Changeset 260 for trunk/include

Timestamp:

Dec 7, 2009, 10:00:29 PM (15 years ago)

Author:

katerina

Message:

Support event correlation (ticket #178).

Location:

trunk/include

Files:

• sh_cat.h (modified) (1 diff)
• sh_log_evalrule.h (modified) (1 diff)
• sh_string.h (modified) (1 diff)

trunk/include/sh_cat.h

@@ -167 +167 @@
  MSG_LOGMON_REP,
  MSG_LOGMON_SUM,
+ MSG_LOGMON_COR,
 #endif
 

trunk/include/sh_log_evalrule.h

@@ -35 +35 @@
 int sh_eval_gend (const char * str);
 
+/* Process a single log record
+ */
 int sh_eval_process_msg(struct sh_logrecord * record);
+
+/* Match correlated rules
+ */
+void sh_keep_match();
+
 #endif

trunk/include/sh_string.h

@@ -84 +84 @@
 char ** split_array_list(char *line, unsigned int * nfields, size_t * lengths);
 
+/* Return a split_array_list() of a list contained in 'PREFIX\s*( list ).*'
+ */
+char ** split_array_braced (char *line, const char * prefix,
+                            unsigned int * nfields, size_t * lengths);
+
 /* Replaces fields in s with 'replacement'. Fields are given
  * in the ordered array ovector, comprising ovecnum pairs