| The Event Analyzer plugin calls the library function to cross reference Actions and Events. The library handles testing conditions and accepting Events if the weight meets the defined threshold. The Event Analyzer plugin has a special callback function for handling Events that include Actions from both halves of a TCP session. This allows rules to be defined for Request/Reply interaction between clients and servers. If Events are detected in a Stream, then this plugin calls the library function to build an Analysis Record and pass it to the Spooler to be sent to the central control host. The statistics collected by the Action Analyzer are taken by the Event Analyzer three times in a 24 hour period and used to build a Statistics Record which is processed by the Spooler the same as an Analysis Record. |