1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
11 #include "logcollector.h"
14 /* Read snort_full files */
15 void *read_snortfull(int pos, int *rc, int drop_it)
17 int f_msg_size = OS_MAXSTR;
18 const char *one = "one";
19 const char *two = "two";
22 char str[OS_MAXSTR + 1];
23 char f_msg[OS_MAXSTR + 1];
26 str[OS_MAXSTR] = '\0';
27 f_msg[OS_MAXSTR] = '\0';
29 while (fgets(str, OS_MAXSTR, logff[pos].fp) != NULL) {
30 /* Remove \n at the end of the string */
31 if ((q = strrchr(str, '\n')) != NULL) {
37 /* First part of the message */
39 if (strncmp(str, "[**] [", 6) == 0) {
40 strncpy(f_msg, str, OS_MAXSTR);
41 f_msg_size -= strlen(str) + 1;
46 /* Second line has the [Classification: */
47 if (strncmp(str, "[Classification: ", 16) == 0) {
48 strncat(f_msg, str, f_msg_size);
49 f_msg_size -= strlen(str) + 1;
51 } else if (strncmp(str, "[Priority: ", 10) == 0) {
52 strncat(f_msg, "[Classification: Preprocessor] "
53 "[Priority: 3] ", f_msg_size);
54 f_msg_size -= strlen(str) + 1;
58 /* If it is a preprocessor message, it will not have
61 else if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) {
62 strncat(f_msg, "[Classification: Preprocessor] "
63 "[Priority: 3] ", f_msg_size);
64 strncat(f_msg, ++q, f_msg_size - 40);
66 /* Clean for next event */
69 /* Send the message */
71 if (SendMSG(logr_queue, f_msg, logff[pos].file,
73 merror(QUEUE_SEND, ARGV0);
74 if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
75 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
81 f_msg_size = OS_MAXSTR;
86 } else if (p == two) {
87 /* Third line has the 01/13-15 (date) */
88 if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) {
89 strncat(f_msg, ++q, f_msg_size);
90 f_msg_size -= strlen(q) + 1;
93 /* Send the message */
95 if (SendMSG(logr_queue, f_msg, logff[pos].file,
97 merror(QUEUE_SEND, ARGV0);
98 if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
99 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
105 f_msg_size = OS_MAXSTR;
118 merror("%s: Bad formatted snort full file.", ARGV0);