[prev in list] [next in list] [prev in thread] [next in thread]
List: os-sim-commits
Subject: [Os-sim-commits] os-sim/src sim-container.c,1.96,1.97 sim-organizer.c,1.192,1.193 sim-policy.c,1.15,
From: Alberto Román Linacero <alberto_r () users ! sourceforge ! net>
Date: 2006-03-29 13:35:59
Message-ID: E1FOaqD-0002gN-0i () mail ! sourceforge ! net
[Download RAW message or body]
Update of /cvsroot/os-sim/os-sim/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5329
Modified Files:
sim-container.c sim-organizer.c sim-policy.c sim-policy.h
Log Message:
- Added the possibility of insert or not the event into DB, depending on
policy.
Index: sim-organizer.c
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-organizer.c,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -d -r1.192 -r1.193
--- sim-organizer.c 24 Mar 2006 15:09:59 -0000 1.192
+++ sim-organizer.c 29 Mar 2006 13:35:57 -0000 1.193
@@ -205,7 +205,7 @@
if (!gnet_inetaddr_noport_equal(event->dst_ia, ia_zero))
sim_organizer_correlation_plugin (organizer, event); //Actualize priority and \
reliability. Also, event -> alarm.
- sim_organizer_calificate (organizer, event); //Actualice priority (if match \
with some policy) and C & A + sim_organizer_calificate (organizer, \
event); //Actualice priority (if match with some policy) and C & \
A.
sim_organizer_snort (organizer, event); //Insert the snort OR other event \
into DB sim_organizer_rrd (organizer, event);
insert_event_alarm (event);
@@ -430,6 +430,7 @@
* 1.- Modifies the priority if the event belongs to a policy
* 2.- Update everything's C and A
* 3.- If Risk >= 2 then transform the event into an alarm
+ * 4.- Tells if the event must be stored in DB or not (thanks to its policy)
*
*/
void
@@ -504,7 +505,9 @@
if (policy)
{
event->priority = sim_policy_get_priority (policy);
+ event->store_in_DB = sim_policy_get_store (policy);
g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_organizer_calificate: Policy \
Match. new priority: %d", event->priority); + g_log (G_LOG_DOMAIN, \
G_LOG_LEVEL_DEBUG, "sim_organizer_calificate: Store. new stored: %d", \
event->store_in_DB); }
else
g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_organizer_calificate: Policy \
Doesn't match"); @@ -1458,7 +1461,7 @@
g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_organizer_snort event->sensor: %s ; \
event->interface: %s",event->sensor, event->interface); // if there are snort_sid \
(wich snort is running) and snort_cid (number of // event inside snort) inside the \
event received, insert it directly in DB.
- if (event->snort_sid && event->snort_cid)
+ if (event->snort_sid && event->snort_cid && event->store_in_DB)
{
sim_organizer_snort_ossim_event_insert (ossim.dbsnort,
event,
@@ -1490,6 +1493,7 @@
event, sid, sig_id);
}
else /* Others Events */
+ if (event->store_in_DB)
{
plugin = sim_container_get_plugin_by_id (ossim.container, event->plugin_id);
Index: sim-policy.c
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-policy.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- sim-policy.c 24 Mar 2006 15:09:59 -0000 1.15
+++ sim-policy.c 29 Mar 2006 13:35:57 -0000 1.16
@@ -66,6 +66,7 @@
gint end_hour;
gint begin_day;
gint end_day;
+ gboolean store_in_DB; //will be stored in database the events in this policy?
GList *src; // SimInet objects
GList *dst;
@@ -414,6 +415,30 @@
}
/*
+ * This set, tells if the events that match in the policy must be stored in database
+ * or not.
+ */
+void
+sim_policy_set_store (SimPolicy *policy, gboolean store)
+{
+ g_return_if_fail (policy);
+ g_return_if_fail (SIM_IS_POLICY (policy));
+
+ policy->_priv->store_in_DB = store;
+}
+
+/*
+ * Get if the events that match in the policy must be stored.
+ */
+gboolean
+sim_policy_get_store (SimPolicy *policy)
+{
+ g_return_if_fail (policy);
+ g_return_if_fail (SIM_IS_POLICY (policy));
+
+ return policy->_priv->store_in_DB;
+}
+/*
*
*
*
Index: sim-policy.h
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-policy.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- sim-policy.h 24 Mar 2006 15:09:59 -0000 1.6
+++ sim-policy.h 29 Mar 2006 13:35:57 -0000 1.7
@@ -103,6 +103,9 @@
void sim_policy_set_end_hour (SimPolicy \
*policy, gint end_hour);
+gboolean sim_policy_get_store (SimPolicy \
*policy); +void sim_policy_set_store (SimPolicy \
*policy, gboolean store); +
/* Sources Inet Address */
void sim_policy_append_src (SimPolicy *policy,
SimInet *src);
@@ -178,6 +181,7 @@
void sim_policy_debug_print_policy (SimPolicy *policy);
+
G_END_DECLS
#ifdef __cplusplus
Index: sim-container.c
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-container.c,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -d -r1.96 -r1.97
--- sim-container.c 27 Mar 2006 12:45:58 -0000 1.96
+++ sim-container.c 29 Mar 2006 13:35:57 -0000 1.97
@@ -4334,7 +4334,33 @@
g_message ("POLICY PLUGIN_ID REFERENCES DATA MODEL ERROR");
g_free (query2);
-
+
+ /* Store events in this policy in DB or not? */
+ query2 = g_strdup_printf ("SELECT store FROM policy WHERE id = %d", \
sim_policy_get_id (policy)); + dm2 = sim_database_execute_single_command \
(database, query2); + if (dm2)
+ {
+ if (gda_data_model_get_n_rows(dm) !=0) //to avoid (null)-Critical first time
+ {
+ gboolean store;
+ value = (GdaValue *) gda_data_model_get_value_at (dm2, 0, 0);
+ store = gda_value_get_tinyint (value); //this should be boolean, but GDA \
is... is.... gggggg + sim_policy_set_store (policy, store);
+ g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_container_db_load_policies_ul \
Store: %d", store); +
+ }
+ else
+ g_message("Error: May be that there are a problem in policy table; store \
column failed!"); +
+ g_object_unref(dm2);
+ }
+ else
+ g_message ("POLICY STORE DATA MODEL ERROR");
+
+ g_free (query2);
+
+
+
/* Plugin_sid */
/* query2 = g_strdup_printf ("SELECT plugin_sid FROM policy_plugin_sid_reference \
WHERE policy_id = %d", sim_policy_get_id (policy)); dm2 = \
sim_database_execute_single_command (database, query2);
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Os-sim-commits mailing list
Os-sim-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic