source: branches/samhain_3_1/include/sh_log_correlate.h

Last change on this file was 358, checked in by katerina, 13 years ago

Patch for ticket #264 (Add a deadtime for correlate rules to avoid multiple reports).

File size: 559 bytes
Line 
1#ifndef SH_LOG_CORRELATE_H
2#define SH_LOG_CORRELATE_H
3
4/* Clean up everything.
5 */
6void sh_keep_destroy();
7
8/* Add an event
9 */
10int sh_keep_add(sh_string * label, unsigned long delay, time_t last);
11
12/* Add an event sequence matching rule
13 */
14int sh_keep_match_add(const char * str, const char * queue, const char * pattern);
15
16/* Delete the list of event sequence matching rules
17 */
18void sh_keep_match_del();
19
20/* Try to find correlated events
21 */
22void sh_keep_match();
23
24/* Deadtime for a correlation rule
25 */
26int sh_keep_deadtime (const char * str);
27
28#endif
Note: See TracBrowser for help on using the repository browser.