Uses of Interface
org.jwall.web.audit.AuditEvent

Packages that use AuditEvent

org.jwall.audit.processor
org.jwall.audit.script
org.jwall.audit.server
org.jwall.web.audit	This package encapsulates the AuditEvent-framework that is used to represent, create, manage and handle audit events within a Java environment.
org.jwall.web.audit.filter	The filter package provides two simple classes/interfaces to construct filters: the AuditEventMatch interface and the AuditEventFilter class.
org.jwall.web.audit.io	This package contains the interfaces and classes that are used to read event from various sources or write audit-event to files.
org.jwall.web.audit.net	The net-package provides network communication like sending or receiving of audit data over tcp-connections.
org.jwall.web.audit.processor
org.jwall.web.audit.rules
org.jwall.web.audit.rules.operators
org.jwall.web.audit.session	The session-package provides some interfaces to implement session trackers.
org.jwall.web.audit.test
org.jwall.web.audit.util	This package simply contains some utility classes that are used for parsing and convenience.

Uses of AuditEvent in org.jwall.audit.processor

Methods in org.jwall.audit.processor that return AuditEvent

AuditEvent	JavaScript.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	DNSLookup.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	DefaultRequestHost.processEvent(AuditEvent event, Map<String,Object> context)

Methods in org.jwall.audit.processor with parameters of type AuditEvent

AuditEvent	JavaScript.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	DNSLookup.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	DefaultRequestHost.processEvent(AuditEvent event, Map<String,Object> context)

Uses of AuditEvent in org.jwall.audit.script

Method parameters in org.jwall.audit.script with type arguments of type AuditEvent

void	ScriptRunner.setAuditEventView(EventView<AuditEvent> view)

Uses of AuditEvent in org.jwall.audit.server

Methods in org.jwall.audit.server that return AuditEvent

AuditEvent

ModSecurity2AuditStream.readNext()

Methods in org.jwall.audit.server that return types with arguments of type AuditEvent

Iterator<AuditEvent>

ModSecurity2AuditStream.iterator()

Methods in org.jwall.audit.server with parameters of type AuditEvent

void	AuditEventStreamHandler.eventArrived(AuditEvent evt)

Method parameters in org.jwall.audit.server with type arguments of type AuditEvent

void	AuditEventStreamHandler.eventsArrived(Collection<AuditEvent> events)

Uses of AuditEvent in org.jwall.web.audit

Classes in org.jwall.web.audit that implement AuditEvent

class	IronBeeAuditEvent
class	ModSecurityAuditEvent This class defines an audit-event of modsecurity.

Methods in org.jwall.web.audit that return AuditEvent

AuditEvent	DefaultAuditEventFactory.createAuditEvent(String[] sectionData, AuditEventType type)
AuditEvent	AuditEventFactory.createAuditEvent(String[] sectionData, AuditEventType type) Creates a new audit-event instance from the given section strings.
AuditEvent	DefaultAuditEventFactory.createAuditEvent(String id, String[] data, File inputFile, long offset, long size, AuditEventType type)
AuditEvent	AuditEventFactory.createAuditEvent(String id, String[] data, File f, long off, long size, AuditEventType type)
AuditEvent	AuditEventView.getEvent(Integer id) This method will return the complete audit-event from the storage.
AuditEvent	AuditEventView.getEvent(String id) This method will return the complete audit-event from the storage.
AuditEvent	AuditEventView.getEventEntry(Integer id) This method will retrieve the entry with the given id from the index or null if no entry exists with that id.
AuditEvent	AuditEventQueue.nextEvent() This method will return the head of the queue, i.e. the events that has been in the queue for the longest term.
AuditEvent	AuditEventObfuscatorChain.obfuscate(AuditEvent evt)
AuditEvent	AuditEventProcessorPipeline.processEvent(AuditEvent event) This method applies all registered processors to the specified event.
AuditEvent	AuditEventQueue.readNext()

Methods in org.jwall.web.audit that return types with arguments of type AuditEvent

List<EventListener<AuditEvent>>	AuditEventProcessorPipeline.getListeners()
List<EventProcessor<AuditEvent>>	AuditEventProcessorPipeline.getProcessors()
Iterator<AuditEvent>	AuditEventQueue.iterator()
List<AuditEvent>	AuditEventView.list(AuditEventFilter filter, int offset, int num)
List<AuditEvent>	AuditEventView.list(AuditEventFilter filter, List<String> order, int offset, int num)

Methods in org.jwall.web.audit with parameters of type AuditEvent

void	AuditEventDispatcher.add(AuditEvent evt) Deprecated. The same functionality is now provided by enqueueEvent(AuditEvent).
int	ModSecurityAuditEvent.compareTo(AuditEvent o)
int	IronBeeAuditEvent.compareTo(AuditEvent o)
int	AuditEvent.compareTo(AuditEvent o)
boolean	AuditEventView.contains(AuditEvent e)
void	AuditEventDispatcher.enqueueEvent(AuditEvent evt) This method enqueues the given event into the list of events to be dispatched to the registered listeners.
void	AuditEventQueue.eventArrived(AuditEvent evt) This method will add the event evt to the queue.
void	AuditEventObfuscatorPipe.eventArrived(AuditEvent evt)
void	AuditEventListener.eventArrived(AuditEvent evt) This method is called when a new event arrives at the listener.
AuditEvent	AuditEventObfuscatorChain.obfuscate(AuditEvent evt)
void	AuditEventProcessorPipeline.process(AuditEvent event)
AuditEvent	AuditEventProcessorPipeline.processEvent(AuditEvent event) This method applies all registered processors to the specified event.

Method parameters in org.jwall.web.audit with type arguments of type AuditEvent

int	AuditEventProcessorPipeline.Priority.compare(EventProcessor<AuditEvent> arg0, EventProcessor<AuditEvent> arg1)
int	AuditEventProcessorPipeline.Priority.compare(EventProcessor<AuditEvent> arg0, EventProcessor<AuditEvent> arg1)
void	AuditEventQueue.eventsArrived(Collection<AuditEvent> events)
void	AuditEventObfuscatorPipe.eventsArrived(Collection<AuditEvent> events)
void	AuditEventListener.eventsArrived(Collection<AuditEvent> events) Deprecated.
Double	AuditEventProcessorPipeline.getPriority(EventProcessor<AuditEvent> proc)
void	AuditEventProcessorPipeline.register(Double priority, EventProcessor<AuditEvent> proc)
void	AuditEventProcessorPipeline.registerListener(EventListener<AuditEvent> l)
void	AuditEventProcessorPipeline.unregister(EventProcessor<AuditEvent> proc)
void	AuditEventProcessorPipeline.unregisterEventProcessor(EventProcessor<AuditEvent> p) This method is used to unregister an event-processor from the AuditStorage
void	AuditEventProcessorPipeline.unregisterListener(EventListener<AuditEvent> l)

Constructor parameters in org.jwall.web.audit with type arguments of type AuditEvent

AuditEventProcessorPipeline.Priority(Map<EventProcessor<AuditEvent>,Double> p)

AuditEventQueue(Collection<AuditEvent> evts)
This creates a new queue which is initially filled with the given set of events.

Uses of AuditEvent in org.jwall.web.audit.filter

Methods in org.jwall.web.audit.filter with parameters of type AuditEvent

boolean	FilterExpressionList.matches(AuditEvent evt)
boolean	FilterExpression.matches(AuditEvent evt) Matches the expression against the given event.
boolean	AuditEventMatch.matches(AuditEvent evt)
boolean	AuditEventFilter.matches(AuditEvent evt)
boolean	AuditEventDateMatch.matches(AuditEvent evt)

Uses of AuditEvent in org.jwall.web.audit.io

Methods in org.jwall.web.audit.io that return AuditEvent

static AuditEvent	AccessLogAuditReader.createEvent(String accessLine) This method create an audit-event from the given access-line.
AuditEvent	AuditEventIterator.next()
AuditEvent	BufferedAuditEventSource.nextEvent()
AuditEvent	AuditEventSource.nextEvent() Returns the next available AuditEvent.
AuditEvent	ConcurrentAuditReader.readEvent(String s) This method creates an audit-event instance from a file.
AuditEvent	ModSecurityAuditReader.readNext() This method reads another event from the stream.
AuditEvent	ModSecurity2AuditStream.readNext()
AuditEvent	ModSecurity2AuditReader.readNext()
AuditEvent	IronBeeAuditReader.readNext()
AuditEvent	ConcurrentDirectoryReader.readNext()
AuditEvent	ConcurrentAuditReader.readNext() This method read the next event from the file-system.
AuditEvent	AuditEventReader.readNext() This method tries to read the next event that is available.
AuditEvent	AccessLogAuditReader.readNext() This method reads the next line from the underlying file and creates an AuditEvent-object from it.
abstract AuditEvent	AbstractAuditEventReader.readNext()

Methods in org.jwall.web.audit.io that return types with arguments of type AuditEvent

Iterator<AuditEvent>	ModSecurityAuditReader.iterator()
Iterator<AuditEvent>	ModSecurity2AuditStream.iterator()
Iterator<AuditEvent>	ModSecurity2AuditReader.iterator()
Iterator<AuditEvent>	IronBeeAuditReader.iterator()
Iterator<AuditEvent>	ConcurrentDirectoryReader.iterator()
Iterator<AuditEvent>	ConcurrentAuditReader.iterator()
Iterator<AuditEvent>	AccessLogAuditReader.iterator()

Methods in org.jwall.web.audit.io with parameters of type AuditEvent

void	BufferedAuditEventWriter.add(AuditEvent evt) Add a new event to the list of events that need to be written to disk.
void	AuditLogFileWriter.add(AuditEvent evt)
static String	ConcurrentAuditWriter.createSummary(AuditEvent evt) This method creates a summary-string from the given audit-event.
void	BufferedAuditEventWriter.eventArrived(AuditEvent evt)
void	AuditLogFileWriter.eventArrived(AuditEvent evt) this will block if the queue is full !
File	ConcurrentAuditWriter.getFileFor(AuditEvent evt)
static List<AuditEventMessage>	MessageParser.parseMessages(AuditEvent evt)
File	ConcurrentAuditWriter.write(AuditEvent evt) This method writes the given audit-event evt to a file, whose name is deducted from the creation time of the event.
void	ModSecurity2AuditWriter.writeEvent(AuditEvent evt) Simply append an audit-event entry to the file.
void	ConcurrentAuditWriter.writeEvent(AuditEvent evt)
void	BufferedAuditEventWriter.writeEvent(AuditEvent evt) This method simply enqueue the event evt to the list of events waiting to be written to disk.
void	AuditLogFileWriter.writeEvent(AuditEvent evt)
void	AuditEventWriter.writeEvent(AuditEvent evt)

Method parameters in org.jwall.web.audit.io with type arguments of type AuditEvent

void	AuditLogFileWriter.add(Collection<AuditEvent> evts)
void	BufferedAuditEventWriter.addAll(Collection<AuditEvent> evts) This method can be used to add a collection of events to the queue.
void	AuditLogFileWriter.addEvents(Collection<AuditEvent> events)
void	BufferedAuditEventWriter.eventsArrived(Collection<AuditEvent> events)
void	AuditLogFileWriter.eventsArrived(Collection<AuditEvent> events)

Uses of AuditEvent in org.jwall.web.audit.net

Methods in org.jwall.web.audit.net that return AuditEvent

AuditEvent	SyslogAuditEventStream.readNext()
AuditEvent	SyslogAuditEventMultiStream.readNext()

Methods in org.jwall.web.audit.net that return types with arguments of type AuditEvent

Iterator<AuditEvent>	SyslogAuditEventStream.iterator()
Iterator<AuditEvent>	SyslogAuditEventMultiStream.iterator()

Methods in org.jwall.web.audit.net with parameters of type AuditEvent

void	NetworkEventServer.eventArrived(AuditEvent e)
void	NetworkClientWorkerThread.eventArrived(AuditEvent evt)
void	AuditEventURLConnectionSender.eventArrived(AuditEvent evt) Simply send all arriving events to the configured console.
void	AuditEventStreamHandler.eventArrived(AuditEvent evt)
void	AuditEventMLogcReceiver.eventArrived(AuditEvent evt)
void	AuditEventConsoleSender.eventArrived(AuditEvent evt) Simply send all arriving events to the configured console.
void	AuditEventMLogcReceiver.eventArrived(String sensorId, AuditEvent evt)
void	AuditEventURLConnectionSender.sendAuditEvent(AuditEvent evt) This method sends the given audit-event to the configured console.
void	AuditEventConsoleSender.sendAuditEvent(AuditEvent evt) This method sends the given audit-event to the configured console.

Method parameters in org.jwall.web.audit.net with type arguments of type AuditEvent

void	NetworkEventServer.eventsArrived(Collection<AuditEvent> events)
void	NetworkClientWorkerThread.eventsArrived(Collection<AuditEvent> events)
void	AuditEventURLConnectionSender.eventsArrived(Collection<AuditEvent> events)
void	AuditEventStreamHandler.eventsArrived(Collection<AuditEvent> events)
void	AuditEventMLogcReceiver.eventsArrived(Collection<AuditEvent> evts)
void	AuditEventConsoleSender.eventsArrived(Collection<AuditEvent> events)

Uses of AuditEvent in org.jwall.web.audit.processor

Methods in org.jwall.web.audit.processor that return AuditEvent

AuditEvent	XForwardedForResolver.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	RuleTagProcessor.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	PersistentCollectionProcessor.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	JRubyProcessor.processEvent(AuditEvent event, Map<String,Object> context)

Methods in org.jwall.web.audit.processor with parameters of type AuditEvent

AuditEvent	XForwardedForResolver.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	RuleTagProcessor.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	PersistentCollectionProcessor.processEvent(AuditEvent event, Map<String,Object> context)
AuditEvent	JRubyProcessor.processEvent(AuditEvent event, Map<String,Object> context)

Uses of AuditEvent in org.jwall.web.audit.rules

Methods in org.jwall.web.audit.rules with parameters of type AuditEvent

void	EventAction.execute(Map<String,Object> ctx, AuditEvent evt)
List<String>	ValueExtractor.extract(String var, AuditEvent evt)
String	PersistentCollectionExtractor.extract(String feature, AuditEvent event)
static Map<String,String>	PersistentCollectionExtractor.extractScores(AuditEvent evt) This method extracts scores and environment variables from the given event by effectively simulating the actions fired by this event which are included in the K section of the event.
static Map<String,String>	PersistentCollectionExtractor.extractScores(AuditEvent evt, Map<String,String> env) This method extracts scores and environment variables in the same way as the method above, but uses the specified map as an initial start to evaluate initial parameters.
static List<String>	ValueExtractor.extractValues(String variable, AuditEvent evt)
Set<String>	ValueExtractor.getVariables(AuditEvent event)
Set<String>	PersistentCollectionExtractor.getVariables(AuditEvent event)
boolean	Condition.matches(AuditEvent evt) This method executes the condition against the given event.
boolean	AuditEventRule.matches(AuditEvent evt, RuleContext ctx) This method checks whether the rule triggers for the given event.

Method parameters in org.jwall.web.audit.rules with type arguments of type AuditEvent

void	ValueExtractor.registerExtractor(String name, FeatureExtractor<AuditEvent,?> extr)

Uses of AuditEvent in org.jwall.web.audit.rules.operators

Methods in org.jwall.web.audit.rules.operators with parameters of type AuditEvent

List<String>	AbstractCondition.extractValues(AuditEvent evt)
boolean	AbstractCondition.matches(AuditEvent evt) Deprecated.

Uses of AuditEvent in org.jwall.web.audit.session

Methods in org.jwall.web.audit.session with parameters of type AuditEvent

void	Session.addEvent(AuditEvent e)
void	SessionTracker.eventArrived(AuditEvent event) This method simply associates the give event with a session or creates a new session if this event is not related to a previous one.
void	AbstractSessionTracker.eventArrived(AuditEvent event) This method tracks an AuditEvent object and creates a session if none existed yet.
String	HeuristicSessionTracker.extractKey(AuditEvent evt) Since this tracker simply relies on the remote address as session key, this method will just return the event's sender-address.
String	CookieSessionTracker.extractKey(AuditEvent evt) This method extracts the session-id that is sent in this event within the cookie, identified by sessionCookie.
abstract String	AbstractSessionTracker.extractKey(AuditEvent evt) This method extracts the key-feature from an event which is used to identify the session that this event is related to.
boolean	AbstractSessionTracker.isExpired(Session s, AuditEvent event) This method is used to check a session for expiration according to the date of the given audit-event.

Method parameters in org.jwall.web.audit.session with type arguments of type AuditEvent

void	AbstractSessionTracker.eventsArrived(Collection<AuditEvent> events)

Constructors in org.jwall.web.audit.session with parameters of type AuditEvent

Session(int type, String id, AuditEvent evt)
Creates a new session with the given session-identifier and the first event of the session being evt.

Uses of AuditEvent in org.jwall.web.audit.test

Methods in org.jwall.web.audit.test with parameters of type AuditEvent

static List<String>

RegressionTester.test(AuditEvent evt, String testSection)

Uses of AuditEvent in org.jwall.web.audit.util

Methods in org.jwall.web.audit.util with parameters of type AuditEvent

void	RFICollector.eventArrived(AuditEvent e)
String	MacroExpander.expand(String str, AuditEvent evt)
List<String>	RFICollector.extractRemoteReferences(AuditEvent evt) This method extracts all remote-file references from the request associated with this audit event.
String	MacroExpander.get(String variable, AuditEvent evt)
void	RFICollector.handleEvent(AuditEvent evt) This is called for all events.

Method parameters in org.jwall.web.audit.util with type arguments of type AuditEvent

void	RFICollector.eventsArrived(Collection<AuditEvent> events)