AuditEvent (web-audit Library 0.6.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jwall.web.audit
Interface AuditEvent

All Superinterfaces:: Comparable<AuditEvent>, Event, Serializable

All Known Implementing Classes:: IronBeeAuditEvent, ModSecurityAuditEvent

public interface AuditEvent
extends Event, Serializable, Comparable<AuditEvent>
extends Event, Serializable, Comparable<AuditEvent>

This interface defines an abstract audit-event. Specifying events as interface aims at several optimized implementations. A simple one can be found at AuditEventImpl.

This interface also defines several event properties, which are beyond the set of variables supported by.

Author:: Christian Bockermann <chris@jwall.org>

Field Summary
`static String`	`AGE` This is a special variable, which refers to the age of the event in milliseconds with regard to the moment the variable is accessed (i.e.
`static String`	`EVENT_ID`
`static String`	`EVENT_TAGS` The collection key for storing all tags for an event
`static String`	`EVENT_URL`
`static String`	`FILE` This variable holds the path where the event is stored
`static String`	`FILE_OFFSET` This variable indicates the offset (in bytes) from the beginning of the file where this event is stored
`static String`	`ID`
`static String`	`MESSAGE`
`static String`	`RECEIVED_AT` A key denoting the time an event has been received
`static String`	`SENSOR` This simply serves as alias for SENSOR_NAME
`static String`	`SENSOR_ADDR`
`static String`	`SENSOR_ID` This variable holds the ID of the sensor from which this event was received (if available)
`static String`	`SENSOR_NAME` This variable holds the name of the sensor from which this event was received (if available)
`static String`	`SENSOR_TYPE`
`static String`	`SESSION_ID`
`static String`	`SEVERITY`
`static String`	`SITE_ID` This variable denotes the site-id to which this event is mapped
`static String`	`SITE_NAME` This variable references the site-name to which this event is mapped
`static String`	`SIZE`
`static String`	`TAGS`
`static String[]`	`VARIABLES`

Fields inherited from interface org.jwall.audit.Event
`TIMESTAMP, TYPE`

Method Summary
`int`	`compareTo(AuditEvent o)`
`String`	`get(String var)` Returns the given variable as `String` or an empty string if the variable is not set.
`List<String>`	`getAll(String var)` This method returns the list of a collection which if referenced by the given variable `var`.
`AuditEventType`	`getAuditEventType()`
`Date`	`getDate()` Returns the date of this events birth.
`String`	`getEventId()` The unique ID, created by modsecurity.
`AuditEventMessage[]`	`getEventMessages()`
`String[]`	`getRawData()` Deprecated.
`String`	`getSection(int i)` Returns the string, which contains the whole section of this audit-event.
`String`	`getSessionId()` Deprecated. Use `get( "SESSION_ID" );` instead.
`List<String>`	`getVariables()` This method returns the list of all variables available in this event.
`boolean`	`isSet(String var)` Checks wether the given variable is set or not.
`void`	`set(String variable, String value)` This method can be used to modify/set properties of the event.
`void`	`setAll(String variable, List<String> values)` This method can be used to modify/set a collection of the event.
`void`	`setSessionId(String id)` Deprecated. Use `set( "SESSION_ID", id )` instead.

Methods inherited from interface org.jwall.audit.Event
`getTimestamp, getType`

Field Detail

ID

static final String ID

See Also:: Constant Field Values

EVENT_ID

static final String EVENT_ID

See Also:: Constant Field Values

EVENT_TAGS

static final String EVENT_TAGS

The collection key for storing all tags for an event

See Also:: Constant Field Values

RECEIVED_AT

static final String RECEIVED_AT

A key denoting the time an event has been received

See Also:: Constant Field Values

AGE

static final String AGE

This is a special variable, which refers to the age of the event in milliseconds with regard to the moment the variable is accessed (i.e. calculated on-time of extraction)

See Also:: Constant Field Values

SENSOR_ID

static final String SENSOR_ID

This variable holds the ID of the sensor from which this event was received (if available)

See Also:: Constant Field Values

SENSOR_NAME

static final String SENSOR_NAME

This variable holds the name of the sensor from which this event was received (if available)

See Also:: Constant Field Values

SENSOR

static final String SENSOR

This simply serves as alias for SENSOR_NAME

See Also:: Constant Field Values

SENSOR_ADDR

static final String SENSOR_ADDR

See Also:: Constant Field Values

SENSOR_TYPE

static final String SENSOR_TYPE

See Also:: Constant Field Values

SITE_ID

static final String SITE_ID

This variable denotes the site-id to which this event is mapped

See Also:: Constant Field Values

SITE_NAME

static final String SITE_NAME

This variable references the site-name to which this event is mapped

See Also:: Constant Field Values

FILE

static final String FILE

This variable holds the path where the event is stored

See Also:: Constant Field Values

EVENT_URL

static final String EVENT_URL

See Also:: Constant Field Values

FILE_OFFSET

static final String FILE_OFFSET

This variable indicates the offset (in bytes) from the beginning of the file where this event is stored

See Also:: Constant Field Values

SIZE

static final String SIZE

See Also:: Constant Field Values

SEVERITY

static final String SEVERITY

See Also:: Constant Field Values

MESSAGE

static final String MESSAGE

See Also:: Constant Field Values

SESSION_ID

static final String SESSION_ID

See Also:: Constant Field Values

VARIABLES

static final String[] VARIABLES

Method Detail

getEventId

String getEventId()

The unique ID, created by modsecurity.

Returns:: A unique event id.

getSection

String getSection(int i)

Returns the string, which contains the whole section of this audit-event. The available sections are defined in ModSecurity.java.

Parameters:: i - Index of the section as defined by ModSecurity.SECTION_*.
Returns:: The string value of the appopriate section of this event.

getDate

Date getDate()

Returns the date of this events birth. The value of this date is parsed from the audit-event entry.

Returns:: The date when this event was created.

getSessionId

String getSessionId()

Deprecated. Use get( "SESSION_ID" ); instead.

The session-id of this request or an empty string, if no session-id has been set.

Returns:: The session id.

setSessionId

void setSessionId(String id)

Deprecated. Use set( "SESSION_ID", id ) instead.

This method sets the session-id of this event. Its primary use is to group several events by external session-trackers.

Parameters:: id - The id of the session with which this event is associated.

isSet

boolean isSet(String var)

Checks wether the given variable is set or not.

Parameters:: var - The name of the variable that is checked.
Returns:: true iff the variable is set.

get

String get(String var)

Returns the given variable as String or an empty string if the variable is not set. If the given variable is referring to a collection the first value of that collection is returned. To test if a variable has been set, use isSet(String variable).

Specified by:: get in interface Event

Parameters:: var - The name of the variable.
Returns:: The value of this variable.

getAll

List<String> getAll(String var)

This method returns the list of a collection which if referenced by the given variable var.

Parameters:: var - The variable name of the collection. May also be a non-collection variable in which case a single-item list will returned if the variable has a value.
Returns:: The list of values for the variable, of NULL if no collection is found by that variable name.

set

void set(String variable,
         String value)

This method can be used to modify/set properties of the event. There is a distinction between request and event properties. The request properties are parsed from the incoming request and are immutable. The event properties may be changed.

Specified by:: set in interface Event

Parameters:: variable -; value -

setAll

void setAll(String variable,
            List<String> values)

This method can be used to modify/set a collection of the event. There is a distinction between request and event properties. The request properties are parsed from the incoming request and are immutable. The event properties may be changed.

Parameters:: variable -; values -

getVariables

List<String> getVariables()

This method returns the list of all variables available in this event.

Returns:: The list of variable names (single variables AND collections) which may be accessed from this event.

compareTo

int compareTo(AuditEvent o)

Specified by:: compareTo in interface Comparable<AuditEvent>

getRawData

String[] getRawData()

Deprecated.

This method returns an array of strings that contain the section-data of the appopriate audit-log entry of this event.

Returns:: The list of section-strings.

getEventMessages

AuditEventMessage[] getEventMessages()

getAuditEventType

AuditEventType getAuditEventType()