org.jwall.web.audit
Class ModSecurityAuditEvent

java.lang.Object
  org.jwall.web.audit.ModSecurityAuditEvent

All Implemented Interfaces:

Serializable, Comparable<AuditEvent>, Event, AuditEvent

public class ModSecurityAuditEvent
extends Object
implements Comparable<AuditEvent>, Serializable, AuditEvent

This class defines an audit-event of modsecurity. Currently this class stores the audit-event data as an internal string and has a few hash tables to hold specific properties/fields/parameters of the parsed request. However this will hopefully be turned into an interface to achieve independence of the actual implementations of an AuditEvent.

Author:

Christian Bockermann <chris@jwall.org>

See Also:

Serialized Form

Field Summary

static SimpleDateFormat

fmt the format in which the date is printed out

Fields inherited from interface org.jwall.web.audit.AuditEvent

AGE, EVENT_ID, EVENT_TAGS, EVENT_URL, FILE, FILE_OFFSET, ID, MESSAGE, RECEIVED_AT, SENSOR, SENSOR_ADDR, SENSOR_ID, SENSOR_NAME, SENSOR_TYPE, SESSION_ID, SEVERITY, SITE_ID, SITE_NAME, SIZE, TAGS, VARIABLES

Fields inherited from interface org.jwall.audit.Event

TIMESTAMP, TYPE

Constructor Summary

ModSecurityAuditEvent(ModSecurityAuditEvent evt)
This clone-constructor creates a copy of the given audit-event.

ModSecurityAuditEvent(String[] data, AuditEventType type)
This creates an instance of this class by parsing all fields from the given string-array.

ModSecurityAuditEvent(String id, String[] data, AuditEventType type)
This constructor is used, when reading audit-events from a file.

ModSecurityAuditEvent(String id, String[] data, File f, long off, long size, AuditEventType type)

Method Summary

int	compareTo(AuditEvent o)
int	compareTo(ModSecurityAuditEvent o)
boolean	equals(ModSecurityAuditEvent o)
String	get(String variable) Returns the given variable as String or an empty string if the variable is not set.
List<String>	getAll(String v) This method returns the list of a collection which if referenced by the given variable var.
AuditEventType	getAuditEventType()
String	getAuditHeader()
String	getAuditLogTrailer() Deprecated.
Long	getCount()
Date	getDate() Returns the date of this events birth.
String	getEventId() The unique ID, created by modsecurity.
AuditEventMessage[]	getEventMessages()
File	getFile()
static Long	getInstanceCount()
long	getOffset()
String[]	getRawData() This method returns an array of strings that contain the section-data of the appopriate audit-log entry of this event.
String	getRequestBody()
String	getRequestHeader()
URL	getRequestURL()
String	getResponseHeader() Deprecated.
String	getSection(int i) Returns the string, which contains the whole section of this audit-event.
String[]	getSections()
String	getSessionId() The session-id of this request or an empty string, if no session-id has been set.
long	getSize()
Set<String>	getTags()
Long	getTimestamp() Returns the time of this event in milliseconds since 1970.
EventType	getType()
List<String>	getVariables() This method returns the list of all variables available in this event.
boolean	isSet(String var) Checks wether the given variable is set or not.
void	recycle()
void	set(String var, String val) This method can be used to modify/set properties of the event.
void	setAll(String variable, List<String> values) This method can be used to modify/set a collection of the event.
void	setSessionId(String id) This method sets the session-id of this event.
void	tag(String tag)
String	toString() Override Object.toString() by returning a String of all sections.
void	untag(String tag)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

fmt

public static final SimpleDateFormat fmt

the format in which the date is printed out

Constructor Detail

ModSecurityAuditEvent

public ModSecurityAuditEvent(ModSecurityAuditEvent evt)
                      throws Exception

This clone-constructor creates a copy of the given audit-event.

Parameters:

evt - The event to clone.

Throws:

Exception

ModSecurityAuditEvent

public ModSecurityAuditEvent(String[] data,
                             AuditEventType type)
                      throws ParseException

This creates an instance of this class by parsing all fields from the given string-array.

Parameters:

data - An array containing all audit-sections.

Throws:

Exception - in case parsing failed.

ParseException

ModSecurityAuditEvent

public ModSecurityAuditEvent(String id,
                             String[] data,
                             File f,
                             long off,
                             long size,
                             AuditEventType type)
                      throws ParseException

Throws:

ParseException

ModSecurityAuditEvent

public ModSecurityAuditEvent(String id,
                             String[] data,
                             AuditEventType type)
                      throws Exception

This constructor is used, when reading audit-events from a file. This way you can make sure, that the id of the audit-event is the same as the one in the file.

Parameters:

id - The id that the new event should contain.

data - The section-data.

Throws:

Exception - In case anything goes wrong (Parsing, etc...)

Method Detail

getSections

public String[] getSections()

getType

public EventType getType()

Specified by:

getType in interface Event

getTimestamp

public Long getTimestamp()

Description copied from interface: Event

Returns the time of this event in milliseconds since 1970.

Specified by:

getTimestamp in interface Event

Returns:

getEventId

public String getEventId()

Description copied from interface: AuditEvent

The unique ID, created by modsecurity.

Specified by:

getEventId in interface AuditEvent

Returns:

A unique event id.

getSection

public String getSection(int i)

Description copied from interface: AuditEvent

Returns the string, which contains the whole section of this audit-event. The available sections are defined in ModSecurity.java.

Specified by:

getSection in interface AuditEvent

Parameters:

i - Index of the section as defined by ModSecurity.SECTION_*.

Returns:

The string value of the appopriate section of this event.

getAuditHeader

public String getAuditHeader()

getRequestHeader

public String getRequestHeader()

getRequestBody

public String getRequestBody()

getResponseHeader

public String getResponseHeader()

Deprecated.

See Also:

org.modsecurity.audit.AuditEvent#getResponseHeader()

getAuditLogTrailer

public String getAuditLogTrailer()

Deprecated.

getDate

public Date getDate()

Description copied from interface: AuditEvent

Returns the date of this events birth. The value of this date is parsed from the audit-event entry.

Specified by:

getDate in interface AuditEvent

Returns:

The date when this event was created.

getSessionId

public String getSessionId()

Description copied from interface: AuditEvent

The session-id of this request or an empty string, if no session-id has been set.

Specified by:

getSessionId in interface AuditEvent

Returns:

The session id.

setSessionId

public void setSessionId(String id)

Description copied from interface: AuditEvent

This method sets the session-id of this event. Its primary use is to group several events by external session-trackers.

Specified by:

setSessionId in interface AuditEvent

Parameters:

id - The id of the session with which this event is associated.

isSet

public boolean isSet(String var)

Description copied from interface: AuditEvent

Checks wether the given variable is set or not.

Specified by:

isSet in interface AuditEvent

Parameters:

var - The name of the variable that is checked.

Returns:

true iff the variable is set.

get

public String get(String variable)

Description copied from interface: AuditEvent

Returns the given variable as String or an empty string if the variable is not set. If the given variable is referring to a collection the first value of that collection is returned. To test if a variable has been set, use isSet(String variable).

Specified by:

get in interface Event

Specified by:

get in interface AuditEvent

Parameters:

variable - The name of the variable.

Returns:

The value of this variable.

getAll

public List<String> getAll(String v)

Description copied from interface: AuditEvent

This method returns the list of a collection which if referenced by the given variable var.

Specified by:

getAll in interface AuditEvent

Parameters:

v - The variable name of the collection. May also be a non-collection variable in which case a single-item list will returned if the variable has a value.

Returns:

The list of values for the variable, of NULL if no collection is found by that variable name.

getVariables

public List<String> getVariables()

Description copied from interface: AuditEvent

This method returns the list of all variables available in this event.

Specified by:

getVariables in interface AuditEvent

Returns:

The list of variable names (single variables AND collections) which may be accessed from this event.

set

public void set(String var,
                String val)

Description copied from interface: AuditEvent

This method can be used to modify/set properties of the event. There is a distinction between request and event properties. The request properties are parsed from the incoming request and are immutable. The event properties may be changed.

Specified by:

set in interface Event

Specified by:

set in interface AuditEvent

toString

public String toString()

Override Object.toString() by returning a String of all sections.

Overrides:

toString in class Object

compareTo

public int compareTo(AuditEvent o)

Specified by:

compareTo in interface Comparable<AuditEvent>

Specified by:

compareTo in interface AuditEvent

compareTo

public int compareTo(ModSecurityAuditEvent o)

equals

public boolean equals(ModSecurityAuditEvent o)

getRawData

public String[] getRawData()

Description copied from interface: AuditEvent

This method returns an array of strings that contain the section-data of the appopriate audit-log entry of this event.

Specified by:

getRawData in interface AuditEvent

Returns:

The list of section-strings.

getCount

public Long getCount()

getRequestURL

public URL getRequestURL()

getFile

public File getFile()

getOffset

public long getOffset()

getSize

public long getSize()

recycle

public void recycle()

tag

public void tag(String tag)

untag

public void untag(String tag)

getTags

public Set<String> getTags()

getInstanceCount

public static Long getInstanceCount()

setAll

public void setAll(String variable,
                   List<String> values)

Description copied from interface: AuditEvent

This method can be used to modify/set a collection of the event. There is a distinction between request and event properties. The request properties are parsed from the incoming request and are immutable. The event properties may be changed.

Specified by:

setAll in interface AuditEvent

getAuditEventType

public AuditEventType getAuditEventType()

Specified by:

getAuditEventType in interface AuditEvent

getEventMessages

public AuditEventMessage[] getEventMessages()

Specified by:

getEventMessages in interface AuditEvent