XML::Idiom - Intrusion Detection Interaction and Operations Messages (IDIOM)
use XML::Idiom; my $idiom = XML::Idiom->new(); $idiom->consume($idiom_xml); my @events = $idiom->getEvents; my $number_of_events = $idiom->getNumberOfEvents(); my $processed_xml = $idiom->XML; #you can use Data::Dumper to view it prettier
Intrusion Detection Interaction and Operations Messages (IDIOM) is an XML document format developed and used by Cisco's version 4.0 of their NIDS. This is a simple module for handling these documents is included with the distribution of the Net::RDEP module (the method of transporting these documents, as specified by Cisco).
The document contains one of two pieces of information: either an error message or event information. If a connection is successful (that is, an HTTP error is not received) the RDEP server will return an IDIOM document to the client. However, it is possible that errors in the protocol itself were detected (unknown subscription ID, for example) and the document will contain an error. Otherwise, the document will contain new event records, as specified by the parameters of the connection.
See www.cisco.com for more information in RDEP or IDIOM.
This is the constructor for a new XML::Idiom object, which may take the option IDIOM document.
The consume method will process the IDIOM document, populating the error and event internal structures.
This method will return the IDIOM document, as processed by XML::Simple. It can be programmatically manipulated here, or visibly examined with Data::Dumper or something similiar.
True is the IDIOM document contained an error.
Returns the string value of the error type, found in the IDIOM document. This is an error "name" provided by the RDEP server.
Returns the string value of the error content, found in the IDIOM document. This is a text description provided by the RDEP server to explain the error.
When the IDIOM document is processed by XML::Simple, the error information is actually stored in a hash reference. This method will return the hash reference so that you may examine it yourself.
The number of events retrieved from the document.
Events are received in order of creation time. This will return the next event from the list of retrieved events.
This method returns a array of all the events retrieved.
Printing out the IDIOM XML document is probably not all that useful. There are a few methods of handling the IDIOM document built into the XML::Idiom module that can be used. For example:
my $idiom = XML::Idiom->new(); $idiom->consume($idiom_xml); if (defined($idiom->isError())) { if($idiom->errorType eq 'errNotFound') { # connection failed, reconnect ... } } else { my $number_of_events = $idiom->getNumberOfEvents(); print "RCVD $number_of_events number of events\n"; while(my $e = $idiom->getNextEvent()) { ... } }
Net::RDEP, XML::Simple, Data::Dumper
Joe Minieri, <jminieri@mindspring.com<gt>
Copyright (C) 2004 by Joe Minieri and OpenService (www.open.com)
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.1 or, at your option, any later version of Perl 5 you may have available.
7 POD Errors
The following errors were encountered while parsing the POD:
You forgot a '=back' before '=head1'
'=item' outside of any '=over'
To install Net::RDEP, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::RDEP
CPAN shell
perl -MCPAN -e shell install Net::RDEP
For more information on module installation, please visit the detailed CPAN module installation guide.