Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

network.detectors
Class SUDOEventDetector

java.lang.Object
  extended bynetwork.detectors.EventDetector
      extended bynetwork.detectors.SyslogEventDetector
          extended bynetwork.detectors.SUDOEventDetector
All Implemented Interfaces:
java.lang.Runnable, java.io.Serializable
public class SUDOEventDetector
extends SyslogEventDetector
implements java.io.Serializable

Detects the execution of sudo - a program that allows a user to run a program as another user. Matches lines from the syslog containing messages about the execution of sudo.

See Also:
Serialized Form

Field Summary
 
Fields inherited from class network.detectors.SyslogEventDetector
compiler, currentYear, eventInfoTable, eventName, matcher, monthLookup, paramInstr, paramProcInstr, pattern, toolsCreated
 
Fields inherited from class network.detectors.EventDetector
agentURN, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, remoteTriggeringEvents, reportTable
 
Constructor Summary
SUDOEventDetector(ConfigObject configObj)
          Instantiates the detector with the default triggering events.
SUDOEventDetector(java.util.Vector localtriggeringEventClassNames, java.util.Vector remotetriggeringEventClassNames, ConfigObject configObj)
          Instantiates the detector with the given triggering events
 
Method Summary
 java.util.Vector generateEvent(Event triggeredEvent)
          Detects if a syslog event contains information regarding the execution of sudo.
 java.lang.String getGeneratingEventClassName()
          Returns the name of the event that this detector triggers
 
Methods inherited from class network.detectors.SyslogEventDetector
match, modifyDetector, parsePatternFile, populatePatterns, setLastReadTime
 
Methods inherited from class network.detectors.EventDetector
getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SUDOEventDetector

public SUDOEventDetector(ConfigObject configObj)
                  throws java.lang.Exception
Instantiates the detector with the default triggering events.

SUDOEventDetector

public SUDOEventDetector(java.util.Vector localtriggeringEventClassNames,
                         java.util.Vector remotetriggeringEventClassNames,
                         ConfigObject configObj)
                  throws java.lang.Exception
Instantiates the detector with the given triggering events

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()
Returns the name of the event that this detector triggers

Overrides:
getGeneratingEventClassName in class SyslogEventDetector
Returns:
A string containing the name of the event that this detector triggers

generateEvent

public java.util.Vector generateEvent(Event triggeredEvent)
Detects if a syslog event contains information regarding the execution of sudo. Uses regular expressions to match lines regarding sudo.

Overrides:
generateEvent in class SyslogEventDetector
Parameters:
triggeredEvent -
Returns:
A vector containing events. Each entry corresponds to a detected execution of sudo
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD