3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
17 #include "config/config.h"
22 /** int OS_SelectMaxID(DBConfig *db_config)
23 * Selects the maximum ID from the alert table.
24 * Returns 0 if not found.
26 int OS_SelectMaxID(DBConfig *db_config)
29 char sql_query[OS_SIZE_1024];
31 memset(sql_query, '\0', OS_SIZE_1024);
35 snprintf(sql_query, OS_SIZE_1024 -1,
36 "SELECT MAX(id) FROM "
37 "alert WHERE server_id = '%u'",
38 db_config->server_id);
41 /* Checking return code. */
42 result = osdb_query_select(db_config->conn, sql_query);
48 /** int __DBSelectLocation(char *locaton, DBConfig *db_config)
49 * Selects the location ID from the db.
50 * Returns 0 if not found.
52 int __DBSelectLocation(char *location, DBConfig *db_config)
55 char sql_query[OS_SIZE_1024];
57 memset(sql_query, '\0', OS_SIZE_1024);
61 snprintf(sql_query, OS_SIZE_1024 -1,
63 "location WHERE name = '%s' AND server_id = '%d' "
65 location, db_config->server_id);
68 /* Checking return code. */
69 result = osdb_query_select(db_config->conn, sql_query);
75 /** int __DBInsertLocation(char *location, DBConfig *db_config)
76 * Inserts location in to the db.
78 int __DBInsertLocation(char *location, DBConfig *db_config)
80 char sql_query[OS_SIZE_1024];
82 memset(sql_query, '\0', OS_SIZE_1024);
85 snprintf(sql_query, OS_SIZE_1024 -1,
87 "location(server_id, name) "
88 "VALUES ('%u', '%s')",
89 db_config->server_id, location);
92 /* Checking return code. */
93 if(!osdb_query_insert(db_config->conn, sql_query))
95 merror(DB_GENERROR, ARGV0);
103 /** int OS_Alert_InsertDB(DBConfig *db_config)
104 * Insert alert into to the db.
105 * Returns 1 on success or 0 on error.
107 int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
110 unsigned int s_ip = 0, d_ip = 0, location_id = 0;
112 char sql_query[OS_SIZE_8192 +1];
113 char *fulllog = NULL;
116 /* Clearing the memory before insert */
118 sql_query[OS_SIZE_8192] = '\0';
121 /* Converting srcip to int */
126 /* Extracting ip address */
127 if(inet_aton(al_data->srcip, &net))
135 /* Escaping strings */
136 osdb_escapestr(al_data->user);
139 /* We first need to insert the location */
140 loc_id = OSHash_Get(db_config->location_hash, al_data->location);
143 /* If we dont have location id, we must select and/or insert in the db */
146 location_id = __DBSelectLocation(al_data->location, db_config);
150 __DBInsertLocation(al_data->location, db_config);
151 location_id = __DBSelectLocation(al_data->location, db_config);
156 merror("%s: Unable to insert location: '%s'.",
157 ARGV0, al_data->location);
163 os_calloc(1, sizeof(int), loc_id);
164 *loc_id = location_id;
165 OSHash_Add(db_config->location_hash, al_data->location, loc_id);
170 while(al_data->log[i])
172 fulllog = os_LoadString(fulllog, al_data->log[i]);
175 osdb_escapestr(fulllog);
179 if(db_config->db_type == POSTGDB)
181 /* On postgres we need to escape the user field. */
182 snprintf(sql_query, OS_SIZE_8192,
184 "data(id, server_id, \"user\", full_log) "
185 "VALUES ('%u', '%u', '%s', '%s') ",
186 db_config->alert_id, db_config->server_id,
187 al_data->user, fulllog);
191 snprintf(sql_query, OS_SIZE_8192,
193 "data(id, server_id, user, full_log) "
194 "VALUES ('%u', '%u', '%s', '%s') ",
195 db_config->alert_id, db_config->server_id,
196 al_data->user, fulllog);
203 /* Inserting into the db */
204 if(!osdb_query_insert(db_config->conn, sql_query))
206 merror(DB_GENERROR, ARGV0);
211 /* Generating final SQL */
212 snprintf(sql_query, OS_SIZE_8192,
214 "alert(id,server_id,rule_id,timestamp,location_id,src_ip) "
215 "VALUES ('%u', '%u', '%u','%u', '%u', '%lu')",
216 db_config->alert_id, db_config->server_id, al_data->rule,
217 (unsigned int)time(0), *loc_id, (unsigned long)ntohl(s_ip));
220 /* Inserting into the db */
221 if(!osdb_query_insert(db_config->conn, sql_query))
223 merror(DB_GENERROR, ARGV0);
227 db_config->alert_id++;