1 /* @(#) $Id: read_snortfull.c,v 1.19 2009/06/24 17:06:27 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
12 /* v0.4 (2006/01/13): Fixing to read snort-full logs correctly.
18 #include "logcollector.h"
21 /* Read snort_full files */
22 void *read_snortfull(int pos, int *rc, int drop_it)
24 int f_msg_size = OS_MAXSTR;
31 char str[OS_MAXSTR + 1];
32 char f_msg[OS_MAXSTR +1];
36 f_msg[OS_MAXSTR] = '\0';
38 while(fgets(str, OS_MAXSTR, logff[pos].fp) != NULL)
40 /* Removing \n at the end of the string */
41 if ((q = strrchr(str, '\n')) != NULL)
50 /* First part of the message */
53 if(strncmp(str, "[**] [", 6) == 0)
55 strncpy(f_msg, str, OS_MAXSTR);
56 f_msg_size -= strlen(str)+1;
64 /* Second line has the [Classification: */
65 if(strncmp(str, "[Classification: ", 16) == 0)
67 strncat(f_msg, str, f_msg_size);
68 f_msg_size -= strlen(str)+1;
71 else if(strncmp(str, "[Priority: ", 10) == 0)
73 strncat(f_msg, "[Classification: Preprocessor] "
74 "[Priority: 3] ", f_msg_size);
75 f_msg_size -= strlen(str)+1;
79 /* If it is a preprocessor message, it will not have
82 else if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' ')))
84 strncat(f_msg, "[Classification: Preprocessor] "
85 "[Priority: 3] ", f_msg_size);
86 strncat(f_msg, ++q, f_msg_size -40);
88 /* Cleaning for next event */
91 /* Sending the message */
94 if(SendMSG(logr_queue,f_msg, logff[pos].file,
97 merror(QUEUE_SEND, ARGV0);
98 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
100 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
106 f_msg_size = OS_MAXSTR;
116 /* Third line has the 01/13-15 (date) */
117 if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' ')))
119 strncat(f_msg, ++q, f_msg_size);
120 f_msg_size -= strlen(q)+1;
123 /* Sending the message */
126 if(SendMSG(logr_queue,f_msg, logff[pos].file,
129 merror(QUEUE_SEND, ARGV0);
130 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
132 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
138 f_msg_size = OS_MAXSTR;
153 merror("%s: Bad formated snort full file.", ARGV0);