span class="SRScope">hyperalert</span>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__hyperalert__info.html#a8ac4e028c47a98a8be5afd4363164031" target="_parent">preconds</a>
<span class="SRScope">AI_hyperalert_info</span>
</div>
</div>
<div class="SRResult" id="SR_priority">

2
doc/html/search/variables_72.html
View File

@ -11,7 +11,7 @@
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_rev')">rev</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87" target="_parent">hyperalert_key::rev()</a>
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structAI__hyperalert__key.html#a3aa6fed74469f1f2c08573c5d7298670" target="_parent">AI_hyperalert_key::rev()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">_AI_snort_alert::rev()</a>
</div>
</div>

2
doc/html/search/variables_73.html
View File

@ -11,7 +11,7 @@
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_sid')">sid</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc" target="_parent">hyperalert_key::sid()</a>
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structAI__hyperalert__key.html#a854676c9125ae0aeaeaef2b201ce542f" target="_parent">AI_hyperalert_key::sid()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">_AI_snort_alert::sid()</a>
</div>
</div>

2
doc/html/sf__preproc__info_8h.html
View File

@ -149,7 +149,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

23
doc/html/sf__preproc__info_8h_source.html
View File

@ -52,17 +52,16 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<a href="sf__preproc__info_8h.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="preprocessor">#ifndef SF_PREPROC_INFO_H_</span>
<a name="l00002"></a>00002 <span class="preprocessor"></span><span class="preprocessor">#define SF_PREPROC_INFO_H_</span>
<a name="l00003"></a>00003 <span class="preprocessor"></span>
<a name="l00004"></a>00004 <span class="comment">// #define VERSION &quot;0.1.0&quot;</span>
<a name="l00005"></a><a class="code" href="sf__preproc__info_8h.html#aa9e8f3bb466bb421d13913df7aeaa20c">00005</a> <span class="preprocessor">#define MAJOR_VERSION 0</span>
<a name="l00006"></a><a class="code" href="sf__preproc__info_8h.html#a320988aa2655ee094f3a34a52da10831">00006</a> <span class="preprocessor"></span><span class="preprocessor">#define MINOR_VERSION 1</span>
<a name="l00007"></a><a class="code" href="sf__preproc__info_8h.html#ad7a967dd260384e94010b31b1412a0b4">00007</a> <span class="preprocessor"></span><span class="preprocessor">#define BUILD_VERSION 0</span>
<a name="l00008"></a><a class="code" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">00008</a> <span class="preprocessor"></span><span class="preprocessor">#define PREPROC_NAME &quot;SF_AI&quot;</span>
<a name="l00009"></a>00009 <span class="preprocessor"></span>
<a name="l00010"></a><a class="code" href="sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44">00010</a> <span class="preprocessor">#define DYNAMIC_PREPROC_SETUP AI_setup</span>
<a name="l00011"></a>00011 <span class="preprocessor"></span><span class="keyword">extern</span> <span class="keywordtype">void</span> <a class="code" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" title="Set up the preprocessor module.">AI_setup</a>();
<a name="l00012"></a>00012
<a name="l00013"></a>00013 <span class="preprocessor">#endif </span><span class="comment">/* SF_PREPROC_INFO_H_ */</span>
<a name="l00014"></a>00014
<a name="l00004"></a><a class="code" href="sf__preproc__info_8h.html#aa9e8f3bb466bb421d13913df7aeaa20c">00004</a> <span class="preprocessor">#define MAJOR_VERSION 0</span>
<a name="l00005"></a><a class="code" href="sf__preproc__info_8h.html#a320988aa2655ee094f3a34a52da10831">00005</a> <span class="preprocessor"></span><span class="preprocessor">#define MINOR_VERSION 1</span>
<a name="l00006"></a><a class="code" href="sf__preproc__info_8h.html#ad7a967dd260384e94010b31b1412a0b4">00006</a> <span class="preprocessor"></span><span class="preprocessor">#define BUILD_VERSION 0</span>
<a name="l00007"></a><a class="code" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">00007</a> <span class="preprocessor"></span><span class="preprocessor">#define PREPROC_NAME &quot;SF_AI&quot;</span>
<a name="l00008"></a>00008 <span class="preprocessor"></span>
<a name="l00009"></a><a class="code" href="sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44">00009</a> <span class="preprocessor">#define DYNAMIC_PREPROC_SETUP AI_setup</span>
<a name="l00010"></a>00010 <span class="preprocessor"></span><span class="keyword">extern</span> <span class="keywordtype">void</span> <a class="code" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" title="Set up the preprocessor module.">AI_setup</a>();
<a name="l00011"></a>00011
<a name="l00012"></a>00012 <span class="preprocessor">#endif </span><span class="comment">/* SF_PREPROC_INFO_H_ */</span>
<a name="l00013"></a>00013
</pre></div></div>
</div>
<!--- window showing the filter options -->
@ -79,7 +78,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/spp__ai_8c.html
View File

@ -89,7 +89,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

9
doc/html/spp__ai_8h.html
View File

@ -69,6 +69,8 @@ Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html">pkt_info</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html">AI_config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a></td></tr>
<tr><td colspan="2"><h2><a name="define-members"></a>
Defines</h2></td></tr>
@ -107,6 +109,10 @@ Enumerations</h2></td></tr>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *, char *, char ***, int *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50">str_replace</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace the content of 'orig' in 'str' with 'rep'. <a href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4">str_replace_all</a> (char *str, char *orig, char *rep)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Replace all of the occurrences of 'orig' in 'str' with 'rep'. <a href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">AI_hashcleanup_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">AI_file_alertparser_thread</a> (void *)</td></tr>
@ -283,6 +289,7 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Data type for hierarchies used for clustering </p>
</div>
</div>
@ -420,7 +427,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

292
doc/html/spp__ai_8h_source.html
View File

@ -104,146 +104,164 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<a name="l00061"></a>00061
<a name="l00062"></a><a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">00062</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> { <span class="keyword">false</span>, <span class="keyword">true</span> } BOOL;
<a name="l00063"></a>00063
<a name="l00065"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">00065</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> {
<a name="l00066"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">00066</a> none, src_addr, dst_addr, src_port, dst_port, <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<a name="l00067"></a>00067 } cluster_type;
<a name="l00068"></a>00068
<a name="l00070"></a><a class="code" href="structpkt__key.html">00070</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a>
<a name="l00071"></a>00071 {
<a name="l00072"></a><a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">00072</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a>;
<a name="l00073"></a><a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">00073</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a>;
<a name="l00074"></a>00074 };
<a name="l00075"></a>00075
<a name="l00077"></a><a class="code" href="structpkt__info.html">00077</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>
<a name="l00078"></a>00078 {
<a name="l00080"></a><a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">00080</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a> <a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a>;
<a name="l00081"></a>00081
<a name="l00083"></a><a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">00083</a> time_t <a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a>;
<a name="l00084"></a>00084
<a name="l00086"></a><a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">00086</a> SFSnortPacket* <a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a>;
<a name="l00087"></a>00087
<a name="l00089"></a><a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">00089</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a>;
<a name="l00090"></a>00090
<a name="l00092"></a><a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">00092</a> <a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a>;
<a name="l00093"></a>00093
<a name="l00095"></a><a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">00095</a> UT_hash_handle <a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a>;
<a name="l00096"></a>00096 };
<a name="l00097"></a>00097
<a name="l00098"></a>00098 <span class="comment">/* Data type containing the configuration of the module */</span>
<a name="l00099"></a><a class="code" href="structAI__config.html">00099</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00100"></a>00100 {
<a name="l00102"></a><a class="code" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">00102</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> hashCleanupInterval;
<a name="l00103"></a>00103
<a name="l00105"></a><a class="code" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">00105</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> streamExpireInterval;
<a name="l00106"></a>00106
<a name="l00108"></a><a class="code" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">00108</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> alertClusteringInterval;
<a name="l00109"></a>00109
<a name="l00111"></a><a class="code" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">00111</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> databaseParsingInterval;
<a name="l00112"></a>00112
<a name="l00114"></a><a class="code" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">00114</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> correlationGraphInterval;
<a name="l00115"></a>00115
<a name="l00117"></a><a class="code" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">00117</a> <span class="keywordtype">char</span> alertfile[1024];
<a name="l00118"></a>00118
<a name="l00120"></a><a class="code" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">00120</a> <span class="keywordtype">char</span> clusterfile[1024];
<a name="l00121"></a>00121
<a name="l00123"></a><a class="code" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">00123</a> <span class="keywordtype">char</span> corr_rules_dir[1024];
<a name="l00124"></a>00124
<a name="l00126"></a><a class="code" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">00126</a> <span class="keywordtype">char</span> dbname[256];
<a name="l00127"></a>00127
<a name="l00129"></a><a class="code" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">00129</a> <span class="keywordtype">char</span> dbuser[256];
<a name="l00130"></a>00130
<a name="l00132"></a><a class="code" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">00132</a> <span class="keywordtype">char</span> dbpass[256];
<a name="l00133"></a>00133
<a name="l00135"></a><a class="code" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">00135</a> <span class="keywordtype">char</span> dbhost[256];
<a name="l00136"></a>00136 } <a class="code" href="structAI__config.html">AI_config</a>;
<a name="l00137"></a>00137
<a name="l00138"></a>00138 <span class="comment">/* Data type for hierarchies used for clustering */</span>
<a name="l00139"></a><a class="code" href="struct__hierarchy__node.html">00139</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a>
<a name="l00140"></a>00140 {
<a name="l00141"></a><a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">00141</a> <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a>;
<a name="l00142"></a><a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">00142</a> <span class="keywordtype">char</span> <a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a>[256];
<a name="l00143"></a><a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">00143</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a>;
<a name="l00144"></a><a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">00144</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a>;
<a name="l00145"></a><a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">00145</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a>;
<a name="l00146"></a><a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">00146</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> *<a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a>;
<a name="l00147"></a><a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">00147</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> **<a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a>;
<a name="l00148"></a>00148 } <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>;
<a name="l00149"></a>00149
<a name="l00151"></a><a class="code" href="struct__AI__snort__alert.html">00151</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> {
<a name="l00152"></a>00152 <span class="comment">/* Identifiers of the alert */</span>
<a name="l00153"></a><a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">00153</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a>;
<a name="l00154"></a><a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">00154</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a>;
<a name="l00155"></a><a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">00155</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a>;
<a name="l00156"></a>00156
<a name="l00157"></a>00157 <span class="comment">/* Snort priority, description,</span>
<a name="l00158"></a>00158 <span class="comment"> * classification and timestamp</span>
<a name="l00159"></a>00159 <span class="comment"> * of the alert */</span>
<a name="l00160"></a><a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">00160</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> <a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a>;
<a name="l00161"></a><a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">00161</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a>;
<a name="l00162"></a><a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">00162</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a>;
<a name="l00163"></a><a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">00163</a> time_t <a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a>;
<a name="l00064"></a>00064 <span class="comment">/*****************************************************************/</span>
<a name="l00066"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">00066</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> {
<a name="l00067"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">00067</a> none, src_addr, dst_addr, src_port, dst_port, <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<a name="l00068"></a>00068 } cluster_type;
<a name="l00069"></a>00069 <span class="comment">/*****************************************************************/</span>
<a name="l00071"></a><a class="code" href="structpkt__key.html">00071</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a>
<a name="l00072"></a>00072 {
<a name="l00073"></a><a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">00073</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a>;
<a name="l00074"></a><a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">00074</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a>;
<a name="l00075"></a>00075 };
<a name="l00076"></a>00076 <span class="comment">/*****************************************************************/</span>
<a name="l00078"></a><a class="code" href="structpkt__info.html">00078</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>
<a name="l00079"></a>00079 {
<a name="l00081"></a><a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">00081</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a> <a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a>;
<a name="l00082"></a>00082
<a name="l00084"></a><a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">00084</a> time_t <a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a>;
<a name="l00085"></a>00085
<a name="l00087"></a><a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">00087</a> SFSnortPacket* <a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a>;
<a name="l00088"></a>00088
<a name="l00090"></a><a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">00090</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a>;
<a name="l00091"></a>00091
<a name="l00093"></a><a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">00093</a> <a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a>;
<a name="l00094"></a>00094
<a name="l00096"></a><a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">00096</a> UT_hash_handle <a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a>;
<a name="l00097"></a>00097 };
<a name="l00098"></a>00098 <span class="comment">/*****************************************************************/</span>
<a name="l00099"></a>00099 <span class="comment">/* Data type containing the configuration of the module */</span>
<a name="l00100"></a><a class="code" href="structAI__config.html">00100</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00101"></a>00101 {
<a name="l00103"></a><a class="code" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">00103</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> hashCleanupInterval;
<a name="l00104"></a>00104
<a name="l00106"></a><a class="code" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">00106</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> streamExpireInterval;
<a name="l00107"></a>00107
<a name="l00109"></a><a class="code" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">00109</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> alertClusteringInterval;
<a name="l00110"></a>00110
<a name="l00112"></a><a class="code" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">00112</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> databaseParsingInterval;
<a name="l00113"></a>00113
<a name="l00115"></a><a class="code" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">00115</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> correlationGraphInterval;
<a name="l00116"></a>00116
<a name="l00118"></a><a class="code" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">00118</a> <span class="keywordtype">char</span> alertfile[1024];
<a name="l00119"></a>00119
<a name="l00121"></a><a class="code" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">00121</a> <span class="keywordtype">char</span> clusterfile[1024];
<a name="l00122"></a>00122
<a name="l00124"></a><a class="code" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">00124</a> <span class="keywordtype">char</span> corr_rules_dir[1024];
<a name="l00125"></a>00125
<a name="l00127"></a><a class="code" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">00127</a> <span class="keywordtype">char</span> dbname[256];
<a name="l00128"></a>00128
<a name="l00130"></a><a class="code" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">00130</a> <span class="keywordtype">char</span> dbuser[256];
<a name="l00131"></a>00131
<a name="l00133"></a><a class="code" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">00133</a> <span class="keywordtype">char</span> dbpass[256];
<a name="l00134"></a>00134
<a name="l00136"></a><a class="code" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">00136</a> <span class="keywordtype">char</span> dbhost[256];
<a name="l00137"></a>00137 } <a class="code" href="structAI__config.html">AI_config</a>;
<a name="l00138"></a>00138 <span class="comment">/*****************************************************************/</span>
<a name="l00140"></a><a class="code" href="struct__hierarchy__node.html">00140</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a>
<a name="l00141"></a>00141 {
<a name="l00142"></a><a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">00142</a> <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a>;
<a name="l00143"></a><a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">00143</a> <span class="keywordtype">char</span> <a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a>[256];
<a name="l00144"></a><a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">00144</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a>;
<a name="l00145"></a><a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">00145</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a>;
<a name="l00146"></a><a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">00146</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a>;
<a name="l00147"></a><a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">00147</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> *<a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a>;
<a name="l00148"></a><a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">00148</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> **<a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a>;
<a name="l00149"></a>00149 } <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>;
<a name="l00150"></a>00150 <span class="comment">/*****************************************************************/</span>
<a name="l00152"></a><a class="code" href="structAI__hyperalert__key.html">00152</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00153"></a>00153 {
<a name="l00154"></a><a class="code" href="structAI__hyperalert__key.html#a711afeb45b534480e85bf9abe569a602">00154</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> gid;
<a name="l00155"></a><a class="code" href="structAI__hyperalert__key.html#a854676c9125ae0aeaeaef2b201ce542f">00155</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> sid;
<a name="l00156"></a><a class="code" href="structAI__hyperalert__key.html#a3aa6fed74469f1f2c08573c5d7298670">00156</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> rev;
<a name="l00157"></a>00157 } <a class="code" href="structAI__hyperalert__key.html">AI_hyperalert_key</a>;
<a name="l00158"></a>00158 <span class="comment">/*****************************************************************/</span>
<a name="l00160"></a><a class="code" href="structAI__hyperalert__info.html">00160</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00161"></a>00161 {
<a name="l00163"></a><a class="code" href="structAI__hyperalert__info.html#a9d461da8f00415ef03b24edb3bbd6cf8">00163</a> <a class="code" href="structAI__hyperalert__key.html">AI_hyperalert_key</a> key;
<a name="l00164"></a>00164
<a name="l00165"></a>00165 <span class="comment">/* IP header information */</span>
<a name="l00166"></a><a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">00166</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">ip_tos</a>;
<a name="l00167"></a><a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">00167</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">ip_len</a>;
<a name="l00168"></a><a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">00168</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">ip_id</a>;
<a name="l00169"></a><a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">00169</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">ip_ttl</a>;
<a name="l00170"></a><a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">00170</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">ip_proto</a>;
<a name="l00171"></a><a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">00171</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">ip_src_addr</a>;
<a name="l00172"></a><a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">00172</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">ip_dst_addr</a>;
<a name="l00166"></a><a class="code" href="structAI__hyperalert__info.html#a8ac4e028c47a98a8be5afd4363164031">00166</a> <span class="keywordtype">char</span> **preconds;
<a name="l00167"></a>00167
<a name="l00169"></a><a class="code" href="structAI__hyperalert__info.html#a616c16f364dbb2d726e88df6b364ea40">00169</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> n_preconds;
<a name="l00170"></a>00170
<a name="l00172"></a><a class="code" href="structAI__hyperalert__info.html#a6a63385397bf814153d7bb20b52840d9">00172</a> <span class="keywordtype">char</span> **postconds;
<a name="l00173"></a>00173
<a name="l00174"></a>00174 <span class="comment">/* TCP header information */</span>
<a name="l00175"></a><a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">00175</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">tcp_src_port</a>;
<a name="l00176"></a><a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">00176</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">tcp_dst_port</a>;
<a name="l00177"></a><a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">00177</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">tcp_seq</a>;
<a name="l00178"></a><a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">00178</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">tcp_ack</a>;
<a name="l00179"></a><a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">00179</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a>;
<a name="l00180"></a><a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">00180</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">tcp_window</a>;
<a name="l00181"></a><a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">00181</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">tcp_len</a>;
<a name="l00182"></a>00182
<a name="l00183"></a>00183 <span class="comment">/* Reference to the TCP stream</span>
<a name="l00184"></a>00184 <span class="comment"> * associated to the alert, if any */</span>
<a name="l00185"></a><a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">00185</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a> *<a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a>;
<a name="l00186"></a>00186
<a name="l00187"></a>00187 <span class="comment">/* Pointer to the next alert in</span>
<a name="l00188"></a>00188 <span class="comment"> * the log, if any*/</span>
<a name="l00189"></a><a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">00189</a> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *<a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a>;
<a name="l00190"></a>00190
<a name="l00191"></a>00191 <span class="comment">/* Hierarchies for addresses and ports,</span>
<a name="l00192"></a>00192 <span class="comment"> * if the clustering algorithm is used */</span>
<a name="l00193"></a><a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">00193</a> <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a> *<a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a>[CLUSTER_TYPES];
<a name="l00194"></a>00194
<a name="l00195"></a>00195 <span class="comment">/* If the clustering algorithm is used,</span>
<a name="l00196"></a>00196 <span class="comment"> * we also count how many alerts this</span>
<a name="l00197"></a>00197 <span class="comment"> * single alert groups */</span>
<a name="l00198"></a><a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">00198</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a>;
<a name="l00199"></a>00199 } <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>;
<a name="l00200"></a>00200
<a name="l00201"></a>00201 <span class="keywordtype">int</span> <a class="code" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" title="Check if a string matches a regular expression.">preg_match</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>***, <span class="keywordtype">int</span>* );
<a name="l00202"></a>00202
<a name="l00203"></a>00203 <span class="keywordtype">void</span>* <a class="code" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00204"></a>00204 <span class="keywordtype">void</span>* <a class="code" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" title="Thread for parsing Snort&amp;#39;s alert file.">AI_file_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00205"></a>00205 <span class="keywordtype">void</span>* <a class="code" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" title="Thread for correlating clustered alerts.">AI_alert_correlation_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00206"></a>00206
<a name="l00207"></a>00207 <span class="preprocessor">#ifdef ENABLE_DB</span>
<a name="l00208"></a>00208 <span class="preprocessor"></span><a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_db_get_alerts ( <span class="keywordtype">void</span> );
<a name="l00209"></a>00209 <span class="keywordtype">void</span> AI_db_free_alerts ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00210"></a>00210 <span class="keywordtype">void</span>* AI_db_alertparser_thread ( <span class="keywordtype">void</span>* );
<a name="l00211"></a>00211 <span class="preprocessor">#endif</span>
<a name="l00212"></a>00212 <span class="preprocessor"></span>
<a name="l00213"></a>00213 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00214"></a>00214 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02" title="Set the flag &amp;quot;observed&amp;quot; on a stream associated to a security alert, so that it won&amp;#39;t be...">AI_set_stream_observed</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> key );
<a name="l00215"></a>00215 <span class="keywordtype">void</span> <a class="code" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c" title="Build the clustering hierarchy trees.">AI_hierarchies_build</a> ( <a class="code" href="structAI__config.html">AI_config</a>*, <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>**, <span class="keywordtype">int</span> );
<a name="l00216"></a>00216 <span class="keywordtype">void</span> <a class="code" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" title="Deallocate the memory of a log alert linked list.">AI_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00175"></a><a class="code" href="structAI__hyperalert__info.html#a73322b6cad3e883abed03b62c6c21719">00175</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> n_postconds;
<a name="l00176"></a>00176
<a name="l00178"></a><a class="code" href="structAI__hyperalert__info.html#a6915bec67d383f374e758b44f50b48ff">00178</a> UT_hash_handle hh;
<a name="l00179"></a>00179 } <a class="code" href="structAI__hyperalert__info.html">AI_hyperalert_info</a>;
<a name="l00180"></a>00180 <span class="comment">/*****************************************************************/</span>
<a name="l00182"></a><a class="code" href="struct__AI__snort__alert.html">00182</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> {
<a name="l00183"></a>00183 <span class="comment">/* Identifiers of the alert */</span>
<a name="l00184"></a><a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">00184</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a>;
<a name="l00185"></a><a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">00185</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a>;
<a name="l00186"></a><a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">00186</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a>;
<a name="l00187"></a>00187
<a name="l00188"></a>00188 <span class="comment">/* Snort priority, description,</span>
<a name="l00189"></a>00189 <span class="comment"> * classification and timestamp</span>
<a name="l00190"></a>00190 <span class="comment"> * of the alert */</span>
<a name="l00191"></a><a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">00191</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> <a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a>;
<a name="l00192"></a><a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">00192</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a>;
<a name="l00193"></a><a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">00193</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a>;
<a name="l00194"></a><a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">00194</a> time_t <a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a>;
<a name="l00195"></a>00195
<a name="l00196"></a>00196 <span class="comment">/* IP header information */</span>
<a name="l00197"></a><a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">00197</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">ip_tos</a>;
<a name="l00198"></a><a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">00198</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">ip_len</a>;
<a name="l00199"></a><a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">00199</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">ip_id</a>;
<a name="l00200"></a><a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">00200</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">ip_ttl</a>;
<a name="l00201"></a><a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">00201</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">ip_proto</a>;
<a name="l00202"></a><a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">00202</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">ip_src_addr</a>;
<a name="l00203"></a><a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">00203</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">ip_dst_addr</a>;
<a name="l00204"></a>00204
<a name="l00205"></a>00205 <span class="comment">/* TCP header information */</span>
<a name="l00206"></a><a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">00206</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">tcp_src_port</a>;
<a name="l00207"></a><a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">00207</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">tcp_dst_port</a>;
<a name="l00208"></a><a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">00208</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">tcp_seq</a>;
<a name="l00209"></a><a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">00209</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">tcp_ack</a>;
<a name="l00210"></a><a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">00210</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a>;
<a name="l00211"></a><a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">00211</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">tcp_window</a>;
<a name="l00212"></a><a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">00212</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">tcp_len</a>;
<a name="l00213"></a>00213
<a name="l00216"></a><a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">00216</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a> *<a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a>;
<a name="l00217"></a>00217
<a name="l00218"></a>00218 <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" title="Get a TCP stream by key.">AI_get_stream_by_key</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> );
<a name="l00219"></a>00219 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" title="Return the alerts parsed so far as a linked list.">AI_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00220"></a>00220 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" title="Return the alerts parsed so far as a linked list.">AI_get_clustered_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00220"></a><a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">00220</a> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *<a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a>;
<a name="l00221"></a>00221
<a name="l00223"></a><a class="code" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">00223</a> <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* (*get_alerts)(void);
<a name="l00224"></a>00224
<a name="l00225"></a>00225 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00226"></a>00226
<a name="l00224"></a><a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">00224</a> <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a> *<a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a>[CLUSTER_TYPES];
<a name="l00225"></a>00225
<a name="l00229"></a><a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">00229</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a>;
<a name="l00230"></a>00230
<a name="l00233"></a><a class="code" href="struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a">00233</a> <a class="code" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *<a class="code" href="struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a">hyperalert</a>;
<a name="l00234"></a>00234 } <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>;
<a name="l00235"></a>00235 <span class="comment">/*****************************************************************/</span>
<a name="l00236"></a>00236
<a name="l00237"></a>00237 <span class="keywordtype">int</span> <a class="code" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" title="Check if a string matches a regular expression.">preg_match</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>***, <span class="keywordtype">int</span>* );
<a name="l00238"></a>00238 <span class="keywordtype">char</span>* <a class="code" href="group__regex.html#ga736ba1abdc4938cbb1bf5861e7dbfd50" title="Replace the content of &amp;#39;orig&amp;#39; in &amp;#39;str&amp;#39; with &amp;#39;rep&amp;#39;.">str_replace</a> ( <span class="keywordtype">char</span> *str, <span class="keywordtype">char</span> *orig, <span class="keywordtype">char</span> *rep );
<a name="l00239"></a>00239 <span class="keywordtype">char</span>* <a class="code" href="group__regex.html#gaff6c55cd04fc08dd582e244590dc25a4" title="Replace all of the occurrences of &amp;#39;orig&amp;#39; in &amp;#39;str&amp;#39; with &amp;#39;rep&amp;#39;.">str_replace_all</a> ( <span class="keywordtype">char</span> *str, <span class="keywordtype">char</span> *orig, <span class="keywordtype">char</span> *rep );
<a name="l00240"></a>00240
<a name="l00241"></a>00241 <span class="keywordtype">void</span>* <a class="code" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00242"></a>00242 <span class="keywordtype">void</span>* <a class="code" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" title="Thread for parsing Snort&amp;#39;s alert file.">AI_file_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00243"></a>00243 <span class="keywordtype">void</span>* <a class="code" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" title="Thread for correlating clustered alerts.">AI_alert_correlation_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00244"></a>00244
<a name="l00245"></a>00245 <span class="preprocessor">#ifdef ENABLE_DB</span>
<a name="l00246"></a>00246 <span class="preprocessor"></span><a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_db_get_alerts ( <span class="keywordtype">void</span> );
<a name="l00247"></a>00247 <span class="keywordtype">void</span> AI_db_free_alerts ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00248"></a>00248 <span class="keywordtype">void</span>* AI_db_alertparser_thread ( <span class="keywordtype">void</span>* );
<a name="l00249"></a>00249 <span class="preprocessor">#endif</span>
<a name="l00250"></a>00250 <span class="preprocessor"></span>
<a name="l00251"></a>00251 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00252"></a>00252 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02" title="Set the flag &amp;quot;observed&amp;quot; on a stream associated to a security alert, so that it won&amp;#39;t be...">AI_set_stream_observed</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> key );
<a name="l00253"></a>00253 <span class="keywordtype">void</span> <a class="code" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c" title="Build the clustering hierarchy trees.">AI_hierarchies_build</a> ( <a class="code" href="structAI__config.html">AI_config</a>*, <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>**, <span class="keywordtype">int</span> );
<a name="l00254"></a>00254 <span class="keywordtype">void</span> <a class="code" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" title="Deallocate the memory of a log alert linked list.">AI_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00255"></a>00255
<a name="l00256"></a>00256 <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" title="Get a TCP stream by key.">AI_get_stream_by_key</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> );
<a name="l00257"></a>00257 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" title="Return the alerts parsed so far as a linked list.">AI_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00258"></a>00258 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" title="Return the alerts parsed so far as a linked list.">AI_get_clustered_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00259"></a>00259
<a name="l00261"></a><a class="code" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">00261</a> <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* (*get_alerts)(void);
<a name="l00262"></a>00262
<a name="l00263"></a>00263 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00264"></a>00264
</pre></div></div>
</div>
<!--- window showing the filter options -->
@ -260,7 +278,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/stream_8c.html
View File

@ -134,7 +134,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

148
doc/html/structAI__alert__correlation.html Normal file
View File

@ -0,0 +1,148 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: AI_alert_correlation Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>AI_alert_correlation Struct Reference<br/>
<small>
[<a class="el" href="group__correlation.html">Module for the correlation of hyperalerts</a>]</small>
</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="AI_alert_correlation" --><table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation.html#a8737f171e1c1b2305c8fe77101d6aeb7">a</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation.html#a478f1a6f18f9c083b203efdf776379cd">b</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">double&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation.html#aad417b2126ae26d7576f006a3dbcdc81">correlation</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">UT_hash_handle&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__alert__correlation.html#ad3020a87936a2193a92f09331401ad42">hh</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Struct representing the correlation between all the couples of alerts </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a8737f171e1c1b2305c8fe77101d6aeb7"></a><!-- doxytag: member="AI_alert_correlation::a" ref="a8737f171e1c1b2305c8fe77101d6aeb7" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="structAI__alert__correlation.html#a8737f171e1c1b2305c8fe77101d6aeb7">AI_alert_correlation::a</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>First alert </p>
</div>
</div>
<a class="anchor" id="a478f1a6f18f9c083b203efdf776379cd"></a><!-- doxytag: member="AI_alert_correlation::b" ref="a478f1a6f18f9c083b203efdf776379cd" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="structAI__alert__correlation.html#a478f1a6f18f9c083b203efdf776379cd">AI_alert_correlation::b</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Second alert </p>
</div>
</div>
<a class="anchor" id="aad417b2126ae26d7576f006a3dbcdc81"></a><!-- doxytag: member="AI_alert_correlation::correlation" ref="aad417b2126ae26d7576f006a3dbcdc81" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">double <a class="el" href="structAI__alert__correlation.html#aad417b2126ae26d7576f006a3dbcdc81">AI_alert_correlation::correlation</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Correlation coefficient </p>
</div>
</div>
<a class="anchor" id="ad3020a87936a2193a92f09331401ad42"></a><!-- doxytag: member="AI_alert_correlation::hh" ref="ad3020a87936a2193a92f09331401ad42" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">UT_hash_handle <a class="el" href="structAI__alert__correlation.html#ad3020a87936a2193a92f09331401ad42">AI_alert_correlation::hh</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Make the struct 'hashable' </p>
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="correlation_8c.html">correlation.c</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

2
doc/html/structAI__config.html
View File

@ -258,7 +258,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

177
doc/html/structAI__hyperalert__info.html Normal file
View File

@ -0,0 +1,177 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: AI_hyperalert_info Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>AI_hyperalert_info Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="AI_hyperalert_info" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html#a9d461da8f00415ef03b24edb3bbd6cf8">key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char **&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html#a8ac4e028c47a98a8be5afd4363164031">preconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html#a616c16f364dbb2d726e88df6b364ea40">n_preconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char **&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html#a6a63385397bf814153d7bb20b52840d9">postconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html#a73322b6cad3e883abed03b62c6c21719">n_postconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">UT_hash_handle&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__info.html#a6915bec67d383f374e758b44f50b48ff">hh</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Hyperalert hash table </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a6915bec67d383f374e758b44f50b48ff"></a><!-- doxytag: member="AI_hyperalert_info::hh" ref="a6915bec67d383f374e758b44f50b48ff" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">UT_hash_handle <a class="el" href="structAI__hyperalert__info.html#a6915bec67d383f374e758b44f50b48ff">AI_hyperalert_info::hh</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Make the struct 'hashable' </p>
</div>
</div>
<a class="anchor" id="a9d461da8f00415ef03b24edb3bbd6cf8"></a><!-- doxytag: member="AI_hyperalert_info::key" ref="a9d461da8f00415ef03b24edb3bbd6cf8" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="structAI__hyperalert__key.html">AI_hyperalert_key</a> <a class="el" href="structAI__hyperalert__info.html#a9d461da8f00415ef03b24edb3bbd6cf8">AI_hyperalert_info::key</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Hyperalert key </p>
</div>
</div>
<a class="anchor" id="a73322b6cad3e883abed03b62c6c21719"></a><!-- doxytag: member="AI_hyperalert_info::n_postconds" ref="a73322b6cad3e883abed03b62c6c21719" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structAI__hyperalert__info.html#a73322b6cad3e883abed03b62c6c21719">AI_hyperalert_info::n_postconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Number of post-conditions </p>
</div>
</div>
<a class="anchor" id="a616c16f364dbb2d726e88df6b364ea40"></a><!-- doxytag: member="AI_hyperalert_info::n_preconds" ref="a616c16f364dbb2d726e88df6b364ea40" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structAI__hyperalert__info.html#a616c16f364dbb2d726e88df6b364ea40">AI_hyperalert_info::n_preconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Number of pre-conditions </p>
</div>
</div>
<a class="anchor" id="a6a63385397bf814153d7bb20b52840d9"></a><!-- doxytag: member="AI_hyperalert_info::postconds" ref="a6a63385397bf814153d7bb20b52840d9" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char** <a class="el" href="structAI__hyperalert__info.html#a6a63385397bf814153d7bb20b52840d9">AI_hyperalert_info::postconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Post-conditions, as array of strings </p>
</div>
</div>
<a class="anchor" id="a8ac4e028c47a98a8be5afd4363164031"></a><!-- doxytag: member="AI_hyperalert_info::preconds" ref="a8ac4e028c47a98a8be5afd4363164031" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char** <a class="el" href="structAI__hyperalert__info.html#a8ac4e028c47a98a8be5afd4363164031">AI_hyperalert_info::preconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Pre-conditions, as array of strings </p>
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

129
doc/html/structAI__hyperalert__key.html Normal file
View File

@ -0,0 +1,129 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: AI_hyperalert_key Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>AI_hyperalert_key Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="AI_hyperalert_key" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__key.html#a711afeb45b534480e85bf9abe569a602">gid</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__key.html#a854676c9125ae0aeaeaef2b201ce542f">sid</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__hyperalert__key.html#a3aa6fed74469f1f2c08573c5d7298670">rev</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Key for the hyperalert hash table </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a711afeb45b534480e85bf9abe569a602"></a><!-- doxytag: member="AI_hyperalert_key::gid" ref="a711afeb45b534480e85bf9abe569a602" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structAI__hyperalert__key.html#a711afeb45b534480e85bf9abe569a602">AI_hyperalert_key::gid</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3aa6fed74469f1f2c08573c5d7298670"></a><!-- doxytag: member="AI_hyperalert_key::rev" ref="a3aa6fed74469f1f2c08573c5d7298670" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structAI__hyperalert__key.html#a3aa6fed74469f1f2c08573c5d7298670">AI_hyperalert_key::rev</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a854676c9125ae0aeaeaef2b201ce542f"></a><!-- doxytag: member="AI_hyperalert_key::sid" ref="a854676c9125ae0aeaeaef2b201ce542f" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structAI__hyperalert__key.html#a854676c9125ae0aeaeaef2b201ce542f">AI_hyperalert_key::sid</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

21
doc/html/struct__AI__snort__alert.html
View File

@ -83,6 +83,7 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a> [CLUSTER_TYPES]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a">hyperalert</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Data type for Snort alerts </p>
@ -136,6 +137,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>If the clustering algorithm is used, we also count how many alerts this single alert groups </p>
</div>
</div>
@ -149,6 +151,21 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Hierarchies for addresses and ports, if the clustering algorithm is used </p>
</div>
</div>
<a class="anchor" id="ac101de15b4f9451f235b82122f77b62a"></a><!-- doxytag: member="_AI_snort_alert::hyperalert" ref="ac101de15b4f9451f235b82122f77b62a" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="structAI__hyperalert__info.html">AI_hyperalert_info</a>* <a class="el" href="struct__AI__snort__alert.html#ac101de15b4f9451f235b82122f77b62a">_AI_snort_alert::hyperalert</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Hyperalert information, pre-conditions and post-conditions </p>
</div>
</div>
@ -253,6 +270,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Pointer to the next alert in the log, if any </p>
</div>
</div>
@ -305,6 +323,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Reference to the TCP stream associated to the alert, if any </p>
</div>
</div>
@ -430,7 +449,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

4
doc/html/struct__hierarchy__node.html
View File

@ -66,6 +66,8 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a> **&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Data type for hierarchies used for clustering </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="afc23d4fe6426873164cdaab2f3d4f0cd"></a><!-- doxytag: member="_hierarchy_node::children" ref="afc23d4fe6426873164cdaab2f3d4f0cd" args="" -->
<div class="memitem">
@ -176,7 +178,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/structattribute__key.html
View File

@ -109,7 +109,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/structattribute__value.html
View File

@ -137,7 +137,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/structpkt__info.html
View File

@ -170,7 +170,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/structpkt__key.html
View File

@ -108,7 +108,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

7
doc/latex/alert__parser_8c.tex
View File

@ -26,6 +26,8 @@ void \hyperlink{group__alert__parser_ga270e86669a0aa64a8da37bc16cda645b}{AI\_\-f
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{alert__parser_8c_ae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL
\item
PRIVATE FILE $\ast$ \hyperlink{alert__parser_8c_abee2a33368912d9288c76b51160a9ed6}{alert\_\-fp} = NULL
\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{alert__parser_8c_afebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false
\end{DoxyCompactItemize}
@ -40,3 +42,8 @@ PRIVATE FILE $\ast$ \hyperlink{alert__parser_8c_abee2a33368912d9288c76b51160a9ed
\index{alerts@{alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ {\bf alerts} = NULL}}
\label{alert__parser_8c_ae837fc04e61c0eb052f997c54b4fd9fe}
\hypertarget{alert__parser_8c_afebc81c042a632dc987e113b7f390274}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!lock\_\-flag@{lock\_\-flag}}
\index{lock\_\-flag@{lock\_\-flag}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{lock\_\-flag}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} {\bf lock\_\-flag} = false}}
\label{alert__parser_8c_afebc81c042a632dc987e113b7f390274}

5
doc/latex/annotated.tex
View File

@ -2,11 +2,12 @@
Here are the data structures with brief descriptions:\begin{DoxyCompactList}
\item\contentsline{section}{\hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert} }{\pageref{struct__AI__snort__alert}}{}
\item\contentsline{section}{\hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node} }{\pageref{struct__hierarchy__node}}{}
\item\contentsline{section}{\hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation} }{\pageref{structAI__alert__correlation}}{}
\item\contentsline{section}{\hyperlink{structAI__config}{AI\_\-config} }{\pageref{structAI__config}}{}
\item\contentsline{section}{\hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} }{\pageref{structAI__hyperalert__info}}{}
\item\contentsline{section}{\hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key} }{\pageref{structAI__hyperalert__key}}{}
\item\contentsline{section}{\hyperlink{structattribute__key}{attribute\_\-key} }{\pageref{structattribute__key}}{}
\item\contentsline{section}{\hyperlink{structattribute__value}{attribute\_\-value} }{\pageref{structattribute__value}}{}
\item\contentsline{section}{\hyperlink{structhyperalert}{hyperalert} }{\pageref{structhyperalert}}{}
\item\contentsline{section}{\hyperlink{structhyperalert__key}{hyperalert\_\-key} }{\pageref{structhyperalert__key}}{}
\item\contentsline{section}{\hyperlink{structpkt__info}{pkt\_\-info} }{\pageref{structpkt__info}}{}
\item\contentsline{section}{\hyperlink{structpkt__key}{pkt\_\-key} }{\pageref{structpkt__key}}{}
\end{DoxyCompactList}

2
doc/latex/cluster_8c.tex
View File

@ -49,4 +49,6 @@ PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__cluster_ga91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL
\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false
\end{DoxyCompactItemize}

18
doc/latex/correlation_8c.tex
View File

@ -10,9 +10,7 @@
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item
struct \hyperlink{structhyperalert__key}{hyperalert\_\-key}
\item
struct \hyperlink{structhyperalert}{hyperalert}
struct \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation}
\end{DoxyCompactItemize}
\subsection*{Enumerations}
\begin{DoxyCompactItemize}
@ -29,14 +27,24 @@ enum \{ \par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structhyperalert}{hyperalert} $\ast$ \hyperlink{group__correlation_gacb46174cec5a2cce0a9bb1ca2b0f6850}{\_\-AI\_\-hyperalert\_\-from\_\-XML} (\hyperlink{structhyperalert__key}{hyperalert\_\-key} key)
double \hyperlink{group__correlation_ga130e82017fc0abcb76b1a7740ae2f4df}{\_\-AI\_\-correlation\_\-coefficient} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$b)
\begin{DoxyCompactList}\small\item\em Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). \item\end{DoxyCompactList}\item
void \hyperlink{group__correlation_ga0d094eae1d014d89a2de21263fa747da}{\_\-AI\_\-macro\_\-subst} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$alert)
\begin{DoxyCompactList}\small\item\em Substitute the macros in hyperalert pre-\/conditions and post-\/conditions with their associated values. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_ga929e5c17fdb247a998d83ed6a4ae5a65}{\_\-AI\_\-hyperalert\_\-from\_\-XML} (\hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key} key)
\begin{DoxyCompactList}\small\item\em Parse info about a hyperalert from a correlation XML file, if it exists. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{group__correlation_ga939353a4e15de7a8f4145ab986f584be}{AI\_\-alert\_\-correlation\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for correlating clustered alerts. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structhyperalert}{hyperalert} $\ast$ \hyperlink{group__correlation_ga343192ed5e938536f3dc150e51f8acf6}{hyperalerts} = NULL
PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_gae56c79aa018caaeebeeb709a9e51c9c2}{hyperalerts} = NULL
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf} = NULL
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__correlation_gae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL
\item
PRIVATE \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation} $\ast$ \hyperlink{group__correlation_ga701934a296c51f2397d24e8bf4a9f021}{correlation\_\-table} = NULL
\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__correlation_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false
\end{DoxyCompactItemize}

4
doc/latex/doxygen.sty
View File

@ -27,9 +27,9 @@
\fancyplain{}{\bfseries\thepage}%
}
\rfoot[\fancyplain{}{\bfseries\scriptsize%
Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by Doxygen }]{}
Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by Doxygen }]{}
\lfoot[]{\fancyplain{}{\bfseries\scriptsize%
Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by Doxygen }}
Generated on Sat Sep 11 2010 12:45:18 for Snort AI preprocessor module by Doxygen }}
\cfoot{}
%---------- Internal commands used in this style file ----------------

7
doc/latex/group__cluster.tex
View File

@ -44,6 +44,8 @@ PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__cluster_ga91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL
\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false
\end{DoxyCompactItemize}
@ -282,3 +284,8 @@ Build the clustering hierarchy trees.
\index{h\_\-root@{h\_\-root}!cluster@{cluster}}
\subsubsection[{h\_\-root}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ {\bf h\_\-root}\mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}}}
\label{group__cluster_ga97d35425cf5a0207fb50b64ee8cdda82}
\hypertarget{group__cluster_gafebc81c042a632dc987e113b7f390274}{
\index{cluster@{cluster}!lock\_\-flag@{lock\_\-flag}}
\index{lock\_\-flag@{lock\_\-flag}!cluster@{cluster}}
\subsubsection[{lock\_\-flag}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} {\bf lock\_\-flag} = false}}
\label{group__cluster_gafebc81c042a632dc987e113b7f390274}

89
doc/latex/group__correlation.tex
View File

@ -5,9 +5,7 @@
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item
struct \hyperlink{structhyperalert__key}{hyperalert\_\-key}
\item
struct \hyperlink{structhyperalert}{hyperalert}
struct \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation}
\end{DoxyCompactItemize}
\subsection*{Enumerations}
\begin{DoxyCompactItemize}
@ -24,16 +22,26 @@ enum \{ \par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structhyperalert}{hyperalert} $\ast$ \hyperlink{group__correlation_gacb46174cec5a2cce0a9bb1ca2b0f6850}{\_\-AI\_\-hyperalert\_\-from\_\-XML} (\hyperlink{structhyperalert__key}{hyperalert\_\-key} key)
double \hyperlink{group__correlation_ga130e82017fc0abcb76b1a7740ae2f4df}{\_\-AI\_\-correlation\_\-coefficient} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$b)
\begin{DoxyCompactList}\small\item\em Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)). \item\end{DoxyCompactList}\item
void \hyperlink{group__correlation_ga0d094eae1d014d89a2de21263fa747da}{\_\-AI\_\-macro\_\-subst} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$alert)
\begin{DoxyCompactList}\small\item\em Substitute the macros in hyperalert pre-\/conditions and post-\/conditions with their associated values. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_ga929e5c17fdb247a998d83ed6a4ae5a65}{\_\-AI\_\-hyperalert\_\-from\_\-XML} (\hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key} key)
\begin{DoxyCompactList}\small\item\em Parse info about a hyperalert from a correlation XML file, if it exists. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{group__correlation_ga939353a4e15de7a8f4145ab986f584be}{AI\_\-alert\_\-correlation\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for correlating clustered alerts. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structhyperalert}{hyperalert} $\ast$ \hyperlink{group__correlation_ga343192ed5e938536f3dc150e51f8acf6}{hyperalerts} = NULL
PRIVATE \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{group__correlation_gae56c79aa018caaeebeeb709a9e51c9c2}{hyperalerts} = NULL
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf} = NULL
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__correlation_gae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL
\item
PRIVATE \hyperlink{structAI__alert__correlation}{AI\_\-alert\_\-correlation} $\ast$ \hyperlink{group__correlation_ga701934a296c51f2397d24e8bf4a9f021}{correlation\_\-table} = NULL
\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__correlation_gafebc81c042a632dc987e113b7f390274}{lock\_\-flag} = false
\end{DoxyCompactItemize}
@ -70,25 +78,61 @@ TAG\_\-NUM}
\subsection{Function Documentation}
\hypertarget{group__correlation_gacb46174cec5a2cce0a9bb1ca2b0f6850}{
\index{correlation@{correlation}!\_\-AI\_\-hyperalert\_\-from\_\-XML@{\_\-AI\_\-hyperalert\_\-from\_\-XML}}
\index{\_\-AI\_\-hyperalert\_\-from\_\-XML@{\_\-AI\_\-hyperalert\_\-from\_\-XML}!correlation@{correlation}}
\subsubsection[{\_\-AI\_\-hyperalert\_\-from\_\-XML}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hyperalert}$\ast$ \_\-AI\_\-hyperalert\_\-from\_\-XML (
\hypertarget{group__correlation_ga130e82017fc0abcb76b1a7740ae2f4df}{
\index{correlation@{correlation}!\_\-AI\_\-correlation\_\-coefficient@{\_\-AI\_\-correlation\_\-coefficient}}
\index{\_\-AI\_\-correlation\_\-coefficient@{\_\-AI\_\-correlation\_\-coefficient}!correlation@{correlation}}
\subsubsection[{\_\-AI\_\-correlation\_\-coefficient}]{\setlength{\rightskip}{0pt plus 5cm}double \_\-AI\_\-correlation\_\-coefficient (
\begin{DoxyParamCaption}
\item[{{\bf hyperalert\_\-key}}]{ key}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ a, }
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ b}
\end{DoxyParamCaption}
)}}
\label{group__correlation_gacb46174cec5a2cce0a9bb1ca2b0f6850}
\label{group__correlation_ga130e82017fc0abcb76b1a7740ae2f4df}
Compute the correlation coefficient between two alerts, as INTERSECTION(pre(B), post(A) / UNION(pre(B), post(A)).
\begin{DoxyParams}{Parameters}
\item[{\em a}]Alert a \item[{\em b}]Alert b \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The correlation coefficient between A and B as coefficient in \mbox{[}0,1\mbox{]}
\end{DoxyReturn}
\hypertarget{group__correlation_ga929e5c17fdb247a998d83ed6a4ae5a65}{
\index{correlation@{correlation}!\_\-AI\_\-hyperalert\_\-from\_\-XML@{\_\-AI\_\-hyperalert\_\-from\_\-XML}}
\index{\_\-AI\_\-hyperalert\_\-from\_\-XML@{\_\-AI\_\-hyperalert\_\-from\_\-XML}!correlation@{correlation}}
\subsubsection[{\_\-AI\_\-hyperalert\_\-from\_\-XML}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-hyperalert\_\-info}$\ast$ \_\-AI\_\-hyperalert\_\-from\_\-XML (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-hyperalert\_\-key}}]{ key}
\end{DoxyParamCaption}
)}}
\label{group__correlation_ga929e5c17fdb247a998d83ed6a4ae5a65}
Parse info about a hyperalert from a correlation XML file, if it exists.
FUNCTION: \_\-AI\_\-hyperalert\_\-from\_\-XML
\begin{DoxyParams}{Parameters}
\item[{\em key}]Key (gid, sid, rev) identifying the alert \end{DoxyParams}
\begin{DoxyReturn}{Returns}
A hyperalert structure containing the info about the current alert, if the XML file was found
\end{DoxyReturn}
\hypertarget{group__correlation_ga0d094eae1d014d89a2de21263fa747da}{
\index{correlation@{correlation}!\_\-AI\_\-macro\_\-subst@{\_\-AI\_\-macro\_\-subst}}
\index{\_\-AI\_\-macro\_\-subst@{\_\-AI\_\-macro\_\-subst}!correlation@{correlation}}
\subsubsection[{\_\-AI\_\-macro\_\-subst}]{\setlength{\rightskip}{0pt plus 5cm}void \_\-AI\_\-macro\_\-subst (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$$\ast$}]{ alert}
\end{DoxyParamCaption}
)}}
\label{group__correlation_ga0d094eae1d014d89a2de21263fa747da}
Substitute the macros in hyperalert pre-\/conditions and post-\/conditions with their associated values.
\begin{DoxyParams}{Parameters}
\item[{\em alert}]Reference to the hyperalert to work on \end{DoxyParams}
\hypertarget{group__correlation_ga939353a4e15de7a8f4145ab986f584be}{
\index{correlation@{correlation}!AI\_\-alert\_\-correlation\_\-thread@{AI\_\-alert\_\-correlation\_\-thread}}
\index{AI\_\-alert\_\-correlation\_\-thread@{AI\_\-alert\_\-correlation\_\-thread}!correlation@{correlation}}
@ -108,13 +152,28 @@ Thread for correlating clustered alerts.
\subsection{Variable Documentation}
\hypertarget{group__correlation_gae837fc04e61c0eb052f997c54b4fd9fe}{
\index{correlation@{correlation}!alerts@{alerts}}
\index{alerts@{alerts}!correlation@{correlation}}
\subsubsection[{alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ {\bf alerts} = NULL}}
\label{group__correlation_gae837fc04e61c0eb052f997c54b4fd9fe}
\hypertarget{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{
\index{correlation@{correlation}!conf@{conf}}
\index{conf@{conf}!correlation@{correlation}}
\subsubsection[{conf}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-config}$\ast$ {\bf conf} = NULL}}
\label{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}
\hypertarget{group__correlation_ga343192ed5e938536f3dc150e51f8acf6}{
\hypertarget{group__correlation_ga701934a296c51f2397d24e8bf4a9f021}{
\index{correlation@{correlation}!correlation\_\-table@{correlation\_\-table}}
\index{correlation\_\-table@{correlation\_\-table}!correlation@{correlation}}
\subsubsection[{correlation\_\-table}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-alert\_\-correlation}$\ast$ {\bf correlation\_\-table} = NULL}}
\label{group__correlation_ga701934a296c51f2397d24e8bf4a9f021}
\hypertarget{group__correlation_gae56c79aa018caaeebeeb709a9e51c9c2}{
\index{correlation@{correlation}!hyperalerts@{hyperalerts}}
\index{hyperalerts@{hyperalerts}!correlation@{correlation}}
\subsubsection[{hyperalerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hyperalert}$\ast$ {\bf hyperalerts} = NULL}}
\label{group__correlation_ga343192ed5e938536f3dc150e51f8acf6}
\subsubsection[{hyperalerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-hyperalert\_\-info}$\ast$ {\bf hyperalerts} = NULL}}
\label{group__correlation_gae56c79aa018caaeebeeb709a9e51c9c2}
\hypertarget{group__correlation_gafebc81c042a632dc987e113b7f390274}{
\index{correlation@{correlation}!lock\_\-flag@{lock\_\-flag}}
\index{lock\_\-flag@{lock\_\-flag}!correlation@{correlation}}
\subsubsection[{lock\_\-flag}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} {\bf lock\_\-flag} = false}}
\label{group__correlation_gafebc81c042a632dc987e113b7f390274}

48
doc/latex/group__regex.tex
View File

@ -6,7 +6,11 @@
\begin{DoxyCompactItemize}
\item
int \hyperlink{group__regex_ga35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$expr, char $\ast$str, char $\ast$$\ast$$\ast$matches, int $\ast$nmatches)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\item
char $\ast$ \hyperlink{group__regex_ga736ba1abdc4938cbb1bf5861e7dbfd50}{str\_\-replace} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace the content of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\item
char $\ast$ \hyperlink{group__regex_gaff6c55cd04fc08dd582e244590dc25a4}{str\_\-replace\_\-all} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace all of the occurrences of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection{Function Documentation}
@ -32,3 +36,45 @@ Check if a string matches a regular expression.
\begin{DoxyReturn}{Returns}
-\/1 if the regex is wrong, 0 if no match was found, 1 otherwise
\end{DoxyReturn}
\hypertarget{group__regex_ga736ba1abdc4938cbb1bf5861e7dbfd50}{
\index{regex@{regex}!str\_\-replace@{str\_\-replace}}
\index{str\_\-replace@{str\_\-replace}!regex@{regex}}
\subsubsection[{str\_\-replace}]{\setlength{\rightskip}{0pt plus 5cm}char$\ast$ str\_\-replace (
\begin{DoxyParamCaption}
\item[{char $\ast$}]{ str, }
\item[{char $\ast$}]{ orig, }
\item[{char $\ast$}]{ rep}
\end{DoxyParamCaption}
)}}
\label{group__regex_ga736ba1abdc4938cbb1bf5861e7dbfd50}
Replace the content of 'orig' in 'str' with 'rep'.
\begin{DoxyParams}{Parameters}
\item[{\em str}]String to work on \item[{\em orig}]String to be replaced \item[{\em rep}]Replacement for 'orig' \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The string with the replacement
\end{DoxyReturn}
\hypertarget{group__regex_gaff6c55cd04fc08dd582e244590dc25a4}{
\index{regex@{regex}!str\_\-replace\_\-all@{str\_\-replace\_\-all}}
\index{str\_\-replace\_\-all@{str\_\-replace\_\-all}!regex@{regex}}
\subsubsection[{str\_\-replace\_\-all}]{\setlength{\rightskip}{0pt plus 5cm}char$\ast$ str\_\-replace\_\-all (
\begin{DoxyParamCaption}
\item[{char $\ast$}]{ str, }
\item[{char $\ast$}]{ orig, }
\item[{char $\ast$}]{ rep}
\end{DoxyParamCaption}
)}}
\label{group__regex_gaff6c55cd04fc08dd582e244590dc25a4}
Replace all of the occurrences of 'orig' in 'str' with 'rep'.
\begin{DoxyParams}{Parameters}
\item[{\em str}]String to work on \item[{\em orig}]String to be replaced \item[{\em rep}]Replacement for 'orig' \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The string with the replacement
\end{DoxyReturn}

7
doc/latex/refman.tex
View File

@ -41,7 +41,7 @@
\vspace*{1cm}
{\large Generated by Doxygen 1.7.1}\\
\vspace*{0.5cm}
{\small Fri Sep 10 2010 02:56:16}\\
{\small Sat Sep 11 2010 12:45:18}\\
\end{center}
\end{titlepage}
\clearemptydoublepage
@ -66,11 +66,12 @@
\chapter{Data Structure Documentation}
\input{struct__AI__snort__alert}
\input{struct__hierarchy__node}
\input{structAI__alert__correlation}
\input{structAI__config}
\input{structAI__hyperalert__info}
\input{structAI__hyperalert__key}
\input{structattribute__key}
\input{structattribute__value}
\input{structhyperalert}
\input{structhyperalert__key}
\input{structpkt__info}
\input{structpkt__key}
\chapter{File Documentation}

6
doc/latex/regex_8c.tex
View File

@ -11,4 +11,8 @@
\begin{DoxyCompactItemize}
\item
int \hyperlink{group__regex_ga35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$expr, char $\ast$str, char $\ast$$\ast$$\ast$matches, int $\ast$nmatches)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\item
char $\ast$ \hyperlink{group__regex_ga736ba1abdc4938cbb1bf5861e7dbfd50}{str\_\-replace} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace the content of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\item
char $\ast$ \hyperlink{group__regex_gaff6c55cd04fc08dd582e244590dc25a4}{str\_\-replace\_\-all} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace all of the occurrences of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\end{DoxyCompactItemize}

10
doc/latex/spp__ai_8h.tex
View File

@ -16,6 +16,10 @@ struct \hyperlink{structAI__config}{AI\_\-config}
\item
struct \hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node}
\item
struct \hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key}
\item
struct \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info}
\item
struct \hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert}
\end{DoxyCompactItemize}
\subsection*{Defines}
@ -74,6 +78,10 @@ enum \hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} \
\item
int \hyperlink{group__regex_ga35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$, char $\ast$, char $\ast$$\ast$$\ast$, int $\ast$)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\item
char $\ast$ \hyperlink{group__regex_ga736ba1abdc4938cbb1bf5861e7dbfd50}{str\_\-replace} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace the content of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\item
char $\ast$ \hyperlink{group__regex_gaff6c55cd04fc08dd582e244590dc25a4}{str\_\-replace\_\-all} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace all of the occurrences of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{group__stream_ga24b1131374e5059564b8a12380c4eb75}{AI\_\-hashcleanup\_\-thread} (void $\ast$)
\begin{DoxyCompactList}\small\item\em Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{group__alert__parser_ga5aab8d9bdf0e92a51731442fd787f61f}{AI\_\-file\_\-alertparser\_\-thread} (void $\ast$)
@ -162,7 +170,7 @@ Data type for Snort alerts \hypertarget{spp__ai_8h_a466391129919ef12366d311d5015
\index{hierarchy\_\-node@{hierarchy\_\-node}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{hierarchy\_\-node}]{\setlength{\rightskip}{0pt plus 5cm}typedef struct {\bf \_\-hierarchy\_\-node} {\bf hierarchy\_\-node}}}
\label{spp__ai_8h_a466391129919ef12366d311d501552fa}
\hypertarget{spp__ai_8h_a273cf69d639a59973b6019625df33e30}{
Data type for hierarchies used for clustering \hypertarget{spp__ai_8h_a273cf69d639a59973b6019625df33e30}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!uint16\_\-t@{uint16\_\-t}}
\index{uint16\_\-t@{uint16\_\-t}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{uint16\_\-t}]{\setlength{\rightskip}{0pt plus 5cm}typedef unsigned short {\bf uint16\_\-t}}}

46
doc/latex/structAI__alert__correlation.tex Normal file
View File

@ -0,0 +1,46 @@
\hypertarget{structAI__alert__correlation}{
\section{AI\_\-alert\_\-correlation Struct Reference}
\label{structAI__alert__correlation}\index{AI\_\-alert\_\-correlation@{AI\_\-alert\_\-correlation}}
}
\subsection*{Data Fields}
\begin{DoxyCompactItemize}
\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{structAI__alert__correlation_a8737f171e1c1b2305c8fe77101d6aeb7}{a}
\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{structAI__alert__correlation_a478f1a6f18f9c083b203efdf776379cd}{b}
\item
double \hyperlink{structAI__alert__correlation_aad417b2126ae26d7576f006a3dbcdc81}{correlation}
\item
UT\_\-hash\_\-handle \hyperlink{structAI__alert__correlation_ad3020a87936a2193a92f09331401ad42}{hh}
\end{DoxyCompactItemize}
\subsection{Detailed Description}
Struct representing the correlation between all the couples of alerts
\subsection{Field Documentation}
\hypertarget{structAI__alert__correlation_a8737f171e1c1b2305c8fe77101d6aeb7}{
\index{AI\_\-alert\_\-correlation@{AI\_\-alert\_\-correlation}!a@{a}}
\index{a@{a}!AI_alert_correlation@{AI\_\-alert\_\-correlation}}
\subsubsection[{a}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ {\bf AI\_\-alert\_\-correlation::a}}}
\label{structAI__alert__correlation_a8737f171e1c1b2305c8fe77101d6aeb7}
First alert \hypertarget{structAI__alert__correlation_a478f1a6f18f9c083b203efdf776379cd}{
\index{AI\_\-alert\_\-correlation@{AI\_\-alert\_\-correlation}!b@{b}}
\index{b@{b}!AI_alert_correlation@{AI\_\-alert\_\-correlation}}
\subsubsection[{b}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ {\bf AI\_\-alert\_\-correlation::b}}}
\label{structAI__alert__correlation_a478f1a6f18f9c083b203efdf776379cd}
Second alert \hypertarget{structAI__alert__correlation_aad417b2126ae26d7576f006a3dbcdc81}{
\index{AI\_\-alert\_\-correlation@{AI\_\-alert\_\-correlation}!correlation@{correlation}}
\index{correlation@{correlation}!AI_alert_correlation@{AI\_\-alert\_\-correlation}}
\subsubsection[{correlation}]{\setlength{\rightskip}{0pt plus 5cm}double {\bf AI\_\-alert\_\-correlation::correlation}}}
\label{structAI__alert__correlation_aad417b2126ae26d7576f006a3dbcdc81}
Correlation coefficient \hypertarget{structAI__alert__correlation_ad3020a87936a2193a92f09331401ad42}{
\index{AI\_\-alert\_\-correlation@{AI\_\-alert\_\-correlation}!hh@{hh}}
\index{hh@{hh}!AI_alert_correlation@{AI\_\-alert\_\-correlation}}
\subsubsection[{hh}]{\setlength{\rightskip}{0pt plus 5cm}UT\_\-hash\_\-handle {\bf AI\_\-alert\_\-correlation::hh}}}
\label{structAI__alert__correlation_ad3020a87936a2193a92f09331401ad42}
Make the struct 'hashable'
The documentation for this struct was generated from the following file:\begin{DoxyCompactItemize}
\item
\hyperlink{correlation_8c}{correlation.c}\end{DoxyCompactItemize}

64
doc/latex/structAI__hyperalert__info.tex Normal file
View File

@ -0,0 +1,64 @@
\hypertarget{structAI__hyperalert__info}{
\section{AI\_\-hyperalert\_\-info Struct Reference}
\label{structAI__hyperalert__info}\index{AI\_\-hyperalert\_\-info@{AI\_\-hyperalert\_\-info}}
}
{\ttfamily \#include $<$spp\_\-ai.h$>$}
\subsection*{Data Fields}
\begin{DoxyCompactItemize}
\item
\hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key} \hyperlink{structAI__hyperalert__info_a9d461da8f00415ef03b24edb3bbd6cf8}{key}
\item
char $\ast$$\ast$ \hyperlink{structAI__hyperalert__info_a8ac4e028c47a98a8be5afd4363164031}{preconds}
\item
unsigned int \hyperlink{structAI__hyperalert__info_a616c16f364dbb2d726e88df6b364ea40}{n\_\-preconds}
\item
char $\ast$$\ast$ \hyperlink{structAI__hyperalert__info_a6a63385397bf814153d7bb20b52840d9}{postconds}
\item
unsigned int \hyperlink{structAI__hyperalert__info_a73322b6cad3e883abed03b62c6c21719}{n\_\-postconds}
\item
UT\_\-hash\_\-handle \hyperlink{structAI__hyperalert__info_a6915bec67d383f374e758b44f50b48ff}{hh}
\end{DoxyCompactItemize}
\subsection{Detailed Description}
Hyperalert hash table
\subsection{Field Documentation}
\hypertarget{structAI__hyperalert__info_a6915bec67d383f374e758b44f50b48ff}{
\index{AI\_\-hyperalert\_\-info@{AI\_\-hyperalert\_\-info}!hh@{hh}}
\index{hh@{hh}!AI_hyperalert_info@{AI\_\-hyperalert\_\-info}}
\subsubsection[{hh}]{\setlength{\rightskip}{0pt plus 5cm}UT\_\-hash\_\-handle {\bf AI\_\-hyperalert\_\-info::hh}}}
\label{structAI__hyperalert__info_a6915bec67d383f374e758b44f50b48ff}
Make the struct 'hashable' \hypertarget{structAI__hyperalert__info_a9d461da8f00415ef03b24edb3bbd6cf8}{
\index{AI\_\-hyperalert\_\-info@{AI\_\-hyperalert\_\-info}!key@{key}}
\index{key@{key}!AI_hyperalert_info@{AI\_\-hyperalert\_\-info}}
\subsubsection[{key}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-hyperalert\_\-key} {\bf AI\_\-hyperalert\_\-info::key}}}
\label{structAI__hyperalert__info_a9d461da8f00415ef03b24edb3bbd6cf8}
Hyperalert key \hypertarget{structAI__hyperalert__info_a73322b6cad3e883abed03b62c6c21719}{
\index{AI\_\-hyperalert\_\-info@{AI\_\-hyperalert\_\-info}!n\_\-postconds@{n\_\-postconds}}
\index{n\_\-postconds@{n\_\-postconds}!AI_hyperalert_info@{AI\_\-hyperalert\_\-info}}
\subsubsection[{n\_\-postconds}]{\setlength{\rightskip}{0pt plus 5cm}unsigned int {\bf AI\_\-hyperalert\_\-info::n\_\-postconds}}}
\label{structAI__hyperalert__info_a73322b6cad3e883abed03b62c6c21719}
Number of post-\/conditions \hypertarget{structAI__hyperalert__info_a616c16f364dbb2d726e88df6b364ea40}{
\index{AI\_\-hyperalert\_\-info@{AI\_\-hyperalert\_\-info}!n\_\-preconds@{n\_\-preconds}}
\index{n\_\-preconds@{n\_\-preconds}!AI_hyperalert_info@{AI\_\-hyperalert\_\-info}}
\subsubsection[{n\_\-preconds}]{\setlength{\rightskip}{0pt plus 5cm}unsigned int {\bf AI\_\-hyperalert\_\-info::n\_\-preconds}}}
\label{structAI__hyperalert__info_a616c16f364dbb2d726e88df6b364ea40}
Number of pre-\/conditions \hypertarget{structAI__hyperalert__info_a6a63385397bf814153d7bb20b52840d9}{
\index{AI\_\-hyperalert\_\-info@{AI\_\-hyperalert\_\-info}!postconds@{postconds}}
\index{postconds@{postconds}!AI_hyperalert_info@{AI\_\-hyperalert\_\-info}}
\subsubsection[{postconds}]{\setlength{\rightskip}{0pt plus 5cm}char$\ast$$\ast$ {\bf AI\_\-hyperalert\_\-info::postconds}}}
\label{structAI__hyperalert__info_a6a63385397bf814153d7bb20b52840d9}
Post-\/conditions, as array of strings \hypertarget{structAI__hyperalert__info_a8ac4e028c47a98a8be5afd4363164031}{
\index{AI\_\-hyperalert\_\-info@{AI\_\-hyperalert\_\-info}!preconds@{preconds}}
\index{preconds@{preconds}!AI_hyperalert_info@{AI\_\-hyperalert\_\-info}}
\subsubsection[{preconds}]{\setlength{\rightskip}{0pt plus 5cm}char$\ast$$\ast$ {\bf AI\_\-hyperalert\_\-info::preconds}}}
\label{structAI__hyperalert__info_a8ac4e028c47a98a8be5afd4363164031}
Pre-\/conditions, as array of strings
The documentation for this struct was generated from the following file:\begin{DoxyCompactItemize}
\item
\hyperlink{spp__ai_8h}{spp\_\-ai.h}\end{DoxyCompactItemize}

43
doc/latex/structAI__hyperalert__key.tex Normal file
View File

@ -0,0 +1,43 @@
\hypertarget{structAI__hyperalert__key}{
\section{AI\_\-hyperalert\_\-key Struct Reference}
\label{structAI__hyperalert__key}\index{AI\_\-hyperalert\_\-key@{AI\_\-hyperalert\_\-key}}
}
{\ttfamily \#include $<$spp\_\-ai.h$>$}
\subsection*{Data Fields}
\begin{DoxyCompactItemize}
\item
unsigned int \hyperlink{structAI__hyperalert__key_a711afeb45b534480e85bf9abe569a602}{gid}
\item
unsigned int \hyperlink{structAI__hyperalert__key_a854676c9125ae0aeaeaef2b201ce542f}{sid}
\item
unsigned int \hyperlink{structAI__hyperalert__key_a3aa6fed74469f1f2c08573c5d7298670}{rev}
\end{DoxyCompactItemize}
\subsection{Detailed Description}
Key for the hyperalert hash table
\subsection{Field Documentation}
\hypertarget{structAI__hyperalert__key_a711afeb45b534480e85bf9abe569a602}{
\index{AI\_\-hyperalert\_\-key@{AI\_\-hyperalert\_\-key}!gid@{gid}}
\index{gid@{gid}!AI_hyperalert_key@{AI\_\-hyperalert\_\-key}}
\subsubsection[{gid}]{\setlength{\rightskip}{0pt plus 5cm}unsigned int {\bf AI\_\-hyperalert\_\-key::gid}}}
\label{structAI__hyperalert__key_a711afeb45b534480e85bf9abe569a602}
\hypertarget{structAI__hyperalert__key_a3aa6fed74469f1f2c08573c5d7298670}{
\index{AI\_\-hyperalert\_\-key@{AI\_\-hyperalert\_\-key}!rev@{rev}}
\index{rev@{rev}!AI_hyperalert_key@{AI\_\-hyperalert\_\-key}}
\subsubsection[{rev}]{\setlength{\rightskip}{0pt plus 5cm}unsigned int {\bf AI\_\-hyperalert\_\-key::rev}}}
\label{structAI__hyperalert__key_a3aa6fed74469f1f2c08573c5d7298670}
\hypertarget{structAI__hyperalert__key_a854676c9125ae0aeaeaef2b201ce542f}{
\index{AI\_\-hyperalert\_\-key@{AI\_\-hyperalert\_\-key}!sid@{sid}}
\index{sid@{sid}!AI_hyperalert_key@{AI\_\-hyperalert\_\-key}}
\subsubsection[{sid}]{\setlength{\rightskip}{0pt plus 5cm}unsigned int {\bf AI\_\-hyperalert\_\-key::sid}}}
\label{structAI__hyperalert__key_a854676c9125ae0aeaeaef2b201ce542f}
The documentation for this struct was generated from the following file:\begin{DoxyCompactItemize}
\item
\hyperlink{spp__ai_8h}{spp\_\-ai.h}\end{DoxyCompactItemize}

15
doc/latex/struct__AI__snort__alert.tex
View File

@ -58,6 +58,8 @@ struct \hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert} $\ast$ \hy
\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{struct__AI__snort__alert_ac53765584296ead1328eabfaba8a3aed}{h\_\-node} \mbox{[}CLUSTER\_\-TYPES\mbox{]}
\item
unsigned int \hyperlink{struct__AI__snort__alert_a285aff12d6bac03c316ccc5305d28e53}{grouped\_\-alarms\_\-count}
\item
\hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info} $\ast$ \hyperlink{struct__AI__snort__alert_ac101de15b4f9451f235b82122f77b62a}{hyperalert}
\end{DoxyCompactItemize}
@ -85,12 +87,17 @@ Data type for Snort alerts
\index{grouped\_\-alarms\_\-count@{grouped\_\-alarms\_\-count}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{grouped\_\-alarms\_\-count}]{\setlength{\rightskip}{0pt plus 5cm}unsigned int {\bf \_\-AI\_\-snort\_\-alert::grouped\_\-alarms\_\-count}}}
\label{struct__AI__snort__alert_a285aff12d6bac03c316ccc5305d28e53}
\hypertarget{struct__AI__snort__alert_ac53765584296ead1328eabfaba8a3aed}{
If the clustering algorithm is used, we also count how many alerts this single alert groups \hypertarget{struct__AI__snort__alert_ac53765584296ead1328eabfaba8a3aed}{
\index{\_\-AI\_\-snort\_\-alert@{\_\-AI\_\-snort\_\-alert}!h\_\-node@{h\_\-node}}
\index{h\_\-node@{h\_\-node}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{h\_\-node}]{\setlength{\rightskip}{0pt plus 5cm}{\bf hierarchy\_\-node}$\ast$ {\bf \_\-AI\_\-snort\_\-alert::h\_\-node}\mbox{[}CLUSTER\_\-TYPES\mbox{]}}}
\label{struct__AI__snort__alert_ac53765584296ead1328eabfaba8a3aed}
\hypertarget{struct__AI__snort__alert_a754ca683593c838e4032fa8c13b1512b}{
Hierarchies for addresses and ports, if the clustering algorithm is used \hypertarget{struct__AI__snort__alert_ac101de15b4f9451f235b82122f77b62a}{
\index{\_\-AI\_\-snort\_\-alert@{\_\-AI\_\-snort\_\-alert}!hyperalert@{hyperalert}}
\index{hyperalert@{hyperalert}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{hyperalert}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-hyperalert\_\-info}$\ast$ {\bf \_\-AI\_\-snort\_\-alert::hyperalert}}}
\label{struct__AI__snort__alert_ac101de15b4f9451f235b82122f77b62a}
Hyperalert information, pre-\/conditions and post-\/conditions \hypertarget{struct__AI__snort__alert_a754ca683593c838e4032fa8c13b1512b}{
\index{\_\-AI\_\-snort\_\-alert@{\_\-AI\_\-snort\_\-alert}!ip\_\-dst\_\-addr@{ip\_\-dst\_\-addr}}
\index{ip\_\-dst\_\-addr@{ip\_\-dst\_\-addr}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{ip\_\-dst\_\-addr}]{\setlength{\rightskip}{0pt plus 5cm}{\bf uint32\_\-t} {\bf \_\-AI\_\-snort\_\-alert::ip\_\-dst\_\-addr}}}
@ -130,7 +137,7 @@ Data type for Snort alerts
\index{next@{next}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{next}]{\setlength{\rightskip}{0pt plus 5cm}struct {\bf \_\-AI\_\-snort\_\-alert}$\ast$ {\bf \_\-AI\_\-snort\_\-alert::next}}}
\label{struct__AI__snort__alert_aa8336d4b3359015ed8ea312ca1fd1173}
\hypertarget{struct__AI__snort__alert_a25661fa4e212c5e30af5e6a892985ec9}{
Pointer to the next alert in the log, if any \hypertarget{struct__AI__snort__alert_a25661fa4e212c5e30af5e6a892985ec9}{
\index{\_\-AI\_\-snort\_\-alert@{\_\-AI\_\-snort\_\-alert}!priority@{priority}}
\index{priority@{priority}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{priority}]{\setlength{\rightskip}{0pt plus 5cm}unsigned short {\bf \_\-AI\_\-snort\_\-alert::priority}}}
@ -150,7 +157,7 @@ Data type for Snort alerts
\index{stream@{stream}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{stream}]{\setlength{\rightskip}{0pt plus 5cm}struct {\bf pkt\_\-info}$\ast$ {\bf \_\-AI\_\-snort\_\-alert::stream}}}
\label{struct__AI__snort__alert_a09dfe0a841fd3912ec78060d4547cb31}
\hypertarget{struct__AI__snort__alert_a8aac577224a4325ec50511c6d79b4b79}{
Reference to the TCP stream associated to the alert, if any \hypertarget{struct__AI__snort__alert_a8aac577224a4325ec50511c6d79b4b79}{
\index{\_\-AI\_\-snort\_\-alert@{\_\-AI\_\-snort\_\-alert}!tcp\_\-ack@{tcp\_\-ack}}
\index{tcp\_\-ack@{tcp\_\-ack}!_AI_snort_alert@{\_\-AI\_\-snort\_\-alert}}
\subsubsection[{tcp\_\-ack}]{\setlength{\rightskip}{0pt plus 5cm}{\bf uint32\_\-t} {\bf \_\-AI\_\-snort\_\-alert::tcp\_\-ack}}}

3
doc/latex/struct__hierarchy__node.tex
View File

@ -25,6 +25,9 @@ struct \hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node} $\ast$$\ast$ \
\end{DoxyCompactItemize}
\subsection{Detailed Description}
Data type for hierarchies used for clustering
\subsection{Field Documentation}
\hypertarget{struct__hierarchy__node_afc23d4fe6426873164cdaab2f3d4f0cd}{
\index{\_\-hierarchy\_\-node@{\_\-hierarchy\_\-node}!children@{children}}