X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Flogcollector%2Fread_snortfull.c;h=a1f35b609adabb2c796f1f5fca55ba67f1ffb342;hb=refs%2Fheads%2Fmaster;hp=951b2d858c9ddc43cd370d7a769fca4d8b708dc1;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git diff --git a/src/logcollector/read_snortfull.c b/src/logcollector/read_snortfull.c old mode 100755 new mode 100644 index 951b2d8..a1f35b6 --- a/src/logcollector/read_snortfull.c +++ b/src/logcollector/read_snortfull.c @@ -1,5 +1,3 @@ -/* @(#) $Id$ */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * @@ -9,11 +7,6 @@ * Foundation */ -/* v0.4 (2006/01/13): Fixing to read snort-full logs correctly. - * - */ - - #include "shared.h" #include "logcollector.h" @@ -22,81 +15,63 @@ void *read_snortfull(int pos, int *rc, int drop_it) { int f_msg_size = OS_MAXSTR; - - char *one = "one"; - char *two = "two"; - - char *p = NULL; + const char *one = "one"; + const char *two = "two"; + const char *p = NULL; char *q; char str[OS_MAXSTR + 1]; - char f_msg[OS_MAXSTR +1]; - + char f_msg[OS_MAXSTR + 1]; + *rc = 0; - str[OS_MAXSTR]='\0'; + str[OS_MAXSTR] = '\0'; f_msg[OS_MAXSTR] = '\0'; - while(fgets(str, OS_MAXSTR, logff[pos].fp) != NULL) - { - /* Removing \n at the end of the string */ - if ((q = strrchr(str, '\n')) != NULL) - { + while (fgets(str, OS_MAXSTR, logff[pos].fp) != NULL) { + /* Remove \n at the end of the string */ + if ((q = strrchr(str, '\n')) != NULL) { *q = '\0'; - } - else - { + } else { goto file_error; } /* First part of the message */ - if(p == NULL) - { - if(strncmp(str, "[**] [", 6) == 0) - { + if (p == NULL) { + if (strncmp(str, "[**] [", 6) == 0) { strncpy(f_msg, str, OS_MAXSTR); - f_msg_size -= strlen(str)+1; + f_msg_size -= strlen(str) + 1; p = one; } - } - else - { - if(p == one) - { + } else { + if (p == one) { /* Second line has the [Classification: */ - if(strncmp(str, "[Classification: ", 16) == 0) - { + if (strncmp(str, "[Classification: ", 16) == 0) { strncat(f_msg, str, f_msg_size); - f_msg_size -= strlen(str)+1; + f_msg_size -= strlen(str) + 1; p = two; - } - else if(strncmp(str, "[Priority: ", 10) == 0) - { + } else if (strncmp(str, "[Priority: ", 10) == 0) { strncat(f_msg, "[Classification: Preprocessor] " - "[Priority: 3] ", f_msg_size); - f_msg_size -= strlen(str)+1; + "[Priority: 3] ", f_msg_size); + f_msg_size -= strlen(str) + 1; p = two; } - + /* If it is a preprocessor message, it will not have * the classification. */ - else if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' '))) - { + else if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) { strncat(f_msg, "[Classification: Preprocessor] " - "[Priority: 3] ", f_msg_size); - strncat(f_msg, ++q, f_msg_size -40); - - /* Cleaning for next event */ + "[Priority: 3] ", f_msg_size); + strncat(f_msg, ++q, f_msg_size - 40); + + /* Clean for next event */ p = NULL; - - /* Sending the message */ - if(drop_it == 0) - { - if(SendMSG(logr_queue,f_msg, logff[pos].file, - LOCALFILE_MQ) < 0) - { + + /* Send the message */ + if (drop_it == 0) { + if (SendMSG(logr_queue, f_msg, logff[pos].file, + LOCALFILE_MQ) < 0) { merror(QUEUE_SEND, ARGV0); - if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); } } @@ -105,41 +80,31 @@ void *read_snortfull(int pos, int *rc, int drop_it) f_msg[0] = '\0'; f_msg_size = OS_MAXSTR; str[0] = '\0'; - } - else - { + } else { goto file_error; } - } - else if(p == two) - { + } else if (p == two) { /* Third line has the 01/13-15 (date) */ - if((str[2] == '/')&&(str[5] == '-')&&(q = strchr(str,' '))) - { + if ((str[2] == '/') && (str[5] == '-') && (q = strchr(str, ' '))) { strncat(f_msg, ++q, f_msg_size); - f_msg_size -= strlen(q)+1; + f_msg_size -= strlen(q) + 1; p = NULL; - /* Sending the message */ - if(drop_it == 0) - { - if(SendMSG(logr_queue,f_msg, logff[pos].file, - LOCALFILE_MQ) < 0) - { + /* Send the message */ + if (drop_it == 0) { + if (SendMSG(logr_queue, f_msg, logff[pos].file, + LOCALFILE_MQ) < 0) { merror(QUEUE_SEND, ARGV0); - if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); } } } - + f_msg[0] = '\0'; f_msg_size = OS_MAXSTR; str[0] = '\0'; - } - else - { + } else { goto file_error; } @@ -148,16 +113,14 @@ void *read_snortfull(int pos, int *rc, int drop_it) continue; - file_error: +file_error: - merror("%s: Bad formated snort full file.", ARGV0); + merror("%s: Bad formatted snort full file.", ARGV0); *rc = -1; - return(NULL); + return (NULL); } - - return(NULL); + return (NULL); } -/* EOF */