1 /* @(#) $Id: ./src/logcollector/read_syslog.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
17 #include "logcollector.h"
21 /* v0.3 (2005/08/24): Using fgets instead of fgetc
25 /* Read syslog files/snort fast/apache files */
26 void *read_syslog(int pos, int *rc, int drop_it)
30 char str[OS_MAXSTR+1];
37 /* Getting initial file location */
38 fgetpos(logff[pos].fp, &fp_pos);
40 while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
42 /* Getting the last occurence of \n */
43 if ((p = strrchr(str, '\n')) != NULL)
48 /* If we didn't get the new line, because the
49 * size is large, send what we got so far.
51 else if(strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2))
53 /* Message size > maximum allowed */
58 /* Message not complete. Return. */
59 debug1("%s: Message not complete. Trying again: '%s'", ARGV0,str);
60 fsetpos(logff[pos].fp, &fp_pos);
65 if ((p = strrchr(str, '\r')) != NULL)
70 /* Looking for empty string (only on windows) */
73 fgetpos(logff[pos].fp, &fp_pos);
77 /* Windows can have comment on their logs */
80 fgetpos(logff[pos].fp, &fp_pos);
85 debug2("%s: DEBUG: Reading syslog message: '%s'", ARGV0, str);
88 /* Sending message to queue */
91 if(SendMSG(logr_queue,str,logff[pos].file,
94 merror(QUEUE_SEND, ARGV0);
95 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
97 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
102 /* Incorrectly message size */
105 // strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2)
106 // truncate str before logging to ossec.log
108 char buf[OUTSIZE + 1];
110 snprintf(buf, OUTSIZE, "%s", str);
111 merror("%s: Large message size(length=%d): '%s...'", ARGV0, (int)strlen(str), buf);
112 while(fgets(str, OS_MAXSTR - 2, logff[pos].fp) != NULL)
114 /* Getting the last occurence of \n */
115 if ((p = strrchr(str, '\n')) != NULL)
123 fgetpos(logff[pos].fp, &fp_pos);