Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

XML::Idiom
Intrusion Detection Interaction and Operations Messages

XML::Idiom - Intrusion Detection Interaction and Operations Messages


NAME

XML::Idiom - Intrusion Detection Interaction and Operations Messages (IDIOM)


SYNOPSIS


  use XML::Idiom;

  my $idiom = XML::Idiom->new();

  $idiom->consume($idiom_xml);

  my @events = $idiom->getEvents;

  my $number_of_events = $idiom->getNumberOfEvents();

  my $processed_xml = $idiom->XML; #you can use Data::Dumper to view it prettier


DESCRIPTION

Intrusion Detection Interaction and Operations Messages (IDIOM) is an XML document format developed and used by Cisco's version 4.0 of their NIDS. This is a simple module for handling these documents is included with the distribution of the Net::RDEP module (the method of transporting these documents, as specified by Cisco).

The document contains one of two pieces of information: either an error message or event information. If a connection is successful (that is, an HTTP error is not received) the RDEP server will return an IDIOM document to the client. However, it is possible that errors in the protocol itself were detected (unknown subscription ID, for example) and the document will contain an error. Otherwise, the document will contain new event records, as specified by the parameters of the connection.

See www.cisco.com for more information in RDEP or IDIOM.


IDIOM METHODS

new( IDIOM_DOCUMENT )
This is the constructor for a new XML::Idiom object, which may take the option IDIOM document.

consume( IDIOM_DOCUMENT )
The consume method will process the IDIOM document, populating the error and event internal structures.

XML
This method will return the IDIOM document, as processed by XML::Simple. It can be programmatically manipulated here, or visibly examined with Data::Dumper or something similiar.


ERROR METHODS

isError()
True is the IDIOM document contained an error.

errorType()
Returns the string value of the error type, found in the IDIOM document. This is an error ``name'' provided by the RDEP server.

errorContent()
Returns the string value of the error content, found in the IDIOM document. This is a text description provided by the RDEP server to explain the error.

getError()
When the IDIOM document is processed by XML::Simple, the error information is actually stored in a hash reference. This method will return the hash reference so that you may examine it yourself.


EVENT METHODS

getNumberOfEvents
The number of events retrieved from the document.

getNextEvent
Events are received in order of creation time. This will return the next event from the list of retrieved events.

getEvents
This method returns a array of all the events retrieved.


EXAMPLES

Printing out the IDIOM XML document is probably not all that useful. There are a few methods of handling the IDIOM document built into the XML::Idiom module that can be used. For example:


        my $idiom = XML::Idiom->new();

        $idiom->consume($idiom_xml);

        if (defined($idiom->isError())) {

                if($idiom->errorType eq 'errNotFound') {

                        # connection failed, reconnect

                        ...

                }

        } else {

                my $number_of_events = $idiom->getNumberOfEvents();

                print "RCVD $number_of_events number of events\n";

                while(my $e = $idiom->getNextEvent()) {

                        ...

                }

        }


SEE ALSO

Net::RDEP, XML::Simple, Data::Dumper


AUTHOR

Joe Minieri, <jminieri@mindspring.com


COPYRIGHT AND LICENSE

Copyright (C) 2004 by Joe Minieri and OpenService (www.open.com)

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.1 or, at your option, any later version of Perl 5 you may have available.

Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy