1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
10 /* Read MS SQL logs */
13 #include "logcollector.h"
16 /* Send MS SQL message and check the return code */
17 static void __send_mssql_msg(int pos, int drop_it, char *buffer)
19 debug2("%s: DEBUG: Reading MSSQL message: '%s'", ARGV0, buffer);
21 if (SendMSG(logr_queue, buffer, logff[pos].file, LOCALFILE_MQ) < 0) {
22 merror(QUEUE_SEND, ARGV0);
23 if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
24 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
30 /* Read MS SQL log files */
31 void *read_mssql_log(int pos, int *rc, int drop_it)
36 char str[OS_MAXSTR + 1];
37 char buffer[OS_MAXSTR + 1];
39 /* Zero buffer and str */
41 buffer[OS_MAXSTR] = '\0';
42 str[OS_MAXSTR] = '\0';
46 while (fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) {
48 str_len = strlen(str);
50 /* Check str_len size. Very useless, but just to make sure */
51 if (str_len >= sizeof(buffer) - 2) {
52 str_len = sizeof(buffer) - 10;
55 /* Get the last occurrence of \n */
56 if ((p = strrchr(str, '\n')) != NULL) {
59 /* If need clear is set, we just get the line and ignore it */
69 if ((p = strrchr(str, '\r')) != NULL) {
73 /* Look for empty string (only on windows) */
78 /* Windows can have comment on their logs */
84 /* MS SQL messages have the following formats:
85 * 2009-03-25 04:47:30.01 Server
86 * 2003-10-09 00:00:06.68 sys1
87 * 2009-02-06 11:48:59 Server
95 isdigit((int)str[0]) &&
96 isdigit((int)str[1]) &&
97 isdigit((int)str[2]) &&
98 isdigit((int)str[3])) {
100 /* If the saved message is empty, set it and continue */
101 if (buffer[0] == '\0') {
102 strncpy(buffer, str, OS_MAXSTR);
106 /* If not, send the saved one and store the new one for later */
108 __send_mssql_msg(pos, drop_it, buffer);
110 /* Store current one at the buffer */
111 strncpy(buffer, str, OS_MAXSTR);
115 /* Query logs can be in multiple lines
116 * They always start with a tab in the additional lines
118 else if ((str_len > 2) && (buffer[0] != '\0')) {
119 /* Size of the buffer */
120 size_t buffer_len = strlen(buffer);
124 /* Remove extra spaces and tabs */
125 while (*p == ' ' || *p == '\t') {
129 /* Add additional message to the saved buffer */
130 if (sizeof(buffer) - buffer_len > str_len + 256) {
131 /* Here we make sure that the size of the buffer
132 * minus what was used (strlen) is greater than
133 * the length of the received message.
135 buffer[buffer_len] = ' ';
136 buffer[buffer_len + 1] = '\0';
137 strncat(buffer, str, OS_MAXSTR);
144 /* Send whatever is stored */
145 if (buffer[0] != '\0') {
146 __send_mssql_msg(pos, drop_it, buffer);