00001 /* $Id$ */ 00002 /* 00003 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com> 00004 ** 00005 ** This program is free software; you can redistribute it and/or modify 00006 ** it under the terms of the GNU General Public License as published by 00007 ** the Free Software Foundation; either version 2 of the License, or 00008 ** (at your option) any later version. 00009 ** 00010 ** This program is distributed in the hope that it will be useful, 00011 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00013 ** GNU General Public License for more details. 00014 ** 00015 ** You should have received a copy of the GNU General Public License 00016 ** along with this program; if not, write to the Free Software 00017 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 00018 */ 00019 00020 /* D E F I N E S ************************************************************/ 00021 #ifndef __EVENT_H__ 00022 #define __EVENT_H__ 00023 00024 #ifdef HAVE_CONFIG_H 00025 #include "config.h" 00026 #endif 00027 00028 #ifdef OSF1 00029 #include <sys/bitypes.h> 00030 #endif 00031 00032 #include <sys/types.h> 00033 #ifndef WIN32 00034 #include <sys/time.h> 00035 #endif 00036 00037 typedef struct _Event 00038 { 00039 u_int32_t sig_generator; /* which part of snort generated the alert? */ 00040 u_int32_t sig_id; /* sig id for this generator */ 00041 u_int32_t sig_rev; /* sig revision for this id */ 00042 u_int32_t classification; /* event classification */ 00043 u_int32_t priority; /* event priority */ 00044 u_int32_t event_id; /* event ID */ 00045 u_int32_t event_reference; /* reference to other events that have gone off, 00046 * such as in the case of tagged packets... 00047 */ 00048 struct timeval ref_time; /* reference time for the event reference */ 00049 00050 /* Don't add to this structure because this is the serialized data 00051 * struct for unified logging. 00052 */ 00053 } Event; 00054 00055 #if 0 00056 typedef struct _EventID 00057 { 00058 u_int32_t sequence; 00059 u_int32_t seconds; 00060 } EventID; 00061 00062 typedef struct _Event 00063 { 00064 EventID id; 00065 u_int32_t uSeconds; 00066 SigInfo sigInfo; 00067 } Event; 00068 00069 #endif 00070 00071 00072 #endif /* __EVENT_H__ */