X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=src%2Flogcollector%2Fread_mysql_log.c;fp=src%2Flogcollector%2Fread_mysql_log.c;h=2f11722c0ba7cff0063e4cc5e5a255973aacb31b;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=7d76d565f13518be617815f6c9004b9148210e17;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git diff --git a/src/logcollector/read_mysql_log.c b/src/logcollector/read_mysql_log.c old mode 100755 new mode 100644 index 7d76d56..2f11722 --- a/src/logcollector/read_mysql_log.c +++ b/src/logcollector/read_mysql_log.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/logcollector/read_mysql_log.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * @@ -8,163 +5,127 @@ * and/or modify it under the terms of the GNU General Public * License (version 2) as published by the FSF - Free Software * Foundation. - * - * License details at the LICENSE file included with OSSEC or - * online at: http://www.ossec.net/en/licensing.html */ /* Read MySQL logs */ - #include "shared.h" #include "logcollector.h" - /* Starting last time */ -char __mysql_last_time[18] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; +static char __mysql_last_time[18] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - -/* Read syslog files/snort fast/apache files */ void *read_mysql_log(int pos, int *rc, int drop_it) { - int str_len = 0; + size_t str_len = 0; int need_clear = 0; char *p; char str[OS_MAXSTR + 1]; char buffer[OS_MAXSTR + 1]; - str[OS_MAXSTR]= '\0'; + str[OS_MAXSTR] = '\0'; *rc = 0; - - /* Getting new entry */ - while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) - { - - /* Getting buffer size */ + /* Get new entry */ + while (fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) { + /* Get buffer size */ str_len = strlen(str); - - /* Getting the last occurence of \n */ - if ((p = strrchr(str, '\n')) != NULL) - { + /* Get the last occurrence of \n */ + if ((p = strrchr(str, '\n')) != NULL) { *p = '\0'; - /* If need clear is set, we just get the line and ignore it. */ - if(need_clear) - { + /* If need clear is set, we just get the line and ignore it */ + if (need_clear) { need_clear = 0; continue; } - } - else - { + } else { need_clear = 1; } - - #ifdef WIN32 - if ((p = strrchr(str, '\r')) != NULL) - { +#ifdef WIN32 + if ((p = strrchr(str, '\r')) != NULL) { *p = '\0'; } - - /* Looking for empty string (only on windows) */ - if(str_len <= 2) - { + /* Look for empty string (only on windows) */ + if (str_len <= 2) { continue; } /* Windows can have comment on their logs */ - if(str[0] == '#') - { + if (str[0] == '#') { continue; } - #endif +#endif - - /* Mysql messages have the following format: + /* MySQL messages have the following format: * 070823 21:01:30 xx */ - if((str_len > 18) && - (str[6] == ' ') && - (str[9] == ':') && - (str[12] == ':') && - isdigit((int)str[0]) && - isdigit((int)str[1]) && - isdigit((int)str[2]) && - isdigit((int)str[3]) && - isdigit((int)str[4]) && - isdigit((int)str[5]) && - isdigit((int)str[7]) && - isdigit((int)str[8])) - { - /* Saving last time */ + if ((str_len > 18) && + (str[6] == ' ') && + (str[9] == ':') && + (str[12] == ':') && + isdigit((int)str[0]) && + isdigit((int)str[1]) && + isdigit((int)str[2]) && + isdigit((int)str[3]) && + isdigit((int)str[4]) && + isdigit((int)str[5]) && + isdigit((int)str[7]) && + isdigit((int)str[8])) { + /* Save last time */ strncpy(__mysql_last_time, str, 16); __mysql_last_time[15] = '\0'; - /* Removing spaces and tabs */ + /* Remove spaces and tabs */ p = str + 15; - while(*p == ' ' || *p == '\t') - { + while (*p == ' ' || *p == '\t') { p++; } - /* Valid MySQL message */ snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s", - __mysql_last_time, p); + __mysql_last_time, p); } - - /* Multiple events at the same second share the same - * time stamp. + /* Multiple events at the same second share the same timestamp: * 0909 2020 2020 2020 20 */ - else if((str_len > 10) && (__mysql_last_time[0] != '\0') && - (str[0] == 0x09) && - (str[1] == 0x09) && - (str[2] == 0x20) && - (str[3] == 0x20) && - (str[4] == 0x20) && - (str[5] == 0x20) && - (str[6] == 0x20) && - (str[7] == 0x20)) - { - p = str +2; - - - /* Removing extra spaces and tabs */ - while(*p == ' ' || *p == '\t') - { + else if ((str_len > 10) && (__mysql_last_time[0] != '\0') && + (str[0] == 0x09) && + (str[1] == 0x09) && + (str[2] == 0x20) && + (str[3] == 0x20) && + (str[4] == 0x20) && + (str[5] == 0x20) && + (str[6] == 0x20) && + (str[7] == 0x20)) { + p = str + 2; + + /* Remove extra spaces and tabs */ + while (*p == ' ' || *p == '\t') { p++; } /* Valid MySQL message */ snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s", - __mysql_last_time, p); - } - else - { + __mysql_last_time, p); + } else { continue; } - debug2("%s: DEBUG: Reading mysql messages: '%s'", ARGV0, buffer); - - /* Sending message to queue */ - if(drop_it == 0) - { - if(SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0) - { + /* Send message to queue */ + if (drop_it == 0) { + if (SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0) { merror(QUEUE_SEND, ARGV0); - if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); } } @@ -173,7 +134,6 @@ void *read_mysql_log(int pos, int *rc, int drop_it) continue; } - return(NULL); + return (NULL); } -/* EOF */