/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
/* Assigning the values in the strucuture (lf->full_log) */
os_malloc((2*loglen) +1, lf->full_log);
/* Assigning the values in the strucuture (lf->full_log) */
os_malloc((2*loglen) +1, lf->full_log);
lf->log = lf->full_log+loglen;
strncpy(lf->log, pieces, loglen);
lf->log = lf->full_log+loglen;
strncpy(lf->log, pieces, loglen);
* or 2007-06-14T15:48:55-04:00 for syslog-ng isodate
* or 2009-05-22T09:36:46.214994-07:00 for rsyslog )
*/
if(
(
* or 2007-06-14T15:48:55-04:00 for syslog-ng isodate
* or 2009-05-22T09:36:46.214994-07:00 for rsyslog )
*/
if(
(
/* Checking if it is a syslog without hostname (common on Solaris. */
if(*pieces == ':' && pieces[1] == ' ')
{
/* Checking if it is a syslog without hostname (common on Solaris. */
if(*pieces == ':' && pieces[1] == ' ')
{
/* Checking for the second format: p_name[pid]: */
else if((*pieces == '[') && (isdigit((int)pieces[1])))
{
/* Checking for the second format: p_name[pid]: */
else if((*pieces == '[') && (isdigit((int)pieces[1])))
{
/* Checking for the osx asl log format.
* Examples:
* [Time 2006.12.28 15:53:55 UTC] [Facility auth] [Sender sshd] [PID 483] [Message error: PAM: Authentication failure for username from 192.168.0.2] [Level 3] [UID -2] [GID -2] [Host Hostname]
/* Checking for the osx asl log format.
* Examples:
* [Time 2006.12.28 15:53:55 UTC] [Facility auth] [Sender sshd] [PID 483] [Message error: PAM: Authentication failure for username from 192.168.0.2] [Level 3] [UID -2] [GID -2] [Host Hostname]
/* Assign hour, day, year and month values */
lf->day = p->tm_mday;
lf->year = p->tm_year+1900;
/* Assign hour, day, year and month values */
lf->day = p->tm_mday;
lf->year = p->tm_year+1900;
- print_out("**Phase 1: Completed pre-decoding.");
- print_out(" full event: '%s'", lf->full_log);
- print_out(" hostname: '%s'", lf->hostname);
- print_out(" program_name: '%s'", lf->program_name);
- print_out(" log: '%s'", lf->log);
+ if(!alert_only)
+ {
+ print_out("**Phase 1: Completed pre-decoding.");
+ print_out(" full event: '%s'", lf->full_log);
+ print_out(" hostname: '%s'", lf->hostname);
+ print_out(" program_name: '%s'", lf->program_name);
+ print_out(" log: '%s'", lf->log);
+ }