1 /* @(#) $Id: ./src/config/csyslogd-config.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
13 /* Functions to handle the configuration files
17 #include "csyslogd-config.h"
21 int Read_CSyslog(XML_NODE node, void *config, void *config2)
26 char *xml_syslog_server = "server";
27 char *xml_syslog_port = "port";
28 char *xml_syslog_format = "format";
29 char *xml_syslog_level = "level";
30 char *xml_syslog_id = "rule_id";
31 char *xml_syslog_group = "group";
32 char *xml_syslog_location = "event_location";
35 GeneralConfig *gen_config = (GeneralConfig *)config;
36 SyslogConfig **syslog_config = (SyslogConfig **)gen_config->data;
39 /* Getting Granular mail_to size */
42 while(syslog_config[s])
47 /* Allocating the memory for the config. */
48 os_realloc(syslog_config, (s + 2) * sizeof(SyslogConfig *), syslog_config);
49 os_calloc(1, sizeof(SyslogConfig), syslog_config[s]);
50 syslog_config[s + 1] = NULL;
53 /* Zeroing the elements. */
54 syslog_config[s]->server = NULL;
55 syslog_config[s]->rule_id = NULL;
56 syslog_config[s]->group = NULL;
57 syslog_config[s]->location = NULL;
58 syslog_config[s]->level = 0;
59 syslog_config[s]->port = 514;
60 syslog_config[s]->format = DEFAULT_CSYSLOG;
61 /* local 0 facility (16) + severity 4 - warning. --default */
62 syslog_config[s]->priority = (16 * 8) + 4;
68 merror(XML_ELEMNULL, ARGV0);
71 else if(!node[i]->content)
73 merror(XML_VALUENULL, ARGV0, node[i]->element);
76 else if(strcmp(node[i]->element, xml_syslog_level) == 0)
78 if(!OS_StrIsNum(node[i]->content))
80 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
84 syslog_config[s]->level = atoi(node[i]->content);
86 else if(strcmp(node[i]->element, xml_syslog_port) == 0)
88 if(!OS_StrIsNum(node[i]->content))
90 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
94 syslog_config[s]->port = atoi(node[i]->content);
96 else if(strcmp(node[i]->element, xml_syslog_server) == 0)
98 os_strdup(node[i]->content, syslog_config[s]->server);
100 else if(strcmp(node[i]->element, xml_syslog_id) == 0)
103 char *str_pt = node[i]->content;
105 while(*str_pt != '\0')
107 /* We allow spaces in between */
114 /* If is digit, we get the value
115 * and search for the next digit
118 else if(isdigit((int)*str_pt))
123 debug1("%s: DEBUG: Adding '%d' to syslog alerting",
126 if(syslog_config[s]->rule_id)
128 while(syslog_config[s]->rule_id[id_i])
132 os_realloc(syslog_config[s]->rule_id,
133 (id_i +2) * sizeof(int),
134 syslog_config[s]->rule_id);
136 syslog_config[s]->rule_id[id_i + i] = 0;
137 syslog_config[s]->rule_id[id_i] = r_id;
139 str_pt = strchr(str_pt, ',');
150 /* Checking for duplicate commas */
151 else if(*str_pt == ',')
164 else if(strcmp(node[i]->element, xml_syslog_format) == 0)
166 if(strcmp(node[i]->content, "default") == 0)
168 /* Default is full format */
170 else if (strcmp(node[i]->content, "cef") == 0)
172 /* Enable the CEF format */
173 syslog_config[s]->format = CEF_CSYSLOG;
175 else if (strcmp(node[i]->content, "json") == 0)
177 /* Enable the JSON format */
178 syslog_config[s]->format = JSON_CSYSLOG;
180 else if (strcmp(node[i]->content, "splunk") == 0)
182 /* Enable the Splunk Key/Value format */
183 syslog_config[s]->format = SPLUNK_CSYSLOG;
187 merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
191 else if(strcmp(node[i]->element, xml_syslog_location) == 0)
193 os_calloc(1, sizeof(OSMatch),syslog_config[s]->location);
194 if(!OSMatch_Compile(node[i]->content,
195 syslog_config[s]->location, 0))
197 merror(REGEX_COMPILE, ARGV0, node[i]->content,
198 syslog_config[s]->location->error);
202 else if(strcmp(node[i]->element, xml_syslog_group) == 0)
204 os_calloc(1, sizeof(OSMatch),syslog_config[s]->group);
205 if(!OSMatch_Compile(node[i]->content,
206 syslog_config[s]->group, 0))
208 merror(REGEX_COMPILE, ARGV0, node[i]->content,
209 syslog_config[s]->group->error);
215 merror(XML_INVELEM, ARGV0, node[i]->element);
222 /* We must have at least one entry set */
223 if(!syslog_config[s]->server)
225 merror(XML_INV_CSYSLOG, ARGV0);
230 gen_config->data = syslog_config;