- int rc;
- snprintf(exec_msg, OS_SIZE_1024,
- "%s %c%c%c %s %s %s %s %d.%ld %d %s",
- lf->location,
- (ar->location & ALL_AGENTS)?ALL_AGENTS_C:NONE_C,
- (ar->location & REMOTE_AGENT)?REMOTE_AGENT_C:NONE_C,
- (ar->location & SPECIFIC_AGENT)?SPECIFIC_AGENT_C:NONE_C,
- ar->agent_id != NULL? ar->agent_id: "(null)",
- ar->name,
- user,
- ip,
- lf->time,
- __crt_ftell,
- lf->generated_rule->sigid,
- lf->location);
-
+ int rc;
+ /*If lf->location start with a ( was generated by remote agent and its ID is included in lf->location
+ if missing then it must of been generated by the local analysisd so prepend a false id tag */
+ if(lf->location[0] == '(') {
+ snprintf(exec_msg, OS_SIZE_1024,
+ "%s %c%c%c %s %s %s %s %d.%ld %d %s %s",
+ lf->location,
+ (ar->location & ALL_AGENTS)?ALL_AGENTS_C:NONE_C,
+ (ar->location & REMOTE_AGENT)?REMOTE_AGENT_C:NONE_C,
+ (ar->location & SPECIFIC_AGENT)?SPECIFIC_AGENT_C:NONE_C,
+ ar->agent_id != NULL? ar->agent_id: "(null)",
+ ar->name,
+ user,
+ ip,
+ lf->time,
+ __crt_ftell,
+ lf->generated_rule->sigid,
+ lf->location,
+ filename);
+ } else {
+ snprintf(exec_msg, OS_SIZE_1024,
+ "(local_source) %s %c%c%c %s %s %s %s %d.%ld %d %s %s",
+ lf->location,
+ (ar->location & ALL_AGENTS)?ALL_AGENTS_C:NONE_C,
+ (ar->location & REMOTE_AGENT)?REMOTE_AGENT_C:NONE_C,
+ (ar->location & SPECIFIC_AGENT)?SPECIFIC_AGENT_C:NONE_C,
+ ar->agent_id != NULL? ar->agent_id: "(null)",
+ ar->name,
+ user,
+ ip,
+ lf->time,
+ __crt_ftell,
+ lf->generated_rule->sigid,
+ lf->location,
+ filename);
+ }
+