X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=src%2Fanalysisd%2Fdecoders%2Fgeoip.c;fp=src%2Fanalysisd%2Fdecoders%2Fgeoip.c;h=464e4bb71f12f149aa86502a7b098462fb0cd492;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/src/analysisd/decoders/geoip.c b/src/analysisd/decoders/geoip.c
new file mode 100644
index 0000000..464e4bb
--- /dev/null
+++ b/src/analysisd/decoders/geoip.c
@@ -0,0 +1,89 @@
+/* @(#) $Id: ./src/analysisd/decoders/geoip.c, 2014/03/08 dcid Exp $
+ */
+
+/* Copyright (C) 2014 Daniel Cid
+ * All right reserved.
+ *
+ * This program is a free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General Public
+ * License (version 2) as published by the FSF - Free Software
+ * Foundation
+ */
+
+
+/* GeoIP - Every IP address will have its geolocation added to it */
+
+#ifdef LIBGEOIP_ENABLED
+
+
+#include "config.h"
+#include "os_regex/os_regex.h"
+#include "eventinfo.h"
+#include "alerts/alerts.h"
+#include "decoder.h"
+#include "GeoIP.h"
+#include "GeoIPCity.h"
+
+
+char *GetGeoInfobyIP(char *ip_addr)
+{
+    GeoIPRecord *geoiprecord;
+    char *geodata = NULL;
+    char geobuffer[256 +1];
+
+    if(!geoipdb)
+    {
+        return(NULL);
+    }
+
+    if(!ip_addr)
+    {
+        return(NULL);
+    }
+
+    geoiprecord = GeoIP_record_by_name(geoipdb, (const char *)ip_addr);
+    if(geoiprecord == NULL)
+    {
+        return(NULL);
+    }
+    
+    if(geoiprecord->country_code == NULL)
+    {
+        GeoIPRecord_delete(geoiprecord);
+        return(NULL);
+    }
+
+    if(strlen(geoiprecord->country_code) < 2)
+    {
+        GeoIPRecord_delete(geoiprecord);
+        return(NULL);
+    }
+   
+
+    if(geoiprecord->region != NULL && geoiprecord->region[0] != '\0')
+    {
+        const char *regionname = NULL;
+        regionname = GeoIP_region_name_by_code(geoiprecord->country_code, geoiprecord->region);
+        if(regionname != NULL)
+        {
+            snprintf(geobuffer, 255, "%s / %s", geoiprecord->country_code, regionname);
+            geobuffer[255] = '\0';
+            geodata = strdup(geobuffer);
+        }
+        else
+        {
+            geodata = strdup(geoiprecord->country_code);
+        }
+    }
+    else
+    {
+        geodata = strdup(geoiprecord->country_code);
+    }
+
+    GeoIPRecord_delete(geoiprecord);
+    return(geodata);
+ 
+}
+
+#endif
+