network.detectors
Class DeletedProcessEventDetector
java.lang.Object
|
+--network.detectors.EventDetector
|
+--network.detectors.DeletedProcessEventDetector
- All Implemented Interfaces:
- java.lang.Runnable, java.io.Serializable
- public class DeletedProcessEventDetector
- extends EventDetector
- implements java.io.Serializable
This detector keeps a record of all processes seen on the system, and compares against this record
any process events (network.events.ProcessMonitoringEvent) that occur. If a process is deleted,
we generate a network.events.DeletedProcessEvent.
- See Also:
- Serialized Form
| Fields inherited from class network.detectors.EventDetector |
agentURN, attempts, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, printRunningThreadsFlag, remoteTriggeringEvents, reportTable |
|
Method Summary |
java.util.Vector |
generateEvent(network.events.Event triggeringEvent)
This detector is triggered by a network.events.ProcessMonitoringEvent. |
java.lang.String |
getGeneratingEventClassName()
Returns the fully-qualified classname of the event that this detector may generate. |
java.util.Vector |
testProcessMonitoringEvent(network.events.ProcessMonitoringEvent event)
This method checks to see which process was created or deleted. |
| Methods inherited from class network.detectors.EventDetector |
getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
rootProcesses
private java.util.Vector rootProcesses
rootProcessesTable
private java.util.Hashtable rootProcessesTable
count
private long count
defaultLocalTriggeringEvents
private java.lang.String[] defaultLocalTriggeringEvents
DeletedProcessEventDetector
public DeletedProcessEventDetector(ConfigObject configObj)
- The default constructor. We set the triggering events for this object to the default (network.events.ProcessMonitoringEvent).
getGeneratingEventClassName
public java.lang.String getGeneratingEventClassName()
- Returns the fully-qualified classname of the event that this detector may generate.
- Specified by:
getGeneratingEventClassName in class EventDetector
- Returns:
- the fully-qualified classname of the event that this detector may generate.
testProcessMonitoringEvent
public java.util.Vector testProcessMonitoringEvent(network.events.ProcessMonitoringEvent event)
- This method checks to see which process was created or deleted.
If a known process was deleted (if the ProcessMonitoringEvent
process name is not found in the list of known running processes,
it generates a DeletedProcessEvent.
- Parameters:
event - the network.events.ProcessMonitoringEvent that triggered the detector.
- Returns:
- a vector of DeletedProcessEvents.
generateEvent
public java.util.Vector generateEvent(network.events.Event triggeringEvent)
- This detector is triggered by a network.events.ProcessMonitoringEvent.
It runs this.testProcessMonitoringEvent on the triggering event to see if
the process action was a deletion.
- Specified by:
generateEvent in class EventDetector
- Parameters:
triggeringEvent - the event that triggered this detector.
- Returns:
- the vector of generated DeletedProcessEvents.