X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=src%2Fanalysisd%2Fdecoders%2Fplugins%2Fsymantecws_decoder.c;h=5ee3ecc423adff0df0dec8451965b0d7e257ad30;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hp=cfb99a87486021b9b58ebacb9377bec88abf3be9;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/analysisd/decoders/plugins/symantecws_decoder.c b/src/analysisd/decoders/plugins/symantecws_decoder.c index cfb99a8..5ee3ecc 100644 --- a/src/analysisd/decoders/plugins/symantecws_decoder.c +++ b/src/analysisd/decoders/plugins/symantecws_decoder.c @@ -1,14 +1,15 @@ -/* @(#) $Id: symantecws_decoder.c,v 1.5 2009/06/24 17:06:24 dcid Exp $ */ +/* @(#) $Id: ./src/analysisd/decoders/plugins/symantecws_decoder.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation. * - * License details at the LICENSE file included with OSSEC or + * License details at the LICENSE file included with OSSEC or * online at: http://www.ossec.net/en/licensing.html */ @@ -26,25 +27,25 @@ void *SymantecWS_Decoder_Init() } -/* Symantec Web Security decoder +/* Symantec Web Security decoder * Will extract the action, srcip, id, url and username. * - * Examples (also online at + * Examples (also online at * http://www.ossec.net/wiki/index.php/Symantec_WebSecurity ). * 20070717,73613,1=5,11=10.1.1.3,10=userc,3=1,2=1 * 20070717,73614,1=5,11=1.2.3.4,1106=News,60=http://news.bbc.co.uk/,10=userX,1000=212.58.240.42,2=27 - */ + */ void *SymantecWS_Decoder_Exec(Eventinfo *lf) { int count = 0; char buf_str[OS_SIZE_1024 +1]; char *tmp_str = NULL; - + /* Initializing buffer */ buf_str[0] = '\0'; buf_str[OS_SIZE_1024] = '\0'; - - + + /* Removing date and time */ if(!(tmp_str = strchr(lf->log, ','))) { @@ -55,8 +56,8 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf) return(NULL); } tmp_str++; - - + + /* Getting all the values */ while(tmp_str != NULL) { @@ -65,9 +66,9 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf) { count = 0; tmp_str+=3; - while(*tmp_str != '\0' && count < 128 && *tmp_str != ',') + while(*tmp_str != '\0' && count < 128 && *tmp_str != ',') { - buf_str[count] = *tmp_str; + buf_str[count] = *tmp_str; count++; tmp_str++; } buf_str[count] = '\0'; @@ -77,15 +78,15 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf) os_strdup(buf_str, lf->dstuser); } } - + /* Checking the ip address */ else if(strncmp(tmp_str, "11=", 3) == 0) { count = 0; tmp_str+=3; - while(*tmp_str != '\0' && count < 128 && *tmp_str != ',') + while(*tmp_str != '\0' && count < 128 && *tmp_str != ',') { - buf_str[count] = *tmp_str; + buf_str[count] = *tmp_str; count++; tmp_str++; } buf_str[count] = '\0'; @@ -102,9 +103,9 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf) { count = 0; tmp_str+=3; - while(*tmp_str != '\0' && count < OS_SIZE_1024 && *tmp_str != ',') + while(*tmp_str != '\0' && count < OS_SIZE_1024 && *tmp_str != ',') { - buf_str[count] = *tmp_str; + buf_str[count] = *tmp_str; count++; tmp_str++; } buf_str[count] = '\0'; @@ -142,7 +143,7 @@ void *SymantecWS_Decoder_Exec(Eventinfo *lf) tmp_str++; } } - + return(NULL); }