com.martealert
Class martealertHashFilter

java.lang.Object
  java.util.Dictionary
      java.util.Hashtable
          com.martealert.martealertHashtable
              com.martealert.martealertHashFilter

All Implemented Interfaces:

java.lang.Cloneable, java.util.Map, martealertConstants, java.io.Serializable

public class martealertHashFilter

extends martealertHashtable

implements martealertConstants

Class for create instances of martealertHashFilter objects and filter martealertTables

See Also:

Serialized Form

Field Summary

java.lang.String	ftsStr
com.martealert.martealertFields	jpFields
int	limitFTS
int	limitLTS
java.lang.String	ltsStr
int	nfilteredAlerts
int	ntotalAlerts

Fields inherited from interface com.martealert.martealertConstants

AMBIGUOUS_FIELDS, ANALYZER, CLASSIFICATION, COMPLETION, FTS, FTSTZ, HOUR_IN_MILLIS, INTERVAL, IPADDRS, LASTJOIN, LTS, LTSTZ, MAXMSGID, MAXSEVERITY, MFTS, MLTS, MSGID, MSOURCEPORT, NALERTS, NOTNULL_FIELDS, NULL_FIELDS, NXCLASSIFICATION, ORDER_BY_ALERTS, ORDER_BY_MAXTIME, ORDER_BY_TIME, PRELUDE_TABLES, PROTOCOL, SENSOR, SEVERITY, SEVERITY_COMPLETION, SOURCE, SOURCEIP, SOURCEPORT, SOURCEUID, TARGET, TARGETIP, TARGETPORT, TARGETPORT_PROTOCOL, TARGETUID, TERMINAL, TIME, TIMETZ, TLAST, TOP, TOTALTIME

Constructor Summary

martealertHashFilter()
Creates a new instance of an empty martealertHashFilter

martealertHashFilter(java.sql.Connection con, java.lang.String _FTS, java.lang.String _LTS)
Creates a new instance of a martealertHashFilter with only date filters.

martealertHashFilter(martealertHashFilter t)
Creates a new instante of martealertHashFilter initialize by a map or another Hashtable.

Method Summary

protected void	addFields(java.lang.String[] nn, java.lang.String[] nllj) Add vector of fields to this.jpFields, keeping the before values of jpFields.
protected void	addFields(java.util.Vector nn, java.util.Vector nllj) Add vector of fields to this.jpFields, keeping the before values of jpFields.
java.lang.Object	clone() Clone a martealertHashFilter from this.
static martealertHashFilter	combineHashFilters(java.sql.Connection con, java.util.Vector filters, java.lang.String _FTS, java.lang.String _LTS) Combine a vector of martealertHashfilter assigning first time sign and last time sign
java.lang.Object	get(java.lang.Object key) Get an object from key index
protected java.util.Vector	getAdvancedFilterFormule() Calculate formules for each component of a filter, replacing comile, no-needed brackets and default/null values.
protected java.util.Vector	getAdvancedFilterLogicOp() Get logic operator selected in advanced filter dialog.
protected java.lang.String[]	getFieldsToFilter(java.lang.String s) Get fields to be filtered.
protected java.lang.String[]	getFieldsToFilter(java.lang.String[] as) Get fields to be filtered.
protected java.lang.String[]	getFieldsToFilter(java.util.Vector fields) Get fields to be filtered.
protected java.lang.String	getFilterLastJoin() Compose a filter with all components depending on if they contains NULL or default value.
martealertCalendar	getFTS() Get FTS from martealertHashfilter where time has been stored with the following syntax: (t0.time >= '2006-01-11 00:00:00.0' AND t0.time <= '2006-02-24 23:59:00.0') AND
static martealertHashFilter	getHashFilter(int[] rows, martealertTopStats table) Return a martealertHashFilter grouping martealertTopStats.getField() rows and this Hashfilter conditions in only one filter, which will be combinated later.
java.lang.String	getHtmlDescription() Calculate a html description from a filter.
int	getIdFTS() Get "First Time Seen" identifier.
int	getIdLTS() Get "Last Time Seen" identifier.
martealertCalendar	getLTS() Get LTS from martealertHashfilter where time has been stored with the following syntax: (t0.time >= '2006-01-11 0:0.00.0' AND t0.time <= '2006-02-24 23:59.00.0') AND
int	getTotalAlerts() Get last total number of alerts calculated in
int	getTotalFilteredAlerts() Get total number of alerts after having applied this filter.
java.lang.String	getValue(java.lang.String key) Obtain 192.168.1.20 from filter.get(SOURCEIP), when string stored is for example: "t2.address = '192.168.1.20' AND "
void	initProperties(java.sql.Connection con, java.lang.String _FTS, java.lang.String _LTS) Inittialize int and String filter properties but not jpFields.
void	loadFrom(java.io.FileInputStream in) Load a martealertHashFilter from in input stream.
void	loadFrom(java.lang.String pathFile) Load a martealertHashFilter from a path file.
void	negateFilter() Negate martealertHashFilter.
void	printFilter() Print hashtable filter and filter properties in standard output.
protected static java.lang.String	putComile(java.lang.String field, java.lang.String filter) Return a String with comile containing values, from a logic formule.
java.lang.Object	putValue(java.lang.Object key, java.lang.Object value) Put a value into hashtable for index key.
void	saveTo(java.awt.Component parent) Save a martealertHashFilter in a file given by parameter out.
void	saveTo(java.io.FileOutputStream out) Save a martealertHashFilter in a file given by parameter out.
martealertHashFilter	setAdvancedFilter(java.lang.String field, java.lang.String value, java.lang.String operator) Set and get a filter value for a field usin logic operator passed as param.
protected void	setFields(java.lang.String[] nn, java.lang.String[] nllj) Set arrays of fields to this.jpFields, deleting the before values of jpFields.
protected void	setFields(java.lang.String[] nn, java.lang.String[] nllj, int fd) Set arrays of fields to this.jpFields, deleting the before values of jpFields.
void	setHashFilter(int[] row, martealertTopStats table) Set into this martealertHashFilter values according to rows in row[] array for martealertTopStats in params.
protected void	setNumProperties(martealertHashFilter filter) Set to this filter properties of martealertHashFilter passed, and jpFields, but not hashtable filter values.
void	setPairAddress(int i, martealertTable pt) Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.
void	setPairAddress(martealertTable pt) Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.
void	setPairAddress(java.lang.String sourceAddr, java.lang.String targetAddr) Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.
void	setPairAddress(java.util.Vector v) Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.
void	setTime(java.lang.String _FTS, java.lang.String _LTS) Update time and store it into HashFilter this.

Methods inherited from class com.martealert.martealertHashtable

getTemporalFilter, printHashtable, setFilter

Methods inherited from class java.util.Hashtable

clear, contains, containsKey, containsValue, elements, entrySet, equals, hashCode, isEmpty, keys, keySet, put, putAll, rehash, remove, size, toString, values

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

limitFTS

public int limitFTS

limitLTS

public int limitLTS

ftsStr

public java.lang.String ftsStr

ltsStr

public java.lang.String ltsStr

nfilteredAlerts

public int nfilteredAlerts

ntotalAlerts

public int ntotalAlerts

jpFields

public com.martealert.martealertFields jpFields

Constructor Detail

martealertHashFilter

public martealertHashFilter()

Creates a new instance of an empty martealertHashFilter

martealertHashFilter

public martealertHashFilter(java.sql.Connection con,
                            java.lang.String _FTS,
                            java.lang.String _LTS)
                     throws java.sql.SQLException

Creates a new instance of a martealertHashFilter with only date filters.

Parameters:

_FTS - String with first time sign in local time.

_LTS - String with last time sign in local time.

martealertHashFilter

public martealertHashFilter(martealertHashFilter t)

Creates a new instante of martealertHashFilter initialize by a map or another Hashtable.

Parameters:

t - Map to initialize martealertHashFilter object.

Method Detail

initProperties

public void initProperties(java.sql.Connection con,
                           java.lang.String _FTS,
                           java.lang.String _LTS)
                    throws java.sql.SQLException

Inittialize int and String filter properties but not jpFields. It's also initialized only Time index of hash table.

Parameters:

con - Connection to database.

_FTS - First time seen.

_LTS - Last time seen.

Throws:

java.sql.SQLException - Error while getting identifier from FTS or LTS.

setNumProperties

protected void setNumProperties(martealertHashFilter filter)

Set to this filter properties of martealertHashFilter passed, and jpFields, but not hashtable filter values.

Parameters:

filter - martealertHashFilter from which values are copied to this.

setTime

public void setTime(java.lang.String _FTS,
                    java.lang.String _LTS)

Update time and store it into HashFilter this. If _FTS or _LTS haven't got comilles, they're put.

putValue

public java.lang.Object putValue(java.lang.Object key,
                                 java.lang.Object value)

Put a value into hashtable for index key.

Parameters:

key - index of hashtable.

value - Object value to be stored in key position.

Returns:

Object put.

get

public java.lang.Object get(java.lang.Object key)

Get an object from key index

Specified by:

get in interface java.util.Map

Overrides:

get in class martealertHashtable

Parameters:

key - Object index (It will usually be an String)

Returns:

Object value obtained.

setAdvancedFilter

public martealertHashFilter setAdvancedFilter(java.lang.String field,
                                              java.lang.String value,
                                              java.lang.String operator)

Set and get a filter value for a field usin logic operator passed as param. It also update vNotNullFields and vNullFields vars.

Parameters:

field - Field

value - It contains "field var = 'value'", not only value.

operator - Logic operator can be AND, OR.

Returns:

martealertHashFilter with lastjoin and field vars updated.

getHashFilter

public static martealertHashFilter getHashFilter(int[] rows,
                                                 martealertTopStats table)

Return a martealertHashFilter grouping martealertTopStats.getField() rows and this Hashfilter conditions in only one filter, which will be combinated later. This is exactly what is executed when a double-click is done on a TopStat table. First is taken a vector of FTS' and another of LTS'. (It doesn't modify LASTJOIN)

Parameters:

rows - rows from table to filter.

Returns:

martealertHashFilter composed by all rows passed as param rows[].

setHashFilter

public void setHashFilter(int[] row,
                          martealertTopStats table)

Set into this martealertHashFilter values according to rows in row[] array for martealertTopStats in params. It doesn't modify int properties of this and neither replace and old value but attach it to new values selected, except martealertFields table.jpFields

Parameters:

row - int[] array with rows to filter by.

table - martealertTopStats table where are taken data for filtering.

Throws:

java.sql.SQLException

setPairAddress

public void setPairAddress(martealertTable pt)

Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.

Parameters:

pt - martealertTable which contains source IP's in first column (0) and target in second one (1).

setPairAddress

public void setPairAddress(int i,
                           martealertTable pt)

Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.

Parameters:

i - int which indicate row of pt to take addresses from it.

pt - martealertTable which contains source IP's in first column (0) and target in second one (1).

setPairAddress

public void setPairAddress(java.util.Vector v)

Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.

Parameters:

v - vector with source ip in component 0 and target ip in component 1

setPairAddress

public void setPairAddress(java.lang.String sourceAddr,
                           java.lang.String targetAddr)

Set source and target ip to this martealertHashFilter modifying SOURCEIP, TARGETIP and IPADDRS keys from martealertTable pt.

Parameters:

sourceAddr - source ip address.

targetAddr - target ip address.

getValue

public java.lang.String getValue(java.lang.String key)

Obtain 192.168.1.20 from filter.get(SOURCEIP), when string stored is for example: "t2.address = '192.168.1.20' AND "

Parameters:

key - index of martealertHashtable.

Returns:

Object stored in keyposition of this object in String format.

putComile

protected static java.lang.String putComile(java.lang.String field,
                                            java.lang.String filter)

Return a String with comile containing values, from a logic formule. For each key it's allowed multiple value combinations for the same key as (t5.port = '6' OR t5.port = '17') except for classification key, because is the only key which values contains spaces: (t1.text = 'Admin login failed')

Parameters:

field - String with field or martealertHashFilter key

filter - String with component of martealertHashFilter value.

Returns:

(t2.address = '129.168.100.72' OR t2.address = '127.0.0.1') and t5.port = '17'
from String filter parameter = (t2.address = 129.168.100.72 OR t2.address = 127.0.0.1) and t5.port = 17

getAdvancedFilterFormule

protected java.util.Vector getAdvancedFilterFormule()

Calculate formules for each component of a filter, replacing comile, no-needed brackets and default/null values.

Returns:

Vector that stores all advanced filter components.

getAdvancedFilterLogicOp

protected java.util.Vector getAdvancedFilterLogicOp()

Get logic operator selected in advanced filter dialog.

Returns:

Vector with all logic operator for all fields in advanced filter window.

getFTS

public martealertCalendar getFTS()

Get FTS from martealertHashfilter where time has been stored with the following syntax:
(t0.time >= '2006-01-11 00:00:00.0' AND t0.time <= '2006-02-24 23:59:00.0') AND

Returns:

GregorianCalendar with FTS of this martealertHashfilter.

getLTS

public martealertCalendar getLTS()

Get LTS from martealertHashfilter where time has been stored with the following syntax:
(t0.time >= '2006-01-11 0:0.00.0' AND t0.time <= '2006-02-24 23:59.00.0') AND

Returns:

GregorianCalendar with LTS of this martealertHashfilter.

combineHashFilters

public static martealertHashFilter combineHashFilters(java.sql.Connection con,
                                                      java.util.Vector filters,
                                                      java.lang.String _FTS,
                                                      java.lang.String _LTS)
                                               throws java.sql.SQLException

Combine a vector of martealertHashfilter assigning first time sign and last time sign

Parameters:

filters - Vector of martealertHashFilters. Size must be > 0

_FTS - String with first time sign in ISO format.

_LTS - String with last time sign in ISO format.

Throws:

java.sql.SQLException

getFilterLastJoin

protected java.lang.String getFilterLastJoin()

Compose a filter with all components depending on if they contains NULL or default value.

Returns:

String with filter for last join in Sql commands.

getFieldsToFilter

protected java.lang.String[] getFieldsToFilter(java.lang.String s)

Get fields to be filtered. DEPRECATED for VER<=0.7.1-SQL

Parameters:

s - String with fields to filter.

Returns:

String[] array with fields to be filtered.

getFieldsToFilter

protected java.lang.String[] getFieldsToFilter(java.lang.String[] as)

Get fields to be filtered. DEPRECATED for VER<=0.7.1-SQL

Parameters:

as - String[] with fields to filter.

Returns:

String[] array with fields to be filtered.

getFieldsToFilter

protected java.lang.String[] getFieldsToFilter(java.util.Vector fields)

Get fields to be filtered. DEPRECATED for VER<=0.7.1-SQL

Parameters:

fields - Vector with fields to filter.

Returns:

String[] array with fields to be filtered.

negateFilter

public void negateFilter()

Negate martealertHashFilter.

getHtmlDescription

public java.lang.String getHtmlDescription()

Calculate a html description from a filter.

Returns:

String for tooltip with HTML description.

saveTo

public void saveTo(java.io.FileOutputStream out)
            throws java.io.IOException

Save a martealertHashFilter in a file given by parameter out.

Parameters:

out - FileOutputStream to save file.

Throws:

java.io.IOException - Launched when saving has not possible to be done.

saveTo

public void saveTo(java.awt.Component parent)

Save a martealertHashFilter in a file given by parameter out.

Parameters:

parent - Component parent of advanced filter dialog.

loadFrom

public void loadFrom(java.lang.String pathFile)
              throws java.io.IOException

Load a martealertHashFilter from a path file.

Parameters:

pathFile - path file to load filter.

Throws:

java.io.IOException - File not found.

loadFrom

public void loadFrom(java.io.FileInputStream in)
              throws java.io.IOException

Load a martealertHashFilter from in input stream.

Parameters:

in - FileInputStream to load file.

Throws:

java.io.IOException

getTotalAlerts

public int getTotalAlerts()

Get last total number of alerts calculated in

Returns:

int with total alerts in object where has been invoked.

getTotalFilteredAlerts

public int getTotalFilteredAlerts()

Get total number of alerts after having applied this filter.

Returns:

total number of filtered alerts.

getIdFTS

public int getIdFTS()

Get "First Time Seen" identifier.

Returns:

FTS identifier.

getIdLTS

public int getIdLTS()

Get "Last Time Seen" identifier.

Returns:

LTS identifier.

printFilter

public void printFilter()

Print hashtable filter and filter properties in standard output.

clone

public java.lang.Object clone()

Clone a martealertHashFilter from this.

Returns:

martealertHashFilter cloned.

setFields

protected void setFields(java.lang.String[] nn,
                         java.lang.String[] nllj)

Set arrays of fields to this.jpFields, deleting the before values of jpFields.

Parameters:

nn - Array with not null fields to be added.

nllj - Array with null fields to be added.

setFields

protected void setFields(java.lang.String[] nn,
                         java.lang.String[] nllj,
                         int fd)

Set arrays of fields to this.jpFields, deleting the before values of jpFields.

Parameters:

nn - Array with not null fields to be added.

nllj - Array with null fields to be added.

fd - Flag which specify if there are double fields (SEVERITY_COMPLETION or PROTOCOL_TARGETPORT) or not.

addFields

protected void addFields(java.util.Vector nn,
                         java.util.Vector nllj)

Add vector of fields to this.jpFields, keeping the before values of jpFields.

Parameters:

nn - Vector with not null fields to be added.

nllj - Vector with null fields to be added.

addFields

protected void addFields(java.lang.String[] nn,
                         java.lang.String[] nllj)

Add vector of fields to this.jpFields, keeping the before values of jpFields.

Parameters:

nn - Array with not null fields to be added.

nllj - Array with null fields to be added.