1 /* Copyright (C) 2012 Daniel B. Cid (http://dcid.me)
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
11 #include "headers/read-alert.h"
12 #include "logcollector.h"
15 void *read_ossecalert(int pos, __attribute__((unused)) int *rc, int drop_it)
20 char syslog_msg[OS_SIZE_2048 + 1];
24 al_data = GetAlertData(0, logff[pos].fp);
29 memset(syslog_msg, '\0', OS_SIZE_2048 + 1);
32 if (!al_data->srcip ||
33 ((al_data->srcip[0] == '(') &&
34 (al_data->srcip[1] == 'n') &&
35 (al_data->srcip[2] == 'o'))) {
38 snprintf(srcip_msg, 255, " srcip: %s;", al_data->srcip);
43 ((al_data->user[0] == '(') &&
44 (al_data->user[1] == 'n') &&
45 (al_data->user[2] == 'o'))) {
48 snprintf(user_msg, 255, " user: %s;", al_data->user);
51 if (al_data->log[1] == NULL) {
52 /* Build syslog message */
53 snprintf(syslog_msg, OS_SIZE_2048,
54 "ossec: Alert Level: %d; Rule: %d - %s; "
55 "Location: %s;%s%s %s",
56 al_data->level, al_data->rule, al_data->comment,
65 while (al_data->log[j] != NULL) {
66 tmp_msg = os_LoadString(tmp_msg, al_data->log[j]);
67 tmp_msg = os_LoadString(tmp_msg, "\n");
68 if (tmp_msg == NULL) {
69 FreeAlertData(al_data);
75 if (tmp_msg == NULL) {
76 FreeAlertData(al_data);
80 if (strlen(tmp_msg) > 1596) {
86 snprintf(syslog_msg, OS_SIZE_2048,
87 "ossec: Alert Level: %d; Rule: %d - %s; "
88 "Location: %s;%s%s %s",
89 al_data->level, al_data->rule, al_data->comment,
98 /* Clear the memory */
99 FreeAlertData(al_data);
101 /* Send message to queue */
103 if (SendMSG(logr_queue, syslog_msg, logff[pos].file, LOCALFILE_MQ) < 0) {
104 merror(QUEUE_SEND, ARGV0);
105 if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
106 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);