1 /* @(#) $Id: ./src/logcollector/read_snortfull.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
13 /* v0.4 (2006/01/13): Fixing to read snort-full logs correctly.
19 #include "logcollector.h"
22 /* Read snort_full files */
23 void *read_snortfull(int pos, int *rc, int drop_it)
25 int f_msg_size = OS_MAXSTR;
32 char str[OS_MAXSTR + 1];
33 char f_msg[OS_MAXSTR +1];
37 f_msg[OS_MAXSTR] = '\0';
39 while(fgets(str, OS_MAXSTR, logff[pos].fp) != NULL)
41 /* Removing \n at the end of the string */
42 if ((q = strrchr(str, '\n')) != NULL)
51 /* First part of the message */
54 if(strncmp(str, "[**] [", 6) == 0)
56 strncpy(f_msg, str, OS_MAXSTR);
57 f_msg_size -= strlen(str)+1;
65 /* Second line has the [Classification: */
66 if(strncmp(str, "[Classification: ", 16) == 0)
68 strncat(f_msg, str, f_msg_size);
69 f_msg_size -= strlen(str)+1;
72 else if(strncmp(str, "[Priority: ", 10) == 0)
74 strncat(f_msg, "[Classification: Preprocessor] "
75 "[Priority: 3] ", f_msg_size);
76 f_msg_size -= strlen(str)+1;
80 /* If it is a preprocessor message, it will not have
83 else if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' ')))
85 strncat(f_msg, "[Classification: Preprocessor] "
86 "[Priority: 3] ", f_msg_size);
87 strncat(f_msg, ++q, f_msg_size -40);
89 /* Cleaning for next event */
92 /* Sending the message */
95 if(SendMSG(logr_queue,f_msg, logff[pos].file,
98 merror(QUEUE_SEND, ARGV0);
99 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
101 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
107 f_msg_size = OS_MAXSTR;
117 /* Third line has the 01/13-15 (date) */
118 if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' ')))
120 strncat(f_msg, ++q, f_msg_size);
121 f_msg_size -= strlen(q)+1;
124 /* Sending the message */
127 if(SendMSG(logr_queue,f_msg, logff[pos].file,
130 merror(QUEUE_SEND, ARGV0);
131 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
133 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
139 f_msg_size = OS_MAXSTR;
154 merror("%s: Bad formated snort full file.", ARGV0);