C++ (Cpp) GenerateSnortEvent示例

编程语言: C++ (Cpp)

方法/功能: GenerateSnortEvent

hotexamples.com的示例: 2

C++ (Cpp) GenerateSnortEvent - 已找到2个示例。这些是从开源项目中提取的最受好评的GenerateSnortEvent现实C++ (Cpp)示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： event_queue.c 项目： jameskellynet/snort-ids-multi-pattern-matching

static int LogSnortEvents(void *event, void *user)
{
    Packet    *p;
    EventNode *en;
    OTNX      *otnx;
    SNORT_EVENTQ_USER *snort_user;

    if(!event || !user)
        return 0;

    en         = (EventNode *)event;
    snort_user = (SNORT_EVENTQ_USER *)user;
    p  = (Packet *)snort_user->pkt;

    /*
    **  Log rule events differently because we have to.
    */
    if(en->rule_info)
    {
        otnx = (OTNX *)en->rule_info;
        if(!otnx->rtn || !otnx->otn)
            return 0;
#if 0
        LogMessage("LogSnortEvents: calling fpLogEvent( sid: %u,gid: %u, p ) \n",
           otnx->otn->sigInfo.id,
           otnx->otn->sigInfo.generator );
#endif
        snort_user->rule_alert = 1;

        fpLogEvent(otnx->rtn, otnx->otn, p);
    }
    else
    {
        GenerateSnortEvent(p, en->gid, en->sid, en->rev,
                           en->classification, en->priority, en->msg);
    }

    sfthreshold_reset();

    return 0;
}

示例#2

显示文件

文件： flowps_snort.c 项目： remfalc/vyt-vyatta-snort

static int flowps_generate_flow_event(SCORE_ENTRY *sep, FLOWPACKET *orig_packet,
                                      u_int32_t *address,
                                      FLOWPS_OUTPUT output_type,
                                      time_t cur)
{
    Packet *p = NULL;
    char buf[1024 + 1];    
    u_int32_t event_id; 
    u_int32_t event_type; /* the sid for the gid */
    /*  Assign an event type to the display
     */
    if(sep->flags & ALERT_FIXED_SCANNER)
    {
        event_type = FLOW_SCANNER_FIXED_ALERT;
    }
    else if(sep->flags & ALERT_SLIDING_SCANNER)
    {
        event_type = FLOW_SCANNER_SLIDING_ALERT;
    }
    else if(sep->flags & ALERT_SLIDING_TALKER)
    {
        event_type = FLOW_TALKER_SLIDING_ALERT;
    }
    else if(sep->flags & ALERT_FIXED_TALKER)
    {
        event_type = FLOW_TALKER_FIXED_ALERT;
    }
    else
    {
        return FLOW_EINVALID;
    }
    
    switch(output_type)
    {
    case PKTKLUDGE:
        /* log a packet to the output system */
        p = flowps_mkpacket(sep, orig_packet, address, cur);      
    case VARIABLEMSG:
        snprintf(buf, 1024,
                 "Portscan detected from %s Talker(fixed: %u sliding: %u) Scanner(fixed: %u sliding: %u)",
                 inet_ntoa(*(struct in_addr *) address),
                 sep->fixed_talker.score, sep->sliding_talker.score,
                 sep->fixed_scanner.score, sep->sliding_scanner.score);
        buf[1024] = '\0';
        
        /* p is NULL w/ the VARIABLEMSG fmt */
        event_id = GenerateSnortEvent(p,
                                      GENERATOR_FLOW_PORTSCAN,
                                      event_type,
                                      1, /* revision */
                                      1, /* classification */
                                      2, /* medium priority */
                                      buf);
        /*
         *  If this is the first time we have called an alert on this
         *  function, save it off so we have an event reference.
         *
         *  DEPRECATED:
         *    The event_id was to tag additional events to a previous
         *    one, but that logic was ifdef'ed out, so we'll keep it
         *    around anyway.
         */
        sep->event_id = event_id;

        /*
         * this is the last tv_sec from the packet
         */
        sep->event_sec = packet_timeofday(); 
    }
    
    return FLOW_SUCCESS;
}