--[[

Called:

 when "component completed" event recived from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 component          component number

 pid                process ID

 infections         infections found

 errors             access errors detected

 exitcode           component exit code

 time               end time (station time)

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname, args.time

                -- args.component, args.pid, args.infections

                -- args.errors, args.exitcode

--[[

Called:

 when "component started" event recived from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 component          component number

 pid                process ID

 engine             virus-finding engine version

 records            virus records number

 user               user name and group (process owner)

 time               start time (station time)

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname,

                -- args.component, args.pid, args.engine

                -- args.records, args.user, args.time

--[[

Called:

 when "geolocation" event received from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 latitude           latitude in DD.DDDDDD format

 longitude          longitude in DD.DDDDDD format

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname,

                -- args.latidue,args.longitude

                -- ...

--[[

Called:

 when "environment changed" event recived from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 group_name         station primary group name

 category           environment category

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,args.stationname,

                -- args.group_name, args.category

--[[

Called:

 when "" event recived from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 component          component number

 pid                process ID

 time               event time (station time)

 user               user name and group (process owner)

 object             filesystem object path

 owner              object owner (user name and group)

 action             action code (see Dr.Web API; only errors bit set)

 objecttype         object type

                      -1    unknown

                       0    file

                       1    boot sector

                       2    memory block / process

                       3    virus like activity

 infectiontype      infection type (see Dr.Web API)

 sha1               object SHA-1 hash

 sha256             object SHA-256 hash

 hashdb             hash database containing object

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname,

                -- args.component, args.pid, args.time, args.user,

                -- args.object, args.owner,

                -- args.action, args.objecttype, args.infectiontype,

                -- args.sha1, args.sha256, args.hashdb

--[[

Called:

 when HIPS event received from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 pid                numeric,process id

 path               process file path

 target_path        affected resource path

 hips_type          numeric, HIPS type

 shell_guard_type   numeric, Shell Guard event type

 denied             boolean, access was denied

 is_user_action     boolean, user was asked

 event_count        event number (for accumulation period - if is_user_action is false)

 event_user         user which initiated the suspicious activity

 action_user        user which allowed or denied the activity (non-empty only if is_user_action is true)

 event_time         station time

 recv_time          server originator time

 sha1               process file SHA-1 hash

 sha256             process file SHA-256 hash

 hashdb             hash database containing process file

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname, args.originatorid, args.originatorname,

                -- args.stationid, args.stationname, args.eventid

                -- args.pid, args.path, args.target_path, args.hips_type, args.shell_guard_type,

                -- args.denied, args.is_user_action, args.event_count, args.event_user, args.action_user

                -- args.event_time, args.recv_time, args.sha1, args.sha256, args.hashdb

--[[

Called:

 just after server connection rejected due (authorization) error

Database:

 available

Parameters:

 id          server ID

 address     server address

 name        server name

 reason      failure reason

Returned value:

 ignored

]]

local args = ... -- args.id, args.address, args.name, args.reason

--[[

Called:

 when "" event recived from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 component          component number

 pid                process ID

 time               event time (station time)

 user               user name and group (process owner)

 object             filesystem object path

 owner              object owner (user name and group)

 action             action code (error bit(s) set)

 sha1               object SHA-1 hash

 sha256             object SHA-256 hash

 hashdb             hash database containing object

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname,

                -- args.component, args.pid, args.time, args.user,

                -- args.object, args.owner, args.action,

                -- args.sha1, args.sha256, args.hashdb

--[[

Called:

 when server connected

Database:

 available

Parameters:

 id          server ID

 address     server address

 name        server name

Returned value:

 ignored

]]

local args = ... -- args.id, args.address, args.name

--[[

Called:

 when "" event recived from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 count              number of different status code

 state_0            state value

 number_0           number of the stations in 'state_0'

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname,

                -- args.count,

                -- args.state_0, args.number_0

                -- args.state_1, args.number_1

                -- ...

--[[

Called:

 when station was deleted on neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname

                -- ...

--[[

Called:

 when "scan statistics" event received from neighbor server

Database:

 available

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 component          number of component

 pid                process ID

 user               user name and group (process owner)

 time               event time (station time)

 size               summary size of all scanned objects

 elapsedtime        elapsed time

 scanned            number of scanned objects

 infected           number of objects infected by known virus

 modifications      number of objects infected by virus modification

 suspicious         number of suspicious objects

 cured              number of cured files

 deleted            number of deleted files

 renamed            number of renamed files

 moved              number of quarantined files

 locked             number of locked files (SpIDer Guard only)

 errors             number of not scanned files (due access error)

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname,

                -- args.component, args.pid, args.time, args.user,

                -- args.scanned, args.infected, args.modifications,

                -- args.suspicious, args.cured, args.deleted, args.renamed,

                -- args.moved, args.locked, args.errors, args.size, args.elapsedtime

--[[

Called:

 when "installation" event recived from neighbor server

Parameters:

 neighborid         neighbor server ID which the event received from

 neighborname       neighbor server name

 originatorid       ID of the event server originator

 originatorname     name of the event server originator

 stationid          station ID

 stationname        station name

 eventid            event ID

 event              event type:

                      0   installation begin

                      1   successully completed

                      2   rejected

                      3   timed out

                      4   failed

                      5   incomplete

 message            error message (or empty if there is no error)

 address            station address

 begtime            begin time

 endtime            end time

Returned value:

 ignored

]]

local args = ... -- args.neighborid, args.neighborname,

                -- args.originatorid, args.originatorname,

                -- args.eventid, args.stationid,

                -- args.stationname,

                -- args.event, args.message, args.address

                -- args.begtime, args.endtime