Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors / HttpInspect / include

hi_eo.h

Go to the documentation of this file.
00001 /**
00002 **  @file       hi_eo.h
00003 **
00004 **  @author     Daniel Roelker <droelker@sourcefire.com>
00005 **
00006 **  @brief      Contains the data structures, event types, specific events,
00007 **              and function prototypes for the Event Output Module.
00008 **
00009 **  This file is key to alerting with HttpInspect.  It contains the header
00010 **  file with all the individual alerts.
00011 **
00012 **  The Event Output Module provides a mechanism to queue HttpInspect events
00013 **  and prioritize them.  The Event Output Module does not actually log the
00014 **  events, but tracks them per session/packet.  The user program needs to 
00015 **  do the actual logging of events.
00016 **
00017 **  Each event contains the type of event, the priority of the event, and
00018 **  any data that is associated with the event.
00019 **
00020 **  NOTES:
00021 **    - 3.3.03:  Initial development.  DJR
00022 */
00023 #ifndef __HI_EO_H__
00024 #define __HI_EO_H__
00025 
00026 #include "hi_include.h"
00027 #include "hi_eo_events.h"
00028 
00029 /**
00030 **  We hold the type of alert, the priority of the alert
00031 **  and any data associated with this alert.
00032 */
00033 typedef struct s_HI_EVENT_INFO
00034 {
00035     int alert_id;               /** the alert id */
00036     int priority;               /** the alert priority, 0 = highest */
00037     char *alert_str;            /** the alert string */
00038 
00039 } HI_EVENT_INFO;
00040 
00041 typedef struct s_HI_EVENT
00042 {
00043     HI_EVENT_INFO *event_info;
00044     int  count;                 /** number of times event occurred in session */
00045     void *data;                 /** generic ptr to data */
00046     void (*free_data)(void *);  /** function to free data */
00047 
00048 } HI_EVENT;
00049 
00050 /**
00051 **  This is a generic structure to translate different event types to
00052 **  the same structure.  This helps when logging the different types
00053 **  of events.
00054 */
00055 typedef struct s_HI_GEN_EVENTS
00056 {
00057     int *stack;
00058     int *stack_count;
00059     HI_EVENT *events;
00060 
00061 } HI_GEN_EVENTS;
00062 
00063 /**
00064 **  The idea behind this event storage structure is that we use a
00065 **  simple stack to tell us which events we have set, so we don't
00066 **  set an event twice and can access the events very easily.
00067 */
00068 typedef struct s_HI_CLIENT_EVENTS
00069 {
00070     int stack[HI_EO_CLIENT_EVENT_NUM];
00071     int stack_count;
00072     HI_EVENT events[HI_EO_CLIENT_EVENT_NUM];
00073 
00074 } HI_CLIENT_EVENTS;
00075 
00076 typedef struct s_HI_ANOM_SERVER_EVENTS
00077 {
00078     int stack[HI_EO_ANOM_SERVER_EVENT_NUM];
00079     int stack_count;
00080     HI_EVENT events[HI_EO_ANOM_SERVER_EVENT_NUM];
00081 
00082 } HI_ANOM_SERVER_EVENTS;
00083 
00084 #endif
Generated on Sun May 14 14:51:15 2006 by  doxygen 1.4.2