mirror of
https://github.com/BlackLight/Snort_AIPreproc.git
synced 2024-11-27 22:25:12 +01:00
534 lines
29 KiB
HTML
534 lines
29 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
|
|
<title>Snort AI preprocessor module: Manage the clustering of alarms</title>
|
|
<link href="tabs.css" rel="stylesheet" type="text/css"/>
|
|
<link href="search/search.css" rel="stylesheet" type="text/css"/>
|
|
<script type="text/javaScript" src="search/search.js"></script>
|
|
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
|
|
</head>
|
|
<body onload='searchBox.OnSelectItem(0);'>
|
|
<!-- Generated by Doxygen 1.7.1 -->
|
|
<script type="text/javascript"><!--
|
|
var searchBox = new SearchBox("searchBox", "search",false,'Search');
|
|
--></script>
|
|
<div class="navigation" id="top">
|
|
<div class="tabs">
|
|
<ul class="tablist">
|
|
<li><a href="index.html"><span>Main Page</span></a></li>
|
|
<li><a href="modules.html"><span>Modules</span></a></li>
|
|
<li><a href="annotated.html"><span>Data Structures</span></a></li>
|
|
<li><a href="files.html"><span>Files</span></a></li>
|
|
<li id="searchli">
|
|
<div id="MSearchBox" class="MSearchBoxInactive">
|
|
<span class="left">
|
|
<img id="MSearchSelect" src="search/mag_sel.png"
|
|
onmouseover="return searchBox.OnSearchSelectShow()"
|
|
onmouseout="return searchBox.OnSearchSelectHide()"
|
|
alt=""/>
|
|
<input type="text" id="MSearchField" value="Search" accesskey="S"
|
|
onfocus="searchBox.OnSearchFieldFocus(true)"
|
|
onblur="searchBox.OnSearchFieldFocus(false)"
|
|
onkeyup="searchBox.OnSearchFieldChange(event)"/>
|
|
</span><span class="right">
|
|
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
|
|
</span>
|
|
</div>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div class="header">
|
|
<div class="summary">
|
|
<a href="#nested-classes">Data Structures</a> |
|
|
<a href="#func-members">Functions</a> |
|
|
<a href="#var-members">Variables</a> </div>
|
|
<div class="headertitle">
|
|
<h1>Manage the clustering of alarms</h1> </div>
|
|
</div>
|
|
<div class="contents">
|
|
<table class="memberdecls">
|
|
<tr><td colspan="2"><h2><a name="nested-classes"></a>
|
|
Data Structures</h2></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">struct </td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__key.html">attribute_key</a></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">struct </td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html">attribute_value</a></td></tr>
|
|
<tr><td colspan="2"><h2><a name="func-members"></a>
|
|
Functions</h2></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga81f5fa721719fdb281595a568eef2101">_heuristic_func</a> (<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> type)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). <a href="#ga81f5fa721719fdb281595a568eef2101"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3">_hierarchy_node_new</a> (char *label, int min_val, int max_val)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Create a new clustering hierarchy node. <a href="#ga2f1a22cfea64e4669da0467620c3e3b3"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30">_hierarchy_node_append</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *parent, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *child)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Append a node to a clustering hierarchy node. <a href="#ga5601a1f603d9c870ef6e2df192e30c30"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">_AI_get_min_hierarchy_node</a> (int val, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Get the minimum node in a hierarchy tree that matches a certain value. <a href="#ga6ddddcd505b1f763c339e81fc143e079"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">_AI_equal_alarms</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a1, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a2)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Check if two alerts are semantically equal. <a href="#ga0f91c8bfc37a3975f5c26b19fd6c5cba"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">_AI_merge_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **log)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Merge the alerts marked as equal in the log. <a href="#ga8ce8e5a5d8954672297fa2dedb380dcd"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga7d151880080470b542e99643dc0426a7">_AI_print_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *log, FILE *fp)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Print the clustered alerts to a log file. <a href="#ga7d151880080470b542e99643dc0426a7"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2">_AI_cluster_thread</a> (void *arg)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Thread for periodically clustering the log information. <a href="#ga8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a">_AI_check_duplicate</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *node, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. <a href="#ga29c35cd6c56f54e27b5b190c6d6c487a"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *<a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a>, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd">_AI_copy_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Return a copy of the clustered alerts. <a href="#gab4c8ab92691e85a6f0ac4abb122712fd"></a><br/></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">AI_get_clustered_alerts</a> ()</td></tr>
|
|
<tr><td class="mdescLeft"> </td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#ga2553c678eeb83282c230d649a0e8fcd4"></a><br/></td></tr>
|
|
<tr><td colspan="2"><h2><a name="var-members"></a>
|
|
Variables</h2></td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td></tr>
|
|
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td></tr>
|
|
</table>
|
|
<hr/><h2>Function Documentation</h2>
|
|
<a class="anchor" id="ga29c35cd6c56f54e27b5b190c6d6c487a"></a><!-- doxytag: member="cluster.c::_AI_check_duplicate" ref="ga29c35cd6c56f54e27b5b190c6d6c487a" args="(hierarchy_node *node, hierarchy_node *root)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_check_duplicate </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td>
|
|
<td class="paramname"> <em>node</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td>
|
|
<td class="paramname"> <em>root</em></td><td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td>)</td>
|
|
<td></td><td></td><td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>node</em> </td><td>Node to be checked </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>root</em> </td><td>Clustering hierarchy </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>True if 'node' is already in 'root', false otherwise </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><!-- doxytag: member="cluster.c::_AI_cluster_thread" ref="ga8a5eae61dc9fd0f13e0acdfa5f4478e2" args="(void *arg)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE void* _AI_cluster_thread </td>
|
|
<td>(</td>
|
|
<td class="paramtype">void * </td>
|
|
<td class="paramname"> <em>arg</em></td>
|
|
<td> ) </td>
|
|
<td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Thread for periodically clustering the log information. </p>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="gab4c8ab92691e85a6f0ac4abb122712fd"></a><!-- doxytag: member="cluster.c::_AI_copy_clustered_alerts" ref="gab4c8ab92691e85a6f0ac4abb122712fd" args="(AI_snort_alert *node)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* _AI_copy_clustered_alerts </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> * </td>
|
|
<td class="paramname"> <em>node</em></td>
|
|
<td> ) </td>
|
|
<td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Return a copy of the clustered alerts. </p>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of clustered alerts </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga0f91c8bfc37a3975f5c26b19fd6c5cba"></a><!-- doxytag: member="cluster.c::_AI_equal_alarms" ref="ga0f91c8bfc37a3975f5c26b19fd6c5cba" args="(AI_snort_alert *a1, AI_snort_alert *a2)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_equal_alarms </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> * </td>
|
|
<td class="paramname"> <em>a1</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> * </td>
|
|
<td class="paramname"> <em>a2</em></td><td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td>)</td>
|
|
<td></td><td></td><td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Check if two alerts are semantically equal. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>a1</em> </td><td>First alert </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>a2</em> </td><td>Second alert </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>True if they are equal, false otherwise </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga6ddddcd505b1f763c339e81fc143e079"></a><!-- doxytag: member="cluster.c::_AI_get_min_hierarchy_node" ref="ga6ddddcd505b1f763c339e81fc143e079" args="(int val, hierarchy_node *root)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _AI_get_min_hierarchy_node </td>
|
|
<td>(</td>
|
|
<td class="paramtype">int </td>
|
|
<td class="paramname"> <em>val</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td>
|
|
<td class="paramname"> <em>root</em></td><td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td>)</td>
|
|
<td></td><td></td><td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Get the minimum node in a hierarchy tree that matches a certain value. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>val</em> </td><td>Value to be matched in the range </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>root</em> </td><td>Root of the hierarchy </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>The minimum node that matches the value if any, NULL otherwise </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga8ce8e5a5d8954672297fa2dedb380dcd"></a><!-- doxytag: member="cluster.c::_AI_merge_alerts" ref="ga8ce8e5a5d8954672297fa2dedb380dcd" args="(AI_snort_alert **log)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE int _AI_merge_alerts </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> ** </td>
|
|
<td class="paramname"> <em>log</em></td>
|
|
<td> ) </td>
|
|
<td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Merge the alerts marked as equal in the log. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>log</em> </td><td>Alert log reference </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>The number of merged couples </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga7d151880080470b542e99643dc0426a7"></a><!-- doxytag: member="cluster.c::_AI_print_clustered_alerts" ref="ga7d151880080470b542e99643dc0426a7" args="(AI_snort_alert *log, FILE *fp)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE void _AI_print_clustered_alerts </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> * </td>
|
|
<td class="paramname"> <em>log</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype">FILE * </td>
|
|
<td class="paramname"> <em>fp</em></td><td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td>)</td>
|
|
<td></td><td></td><td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Print the clustered alerts to a log file. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>log</em> </td><td>Log containing the alerts </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>fp</em> </td><td>File pointer where the alerts will be printed </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga81f5fa721719fdb281595a568eef2101"></a><!-- doxytag: member="cluster.c::_heuristic_func" ref="ga81f5fa721719fdb281595a568eef2101" args="(cluster_type type)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE int _heuristic_func </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> </td>
|
|
<td class="paramname"> <em>type</em></td>
|
|
<td> ) </td>
|
|
<td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>type</em> </td><td>Attribute type </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga5601a1f603d9c870ef6e2df192e30c30"></a><!-- doxytag: member="cluster.c::_hierarchy_node_append" ref="ga5601a1f603d9c870ef6e2df192e30c30" args="(hierarchy_node *parent, hierarchy_node *child)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE void _hierarchy_node_append </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td>
|
|
<td class="paramname"> <em>parent</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> * </td>
|
|
<td class="paramname"> <em>child</em></td><td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td>)</td>
|
|
<td></td><td></td><td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Append a node to a clustering hierarchy node. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>parent</em> </td><td>Parent node </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>child</em> </td><td>Child node </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga2f1a22cfea64e4669da0467620c3e3b3"></a><!-- doxytag: member="cluster.c::_hierarchy_node_new" ref="ga2f1a22cfea64e4669da0467620c3e3b3" args="(char *label, int min_val, int max_val)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _hierarchy_node_new </td>
|
|
<td>(</td>
|
|
<td class="paramtype">char * </td>
|
|
<td class="paramname"> <em>label</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype">int </td>
|
|
<td class="paramname"> <em>min_val</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype">int </td>
|
|
<td class="paramname"> <em>max_val</em></td><td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td>)</td>
|
|
<td></td><td></td><td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Create a new clustering hierarchy node. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>label</em> </td><td>Label for the node </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>min_val</em> </td><td>Minimum value for the range represented by the node </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>max_val</em> </td><td>Maximum value for the range represented by the node </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>The brand new node if the allocation was ok, otherwise abort the application </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga2553c678eeb83282c230d649a0e8fcd4"></a><!-- doxytag: member="cluster.c::AI_get_clustered_alerts" ref="ga2553c678eeb83282c230d649a0e8fcd4" args="()" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_clustered_alerts </td>
|
|
<td>(</td>
|
|
<td class="paramtype">void </td>
|
|
<td class="paramname"></td>
|
|
<td> ) </td>
|
|
<td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Return the alerts parsed so far as a linked list. </p>
|
|
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of clustered alerts </dd></dl>
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga1445818b37483f78cc3fb2890155842c"></a><!-- doxytag: member="cluster.c::AI_hierarchies_build" ref="ga1445818b37483f78cc3fb2890155842c" args="(AI_config *conf, hierarchy_node **nodes, int n_nodes)" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">void AI_hierarchies_build </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> * </td>
|
|
<td class="paramname"> <em>conf</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> ** </td>
|
|
<td class="paramname"> <em>nodes</em>, </td>
|
|
</tr>
|
|
<tr>
|
|
<td class="paramkey"></td>
|
|
<td></td>
|
|
<td class="paramtype">int </td>
|
|
<td class="paramname"> <em>n_nodes</em></td><td> </td>
|
|
</tr>
|
|
<tr>
|
|
<td></td>
|
|
<td>)</td>
|
|
<td></td><td></td><td></td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
<p>Build the clustering hierarchy trees. </p>
|
|
<dl><dt><b>Parameters:</b></dt><dd>
|
|
<table border="0" cellspacing="2" cellpadding="0">
|
|
<tr><td valign="top"></td><td valign="top"><em>conf</em> </td><td>Reference to the configuration of the module </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>nodes</em> </td><td>Nodes containing the information about the clustering ranges </td></tr>
|
|
<tr><td valign="top"></td><td valign="top"><em>n_nodes</em> </td><td>Number of nodes </td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
|
|
</div>
|
|
</div>
|
|
<hr/><h2>Variable Documentation</h2>
|
|
<a class="anchor" id="ga91458e2d34595688e39fcb63ba418849"></a><!-- doxytag: member="cluster.c::_config" ref="ga91458e2d34595688e39fcb63ba418849" args="" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="structAI__config.html">AI_config</a>* <a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="gaaf4c19f60f48741b0890c6114dcff7d9"></a><!-- doxytag: member="cluster.c::alert_log" ref="gaaf4c19f60f48741b0890c6114dcff7d9" args="" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
</div>
|
|
</div>
|
|
<a class="anchor" id="ga97d35425cf5a0207fb50b64ee8cdda82"></a><!-- doxytag: member="cluster.c::h_root" ref="ga97d35425cf5a0207fb50b64ee8cdda82" args="[CLUSTER_TYPES]" -->
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* <a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a>[CLUSTER_TYPES] = { NULL }</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="memdoc">
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<!--- window showing the filter options -->
|
|
<div id="MSearchSelectWindow"
|
|
onmouseover="return searchBox.OnSearchSelectShow()"
|
|
onmouseout="return searchBox.OnSearchSelectHide()"
|
|
onkeydown="return searchBox.OnSearchSelectKey(event)">
|
|
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark"> </span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark"> </span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark"> </span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark"> </span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark"> </span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark"> </span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark"> </span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark"> </span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark"> </span>Defines</a></div>
|
|
|
|
<!-- iframe showing the search results (closed by default) -->
|
|
<div id="MSearchResultsWindow">
|
|
<iframe src="" frameborder="0"
|
|
name="MSearchResults" id="MSearchResults">
|
|
</iframe>
|
|
</div>
|
|
|
|
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by
|
|
<a href="http://www.doxygen.org/index.html">
|
|
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
|
|
</body>
|
|
</html>
|