suricata
alert-prelude.c File Reference
#include "suricata-common.h"
#include "debug.h"
#include "detect.h"
#include "flow.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-unittest.h"
#include "util-time.h"
#include "util-debug.h"
#include "util-error.h"
#include "util-print.h"
#include "output.h"
#include "output-json.h"
#include "output-json-http.h"
#include "output-json-tls.h"
#include "output-json-ssh.h"
#include "output-json-smtp.h"
#include "output-json-email-common.h"
#include "util-privs.h"
#include "util-optimize.h"
#include "stream.h"
#include "alert-prelude.h"
#include <libprelude/prelude.h>
Include dependency graph for alert-prelude.c:

Go to the source code of this file.

Data Structures

struct  AlertPreludeCtx_
 
struct  AlertPreludeThread_
 

Macros

#define ANALYZER_CLASS   "NIDS"
 
#define ANALYZER_MODEL   "Suricata"
 
#define ANALYZER_MANUFACTURER   "http://www.openinfosecfoundation.org/"
 
#define ANALYZER_SID_URL   "http://www.snort.org/search/sid/"
 
#define SNORT_MAX_OWNED_SID   1000000
 
#define DEFAULT_ANALYZER_NAME   "suricata"
 
#define DEFAULT_PRELUDE_PROFILE   "suricata"
 

Typedefs

typedef struct AlertPreludeCtx_ AlertPreludeCtx
 
typedef struct AlertPreludeThread_ AlertPreludeThread
 

Functions

void AlertPreludeRegister (void)
 

Detailed Description

Author
Pierre Chifflier chiff.nosp@m.lier.nosp@m.@eden.nosp@m.wall.nosp@m..com
Yoann Vandoorselaere yoann.nosp@m..v@p.nosp@m.relud.nosp@m.e-id.nosp@m.s.com

Logs alerts to the Prelude system, using IDMEF (RFC 4765) messages.

Each message contains the alert description and reference (using the SID/GID), and a normalized description (assessment, impact, sources etc.)

libprelude handles the connection with the manager (collecting component), spooling and sending the event asynchronously. It also offers transport security (using TLS and trusted certificates) and reliability (events are retransmitted if not sent successfully).

This modules requires a Prelude profile to work (see man prelude-admin and the Prelude Handbook for help).

Definition in file alert-prelude.c.

Macro Definition Documentation

#define ANALYZER_CLASS   "NIDS"

Definition at line 83 of file alert-prelude.c.

#define ANALYZER_MANUFACTURER   "http://www.openinfosecfoundation.org/"

Definition at line 85 of file alert-prelude.c.

#define ANALYZER_MODEL   "Suricata"

Definition at line 84 of file alert-prelude.c.

#define ANALYZER_SID_URL   "http://www.snort.org/search/sid/"

Definition at line 86 of file alert-prelude.c.

#define DEFAULT_ANALYZER_NAME   "suricata"

Definition at line 89 of file alert-prelude.c.

#define DEFAULT_PRELUDE_PROFILE   "suricata"

Definition at line 91 of file alert-prelude.c.

#define SNORT_MAX_OWNED_SID   1000000

Definition at line 88 of file alert-prelude.c.

Typedef Documentation

This holds global structures and variables. Since libprelude is thread-safe, there is no need to store a mutex.

This holds per-thread specific structures and variables.

Function Documentation

void AlertPreludeRegister ( void  )

Definition at line 1286 of file alert-prelude.c.

References LOGGER_PRELUDE, and OutputRegisterPacketModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:

Here is the caller graph for this function: