X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fanalysisd%2Fanalysisd.c;h=132606a7ea2fc0c2e644ef493ebca480c99fb954;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hp=579f4920faa6271d03a3a3de7a587c3f149dfe9e;hpb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;p=ossec-hids.git diff --git a/src/analysisd/analysisd.c b/src/analysisd/analysisd.c index 579f492..132606a 100755 --- a/src/analysisd/analysisd.c +++ b/src/analysisd/analysisd.c @@ -52,6 +52,9 @@ #include "prelude.h" #endif +#ifdef ZEROMQ_OUTPUT +#include "zeromq_output.h" +#endif /** Global data **/ @@ -133,6 +136,7 @@ int main_analysisd(int argc, char **argv) #endif { int c = 0, m_queue = 0, test_config = 0,run_foreground = 0; + int debug_level = 0; char *dir = DEFAULTDIR; char *user = USER; char *group = GROUPGLOBAL; @@ -162,6 +166,7 @@ int main_analysisd(int argc, char **argv) break; case 'd': nowDebug(); + debug_level = 1; break; case 'f': run_foreground = 1; @@ -196,6 +201,20 @@ int main_analysisd(int argc, char **argv) } + /* Check current debug_level + * Command line setting takes precedence + */ + if (debug_level == 0) + { + /* Getting debug level */ + debug_level = getDefine_Int("analysisd", "debug", 0, 2); + while(debug_level != 0) + { + nowDebug(); + debug_level--; + } + } + /* Starting daemon */ debug1(STARTED_MSG,ARGV0); @@ -269,6 +288,13 @@ int main_analysisd(int argc, char **argv) } #endif + /* Starting zeromq */ + #ifdef ZEROMQ_OUTPUT + if(Config.zeromq_output) + { + zeromq_output_start(Config.zeromq_output_uri, argc, argv); + } + #endif /* Opening the Picviz socket */ if(Config.picviz) @@ -707,6 +733,8 @@ void OS_ReadMSG_analysisd(int m_queue) debug1("%s: DEBUG: Startup completed. Waiting for new messages..",ARGV0); + if(Config.custom_alert_output) + debug1("%s: INFO: Custom output found.!",ARGV0); /* Daemon loop */ while(1) @@ -899,7 +927,15 @@ void OS_ReadMSG_analysisd(int m_queue) if(stats_rule->alert_opts & DO_LOGALERT) { __crt_ftell = ftell(_aflog); - OS_Log(lf); + if(Config.custom_alert_output) + { + OS_CustomLog(lf,Config.custom_alert_output_format); + } + else + { + OS_Log(lf); + } + } @@ -1006,7 +1042,15 @@ void OS_ReadMSG_analysisd(int m_queue) if(currently_rule->alert_opts & DO_LOGALERT) { __crt_ftell = ftell(_aflog); - OS_Log(lf); + + if(Config.custom_alert_output) + { + OS_CustomLog(lf,Config.custom_alert_output_format); + } + else + { + OS_Log(lf); + } } @@ -1021,6 +1065,14 @@ void OS_ReadMSG_analysisd(int m_queue) } #endif + /* Log to zeromq */ + #ifdef ZEROMQ_OUTPUT + if(Config.zeromq_output) + { + zeromq_output_event(lf); + } + #endif + /* Log to Picviz */ if (Config.picviz) @@ -1060,6 +1112,13 @@ void OS_ReadMSG_analysisd(int m_queue) do_ar = 0; } } + if((*rule_ar)->ar_cmd->expect & FILENAME) + { + if(!lf->filename) + { + do_ar = 0; + } + } if(do_ar) {