network.detectors
Class DaemonDeletedEventDetector

java.lang.Object
  network.detectors.EventDetector
      network.detectors.DaemonDeletedEventDetector

All Implemented Interfaces:

java.lang.Runnable, java.io.Serializable

public class DaemonDeletedEventDetector

extends EventDetector

implements java.io.Serializable

The DaemonDeletedEventDetector detects if a daemon has been deleted. Since we don't really know if a process is a daemon, we parse a list of known daemons that must not be deleted. This detector is triggered by the DeletedProcessEvent, so if the process name is one of the daemon names on the list, we generate a DaemonDeletedEvent.

See Also:

Serialized Form

Field Summary

Fields inherited from class network.detectors.EventDetector

agentURN, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, remoteTriggeringEvents, reportTable

Constructor Summary

DaemonDeletedEventDetector(ConfigObject configObj)
Creates this detector based on configuration found in the default config file ($NETMON/config/daemons) obtained from network.AdminClient.

DaemonDeletedEventDetector(java.lang.String daemonsFile, ConfigObject configObj)
Creates this detector from config info found in the file passed.

Method Summary

java.util.Vector	generateEvent(Event triggeredEvent) Presently, this method is triggered by a DeletedProcessEvent.
java.lang.String	getGeneratingEventClassName() Returns the fully-qualified classname of the event that this detector may generate.
static java.lang.String[]	getParamList() Returns array of strings containing all the parameters that can be used as input to modify this detector.
void	modifyDetector(java.lang.Object object) Allows detector configuration modification.
static void	parseDaemonNamesFile(java.lang.String daemonsFile, java.util.Vector daemonNames) Parses the config file and fills a passed vector with the daemon names.
static java.lang.Object[]	translateParameters(java.lang.String[] inputarray) This function takes an array of strings from GUI which contains input and converts them to array of objects and returns.

Methods inherited from class network.detectors.EventDetector

getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DaemonDeletedEventDetector

public DaemonDeletedEventDetector(ConfigObject configObj)

Creates this detector based on configuration found in the default config file ($NETMON/config/daemons) obtained from network.AdminClient.

DaemonDeletedEventDetector

public DaemonDeletedEventDetector(java.lang.String daemonsFile,
                                  ConfigObject configObj)

Creates this detector from config info found in the file passed.

Parameters:

daemonsFile - path to a config file.

Method Detail

parseDaemonNamesFile

public static void parseDaemonNamesFile(java.lang.String daemonsFile,
                                        java.util.Vector daemonNames)

Parses the config file and fills a passed vector with the daemon names.

Parameters:

daemonsFile - path to a config file.

daemonNames - a vector to be filled with daemon names from the config file.

Returns:

getParamList

public static java.lang.String[] getParamList()

Returns array of strings containing all the parameters that can be used as input to modify this detector. Each entry in the array corresponds to one parameter with structure " : ".

Returns:

parameterList, an array of Strings indicating parameters and their types

translateParameters

public static java.lang.Object[] translateParameters(java.lang.String[] inputarray)
                                              throws java.lang.Exception

This function takes an array of strings from GUI which contains input and converts them to array of objects and returns.

Parameters:

inputarray - an array of strings that contains user inputs.

Returns:

objArray an array of objects converted from the array of strings got from user.

Throws:

java.lang.Exception

modifyDetector

public void modifyDetector(java.lang.Object object)

Allows detector configuration modification. This method takes as argument a network.PatternObject composed of an action and a vector of domain names. If the action is 1, the names in the vector will be added to the daemon deleted list (so that if they are killed or otherwise stopped, we will ignore it). If the action is 2, the names in the vector will be removed from the daemon deleted list. If the action is 3, all the names on the daemon deleted list will be removed. If the action is 4, all the names in the vector will replace those in the daemon deleted list.

Parameters:

object - a network.PatternObject

Returns:

See Also:

network.PatternObject

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()

Returns the fully-qualified classname of the event that this detector may generate.

Specified by:

getGeneratingEventClassName in class EventDetector

Returns:

the fully-qualified classname of the event that this detector may generate.

generateEvent

public java.util.Vector generateEvent(Event triggeredEvent)

Presently, this method is triggered by a DeletedProcessEvent. So we check to see if the deleted process is one of the daemons from the current list of daemons that should not be deleted. If it is, we generate a DaemonDeletedEvent.

Specified by:

generateEvent in class EventDetector

Parameters:

triggeredEvent - the event that triggered this detector.

Returns:

the vector of generated DaemonDeletedEvents.