projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.7
[ossec-hids.git]
/
src
/
analysisd
/
rules.h
diff --git
a/src/analysisd/rules.h
b/src/analysisd/rules.h
index
0f77df4
..
03204cf
100755
(executable)
--- a/
src/analysisd/rules.h
+++ b/
src/analysisd/rules.h
@@
-1,4
+1,5
@@
-/* @(#) $Id$ */
+/* @(#) $Id: ./src/analysisd/rules.h, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
@@
-94,7
+95,7
@@
typedef struct _RuleInfo
int __frequency;
char **last_events;
int __frequency;
char **last_events;
-
+
/* Not an option in the rule */
u_int16_t alert_opts;
/* Not an option in the rule */
u_int16_t alert_opts;
@@
-104,7
+105,7
@@
typedef struct _RuleInfo
/* category */
u_int8_t category;
/* category */
u_int8_t category;
-
+
/* Decoded as */
u_int16_t decoded_as;
/* Decoded as */
u_int16_t decoded_as;
@@
-126,7
+127,7
@@
typedef struct _RuleInfo
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
-
+
char *group;
OSMatch *match;
char *group;
OSMatch *match;
@@
-148,13
+149,13
@@
typedef struct _RuleInfo
OSMatch *program_name;
OSMatch *extra_data;
char *action;
OSMatch *program_name;
OSMatch *extra_data;
char *action;
-
+
char *comment; /* description in the xml */
char *info;
char *cve;
RuleInfoDetail *info_details;
ListRule *lists;
char *comment; /* description in the xml */
char *info;
char *cve;
RuleInfoDetail *info_details;
ListRule *lists;
-
+
char *if_sid;
char *if_level;
char *if_group;
char *if_sid;
char *if_level;
char *if_group;
@@
-162,7
+163,7
@@
typedef struct _RuleInfo
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
-
+
void *(*compiled_rule)(void *lf);
active_response **ar;
void *(*compiled_rule)(void *lf);
active_response **ar;
@@
-183,11
+184,11
@@
RuleInfoDetail *zeroinfodetails(int type, char *data);
int get_info_attributes(char **attributes, char **values);
/* RuleInfo functions */
int get_info_attributes(char **attributes, char **values);
/* RuleInfo functions */
-RuleInfo *zerorulemember(int id,
+RuleInfo *zerorulemember(int id,
int level,
int level,
- int maxsize,
+ int maxsize,
int frequency,
int frequency,
- int timeframe,
+ int timeframe,
int noalert,
int ignore_time,
int overwrite);
int noalert,
int ignore_time,
int overwrite);
@@
-221,10
+222,10
@@
RuleNode *OS_GetFirstRule();
/** Defition of the internal rule IDS **
** These SIGIDs cannot be used **
** **/
/** Defition of the internal rule IDS **
** These SIGIDs cannot be used **
** **/
-
+
#define STATS_MODULE 11
#define FTS_MODULE 12
#define STATS_MODULE 11
#define FTS_MODULE 12
-#define SYSCHECK_MODULE 13
+#define SYSCHECK_MODULE 13
#define HOSTINFO_MODULE 15
#define HOSTINFO_MODULE 15