Analysis Rule conventions, Lib directory
Analysis Rules are written in Perl. They are executed on at the interval defined on the analysis rule. Analysis Rules have 5 seconds to execute or they will be timed out and set to inactive. Since they are written in Perl and have access to ODBC compliant data and WMI, they can fulfill a range of management needs. They are designed to be extended and imported and exported. This appendix is not intended to be a primer on Perl. Understanding of Perl will be necessary to customize or construct new Analysis Rules. The internet has a wealth of tutorials and documentation about basic perl.
An analysis rule returns a variable $retval. If it returns 0 or null, the Analysis rule has failed, and any associated Error Definition will be sent into the event log.
Any other variable used in an Analysis Rule needs to be declared using the my keyword.
Example:
my $scalar;
my @array;
Several libraries have been created to simplify the creation of Analysis Rules. The libraries are in the VA2\centralservice\bin\lib directory. Any perl module that you want VA2 to execute can also be placed in the lib directory. To use a module in the lib directory, the following syntax must be used: use libname;
Example:
use siebsrvobj;
The modules in the lib directory can be opened with a text editor to gain further understanding of their content.
Special Variables:
$retval – return value for analysis Rules and Statistics
$datasession – Data session that is always open to the VA2 repository
$debug – inherits the $debug value from the v2config.txt file for the central server.