Home · Authors · Recent · News · Mirrors · FAQ · Feedback

in  
Joe Minieri > Net-RDEP > XML::Idiom

Download:
Net-RDEP-0.03.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.02   Source  

NAME ^

XML::Idiom - Intrusion Detection Interaction and Operations Messages (IDIOM)

SYNOPSIS ^

  use XML::Idiom;

  my $idiom = XML::Idiom->new();
  $idiom->consume($idiom_xml);

  my @events = $idiom->getEvents;
  my $number_of_events = $idiom->getNumberOfEvents();

  my $processed_xml = $idiom->XML; #you can use Data::Dumper to view it prettier

DESCRIPTION ^

Intrusion Detection Interaction and Operations Messages (IDIOM) is an XML document format developed and used by Cisco's version 4.0 of their NIDS. This is a simple module for handling these documents is included with the distribution of the Net::RDEP module (the method of transporting these documents, as specified by Cisco).

The document contains one of two pieces of information: either an error message or event information. If a connection is successful (that is, an HTTP error is not received) the RDEP server will return an IDIOM document to the client. However, it is possible that errors in the protocol itself were detected (unknown subscription ID, for example) and the document will contain an error. Otherwise, the document will contain new event records, as specified by the parameters of the connection.

See www.cisco.com for more information in RDEP or IDIOM.

IDIOM METHODS ^

new( IDIOM_DOCUMENT )

This is the constructor for a new XML::Idiom object, which may take the option IDIOM document.

consume( IDIOM_DOCUMENT )

The consume method will process the IDIOM document, populating the error and event internal structures.

XML

This method will return the IDIOM document, as processed by XML::Simple. It can be programmatically manipulated here, or visibly examined with Data::Dumper or something similiar.

ERROR METHODS ^

isError()

True is the IDIOM document contained an error.

errorType()

Returns the string value of the error type, found in the IDIOM document. This is an error "name" provided by the RDEP server.

errorContent()

Returns the string value of the error content, found in the IDIOM document. This is a text description provided by the RDEP server to explain the error.

getError()

When the IDIOM document is processed by XML::Simple, the error information is actually stored in a hash reference. This method will return the hash reference so that you may examine it yourself.

EVENT METHODS ^

getNumberOfEvents

The number of events retrieved from the document.

getNextEvent

Events are received in order of creation time. This will return the next event from the list of retrieved events.

getEvents

This method returns a array of all the events retrieved.

EXAMPLES ^

Printing out the IDIOM XML document is probably not all that useful. There are a few methods of handling the IDIOM document built into the XML::Idiom module that can be used. For example:

        my $idiom = XML::Idiom->new();
        $idiom->consume($idiom_xml);
        if (defined($idiom->isError())) {
                if($idiom->errorType eq 'errNotFound') {
                        # connection failed, reconnect
                        ...
                }
        } else {
                my $number_of_events = $idiom->getNumberOfEvents();
                print "RCVD $number_of_events number of events\n";
                while(my $e = $idiom->getNextEvent()) {
                        ...
                }
        }

SEE ALSO ^

Net::RDEP, XML::Simple, Data::Dumper

AUTHOR ^

Joe Minieri, <jminieri@mindspring.com<gt>

COPYRIGHT AND LICENSE ^

Copyright (C) 2004 by Joe Minieri and OpenService (www.open.com)

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.1 or, at your option, any later version of Perl 5 you may have available.

syntax highlighting:
79318 Uploads, 24933 Distributions 107095 Modules, 9711 Uploaders
hosted by YellowBot
do. tag. write. share.