-/* @(#) $Id: read_djb_multilog.c,v 1.4 2009/06/24 17:06:27 dcid Exp $ */
+/* @(#) $Id: ./src/logcollector/read_djb_multilog.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation.
*
* License details at the LICENSE file included with OSSEC or
char *(djb_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
"Sep","Oct","Nov","Dec"};
-char djb_host[512 +1];
-
+char djb_host[512 +1];
+
/* Initializes multilog. */
#else
strncpy(djb_host, "win32", 512 -1);
#endif
-
+
/* Multilog must be in the following format: /path/program_name/current */
if(!tmp_str)
return(0);
-
+
/* Must end with /current and must not be in the beginning of the string. */
if((strcmp(tmp_str, "/current") != 0) || (tmp_str == logff[pos].file))
{
return(0);
}
-
+
os_strdup(djbp_name+1, logff[pos].djb_program_name);
tmp_str[0] = '/';
{
return(NULL);
}
-
+
/* Getting new entry */
while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
{
-
+
/* Getting buffer size */
str_len = strlen(str);
-
+
/* Getting the last occurence of \n */
- if ((p = strrchr(str, '\n')) != NULL)
+ if ((p = strrchr(str, '\n')) != NULL)
{
*p = '\0';
{
need_clear = 1;
}
-
-
+
+
/* Multilog messages have the following format:
* @40000000463246020c2ca16c xx...
*/
if((str_len > 26) &&
- (str[0] == '@') &&
+ (str[0] == '@') &&
isalnum((int)str[1]) &&
isalnum((int)str[2]) &&
isalnum((int)str[3]) &&
{
p++;
}
-
-
+
+
/* If message has a valid syslog header, send as is. */
if((str_len > 44) &&
- (p[3] == ' ') &&
+ (p[3] == ' ') &&
(p[6] == ' ') &&
(p[9] == ':') &&
(p[12] == ':') &&
p);
}
}
-
-
+
+
else
{
debug2("%s: DEBUG: Invalid DJB log: '%s'", ARGV0, str);
continue;
}
-
-
+
+
debug2("%s: DEBUG: Reading DJB multilog message: '%s'", ARGV0, buffer);
-
+
/* Sending message to queue */
if(drop_it == 0)
{
}
}
}
-
+
continue;
}
- return(NULL);
+ return(NULL);
}
/* EOF */