X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Flogcollector%2Fread_snortfull.c;h=a1f35b609adabb2c796f1f5fca55ba67f1ffb342;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=56d09c59fff9f7d85032ee28f8511e47b2f04bec;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/logcollector/read_snortfull.c b/src/logcollector/read_snortfull.c old mode 100755 new mode 100644 index 56d09c5..a1f35b6 --- a/src/logcollector/read_snortfull.c +++ b/src/logcollector/read_snortfull.c @@ -1,19 +1,12 @@ -/* @(#) $Id: read_snortfull.c,v 1.19 2009/06/24 17:06:27 dcid Exp $ */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation */ -/* v0.4 (2006/01/13): Fixing to read snort-full logs correctly. - * - */ - - #include "shared.h" #include "logcollector.h" @@ -22,81 +15,63 @@ void *read_snortfull(int pos, int *rc, int drop_it) { int f_msg_size = OS_MAXSTR; - - char *one = "one"; - char *two = "two"; - - char *p = NULL; + const char *one = "one"; + const char *two = "two"; + const char *p = NULL; char *q; char str[OS_MAXSTR + 1]; - char f_msg[OS_MAXSTR +1]; - + char f_msg[OS_MAXSTR + 1]; + *rc = 0; - str[OS_MAXSTR]='\0'; + str[OS_MAXSTR] = '\0'; f_msg[OS_MAXSTR] = '\0'; - while(fgets(str, OS_MAXSTR, logff[pos].fp) != NULL) - { - /* Removing \n at the end of the string */ - if ((q = strrchr(str, '\n')) != NULL) - { + while (fgets(str, OS_MAXSTR, logff[pos].fp) != NULL) { + /* Remove \n at the end of the string */ + if ((q = strrchr(str, '\n')) != NULL) { *q = '\0'; - } - else - { + } else { goto file_error; } /* First part of the message */ - if(p == NULL) - { - if(strncmp(str, "[**] [", 6) == 0) - { + if (p == NULL) { + if (strncmp(str, "[**] [", 6) == 0) { strncpy(f_msg, str, OS_MAXSTR); - f_msg_size -= strlen(str)+1; + f_msg_size -= strlen(str) + 1; p = one; } - } - else - { - if(p == one) - { + } else { + if (p == one) { /* Second line has the [Classification: */ - if(strncmp(str, "[Classification: ", 16) == 0) - { + if (strncmp(str, "[Classification: ", 16) == 0) { strncat(f_msg, str, f_msg_size); - f_msg_size -= strlen(str)+1; + f_msg_size -= strlen(str) + 1; p = two; - } - else if(strncmp(str, "[Priority: ", 10) == 0) - { + } else if (strncmp(str, "[Priority: ", 10) == 0) { strncat(f_msg, "[Classification: Preprocessor] " - "[Priority: 3] ", f_msg_size); - f_msg_size -= strlen(str)+1; + "[Priority: 3] ", f_msg_size); + f_msg_size -= strlen(str) + 1; p = two; } - + /* If it is a preprocessor message, it will not have * the classification. */ - else if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' '))) - { + else if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) { strncat(f_msg, "[Classification: Preprocessor] " - "[Priority: 3] ", f_msg_size); - strncat(f_msg, ++q, f_msg_size -40); - - /* Cleaning for next event */ + "[Priority: 3] ", f_msg_size); + strncat(f_msg, ++q, f_msg_size - 40); + + /* Clean for next event */ p = NULL; - - /* Sending the message */ - if(drop_it == 0) - { - if(SendMSG(logr_queue,f_msg, logff[pos].file, - LOCALFILE_MQ) < 0) - { + + /* Send the message */ + if (drop_it == 0) { + if (SendMSG(logr_queue, f_msg, logff[pos].file, + LOCALFILE_MQ) < 0) { merror(QUEUE_SEND, ARGV0); - if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); } } @@ -105,41 +80,31 @@ void *read_snortfull(int pos, int *rc, int drop_it) f_msg[0] = '\0'; f_msg_size = OS_MAXSTR; str[0] = '\0'; - } - else - { + } else { goto file_error; } - } - else if(p == two) - { + } else if (p == two) { /* Third line has the 01/13-15 (date) */ - if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' '))) - { + if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) { strncat(f_msg, ++q, f_msg_size); - f_msg_size -= strlen(q)+1; + f_msg_size -= strlen(q) + 1; p = NULL; - /* Sending the message */ - if(drop_it == 0) - { - if(SendMSG(logr_queue,f_msg, logff[pos].file, - LOCALFILE_MQ) < 0) - { + /* Send the message */ + if (drop_it == 0) { + if (SendMSG(logr_queue, f_msg, logff[pos].file, + LOCALFILE_MQ) < 0) { merror(QUEUE_SEND, ARGV0); - if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); } } } - + f_msg[0] = '\0'; f_msg_size = OS_MAXSTR; str[0] = '\0'; - } - else - { + } else { goto file_error; } @@ -148,16 +113,14 @@ void *read_snortfull(int pos, int *rc, int drop_it) continue; - file_error: +file_error: - merror("%s: Bad formated snort full file.", ARGV0); + merror("%s: Bad formatted snort full file.", ARGV0); *rc = -1; - return(NULL); + return (NULL); } - - return(NULL); + return (NULL); } -/* EOF */