Changeset 265 for trunk/include

Timestamp:

Dec 21, 2009, 8:54:07 PM (15 years ago)

Author:

katerina

Message:

Enhance logfile monitoring (tickets #183, #184, #185).

Location:

trunk/include

Files:

• samhain.h (modified) (1 diff)
• sh_cat.h (modified) (1 diff)
• sh_error.h (modified) (1 diff)
• sh_error_min.h (modified) (1 diff)
• sh_log_correlate.h (added)
• sh_log_evalrule.h (modified) (1 diff)
• sh_log_mark.h (added)
• sh_log_repeat.h (added)
• sh_string.h (modified) (2 diffs)
• sh_unix.h (modified) (1 diff)

trunk/include/samhain.h

@@ -106 +106 @@
 #ifdef HAVE_STDINT_H
 #include <stdint.h>
+#endif
+
+#if !defined(HAVE_UINT16_T)
+#define UINT16 unsigned short
+#else
+#define UINT16 uint16_t
 #endif
 

trunk/include/sh_cat.h

@@ -168 +168 @@
  MSG_LOGMON_SUM,
  MSG_LOGMON_COR,
+ MSG_LOGMON_MARK,
+ MSG_LOGMON_BURST,
 #endif
 

trunk/include/sh_error.h

@@ -109 +109 @@
 void sh_error_fixup(void);
 
-/* convert a string to a numeric priority
- */ 
-int sh_error_convert_level (const char * str_s);
-
 /* only to stderr (GOOD/BAD)
  */

trunk/include/sh_error_min.h

@@ -25 +25 @@
                       long errnum, unsigned long  msg_index, ...);
 
+/* convert a string to a numeric priority
+ */ 
+int sh_error_convert_level (const char * str_s);
+
 #endif

trunk/include/sh_log_evalrule.h

@@ -39 +39 @@
 int sh_eval_process_msg(struct sh_logrecord * record);
 
-/* Match correlated rules
- */
-void sh_keep_match();
+enum policies {
+  EVAL_REPORT,
+  EVAL_SUM
+};
+
+struct sh_qeval  /* Queue with definitions */
+{
+  sh_string       * label;
+  enum policies     policy;
+  int               severity;
+  time_t            interval;        /* if EVAL_SUM, interval   */ 
+  struct sh_qeval * next;
+};
+
+struct sh_qeval * sh_log_find_queue(const char * str);
+
+int sh_log_lookup_severity(const char * str);
 
 #endif

trunk/include/sh_string.h

@@ -2 +2 @@
 #define SH_STRING_H
 
+#include <stdio.h>
 
 /* String definition and utility functions.
@@ -84 +85 @@
 char ** split_array_list(char *line, unsigned int * nfields, size_t * lengths);
 
+/* Same as above, but split on delimiter list (token)
+ */ 
+char ** split_array_token (char *line, 
+                           unsigned int * nfields, size_t * lengths,
+                           const char * token);
+
 /* Return a split_array_list() of a list contained in 'PREFIX\s*( list ).*'
  */

trunk/include/sh_unix.h

@@ -219 +219 @@
 void sh_unix_closeall (int fd, int except, int inchild);
 
+/* Check whether directory for pid file exists
+ */
+int sh_unix_check_piddir (char * pidpath);
 
 /* write lock for filename