NAME
XML::Idiom - Intrusion Detection Interaction and Operations Messages (IDIOM)
SYNOPSIS
use XML::Idiom;
my $idiom = XML::Idiom->new();
$idiom->consume($idiom_xml);
my @events = $idiom->getEvents;
my $number_of_events = $idiom->getNumberOfEvents();
my $processed_xml = $idiom->XML; #you can use Data::Dumper to view it prettier
DESCRIPTION
Intrusion Detection Interaction and Operations Messages (IDIOM) is an XML document format developed and used by Cisco's version 4.0 of their NIDS. This is a simple module for handling these documents is included with the distribution of the Net::RDEP module (the method of transporting these documents, as specified by Cisco).
The document contains one of two pieces of information: either an error message or event information. If a connection is successful (that is, an HTTP error is not received) the RDEP server will return an IDIOM document to the client. However, it is possible that errors in the protocol itself were detected (unknown subscription ID, for example) and the document will contain an error. Otherwise, the document will contain new event records, as specified by the parameters of the connection.
See www.cisco.com for more information in RDEP or IDIOM.
IDIOM METHODS
- new( IDIOM_DOCUMENT )
-
This is the constructor for a new XML::Idiom object, which may take the option IDIOM document.
- consume( IDIOM_DOCUMENT )
-
The consume method will process the IDIOM document, populating the error and event internal structures.
- XML
-
This method will return the IDIOM document, as processed by XML::Simple. It can be programmatically manipulated here, or visibly examined with Data::Dumper or something similiar.
ERROR METHODS
- isError()
-
True is the IDIOM document contained an error.
- errorType()
-
Returns the string value of the error type, found in the IDIOM document. This is an error "name" provided by the RDEP server.
- errorContent()
-
Returns the string value of the error content, found in the IDIOM document. This is a text description provided by the RDEP server to explain the error.
- getError()
-
When the IDIOM document is processed by XML::Simple, the error information is actually stored in a hash reference. This method will return the hash reference so that you may examine it yourself.
EVENT METHODS
- getNumberOfEvents
-
The number of events retrieved from the document.
- getNextEvent
-
Events are received in order of creation time. This will return the next event from the list of retrieved events.
- getEvents
-
This method returns a array of all the events retrieved.
EXAMPLES
Printing out the IDIOM XML document is probably not all that useful. There are a few methods of handling the IDIOM document built into the XML::Idiom module that can be used. For example:
my $idiom = XML::Idiom->new();
$idiom->consume($idiom_xml);
if (defined($idiom->isError())) {
if($idiom->errorType eq 'errNotFound') {
# connection failed, reconnect
...
}
} else {
my $number_of_events = $idiom->getNumberOfEvents();
print "RCVD $number_of_events number of events\n";
while(my $e = $idiom->getNextEvent()) {
...
}
}
SEE ALSO
Net::RDEP, XML::Simple, Data::Dumper
AUTHOR
Joe Minieri, <jminieri@mindspring.com<gt>
COPYRIGHT AND LICENSE
Copyright (C) 2004 by Joe Minieri and OpenService (www.open.com)
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.1 or, at your option, any later version of Perl 5 you may have available.
7 POD Errors
The following errors were encountered while parsing the POD:
- Around line 147:
You forgot a '=back' before '=head1'
- Around line 149:
'=item' outside of any '=over'
- Around line 162:
You forgot a '=back' before '=head1'
- Around line 164:
'=item' outside of any '=over'
- Around line 183:
You forgot a '=back' before '=head1'
- Around line 185:
'=item' outside of any '=over'
- Around line 197:
You forgot a '=back' before '=head1'