SimEvent *
sim_event_new (void)
{
SimEvent *event;
GString *st;
gint i;
event = g_slice_new0 (SimEvent);
sim_event_init (event);
st = g_string_new ("");
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_string_append_printf (st, "%s%s", sim_text_field_get_name (i), (i != (N_TEXT_FIELDS - 1)) ? "," : "");
}
event->sql_text_fields = g_string_free (st, FALSE);
ossim_debug ("sim_event_instance_init");
event->signature = 0xdeadbeef;
event->type = SIM_EVENT_TYPE_NONE;
event->log = NULL;
//The agent should always write a date/time field in the events, so it's not necesary to initialize time, time_str, diff_time and tzone
//
event->protocol = SIM_PROTOCOL_TYPE_NONE;
event->condition = SIM_CONDITION_TYPE_NONE;
event->asset_src = VOID_ASSET;
event->asset_dst = VOID_ASSET;
event->store_in_DB = TRUE; //we want to store everything by default
event->can_delete= FALSE; // It has to be processed by 2 threads before destruction
event->is_correlated = FALSE; //local mode
event->correlation = EVENT_MATCH_NOTHING;
event->belongs_to_alarm = FALSE; //this is send across network
event->policy= NULL; //DON'T release memory for this variable!!!! (the data inside belongs to Container)
event->context = NULL;
event->engine = NULL;
return event;
}
void
_priv_sim_event_initialize (void)
{
GString *st;
gint i;
_sim_event_type = sim_event_get_type ();
st = g_string_new ("");
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_string_append_printf (st, "%s%s", sim_text_field_get_name (i), (i != (N_TEXT_FIELDS - 1)) ? "," : "");
}
/* This is a leak, the string will never be freed */
sql_text_fields = g_string_free (st, FALSE);
}
static void
sim_event_class_init(SimEventClass * klass)
{
GString *st;
int i;
GObjectClass *object_class = G_OBJECT_CLASS(klass);
st = g_string_new("");
assert (st != NULL);
parent_class = g_type_class_ref(G_TYPE_OBJECT);
object_class->dispose = sim_event_impl_dispose;
object_class->finalize = sim_event_impl_finalize;
/* Create a string with the sql text fields, for insert sentences. Becasuse the fields are
defined at compile time, we create this string only one time, when the class is initialize */
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_string_append_printf(st, "%s%s", sim_text_field_get_name(i), (i
!= (N_TEXT_FIELDS - 1)) ? "," : "");
}
klass->sql_text_fields = g_string_free(st, FALSE); /* This string is never deleted, but is OK*/
}
gpointer
sim_connect_send_alarm(gpointer data)
{
int i;
if (!config)
{
if (data)
{
config = (SimConfig*) data;
}
}
SimEvent* event = NULL;
GTcpSocket* socket = NULL;
GIOChannel* iochannel = NULL;
GIOError error;
GIOCondition conds;
gchar *buffer = NULL;
gchar *aux = NULL;
gsize n;
GList *notifies = NULL;
gint risk;
gchar *ip_src = NULL;
gchar *ip_dst = NULL;
//gchar time[TIMEBUF_SIZE];
gchar *timestamp;
gchar * aux_time;
//timestamp = time;
gchar *hostname;
gint port;
GInetAddr* addr = NULL;
hostname = g_strdup(config->framework.host);
port = config->framework.port;
gint iter = 0;
void* old_action;
for (;;) //Pop events for ever
{
GString *st;
int inx = 0;
event = (SimEvent*) sim_container_pop_ar_event(ossim.container);
if (!event)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s: No event", __FUNCTION__);
continue;
}
base64_param base64_params[N_TEXT_FIELDS];
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if (event->textfields[i] != NULL)
{
base64_params[i].key = g_strdup(sim_text_field_get_name(i));
base64_params[i].base64data = g_strdup(event->textfields[i]);
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s:%d %s=\"%s\"",
__FILE__, __LINE__, sim_text_field_get_name(i),
event->textfields[i]);
}
else
{
base64_params[i].key = '\0';
base64_params[i].base64data = '\0';
}
}
// Send max risk
// i.e., to avoid risk=0 when destination is 0.0.0.0
if (event->risk_a > event->risk_c)
{
risk = event->risk_a;
}
else
{
risk = event->risk_c;
}
/* String to be sent */
if (event->time_str)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: event->time_str %s", event->time_str);
aux_time = g_strdup(event->time_str);
timestamp = aux_time;
}
if (event->time)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: event->time %d", event->time);
timestamp = g_new0(gchar, 26);
strftime (timestamp, TIMEBUF_SIZE, "%Y-%m-%d %H:%M:%S", gmtime ((time_t *) &event->time));
}
if (event->src_ia)
{
ip_src = gnet_inetaddr_get_canonical_name(event->src_ia);
}
else
{
ip_src = g_strdup_printf("0.0.0.0");
}
if (event->dst_ia)
{
ip_dst = gnet_inetaddr_get_canonical_name(event->dst_ia);
}
else
{
ip_dst = g_strdup_printf("0.0.0.0");
}
//FIXME? In a future, Policy will substitute this and this won't be neccesary. Also is needed to check
//if this funcionality is really interesting
//
if (event->policy)
{
aux
= g_strdup_printf(
"event date=\"%s\" plugin_id=\"%d\" plugin_sid=\"%d\" risk=\"%d\" priority=\"%d\" reliability=\"%d\" event_id=\"%d\" backlog_id=\"%d\" src_ip=\"%s\" src_port=\"%d\" dst_ip=\"%s\" dst_port=\"%d\" protocol=\"%d\" sensor=\"%s\" actions=\"%d\" policy_id=\"%d\"",
timestamp, event->plugin_id, event->plugin_sid, risk,
event->priority, event->reliability, event->id,
event->backlog_id, ip_src, event->src_port, ip_dst,
event->dst_port, event->protocol, event->sensor,
sim_policy_get_has_actions(event->policy), sim_policy_get_id(
event->policy));
}
else
{ //If there aren't any policy associated, the policy and the action number will be 0
aux
= g_strdup_printf(
"event date=\"%s\" plugin_id=\"%d\" plugin_sid=\"%d\" risk=\"%d\" priority=\"%d\" reliability=\"%d\" event_id=\"%d\" backlog_id=\"%d\" src_ip=\"%s\" src_port=\"%d\" dst_ip=\"%s\" dst_port=\"%d\" protocol=\"%d\" sensor=\"%s\" actions=\"%d\" policy_id=\"%d\"",
timestamp, event->plugin_id, event->plugin_sid, risk,
event->priority, event->reliability, event->id,
event->backlog_id, ip_src, event->src_port, ip_dst,
event->dst_port, event->protocol, event->sensor, 0, 0);
}
g_free(ip_src);
g_free(ip_dst);
g_free(timestamp);
st = g_string_new(aux);
for (inx = 0; inx < G_N_ELEMENTS(base64_params); inx++)
{
if (base64_params[inx].base64data)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s: %u:%s %p",
__FUNCTION__, inx, base64_params[inx].base64data,
base64_params[inx].base64data);
g_string_append_printf(
st,
" %s=\"%s\"",
base64_params[inx].key,
base64_params[inx].base64data != NULL ? base64_params[inx].base64data
: "");
g_free(base64_params[inx].base64data); /* we dont't need the data, anymore, so free it*/
}
}//end for nelements
g_string_append(st, "\n");
buffer = g_string_free(st, FALSE);
if (!buffer)
{
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: message error");
g_free(aux);
continue;
}
g_free(aux);
aux = NULL;
//old way was creating a new socket and giochannel for each alarm.
//now a persistent giochannel is used.
//iochannel = gnet_tcp_socket_get_io_channel (socket);
if (iochannel)
{
conds = g_io_channel_get_buffer_condition(iochannel);
}
if (!iochannel || sigpipe_received || (conds & G_IO_HUP) || (conds
& G_IO_ERR))
{ //Loop to get a connection
do
{
if (sigpipe_received)
{
if (socket)
{
gnet_tcp_socket_delete(socket);
}
sigpipe_received = FALSE;
iochannel = FALSE;
}
// if not, create socket and iochannel from config and store to get a persistent connection.
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: invalid iochannel.(%d)", iter);
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: trying to create a new iochannel.(%d)",
iter);
if (!hostname)
{
//FIXME: may be that this host hasn't got any frameworkd. If the event is forwarded to other server, it will be sended to the
//other server framework (supposed it has a defined one).
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Hostname error, reconnecting in 3secs (%d)",
iter);
hostname = g_strdup(config->framework.host);
sleep(3);
continue;
}
if (addr)
{
g_free(addr);
}
addr = gnet_inetaddr_new_nonblock(hostname, port);
if (!addr)
{
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Error creating the address, trying in 3secs(%d)",
iter);
sleep(3);
continue;
}
socket = gnet_tcp_socket_new(addr);
if (!socket)
{
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Error creating socket(1), reconnecting in 3 secs..(%d)",
iter);
iochannel = NULL;
socket = NULL;
sleep(3);
continue;
}
else
{
iochannel = gnet_tcp_socket_get_io_channel(socket);
if (!iochannel)
{
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Error creating iochannel, reconnecting in 3 secs..(%d)",
iter);
if (socket)
{
gnet_tcp_socket_delete(socket);
}
socket = NULL;
iochannel = NULL;
sleep(3);
continue;
}
else
{
sigpipe_received = FALSE;
g_log(
G_LOG_DOMAIN,
G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: new iochannel created. Returning %x (%d)",
iochannel, iter);
}
}
iter++;
}
while (!iochannel);
}
//g_assert (iochannel != NULL);
n = strlen(buffer);
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: Message to send: %s, (len=%d)", buffer, n);
//signals actually not used
// old_action=signal(SIGPIPE, pipe_handler);
sim_util_block_signal(SIGPIPE);
error = gnet_io_channel_writen(iochannel, buffer, n, &n);
sim_util_unblock_signal(SIGPIPE);
//error = gnet_io_channel_readn (iochannel, buffer, n, &n);
//fwrite(buffer, n, 1, stdout);
if (error != G_IO_ERROR_NONE)
{
//back to the queue so we dont loose the action/response
g_object_ref(event);
sim_container_push_ar_event(ossim.container, event);
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: message could not be sent.. reseting");
/*
if(buffer)
g_free (buffer);
g_free (aux);
*/
gnet_tcp_socket_delete(socket);
iochannel = NULL;
}
else
g_log(G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG,
"sim_connect_send_alarm: message sent succesfully: %s", buffer);
//Cose conn
if (buffer)
g_free(buffer);
if (aux)
g_free(aux);
buffer = NULL;
aux = NULL;
//gnet_tcp_socket_delete (socket);
//iochannel=NULL;
if (event)
g_object_unref(event);
}
}
gchar*
sim_event_to_string(SimEvent *event)
{
GString *str;
gchar *ip;
gchar * base64;
gint base64_len;
gchar uuidtext[37];
int i;
g_return_if_fail(event);
g_return_if_fail(SIM_IS_EVENT (event));
gchar *e_filename = NULL, *e_username = NULL, *e_password = NULL;
gchar *e_userdata1 = NULL, *e_userdata2 = NULL, *e_userdata3 = NULL, *e_userdata4 = NULL;
gchar *e_userdata5 = NULL, *e_userdata6 = NULL, *e_userdata7 = NULL, *e_userdata8 = NULL;
gchar *e_userdata9 = NULL, *e_data = NULL, *e_log = NULL;
str = g_string_new("event ");
g_string_append_printf(str, "id=\"%u\" ", event->id);
g_string_append_printf(str, "alarm=\"%d\" ", event->alarm);
gchar *aux = sim_event_get_str_from_type(event->type);
if (aux)
{
g_string_append_printf(str, "type=\"%s\" ", aux);
g_free(aux);
}
g_string_append_printf(str, "date=\"%u\" ", event->time);
g_string_append_printf(str, "tzone=\"%4.2f\" ", event->tzone);
if (event->time_str)
g_string_append_printf(str, "fdate=\"%s\" ", event->time_str);
if (event->plugin_id)
g_string_append_printf(str, "plugin_id=\"%d\" ", event->plugin_id);
if (event->plugin_sid)
g_string_append_printf(str, "plugin_sid=\"%d\" ", event->plugin_sid);
if (event->src_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->src_ia);
g_string_append_printf(str, "src_ip=\"%s\" ", ip);
g_free(ip);
}
if (event->src_port)
g_string_append_printf(str, "src_port=\"%d\" ", event->src_port);
if (event->dst_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->dst_ia);
g_string_append_printf(str, "dst_ip=\"%s\" ", ip);
g_free(ip);
}
if (event->dst_port)
g_string_append_printf(str, "dst_port=\"%d\" ", event->dst_port);
if (event->sensor)
g_string_append_printf(str, "sensor=\"%s\" ", event->sensor);
if (event->device)
g_string_append_printf(str, "device=\"%s\" ", event->device);
if (event->interface)
g_string_append_printf(str, "interface=\"%s\" ", event->interface);
if (event->protocol)
{
gchar *value = sim_protocol_get_str_from_type(event->protocol);
g_string_append_printf(str, "protocol=\"%s\" ", value);
g_free(value);
}
if (event->condition)
{
gchar *value = sim_condition_get_str_from_type(event->condition);
g_string_append_printf(str, "condition=\"%s\" ", value);
g_free(value);
}
if (event->value)
g_string_append_printf(str, "value=\"%s\" ", event->value);
if (event->interval)
g_string_append_printf(str, "interval=\"%d\" ", event->interval);
if (event->is_priority_set)
g_string_append_printf(str, "priority=\"%d\" ", event->priority);
if (event->is_reliability_set)
g_string_append_printf(str, "reliability=\"%d\" ", event->reliability);
if (event->asset_src)
g_string_append_printf(str, "asset_src=\"%d\" ", event->asset_src);
if (event->asset_dst)
g_string_append_printf(str, "asset_dst=\"%d\" ", event->asset_dst);
if (event->risk_c)
g_string_append_printf(str, "risk_a=\"%lf\" ", event->risk_a);
if (event->risk_a)
g_string_append_printf(str, "risk_c=\"%lf\" ", event->risk_c);
if (event->snort_sid)
g_string_append_printf(str, "snort_sid=\"%u\" ", event->snort_sid);
if (event->snort_cid)
g_string_append_printf(str, "snort_cid=\"%u\" ", event->snort_cid);
// if (event->data)
// g_string_append_printf(str, "data=\"%s\" ", event->data);
if (event->log && (base64_len = strlen(event->log)))
{
base64 = g_base64_encode(event->log, base64_len);
assert(base64!=NULL);
g_string_append_printf(str, "log=\"%s\" ", base64);
g_free(base64);
}
if (event->rep_prio_src)
g_string_append_printf(str, "rep_prio_src=\"%u\" ", event->rep_prio_src);
if (event->rep_prio_dst)
g_string_append_printf(str, "rep_prio_dst=\"%u\" ", event->rep_prio_dst);
if (event->rep_rel_src)
g_string_append_printf(str, "rep_rel_src=\"%u\" ", event->rep_rel_src);
if (event->rep_rel_dst)
g_string_append_printf(str, "rep_rel_dst=\"%u\" ", event->rep_rel_dst);
if (event->rep_act_src && (base64_len = strlen(event->rep_act_src)))
{
base64 = g_base64_encode( (guchar*)event->rep_act_src, base64_len);
assert (base64 != NULL);
g_string_append_printf(str, "rep_act_src=\"%s\" ", base64);
g_free(base64);
}
if (event->rep_act_dst && (base64_len = strlen(event->rep_act_dst)))
{
base64 = g_base64_encode( (guchar*)event->rep_act_dst, base64_len);
assert (base64 != NULL);
g_string_append_printf(str, "rep_act_dst=\"%s\" ", base64);
g_free(base64);
}
//g_string_append_printf(str, "log=\"%s\" ", event->log);
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if ((event->textfields[i] != NULL) && (base64_len = strlen(event->textfields[i])))
{
base64 = g_base64_encode(event->textfields[i], base64_len);
assert(base64!=NULL);
g_string_append_printf(str, "%s=\"%s\" ", sim_text_field_get_name(i), base64);
g_free(base64);
}
}
if (!uuid_is_null(event->uuid))
{
uuid_unparse_upper(event->uuid, uuidtext);
g_string_append_printf(str, "uuid=\"%s\" ", uuidtext);
}
if (event->packet)
if (event->packet->payloadlen > 0)
{
gchar *payload;
payload = sim_bin2hex(event->packet->payload, event->packet->payloadlen);
g_string_append_printf(str, "payload=\"%s\" ", payload);
g_free(payload);
}
g_string_append_printf(str, "\n");
return g_string_free(str, FALSE);
}
gchar*
sim_event_get_insert_clause(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp = time;
gchar *query;
gint c;
gint a;
gchar uuidtext[37];
GString *st;
int i;
gchar * e_rep_act_src = NULL, * e_rep_act_dst = NULL;
gchar *e_fields[N_TEXT_FIELDS];
g_return_val_if_fail(event, NULL);
g_return_val_if_fail(SIM_IS_EVENT (event), NULL);
c = rint(event->risk_c);
a = rint(event->risk_a);
if (c < 0)
c = 0;
else if (c > 10)
c = 10;
if (a < 0)
a = 0;
else if (a > 10)
a = 10;
if(event->time_str)
timestamp = event->time_str;
else
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
if (!uuid_is_null(event->uuid))
{
uuid_unparse_upper(event->uuid, uuidtext);
}
else
{
uuidtext[0] = '\0';
}
if (event->rep_act_src){
e_rep_act_src = g_new0 (gchar,strlen(event->rep_act_src)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_src,e_rep_act_src);
}
if (event->rep_act_dst){
e_rep_act_dst = g_new0 (gchar,strlen(event->rep_act_dst)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_dst,e_rep_act_dst);
}
/* Escape de character data*/
/* ossimdb */
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if (event->textfields[i] != NULL)
{
e_fields[i] = g_new0(gchar, strlen(event->textfields[i]) * 2 + 1);
gda_connection_escape_string(sim_database_get_conn(ossim.dbossim),
event->textfields[i], e_fields[i]);
}
else
{
e_fields[i] = NULL;
}
}
st = g_string_new("INSERT INTO event "
"(id, timestamp, tzone, sensor, interface, type, plugin_id, plugin_sid, "
"protocol, src_ip, dst_ip, src_port, dst_port, "
"event_condition, value, time_interval, "
"priority, reliability, asset_src, asset_dst, risk_c, risk_a, alarm, "
"snort_sid, snort_cid, rep_prio_src, rep_prio_dst, rep_rel_src, rep_rel_dst, rep_act_src, rep_act_dst, uuid ");
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_string_append_printf(st, ",%s", sim_text_field_get_name(i));
}
g_string_append_printf(st, ") VALUES (%d, '%s', %4.2f, '%s', '%s', %d, %d, %d,"
" %d, %u, %u, %d, %d, %d, '%s', %d, %d, %d, %d, %d, %d, %d, %d, %u, %u, "
" %u, %u, %u, %u , '%s' ,'%s','%s' ",
event->id,
timestamp,
event->tzone,
(event->sensor) ? event->sensor : "",
(event->interface) ? event->interface : "",
event->type,
event->plugin_id, event->plugin_sid, event->protocol,
(event->src_ia) ? sim_inetaddr_ntohl(event->src_ia) : -1,
(event->dst_ia) ? sim_inetaddr_ntohl(event->dst_ia) : -1,
event->src_port, event->dst_port, event->condition,
(event->value) ? event->value : "", event->interval, event->priority,
event->reliability, event->asset_src, event->asset_dst, c, a,
event->alarm, event->snort_sid, event->snort_cid,
event->rep_prio_src,
event->rep_prio_dst,
event->rep_rel_src,
event->rep_rel_dst,
(event->rep_act_src) ? e_rep_act_src : "",
(event->rep_act_dst) ? e_rep_act_dst : "",
(uuid_is_null(event->uuid) != 1) ? uuidtext : "");
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_string_append_printf(st, ",'%s'",
event->textfields[i] != NULL ? e_fields[i] : "");
}
g_string_append(st, ");\n");
g_free (e_rep_act_src);
g_free (e_rep_act_dst);
/* Free memory*/
for (i = 0; i < N_TEXT_FIELDS; i++)
{
g_free(e_fields[i]);
}
return g_string_free(st, FALSE);
}
void
sim_event_print(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp = time;
gchar *ip;
int i;
g_return_if_fail(event);
g_return_if_fail(SIM_IS_EVENT (event));
g_print("event");
switch (event->type)
{
case SIM_EVENT_TYPE_DETECTOR:
g_print(" type=\"D\"");
break;
case SIM_EVENT_TYPE_MONITOR:
g_print(" type=\"M\"");
break;
case SIM_EVENT_TYPE_NONE:
g_print(" type=\"N\"");
break;
}
g_print(" id=\"%d\"", event->id);
if (event->time_str)
timestamp = event->time_str;
else if (event->time)
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
g_print(" alarm=\"%d\"", event->alarm);
if (event->sensor)
g_print(" sensor=\"%s\"", event->sensor);
if (event->device)
g_print(" device=\"%s\"", event->device);
if (event->interface)
g_print(" interface=\"%s\"", event->interface);
if (event->plugin_id)
g_print(" plugin_id=\"%d\"", event->plugin_id);
if (event->plugin_sid)
g_print(" plugin_sid=\"%d\"", event->plugin_sid);
if (event->protocol)
g_print(" protocol=\"%d\"", event->protocol);
if (event->src_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->src_ia);
g_print(" src_ia=\"%s\"", ip);
g_free(ip);
}
if (event->src_port)
g_print(" src_port=\"%d\"", event->src_port);
if (event->dst_ia)
{
ip = gnet_inetaddr_get_canonical_name(event->dst_ia);
g_print(" dst_ia=\"%s\"", ip);
g_free(ip);
}
if (event->dst_port)
g_print(" dst_port=\"%d\"", event->dst_port);
if (event->condition)
g_print(" condition=\"%d\"", event->condition);
if (event->value)
g_print(" value=\"%s\"", event->value);
if (event->interval)
g_print(" ineterval=\"%d\"", event->interval);
if (event->priority)
g_print(" priority=\"%d\"", event->priority);
if (event->reliability)
g_print(" reliability=\"%d\"", event->reliability);
if (event->asset_src)
g_print(" asset_src=\"%d\"", event->asset_src);
if (event->asset_dst)
g_print(" asset_dst=\"%d\"", event->asset_dst);
if (event->risk_c)
g_print(" risk_c=\"%lf\"", event->risk_c);
if (event->risk_a)
g_print(" risk_a=\"%lf\"", event->risk_a);
if (event->snort_sid)
g_print(" sid =\"%d\"", event->snort_sid);
if (event->snort_cid)
g_print(" cid =\"%d\"", event->snort_cid);
if (event->data)
g_print(" data=\"%s\"", event->data);
if (event->rep_prio_src)
g_message (" rep_prio_src=\"%u\"", event->rep_prio_src);
if (event->rep_prio_dst)
g_message (" rep_prio_dst=\"%u\"", event->rep_prio_dst);
if (event->rep_rel_src)
g_message (" rep_rel_src=\"%u\"", event->rep_rel_src);
if (event->rep_rel_dst)
g_message (" rep_rel_dst=\"%u\"", event->rep_rel_dst);
if (event->rep_act_src)
g_message (" rep_act_src=\"%s\"", event->rep_act_src);
if (event->rep_act_dst)
g_message (" rep_act_dst=\"%s\"", event->rep_act_dst);
for (i = 0; i < N_TEXT_FIELDS; i++)
{
if (event->textfields[i] != NULL)
{
g_printf(" %s=\"%s\"", sim_text_field_get_name(i),
event->textfields[i]);
}
}
if (!uuid_is_null(event->uuid))
{
gchar uuidtext[37];
uuid_unparse_upper(event->uuid, uuidtext);
g_message(" uuid=\"%s\"", uuidtext);
}
g_print("\n");
}
