engine/message.h File Reference

#include "../config.h"
#include "hlbr.h"

Go to the source code of this file.

Defines
#define	MESSAGE_ITEM_CHAR   1
#define	MESSAGE_ITEM_SIP   2
#define	MESSAGE_ITEM_DIP   3
#define	MESSAGE_ITEM_SPORT   4
#define	MESSAGE_ITEM_DPORT   5
#define	MESSAGE_ITEM_YEAR   6
#define	MESSAGE_ITEM_MONTH   7
#define	MESSAGE_ITEM_DAY   8
#define	MESSAGE_ITEM_MIN   9
#define	MESSAGE_ITEM_SEC   10
#define	MESSAGE_ITEM_USEC   11
#define	MESSAGE_ITEM_HOUR   12
#define	MESSAGE_ITEM_PACKET_NUM   13
#define	MESSAGE_ITEM_ALERT_COUNT   14
Functions
MessageItem *	ParseMessageString (char *MString)
void	FreeMessage (MessageItem *MItem)
int	ApplyMessage (MessageItem *MItem, int PacketSlot, char *Buff, int BuffLen)

---

Define Documentation

#define MESSAGE_ITEM_ALERT_COUNT   14

Definition at line 20 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_CHAR   1

Definition at line 7 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_DAY   8

Definition at line 14 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_DIP   3

Definition at line 9 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_DPORT   5

Definition at line 11 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_HOUR   12

Definition at line 18 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_MIN   9

Definition at line 15 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_MONTH   7

Definition at line 13 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_PACKET_NUM   13

Definition at line 19 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_SEC   10

Definition at line 16 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_SIP   2

Definition at line 8 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_SPORT   4

Definition at line 10 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_USEC   11

Definition at line 17 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

#define MESSAGE_ITEM_YEAR   6

Definition at line 12 of file message.h.

Referenced by ApplyMessage(), and ParseMessageString().

---

Function Documentation

int ApplyMessage	(	MessageItem *	MItem,
		int	PacketSlot,
		char *	Buff,
		int	BuffLen
	)

Fill in the message string from the packet (for use by the actions). This function searches for all the relevant fields (source and destiny IP, port, etc.) and formats the message.

Definition at line 165 of file message.c.

References global_vars::AlertCount, ip_header::daddr, DEBUGPATH, FALSE, GetDataByID(), GetDecoderByName(), Globals, ip_data::Header, IP_PROTO_TCP, IP_PROTO_UDP, MESSAGE_ITEM_ALERT_COUNT, MESSAGE_ITEM_CHAR, MESSAGE_ITEM_DAY, MESSAGE_ITEM_DIP, MESSAGE_ITEM_DPORT, MESSAGE_ITEM_HOUR, MESSAGE_ITEM_MIN, MESSAGE_ITEM_MONTH, MESSAGE_ITEM_PACKET_NUM, MESSAGE_ITEM_SEC, MESSAGE_ITEM_SIP, MESSAGE_ITEM_SPORT, MESSAGE_ITEM_USEC, MESSAGE_ITEM_YEAR, message_item::Next, NULL, packet_rec::PacketNum, global_vars::Packets, PRINTERROR1, ip_header::protocol, ip_header::saddr, TRUE, packet_rec::tv, message_item::Type, and message_item::Value.

Referenced by AlertConsoleAction(), AlertEMailAction(), AlertFileAction(), AlertListenSocketAction(), AlertSocketAction(), and AlertSyslogAction().

void FreeMessage

(

MessageItem *

MItem

)

Definition at line 144 of file message.c.

References message_item::Next, and NULL.

MessageItem* ParseMessageString

(

char *

MString

)

Definition at line 18 of file message.c.

References MESSAGE_ITEM_ALERT_COUNT, MESSAGE_ITEM_CHAR, MESSAGE_ITEM_DAY, MESSAGE_ITEM_DIP, MESSAGE_ITEM_DPORT, MESSAGE_ITEM_HOUR, MESSAGE_ITEM_MIN, MESSAGE_ITEM_MONTH, MESSAGE_ITEM_PACKET_NUM, MESSAGE_ITEM_SEC, MESSAGE_ITEM_SIP, MESSAGE_ITEM_SPORT, MESSAGE_ITEM_USEC, MESSAGE_ITEM_YEAR, message_item::Next, NULL, message_item::Type, and message_item::Value.

Referenced by ParseRule(), and ParseSystem().

---