com.martealert
Class martealertThirdLevel

java.lang.Object
  com.martealert.martealertTable
      com.martealert.martealertFirstLevel
          com.martealert.martealertSecondLevel
              com.martealert.martealertThirdLevel

All Implemented Interfaces:

martealertConstants, martealertLevelInterface, martealertRealTimeInterface

public class martealertThirdLevel

extends martealertSecondLevel

Class for create instances of martealertThird level from martealertSecondLevel.

Field Summary

Fields inherited from class com.martealert.martealertFirstLevel

max

Fields inherited from class com.martealert.martealertTable

_, ALIASVAR, columnNames, data, DEFAULT, GROUPBY, IDENT, INDEX, INDEXSEARCH, NAMEDVAR, RELATION, SELECT, TX, UNNAMEDVAR, VAR

Fields inherited from interface com.martealert.martealertConstants

AMBIGUOUS_FIELDS, ANALYZER, CLASSIFICATION, COMPLETION, FTS, FTSTZ, HOUR_IN_MILLIS, INTERVAL, IPADDRS, LASTJOIN, LTS, LTSTZ, MAXMSGID, MAXSEVERITY, MFTS, MLTS, MSGID, MSOURCEPORT, NALERTS, NOTNULL_FIELDS, NULL_FIELDS, NXCLASSIFICATION, ORDER_BY_ALERTS, ORDER_BY_MAXTIME, ORDER_BY_TIME, PRELUDE_TABLES, PROTOCOL, SENSOR, SEVERITY, SEVERITY_COMPLETION, SOURCE, SOURCEIP, SOURCEPORT, SOURCEUID, TARGET, TARGETIP, TARGETPORT, TARGETPORT_PROTOCOL, TARGETUID, TERMINAL, TIME, TIMETZ, TLAST, TOP, TOTALTIME

Fields inherited from interface com.martealert.martealertLevelInterface

FIRST_CLASSIFICATION, FIRST_FTS, FIRST_LTS, FIRST_MAX_LIMIT, FIRST_SENSOR, FIRST_SEVERITY, FIRST_SOURCE_ADDR, FIRST_TARGET_ADDR, FIRST_TERMINAL, SECOND_CLASSIFICATION, SECOND_COMPLETION, SECOND_FTS, SECOND_LTS, SECOND_MAX_LIMIT, SECOND_PROTOCOL, SECOND_SENSOR, SECOND_SEVERITY, SECOND_SOURCE_ADDR, SECOND_SOURCEPORT, SECOND_TARGET_ADDR, SECOND_TARGETPORT, SECOND_TERMINAL, THIRD_CLASSIFICATION, THIRD_COMPLETION, THIRD_MESSAGEID, THIRD_PROTOCOL, THIRD_SENSOR, THIRD_SEVERITY, THIRD_SOURCE_ADDR, THIRD_SOURCEPORT, THIRD_TARGET_ADDR, THIRD_TARGETPORT, THIRD_TERMINAL, THIRD_TIME

Fields inherited from interface com.martealert.martealertRealTimeInterface

REAL_TIME_CLASSIFICATION, REAL_TIME_COMPLETION, REAL_TIME_MSGID, REAL_TIME_SEVERITY, REAL_TIME_SOURCEIP, REAL_TIME_TARGETIP, REAL_TIME_TIME

Constructor Summary

	martealertThirdLevel() Creates a new instance of preludeSingleAlert
protected	martealertThirdLevel(char separator) Creates a new instance of preludeSingleAlert specifying

Method Summary

protected java.lang.String	getFTS(martealertTable pt)
int[]	getIpColumns() Get IP-columns numbers in an array of int.
protected java.lang.String	getLTS(martealertTable pt)
int[]	getPortColumns() Get port columns numbers in an array of int.
int[]	getProtocolColumns() Get array with number of protocol columns, to be solved from protocol table in database.
int	getSeverityColumn() Get column number which has maximum severity for each martealertFirstLevel row.
protected java.lang.String	getSqlGroupBy()
protected java.lang.String	getSqlOrderBy()
protected java.lang.String	getSqlVars() Return a string with all variables needed for martealertFirstLevel, separated with comas except the last one
void	reload(java.sql.Connection con, martealertSecondLevel jpsnd, int[] nrow, martealertHashFilter filter) Returns a table (Vector of Vector of String) with all alerts grouped by source and target addresses.

Methods inherited from class com.martealert.martealertSecondLevel

getFTSColumn, getIgnoredColumnsPdf, getLTSColumn, getMultilineColumns, getSqlAuxGroupBy, getSqlAuxVars, reload, vfields

Methods inherited from class com.martealert.martealertFirstLevel

clear, getClassification, getFirstLevelRow, getIP, getIpAddress, getIpAddress, getNextPairAddress, getPairAddressTable, getPort, getProbe, getProtocol, getRowInfoTable, getSensorInfo, getSourceInfo, getSqlLimit, getSqlWhere, getTargetInfo, initFirstLevel, main, numberOcurrences, reload, reload, reload, setColumnNames

Methods inherited from class com.martealert.martealertTable

getColumn, getColumnNames, getColumnSize, getData, getPercentColumns, getRow, getRowSize, getSqlRelation, getTableVector, getValue, getValue, getValue, printTable, setColumnNames, setDataVector, setDataVector, setValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

martealertThirdLevel

public martealertThirdLevel()

Creates a new instance of preludeSingleAlert

martealertThirdLevel

protected martealertThirdLevel(char separator)

Creates a new instance of preludeSingleAlert specifying

Parameters:

separator - constant to represent "classification" separated by '\n' or a space ' '.

Method Detail

reload

public void reload(java.sql.Connection con,
                   martealertSecondLevel jpsnd,
                   int[] nrow,
                   martealertHashFilter filter)
            throws java.sql.SQLException

Returns a table (Vector of Vector of String) with all alerts grouped by source and target addresses.

Parameters:

con - Conneciton variable to access the database.

jpsnd - martealertSecondLevel from is obtained third one.

filter - martealertHashFilter to obtain third level filtered.

nrow - Row vector which is wanted to unfold.

Returns:

preludeSingleAlert table of a row from preludeGroupedAlert object.
return example:

Classification	Source Addr	Source Port	Source UserId	Protocol	Target Addr	Target Port	Target UserId	Service (pid)	this.SENSOR	this.TIME	log ID
User Created			105 p2p		127.0.0.1		100	useradd (24306)	PAM	2005-12-15 00:04:40	50
User Created			1001 mldonkey		127.0.0.1		100	useradd (24552)	PAM	2005-12-15 00:10:19	52
User Created			123 ntp		127.0.0.1		123	useradd (17091)	PAM	2005-12-15 15:26:45	114
User Created			261 zope		127.0.0.1		261	useradd (22801)	PAM	2005-12-20 23:32:26	237

Throws:

java.sql.SQLException - SQL syntax error invoking statement.executeQuery(String sql_query);

getSqlVars

protected java.lang.String getSqlVars()

Description copied from class: martealertSecondLevel

Return a string with all variables needed for martealertFirstLevel, separated with comas except the last one

Overrides:

getSqlVars in class martealertSecondLevel

Returns:

String with vars taken from martealertHashtables initialized in martealertTable class.

getSqlGroupBy

protected java.lang.String getSqlGroupBy()

Overrides:

getSqlGroupBy in class martealertSecondLevel

getSqlOrderBy

protected java.lang.String getSqlOrderBy()

Overrides:

getSqlOrderBy in class martealertSecondLevel

getFTS

protected java.lang.String getFTS(martealertTable pt)

Overrides:

getFTS in class martealertSecondLevel

getLTS

protected java.lang.String getLTS(martealertTable pt)

Overrides:

getLTS in class martealertSecondLevel

getIpColumns

public int[] getIpColumns()

Get IP-columns numbers in an array of int.

Overrides:

getIpColumns in class martealertSecondLevel

Returns:

Array of int with column number to be ip-resolved.

getSeverityColumn

public int getSeverityColumn()

Description copied from class: martealertFirstLevel

Get column number which has maximum severity for each martealertFirstLevel row.

Overrides:

getSeverityColumn in class martealertSecondLevel

getProtocolColumns

public int[] getProtocolColumns()

Description copied from class: martealertTable

Get array with number of protocol columns, to be solved from protocol table in database.

Overrides:

getProtocolColumns in class martealertSecondLevel

getPortColumns

public int[] getPortColumns()

Get port columns numbers in an array of int.

Overrides:

getPortColumns in class martealertSecondLevel

Returns:

Array of int with column number to be port (and therefore service) resolved.