X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fanalysisd%2Feventinfo.h;h=d01786cc387b086f32f52f8ba9d17e4a7056447c;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=3129630fc183b4b10e0f7271468192f03f15bacd;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git

diff --git a/src/analysisd/eventinfo.h b/src/analysisd/eventinfo.h
old mode 100755
new mode 100644
index 3129630..d01786c
--- a/src/analysisd/eventinfo.h
+++ b/src/analysisd/eventinfo.h
@@ -1,5 +1,3 @@
-/* @(#) $Id$ */
-
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
  *
@@ -9,19 +7,14 @@
  * Foundation
  */
 
-
-
 #ifndef _EVTINFO__H
-
 #define _EVTINFO__H
 
 #include "rules.h"
 #include "decoders/decoder.h"
 
-
 /* Event Information structure */
-typedef struct _Eventinfo
-{
+typedef struct _Eventinfo {
     /* Extracted from the event */
     char *log;
     char *full_log;
@@ -29,10 +22,11 @@ typedef struct _Eventinfo
     char *hostname;
     char *program_name;
 
-
     /* Extracted from the decoders */
     char *srcip;
+    char *srcgeoip;
     char *dstip;
+    char *dstgeoip;
     char *srcport;
     char *dstport;
     char *protocol;
@@ -45,6 +39,8 @@ typedef struct _Eventinfo
     char *url;
     char *data;
     char *systemname;
+    char **fields;
+
 
 
     /* Pointer to the rule that generated it */
@@ -57,21 +53,19 @@ typedef struct _Eventinfo
     OSListNode *sid_node_to_delete;
 
     /* Extract when the event fires a rule */
-    int size;
-    int p_name_size;
-
+    size_t size;
+    size_t p_name_size;
 
     /* Other internal variables */
-    short int matched;
-    
-    int time;
+    int matched;
+
+    time_t time;
     int day;
     int year;
     char hour[10];
     char mon[4];
 
-    /* SYSCHECK Results variables -- only used by prelude for now */
-    #ifdef PRELUDE
+    /* SYSCHECK Results variables */
     char *filename;
     int perm_before;
     int perm_after;
@@ -85,39 +79,31 @@ typedef struct _Eventinfo
     char *owner_after;
     char *gowner_before;
     char *gowner_after;
-    #endif
-}Eventinfo;
-
+} Eventinfo;
 
 /* Events List structure */
-typedef struct _EventNode
-{
+typedef struct _EventNode {
     Eventinfo *event;
     struct _EventNode *next;
     struct _EventNode *prev;
-}EventNode;
-
-
+} EventNode;
 
-/* For test rule only. */
 #ifdef TESTRULE
-int full_output;
-int alert_only;
+extern int full_output;
+extern int alert_only;
 #endif
 
-
-/** Types of events (from decoders) **/
-#define UNKNOWN		0   /* Unkown */
-#define SYSLOG		1   /* syslog messages */
-#define IDS 		2   /* IDS alerts */
-#define FIREWALL    3   /* Firewall events */
-#define WEBLOG      7   /* Apache logs */
-#define SQUID       8   /* Squid logs */
-#define WINDOWS     9   /* Windows logs */
-#define HOST_INFO   10  /* Host information logs (from nmap or similar) */
-#define OSSEC_RL    11  /* Ossec rules */
-#define OSSEC_ALERT 12  /* Ossec Alerts */
-
+/* Types of events (from decoders) */
+#define UNKNOWN         0   /* Unknown */
+#define SYSLOG          1   /* syslog messages */
+#define IDS             2   /* IDS alerts */
+#define FIREWALL        3   /* Firewall events */
+#define WEBLOG          7   /* Apache logs */
+#define SQUID           8   /* Squid logs */
+#define DECODER_WINDOWS 9   /* Windows logs */
+#define HOST_INFO       10  /* Host information logs (from nmap or similar) */
+#define OSSEC_RL        11  /* OSSEC rules */
+#define OSSEC_ALERT     12  /* OSSEC alerts */
 
 /* FTS allowed values */
 #define FTS_NAME        001000
@@ -131,7 +117,6 @@ int alert_only;
 #define FTS_SYSTEMNAME  000040
 #define FTS_DONE        010000
 
-
 /** Functions for events **/
 
 /* Search for matches in the last events */
@@ -149,28 +134,29 @@ void Free_Eventinfo(Eventinfo *lf);
 void OS_AddEvent(Eventinfo *lf);
 
 /* Return the last event from the Event list */
-EventNode *OS_GetLastEvent();
+EventNode *OS_GetLastEvent(void);
 
 /* Create the event list. Maxsize must be specified */
 void OS_CreateEventList(int maxsize);
 
-
 /* Pointers to the event decoders */
-void *SrcUser_FP(Eventinfo *lf, char *field);
-void *DstUser_FP(Eventinfo *lf, char *field);
-void *SrcIP_FP(Eventinfo *lf, char *field);
-void *DstIP_FP(Eventinfo *lf, char *field);
-void *SrcPort_FP(Eventinfo *lf, char *field);
-void *DstPort_FP(Eventinfo *lf, char *field);
-void *Protocol_FP(Eventinfo *lf, char *field);
-void *Action_FP(Eventinfo *lf, char *field);
-void *ID_FP(Eventinfo *lf, char *field);
-void *Url_FP(Eventinfo *lf, char *field);
-void *Data_FP(Eventinfo *lf, char *field);
-void *Status_FP(Eventinfo *lf, char *field);
-void *SystemName_FP(Eventinfo *lf, char *field);
-void *None_FP(Eventinfo *lf, char *field);
-
+void *SrcUser_FP(Eventinfo *lf, char *field, int order);
+void *DstUser_FP(Eventinfo *lf, char *field, int order);
+void *SrcIP_FP(Eventinfo *lf, char *field, int order);
+void *DstIP_FP(Eventinfo *lf, char *field, int order);
+void *SrcPort_FP(Eventinfo *lf, char *field, int order);
+void *DstPort_FP(Eventinfo *lf, char *field, int order);
+void *Protocol_FP(Eventinfo *lf, char *field, int order);
+void *Action_FP(Eventinfo *lf, char *field, int order);
+void *ID_FP(Eventinfo *lf, char *field, int order);
+void *Url_FP(Eventinfo *lf, char *field, int order);
+void *Data_FP(Eventinfo *lf, char *field, int order);
+void *Status_FP(Eventinfo *lf, char *field, int order);
+void *SystemName_FP(Eventinfo *lf, char *field, int order);
+void *FileName_FP(Eventinfo *lf, char *field, int order);
+void *DynamicField_FP(Eventinfo *lf, char *field, int order);
+void *None_FP(Eventinfo *lf, char *field, int order);
 
 
 #endif /* _EVTINFO__H */
+