| Package | Description |
|---|---|
| org.jwall.audit.processor | |
| org.jwall.audit.script | |
| org.jwall.audit.server | |
| org.jwall.web.audit |
This package encapsulates the AuditEvent-framework that is used to represent,
create, manage and handle audit events within a Java environment.
|
| org.jwall.web.audit.filter |
The filter package provides two simple classes/interfaces to construct filters: the
AuditEventMatch interface and the AuditEventFilter class.
|
| org.jwall.web.audit.io |
This package contains the interfaces and classes that are used to read
event from various sources or write audit-event to files.
|
| org.jwall.web.audit.net |
The
net-package provides network communication like sending
or receiving of audit data over tcp-connections. |
| org.jwall.web.audit.processor | |
| org.jwall.web.audit.rules | |
| org.jwall.web.audit.rules.operators | |
| org.jwall.web.audit.session |
The
session-package provides some interfaces to implement
session trackers. |
| org.jwall.web.audit.test | |
| org.jwall.web.audit.util |
This package simply contains some utility classes that are used for parsing and
convenience.
|
| Modifier and Type | Method and Description |
|---|---|
AuditEvent |
JavaScript.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
DNSLookup.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
DefaultRequestHost.processEvent(AuditEvent event,
Map<String,Object> context) |
| Modifier and Type | Method and Description |
|---|---|
AuditEvent |
JavaScript.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
DNSLookup.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
DefaultRequestHost.processEvent(AuditEvent event,
Map<String,Object> context) |
| Modifier and Type | Method and Description |
|---|---|
void |
ScriptRunner.setAuditEventView(EventView<AuditEvent> view) |
| Modifier and Type | Method and Description |
|---|---|
AuditEvent |
ModSecurity2AuditStream.readNext() |
| Modifier and Type | Method and Description |
|---|---|
Iterator<AuditEvent> |
ModSecurity2AuditStream.iterator() |
| Modifier and Type | Method and Description |
|---|---|
void |
AuditEventStreamHandler.eventArrived(AuditEvent evt) |
| Modifier and Type | Method and Description |
|---|---|
void |
AuditEventStreamHandler.eventsArrived(Collection<AuditEvent> events) |
| Modifier and Type | Class and Description |
|---|---|
class |
IronBeeAuditEvent |
class |
ModSecurityAuditEvent
This class defines an audit-event of modsecurity.
|
| Modifier and Type | Method and Description |
|---|---|
AuditEvent |
DefaultAuditEventFactory.createAuditEvent(String[] sectionData,
AuditEventType type) |
AuditEvent |
AuditEventFactory.createAuditEvent(String[] sectionData,
AuditEventType type)
Creates a new audit-event instance from the given section strings.
|
AuditEvent |
DefaultAuditEventFactory.createAuditEvent(String id,
String[] data,
File inputFile,
long offset,
long size,
AuditEventType type) |
AuditEvent |
AuditEventFactory.createAuditEvent(String id,
String[] data,
File f,
long off,
long size,
AuditEventType type) |
AuditEvent |
AuditEventView.getEvent(Integer id)
This method will return the complete audit-event from the storage.
|
AuditEvent |
AuditEventView.getEvent(String id)
This method will return the complete audit-event from the storage.
|
AuditEvent |
AuditEventView.getEventEntry(Integer id)
This method will retrieve the entry with the given id from the index or
null if no entry exists with that id. |
AuditEvent |
AuditEventQueue.nextEvent()
This method will return the head of the queue, i.e. the
events that has been in the queue for the longest term.
|
AuditEvent |
AuditEventObfuscatorChain.obfuscate(AuditEvent evt) |
AuditEvent |
AuditEventProcessorPipeline.processEvent(AuditEvent event)
This method applies all registered processors to the specified event.
|
AuditEvent |
GELFSender.processEvent(AuditEvent evt,
Map<String,Object> context) |
AuditEvent |
AuditEventQueue.readNext() |
| Modifier and Type | Method and Description |
|---|---|
List<EventListener<AuditEvent>> |
AuditEventProcessorPipeline.getListeners() |
List<EventProcessor<AuditEvent>> |
AuditEventProcessorPipeline.getProcessors() |
Iterator<AuditEvent> |
AuditEventQueue.iterator() |
List<AuditEvent> |
AuditEventView.list(AuditEventFilter filter,
int offset,
int num)
Deprecated.
|
List<AuditEvent> |
AuditEventView.list(AuditEventFilter filter,
List<String> order,
int offset,
int num)
Deprecated.
|
| Modifier and Type | Method and Description |
|---|---|
void |
AuditEventDispatcher.add(AuditEvent evt)
Deprecated.
The same functionality is now provided by
enqueueEvent(AuditEvent). |
int |
ModSecurityAuditEvent.compareTo(AuditEvent o) |
int |
IronBeeAuditEvent.compareTo(AuditEvent o) |
int |
AuditEvent.compareTo(AuditEvent o) |
boolean |
AuditEventView.contains(AuditEvent e) |
void |
AuditEventDispatcher.enqueueEvent(AuditEvent evt)
This method enqueues the given event into the list of events to be dispatched to
the registered listeners.
|
void |
AuditEventQueue.eventArrived(AuditEvent evt)
This method will add the event
evt to the queue. |
void |
AuditEventObfuscatorPipe.eventArrived(AuditEvent evt) |
void |
AuditEventListener.eventArrived(AuditEvent evt)
This method is called when a new event arrives at the listener.
|
AuditEvent |
AuditEventObfuscatorChain.obfuscate(AuditEvent evt) |
void |
AuditEventProcessorPipeline.process(AuditEvent event) |
AuditEvent |
AuditEventProcessorPipeline.processEvent(AuditEvent event)
This method applies all registered processors to the specified event.
|
AuditEvent |
GELFSender.processEvent(AuditEvent evt,
Map<String,Object> context) |
| Modifier and Type | Method and Description |
|---|---|
int |
AuditEventProcessorPipeline.Priority.compare(EventProcessor<AuditEvent> arg0,
EventProcessor<AuditEvent> arg1) |
int |
AuditEventProcessorPipeline.Priority.compare(EventProcessor<AuditEvent> arg0,
EventProcessor<AuditEvent> arg1) |
void |
AuditEventQueue.eventsArrived(Collection<AuditEvent> events) |
void |
AuditEventObfuscatorPipe.eventsArrived(Collection<AuditEvent> events) |
void |
AuditEventListener.eventsArrived(Collection<AuditEvent> events)
Deprecated.
|
Double |
AuditEventProcessorPipeline.getPriority(EventProcessor<AuditEvent> proc) |
void |
AuditEventProcessorPipeline.register(Double priority,
EventProcessor<AuditEvent> proc) |
void |
AuditEventProcessorPipeline.registerListener(EventListener<AuditEvent> l) |
void |
AuditEventProcessorPipeline.unregister(EventProcessor<AuditEvent> proc) |
void |
AuditEventProcessorPipeline.unregisterEventProcessor(EventProcessor<AuditEvent> p)
This method is used to unregister an event-processor from the
AuditStorage
|
void |
AuditEventProcessorPipeline.unregisterListener(EventListener<AuditEvent> l) |
| Constructor and Description |
|---|
AuditData(AuditEvent evt) |
| Constructor and Description |
|---|
AuditEventProcessorPipeline.Priority(Map<EventProcessor<AuditEvent>,Double> p) |
AuditEventQueue(Collection<AuditEvent> evts)
This creates a new queue which is initially filled with the
given set of events.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
FilterExpressionList.matches(AuditEvent evt) |
boolean |
FilterExpression.matches(AuditEvent evt)
Matches the expression against the given event.
|
boolean |
AuditEventMatch.matches(AuditEvent evt) |
boolean |
AuditEventFilter.matches(AuditEvent evt) |
boolean |
AuditEventDateMatch.matches(AuditEvent evt) |
| Modifier and Type | Field and Description |
|---|---|
protected AuditEvent |
AbstractAuditEventReader.pending
The currently pending event
|
| Modifier and Type | Method and Description |
|---|---|
static AuditEvent |
AccessLogAuditReader.createEvent(String accessLine)
This method create an audit-event from the given access-line.
|
AuditEvent |
AuditEventIterator.next() |
AuditEvent |
BufferedAuditEventSource.nextEvent() |
AuditEvent |
AuditEventSource.nextEvent()
Returns the next available AuditEvent.
|
AuditEvent |
ConcurrentAuditReader.readEvent(String s)
This method creates an audit-event instance from a file.
|
AuditEvent |
ModSecurityAuditReader.readNext()
This method reads another event from the stream.
|
AuditEvent |
ModSecurity2AuditStream.readNext() |
AuditEvent |
ModSecurity2AuditReader.readNext() |
AuditEvent |
IronBeeAuditReader.readNext() |
AuditEvent |
ConcurrentDirectoryReader.readNext() |
AuditEvent |
ConcurrentAuditReader.readNext()
This method read the next event from the file-system.
|
AuditEvent |
AuditEventReader.readNext()
This method tries to read the next event that is available.
|
AuditEvent |
AccessLogAuditReader.readNext()
This method reads the next line from the underlying file
and creates an AuditEvent-object from it.
|
abstract AuditEvent |
AbstractAuditEventReader.readNext() |
| Modifier and Type | Method and Description |
|---|---|
Iterator<AuditEvent> |
ModSecurityAuditReader.iterator() |
Iterator<AuditEvent> |
ModSecurity2AuditStream.iterator() |
Iterator<AuditEvent> |
ModSecurity2AuditReader.iterator() |
Iterator<AuditEvent> |
IronBeeAuditReader.iterator() |
Iterator<AuditEvent> |
ConcurrentDirectoryReader.iterator() |
Iterator<AuditEvent> |
ConcurrentAuditReader.iterator() |
Iterator<AuditEvent> |
AccessLogAuditReader.iterator() |
| Modifier and Type | Method and Description |
|---|---|
void |
BufferedAuditEventWriter.add(AuditEvent evt)
Add a new event to the list of events that need to be written to disk.
|
void |
AuditLogFileWriter.add(AuditEvent evt) |
static String |
ConcurrentAuditWriter.createSummary(AuditEvent evt)
This method creates a summary-string from the given audit-event.
|
void |
BufferedAuditEventWriter.eventArrived(AuditEvent evt) |
void |
AuditLogFileWriter.eventArrived(AuditEvent evt)
this will block if the queue is full !
|
File |
ConcurrentAuditWriter.getFileFor(AuditEvent evt) |
static List<AuditEventMessage> |
MessageParser.parseMessages(AuditEvent evt) |
File |
ConcurrentAuditWriter.write(AuditEvent evt)
This method writes the given audit-event
evt to a file, whose name is
deducted from the creation time of the event. |
void |
ModSecurity2AuditWriter.writeEvent(AuditEvent evt)
Simply append an audit-event entry to the file.
|
void |
ConcurrentAuditWriter.writeEvent(AuditEvent evt) |
void |
BufferedAuditEventWriter.writeEvent(AuditEvent evt)
This method simply enqueue the event
evt to the list
of events waiting to be written to disk. |
void |
AuditLogFileWriter.writeEvent(AuditEvent evt) |
void |
AuditEventWriter.writeEvent(AuditEvent evt) |
| Modifier and Type | Method and Description |
|---|---|
void |
AuditLogFileWriter.add(Collection<AuditEvent> evts) |
void |
BufferedAuditEventWriter.addAll(Collection<AuditEvent> evts)
This method can be used to add a collection of events to the queue.
|
void |
AuditLogFileWriter.addEvents(Collection<AuditEvent> events) |
void |
BufferedAuditEventWriter.eventsArrived(Collection<AuditEvent> events) |
void |
AuditLogFileWriter.eventsArrived(Collection<AuditEvent> events) |
| Modifier and Type | Method and Description |
|---|---|
AuditEvent |
SyslogAuditEventStream.readNext() |
AuditEvent |
SyslogAuditEventMultiStream.readNext() |
| Modifier and Type | Method and Description |
|---|---|
Iterator<AuditEvent> |
SyslogAuditEventStream.iterator() |
Iterator<AuditEvent> |
SyslogAuditEventMultiStream.iterator() |
| Modifier and Type | Method and Description |
|---|---|
void |
NetworkEventServer.eventArrived(AuditEvent e) |
void |
NetworkClientWorkerThread.eventArrived(AuditEvent evt) |
void |
AuditEventURLConnectionSender.eventArrived(AuditEvent evt)
Simply send all arriving events to the configured console.
|
void |
AuditEventStreamHandler.eventArrived(AuditEvent evt) |
void |
AuditEventMLogcReceiver.eventArrived(AuditEvent evt) |
void |
AuditEventConsoleSender.eventArrived(AuditEvent evt)
Simply send all arriving events to the configured console.
|
void |
AuditEventMLogcReceiver.eventArrived(String sensorId,
AuditEvent evt) |
void |
AuditEventURLConnectionSender.sendAuditEvent(AuditEvent evt)
This method sends the given audit-event to the configured console.
|
void |
AuditEventConsoleSender.sendAuditEvent(AuditEvent evt)
This method sends the given audit-event to the configured console.
|
| Modifier and Type | Method and Description |
|---|---|
void |
NetworkEventServer.eventsArrived(Collection<AuditEvent> events) |
void |
NetworkClientWorkerThread.eventsArrived(Collection<AuditEvent> events) |
void |
AuditEventURLConnectionSender.eventsArrived(Collection<AuditEvent> events) |
void |
AuditEventStreamHandler.eventsArrived(Collection<AuditEvent> events) |
void |
AuditEventMLogcReceiver.eventsArrived(Collection<AuditEvent> evts) |
void |
AuditEventConsoleSender.eventsArrived(Collection<AuditEvent> events) |
| Modifier and Type | Method and Description |
|---|---|
AuditEvent |
XForwardedForResolver.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
RuleTagProcessor.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
RemoteAddressResolver.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
PersistentCollectionProcessor.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
JRubyProcessor.processEvent(AuditEvent event,
Map<String,Object> context) |
| Modifier and Type | Method and Description |
|---|---|
AuditEvent |
XForwardedForResolver.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
RuleTagProcessor.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
RemoteAddressResolver.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
PersistentCollectionProcessor.processEvent(AuditEvent event,
Map<String,Object> context) |
AuditEvent |
JRubyProcessor.processEvent(AuditEvent event,
Map<String,Object> context) |
| Modifier and Type | Method and Description |
|---|---|
protected void |
AuditEventRuleEngine.execute(EventRule<AuditEvent> rule,
AuditEvent event,
Map<String,Object> context) |
void |
EventAction.execute(Map<String,Object> ctx,
AuditEvent evt) |
List<String> |
ValueExtractor.extract(String var,
AuditEvent evt) |
String |
PersistentCollectionExtractor.extract(String feature,
AuditEvent event) |
static Map<String,String> |
PersistentCollectionExtractor.extractScores(AuditEvent evt)
This method extracts scores and environment variables from the given
event by effectively simulating the actions fired by this event which are
included in the K section of the event.
|
static Map<String,String> |
PersistentCollectionExtractor.extractScores(AuditEvent evt,
Map<String,String> env)
This method extracts scores and environment variables in the same way as
the method above, but uses the specified map as an initial start to
evaluate initial parameters.
|
static List<String> |
ValueExtractor.extractValues(String variable,
AuditEvent evt) |
Set<String> |
ValueExtractor.getVariables(AuditEvent event) |
Set<String> |
PersistentCollectionExtractor.getVariables(AuditEvent event) |
boolean |
Condition.matches(AuditEvent evt)
This method executes the condition against the given event.
|
boolean |
AuditEventRule.matches(AuditEvent evt,
RuleContext ctx)
This method checks whether the rule triggers for the given event.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
AuditEventRuleEngine.execute(EventRule<AuditEvent> rule,
AuditEvent event,
Map<String,Object> context) |
void |
ValueExtractor.registerExtractor(String name,
FeatureExtractor<AuditEvent,?> extr) |
| Modifier and Type | Method and Description |
|---|---|
List<String> |
AbstractCondition.extractValues(AuditEvent evt) |
boolean |
AbstractCondition.matches(AuditEvent evt)
Deprecated.
|
| Modifier and Type | Method and Description |
|---|---|
void |
Session.addEvent(AuditEvent e) |
void |
SessionTracker.eventArrived(AuditEvent event)
This method simply associates the give event with a session
or creates a new session if this event is not related to a previous
one.
|
void |
AbstractSessionTracker.eventArrived(AuditEvent event)
This method tracks an AuditEvent object and creates a session if none
existed yet.
|
String |
HeuristicSessionTracker.extractKey(AuditEvent evt)
Since this tracker simply relies on the remote address as session key, this
method will just return the event's sender-address.
|
String |
CookieSessionTracker.extractKey(AuditEvent evt)
This method extracts the session-id that is sent in this event
within the cookie, identified by
sessionCookie. |
abstract String |
AbstractSessionTracker.extractKey(AuditEvent evt)
This method extracts the key-feature from an event which is used to
identify the session that this event is related to.
|
boolean |
AbstractSessionTracker.isExpired(Session s,
AuditEvent event)
This method is used to check a session for expiration according to the
date of the given audit-event.
|
| Modifier and Type | Method and Description |
|---|---|
void |
AbstractSessionTracker.eventsArrived(Collection<AuditEvent> events) |
| Constructor and Description |
|---|
Session(int type,
String id,
AuditEvent evt)
Creates a new session with the given session-identifier and the first
event of the session being
evt. |
| Modifier and Type | Method and Description |
|---|---|
static List<String> |
RegressionTester.test(AuditEvent evt,
String testSection) |
| Modifier and Type | Method and Description |
|---|---|
void |
RFICollector.eventArrived(AuditEvent e) |
String |
MacroExpander.expand(String str,
AuditEvent evt) |
List<String> |
RFICollector.extractRemoteReferences(AuditEvent evt)
This method extracts all remote-file references from the request associated
with this audit event.
|
String |
MacroExpander.get(String variable,
AuditEvent evt) |
void |
RFICollector.handleEvent(AuditEvent evt)
This is called for all events.
|
protected String |
MacroExpander.substitute(String str,
AuditEvent evt) |
| Modifier and Type | Method and Description |
|---|---|
void |
RFICollector.eventsArrived(Collection<AuditEvent> events) |
Copyright © 2014 jwall.org. All Rights Reserved.