<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE snort-message-version-0.2>
<report>
<event version="1.0">
<sensor encoding="hex" detail="full">
<interface>eth0</interface>
<ipaddr version="4">???</ipaddr>
<hostname>???</hostname>
</sensor>
<signature id="469" revision="1" priority="2"
class="attempted-recon">ICMP PING NMAP</signature>
<reference system="arachnids">162</reference>
<timestamp>2002-12-04 18:05:01-05</timestamp>
<packet>
<iphdr saddr="10.0.0.25" daddr="10.0.3.10" proto="1" ver="4"
hlen="5" len="28" id="36729" ttl="55" csum="56645">
<icmphdr type="8" code="0" csum="59212"/>
</iphdr>
</packet>
</event>
</report>
We do have a DTD but its not included in the xml itself. I was hoping to call loadGrmmar() to load the DTD and then parse the XML messages as they came in over the socket. The call to loadGrammer() seems to work but parse() yeilds several errors. It doesn't recognize any of the elements. It's as if the DTD is not being used at all.
I'm guessing the DTD is cached but the parser does not know to use it with this XML. Is there a way around this or am I doing something wrong?
Mark
Erik Rydgren wrote:
Yes you can use the caching in the parser. And frankly it is THE way to go, if you like speed that is :) Simplest way to go:poParser->setFeature(XMLUni::fgXercesCacheGrammarFromParse, true); Then use the same parser for all parses (do not delete it). The grammar will be cached on the first parse. On all parses after that the grammar will be reused (not loaded and not parsed) and this makes a HUGE difference in speed. Note that you can have multiple grammars in the cache. If a requested grammar is not in the cache then it will be parsed and cached automatically. Note the grammar cache is owned by ONE parser instance so if you delete the parser the cache has to be recreated. / Erik PS: A grammar describes a valid XML file. A grammar is either a DTD or a Schema. -----Original Message----- From: Mark Horton [mailto:[EMAIL PROTECTED]] Sent: den 25 december 2002 04:33 To: [EMAIL PROTECTED] Subject: DTD caching Hi, I've been trying to cache a simple DTD for use in multiple parses. Is using an EntityResolver the best/only way to do this? I noticed some methods for caching and loading grammar in XercesDomParser but I couldn't get it to work. I deducted that this is because I am using a standard DTD and not XML Grammar. Is this correct? Or can you use the grammar caching with DTDs? (To be honest I'm not sure of the difference between Grammar and DTD.) Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
