-/* @(#) $Id$ */
+/* @(#) $Id: ./src/analysisd/rules.h, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
int __frequency;
char **last_events;
-
+
/* Not an option in the rule */
u_int16_t alert_opts;
/* category */
u_int8_t category;
-
+
/* Decoded as */
u_int16_t decoded_as;
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
-
+
char *group;
OSMatch *match;
OSMatch *program_name;
OSMatch *extra_data;
char *action;
-
+
char *comment; /* description in the xml */
char *info;
char *cve;
RuleInfoDetail *info_details;
ListRule *lists;
-
+
char *if_sid;
char *if_level;
char *if_group;
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
-
+
void *(*compiled_rule)(void *lf);
active_response **ar;
int get_info_attributes(char **attributes, char **values);
/* RuleInfo functions */
-RuleInfo *zerorulemember(int id,
+RuleInfo *zerorulemember(int id,
int level,
- int maxsize,
+ int maxsize,
int frequency,
- int timeframe,
+ int timeframe,
int noalert,
int ignore_time,
int overwrite);
/** Defition of the internal rule IDS **
** These SIGIDs cannot be used **
** **/
-
+
#define STATS_MODULE 11
#define FTS_MODULE 12
-#define SYSCHECK_MODULE 13
+#define SYSCHECK_MODULE 13
#define HOSTINFO_MODULE 15