示例#1
0
文件: EventLog.cpp 项目: tjyang/bbwin
Rule::Rule(const Rule & rule) {
	m_useId = false;
	m_id = rule.GetEventId();
	if (m_id > 0)
		m_useId = true;
	m_source = rule.GetSource();
	m_alarmColor = rule.GetAlarmColor();
	m_ignore = rule.GetIgnore();
	m_type = rule.GetType();
	m_user = rule.GetUser();
	m_value = rule.GetValue();
	m_delay = rule.GetDelay();
	m_count = rule.GetCount();
	m_countTmp = 0;
	m_priority = rule.GetPriority();
}
示例#2
0
文件: EventLog.cpp 项目: tjyang/bbwin
//
// return true if the event matched the rule
//
bool			Session::ApplyRule(const Rule & rule, const EVENTLOGRECORD * ev) {
	string test;

	GetEventUser(ev, test);
	if (rule.GetEventId() != 0 && rule.GetEventId() != (ev->EventID & MSG_ID_MASK))
		return false;
	if (ev->TimeGenerated < (m_now - rule.GetDelay()) 
		&& rule.GetIgnore() == false) // ignore rules don't depend on delay parameters
		return false;
	if (rule.GetSource().length() > 0) {
		string source = (LPSTR) ((LPBYTE) ev + sizeof(EVENTLOGRECORD));
		std::transform(source.begin(), source.end(), source.begin(), tolower);
		if (source != rule.GetSource())
			return false;
	}
	if (rule.GetType() != 0 && rule.GetType() != ev->EventType)
		return false;
	if (rule.GetUser().length() > 0) {
		string user;

		boost::regex e(rule.GetUser(), boost::regbase::perl);
		GetEventUser(ev, user);
		boost::match_results<std::string::const_iterator>	what;
		if(boost::regex_search(user, what, e) == 0)	{
			return false;
		} 
	}
	if (rule.GetValue().length() > 0) {
		string desc;
		
		boost::regex e(rule.GetValue(), boost::regbase::perl);
		GetEventDescription(ev, desc);
		boost::match_results<std::string::const_iterator>	what;
		if(boost::regex_search(desc, what, e) == 0)	{
			return false;
		} 
	}
	return true;
}
示例#3
0
文件: EventLog.cpp 项目: tjyang/bbwin
void			Session::AddRule(const Rule & rule) {
	if (rule.GetIgnore())
		m_ignoreRules.push_back(rule);
	else
		m_matchRules.push_back(rule);
}