'[Os-sim-commits] os-sim/src sim-container.c,1.96,1.97 sim-organizer.c,1.192,1.193 sim-policy.c,1.15,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       os-sim-commits
Subject:    [Os-sim-commits] os-sim/src sim-container.c,1.96,1.97 sim-organizer.c,1.192,1.193 sim-policy.c,1.15,
From:       Alberto Román Linacero <alberto_r () users ! sourceforge ! net>
Date:       2006-03-29 13:35:59
Message-ID: E1FOaqD-0002gN-0i () mail ! sourceforge ! net
[Download RAW message or body]

Update of /cvsroot/os-sim/os-sim/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5329

Modified Files:
	sim-container.c sim-organizer.c sim-policy.c sim-policy.h 
Log Message:
- Added the possibility of insert or not the event into DB, depending on
  policy.


Index: sim-organizer.c
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-organizer.c,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -d -r1.192 -r1.193
--- sim-organizer.c	24 Mar 2006 15:09:59 -0000	1.192
+++ sim-organizer.c	29 Mar 2006 13:35:57 -0000	1.193
@@ -205,7 +205,7 @@
       
     if (!gnet_inetaddr_noport_equal(event->dst_ia, ia_zero))
 			sim_organizer_correlation_plugin (organizer, event);  //Actualize priority and \
                reliability. Also, event -> alarm. 
-    sim_organizer_calificate (organizer, event);					//Actualice priority (if match \
with some policy) and C & A +    sim_organizer_calificate (organizer, \
                event);					//Actualice priority (if match with some policy) and C & \
                A.
     sim_organizer_snort (organizer, event); 							//Insert the snort OR other event \
into DB  sim_organizer_rrd (organizer, event);
     insert_event_alarm (event); 
@@ -430,6 +430,7 @@
  * 1.- Modifies the priority if the event belongs to a policy
  * 2.- Update everything's C and A
  * 3.- If Risk >= 2 then transform the event into an alarm
+ * 4.- Tells if the event must be stored in DB or not (thanks to its policy)
  *
  */
 void
@@ -504,7 +505,9 @@
   	  if (policy)
 	    {
         event->priority = sim_policy_get_priority (policy);
+        event->store_in_DB = sim_policy_get_store (policy);
 	      g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_organizer_calificate: Policy \
Match. new priority: %d", event->priority); +	      g_log (G_LOG_DOMAIN, \
G_LOG_LEVEL_DEBUG, "sim_organizer_calificate: Store. new stored: %d", \
event->store_in_DB);  }
 	    else
 	      g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_organizer_calificate: Policy \
Doesn't match"); @@ -1458,7 +1461,7 @@
   g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_organizer_snort event->sensor: %s ; \
event->interface: %s",event->sensor, event->interface);  // if there are snort_sid \
(wich snort is running) and snort_cid (number of  // event inside snort) inside the \
                event received, insert it directly in DB.
-  if (event->snort_sid && event->snort_cid) 
+  if (event->snort_sid && event->snort_cid && event->store_in_DB) 
   {
     sim_organizer_snort_ossim_event_insert (ossim.dbsnort,
 																			      event,
@@ -1490,6 +1493,7 @@
 						    event, sid, sig_id);
   }
   else /* Others Events */
+  if (event->store_in_DB)
     {
       plugin = sim_container_get_plugin_by_id (ossim.container, event->plugin_id);
 			

Index: sim-policy.c
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-policy.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- sim-policy.c	24 Mar 2006 15:09:59 -0000	1.15
+++ sim-policy.c	29 Mar 2006 13:35:57 -0000	1.16
@@ -66,6 +66,7 @@
   gint    end_hour;
   gint    begin_day;
   gint    end_day;
+  gboolean    store_in_DB; //will be stored in database the events in this policy?
 
   GList  *src;  				// SimInet objects
   GList  *dst;
@@ -414,6 +415,30 @@
 }
 
 /*
+ * This set, tells if the events that match in the policy must be stored in database
+ * or not.
+ */
+void
+sim_policy_set_store (SimPolicy *policy, gboolean store)
+{
+  g_return_if_fail (policy);
+  g_return_if_fail (SIM_IS_POLICY (policy));
+
+  policy->_priv->store_in_DB = store;  
+}
+
+/*
+ * Get if the events that match in the policy must be stored.
+ */
+gboolean
+sim_policy_get_store (SimPolicy *policy)
+{
+  g_return_if_fail (policy);
+  g_return_if_fail (SIM_IS_POLICY (policy));
+
+  return policy->_priv->store_in_DB;
+}
+/*
  *
  *
  *

Index: sim-policy.h
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-policy.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- sim-policy.h	24 Mar 2006 15:09:59 -0000	1.6
+++ sim-policy.h	29 Mar 2006 13:35:57 -0000	1.7
@@ -103,6 +103,9 @@
 void              sim_policy_set_end_hour                    (SimPolicy        \
*policy,  gint              end_hour);
 
+gboolean          sim_policy_get_store                       (SimPolicy        \
*policy); +void              sim_policy_set_store                       (SimPolicy    \
*policy, gboolean store); +
 /* Sources Inet Address */
 void              sim_policy_append_src                   (SimPolicy        *policy,
 																		 								       SimInet	        *src);
@@ -178,6 +181,7 @@
 void							sim_policy_debug_print_policy								(SimPolicy				*policy);
 
 
+
 G_END_DECLS
 
 #ifdef __cplusplus

Index: sim-container.c
===================================================================
RCS file: /cvsroot/os-sim/os-sim/src/sim-container.c,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -d -r1.96 -r1.97
--- sim-container.c	27 Mar 2006 12:45:58 -0000	1.96
+++ sim-container.c	29 Mar 2006 13:35:57 -0000	1.97
@@ -4334,7 +4334,33 @@
       g_message ("POLICY PLUGIN_ID REFERENCES DATA MODEL ERROR");
 
     g_free (query2);
-	
+
+    /* Store events in this policy in DB or not? */
+    query2 = g_strdup_printf ("SELECT store FROM policy WHERE id = %d", \
sim_policy_get_id (policy)); +    dm2 = sim_database_execute_single_command \
(database, query2); +    if (dm2)
+    {
+      if (gda_data_model_get_n_rows(dm) !=0) //to avoid (null)-Critical first time
+      {
+        gboolean store;
+        value = (GdaValue *) gda_data_model_get_value_at (dm2, 0, 0);
+        store = gda_value_get_tinyint (value);  //this should be boolean, but GDA \
is... is.... gggggg +        sim_policy_set_store (policy, store);              
+        g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "sim_container_db_load_policies_ul \
Store: %d", store); +
+      }
+      else
+        g_message("Error: May be that there are a problem in policy table; store \
column failed!"); +
+      g_object_unref(dm2);
+    }
+    else
+      g_message ("POLICY STORE DATA MODEL ERROR");
+
+    g_free (query2);
+
+
+    
     /* Plugin_sid */
 /*    query2 = g_strdup_printf ("SELECT plugin_sid FROM policy_plugin_sid_reference \
WHERE policy_id = %d", sim_policy_get_id (policy));  dm2 = \
sim_database_execute_single_command (database, query2);



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Os-sim-commits mailing list
Os-sim-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-commits


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic