-/* @(#) $Id$ */
+/* @(#) $Id: ./src/headers/rules_op.h, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
* License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
/* Common API for dealing with directory trees */
-
+
#ifndef _OS_RULESOP_H
#define _OS_RULESOP_H
#define FIREWALL 3 /* Firewall events */
#define WEBLOG 7 /* Apache logs */
#define SQUID 8 /* Squid logs */
-#define WINDOWS 9 /* Windows logs */
+#define DECODER_WINDOWS 9 /* Windows logs */
#define HOST_INFO 10 /* Host information logs (from nmap or similar) */
#define OSSEC_RL 11 /* Ossec rules */
int __frequency;
char **last_events;
-
+
/* Not an option in the rule */
u_int16_t alert_opts;
/* category */
u_int8_t category;
-
+
/* Decoded as */
u_int16_t decoded_as;
/* Function pointer to the event_search. */
void *(*event_search)(void *lf, void *rule);
-
+
char *group;
OSMatch *match;
OSMatch *program_name;
OSMatch *extra_data;
char *action;
-
+
char *comment; /* description in the xml */
char *info;
char *cve;
-
+
char *if_sid;
char *if_level;
char *if_group;
OSRegex *if_matched_regex;
OSMatch *if_matched_group;
int if_matched_sid;
-
+
void **ar;
}RuleInfo;
/** Prototypes **/
-int OS_ReadXMLRules(char *rulefile,
+int OS_ReadXMLRules(char *rulefile,
void *(*ruleact_function)(RuleInfo *rule, void *data),
void *data);