1 /* @(#) $Id: ./src/shared/file-queue.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
17 /* File monitoring functions */
20 #include "file-queue.h"
23 /* To translante between month (int) to month (char) */
24 char *(s_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
25 "Sep","Oct","Nov","Dec"};
29 /** void file_sleep();
35 struct timeval fp_timeout;
37 fp_timeout.tv_sec = FQ_TIMEOUT;
38 fp_timeout.tv_usec = 0;
40 /* Waiting for the select timeout */
41 select(0, NULL, NULL, NULL, &fp_timeout);
44 /* Windows don't like select that way */
45 Sleep((FQ_TIMEOUT + 2) * 1000);
53 /** void GetFile_Queue(file_queue *fileq)
54 * Get the file queue for that specific hour
56 void GetFile_Queue(file_queue *fileq)
58 /* Creating the logfile name */
59 fileq->file_name[0] = '\0';
60 fileq->file_name[MAX_FQUEUE] = '\0';
62 if(fileq->flags & CRALERT_FP_SET)
64 snprintf(fileq->file_name, MAX_FQUEUE,
69 snprintf(fileq->file_name, MAX_FQUEUE,
70 "%s/%d/%s/ossec-alerts-%02d.log",
80 /** int Handle_Queue(file_queue *fileq)
81 * Re Handle the file queue.
83 int Handle_Queue(file_queue *fileq, int flags)
85 /* Closing if it is open */
86 if(!(flags & CRALERT_FP_SET))
95 /* We must be able to open the file, fseek and get the
96 * time of change from it.
98 fileq->fp = fopen(fileq->file_name, "r");
101 /* Queue not available */
107 /* Seeking the end of file */
108 if(!(flags & CRALERT_READ_ALL))
110 if(fseek(fileq->fp, 0, SEEK_END) < 0)
112 merror(FSEEK_ERROR, __local_name, fileq->file_name);
120 /* File change time */
121 if(fstat(fileno(fileq->fp), &fileq->f_status) < 0)
123 merror(FILE_ERROR, __local_name, fileq->file_name);
129 fileq->last_change = fileq->f_status.st_mtime;
136 /** int Init_FileQueue(file_queue *fileq, struct tm *p, int flags)
137 * Initiates the file monitoring.
139 int Init_FileQueue(file_queue *fileq, struct tm *p, int flags)
141 /* Initializing file_queue fields. */
142 if(!(flags & CRALERT_FP_SET))
146 fileq->last_change = 0;
149 fileq->day = p->tm_mday;
150 fileq->year = p->tm_year+1900;
152 strncpy(fileq->mon, s_month[p->tm_mon], 4);
153 memset(fileq->file_name, '\0',MAX_FQUEUE + 1);
156 /* Setting the supplied flags */
157 fileq->flags = flags;
160 /* Getting latest file */
161 GetFile_Queue(fileq);
164 /* Always seek end when starting the queue */
165 if(Handle_Queue(fileq, fileq->flags) < 0)
175 /** int Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
176 * Reads from the monitored file.
178 alert_data *Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
184 /* If the file queue is not available, try to access it */
187 if(Handle_Queue(fileq, 0) != 1)
195 /* Getting currently file */
196 if(p->tm_mday != fileq->day)
198 /* If the day changes, we need to get all remaining alerts. */
199 al_data = GetAlertData(fileq->flags, fileq->fp);
202 fileq->day = p->tm_mday;
203 fileq->year = p->tm_year+1900;
204 strncpy(fileq->mon, s_month[p->tm_mon], 4);
206 /* Getting latest file */
207 GetFile_Queue(fileq);
209 if(Handle_Queue(fileq, 0) != 1)
222 /* Try up to timeout times to get an event */
225 al_data = GetAlertData(fileq->flags, fileq->fp);
236 /* Returning NULL if timeout expires. */