hi_eo.h File Reference

Contains the data structures, event types, specific events, and function prototypes for the Event Output Module. More...

#include "hi_include.h"
#include "hi_eo_events.h"

Go to the source code of this file.

Typedefs
typedef s_HI_EVENT_INFO	HI_EVENT_INFO
typedef s_HI_EVENT	HI_EVENT
typedef s_HI_GEN_EVENTS	HI_GEN_EVENTS
typedef s_HI_CLIENT_EVENTS	HI_CLIENT_EVENTS
typedef s_HI_ANOM_SERVER_EVENTS	HI_ANOM_SERVER_EVENTS

---

Detailed Description

Contains the data structures, event types, specific events, and function prototypes for the Event Output Module.

Author:

Daniel Roelker <droelker@sourcefire.com>

This file is key to alerting with HttpInspect. It contains the header file with all the individual alerts.

The Event Output Module provides a mechanism to queue HttpInspect events and prioritize them. The Event Output Module does not actually log the events, but tracks them per session/packet. The user program needs to do the actual logging of events.

Each event contains the type of event, the priority of the event, and any data that is associated with the event.

NOTES:

• 3.3.03: Initial development. DJR

Definition in file hi_eo.h.

---

Typedef Documentation

typedef struct s_HI_ANOM_SERVER_EVENTS HI_ANOM_SERVER_EVENTS

typedef struct s_HI_CLIENT_EVENTS HI_CLIENT_EVENTS

The idea behind this event storage structure is that we use a simple stack to tell us which events we have set, so we don't set an event twice and can access the events very easily.

typedef struct s_HI_EVENT HI_EVENT

typedef struct s_HI_EVENT_INFO HI_EVENT_INFO

We hold the type of alert, the priority of the alert and any data associated with this alert.

typedef struct s_HI_GEN_EVENTS HI_GEN_EVENTS

This is a generic structure to translate different event types to the same structure. This helps when logging the different types of events.

---