X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Flogcollector%2Fread_syslog.c;h=688fd4b5f3b6ac879ec842fb857080812cbb38ea;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=5f0bd69703824aa925150d2ce1e6df2f79260b8d;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git

diff --git a/src/logcollector/read_syslog.c b/src/logcollector/read_syslog.c
old mode 100755
new mode 100644
index 5f0bd69..688fd4b
--- a/src/logcollector/read_syslog.c
+++ b/src/logcollector/read_syslog.c
@@ -1,123 +1,108 @@
-/* @(#) $Id: read_syslog.c,v 1.24 2009/06/24 17:06:27 dcid Exp $ */
-
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
  *
  * This program is a free software; you can redistribute it
  * and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
  * Foundation
  */
 
 /* Read the syslog */
 
-
 #include "shared.h"
 #include "logcollector.h"
 
 
-
-/* v0.3 (2005/08/24): Using fgets instead of fgetc
- * v0.2 (2005/04/04)
- */
-
-/* Read syslog files/snort fast/apache files */
+/* Read syslog files */
 void *read_syslog(int pos, int *rc, int drop_it)
 {
     int __ms = 0;
     char *p;
-    char str[OS_MAXSTR+1];
-
+    char str[OS_MAXSTR + 1];
     fpos_t fp_pos;
 
-    str[OS_MAXSTR]= '\0';
+    str[OS_MAXSTR] = '\0';
     *rc = 0;
 
-    /* Getting initial file location */
+    /* Get initial file location */
     fgetpos(logff[pos].fp, &fp_pos);
 
-    while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
-    {
-        /* Getting the last occurence of \n */
-        if ((p = strrchr(str, '\n')) != NULL) 
-        {
+    while (fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) {
+        /* Get the last occurrence of \n */
+        if ((p = strrchr(str, '\n')) != NULL) {
             *p = '\0';
-        }
-        
+         /* From issue #913 @ybonnamy */
+         } else if((p = strchr(str, '\0')) != NULL) {
+             /* Replace NUL with a space */
+             *p = ' ';
+         }
+
         /* If we didn't get the new line, because the
          * size is large, send what we got so far.
          */
-        else if(strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2))
-        {
+        else if (strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2)) {
             /* Message size > maximum allowed */
             __ms = 1;
-        }
-        else
-        {
+        } else {
             /* Message not complete. Return. */
-            debug1("%s: Message not complete. Trying again: '%s'", ARGV0,str);
+            debug1("%s: Message not complete. Trying again: '%s'", ARGV0, str);
             fsetpos(logff[pos].fp, &fp_pos);
             break;
-        }    
-        
-        #ifdef WIN32
-        if ((p = strrchr(str, '\r')) != NULL)
-        {
+        }
+
+#ifdef WIN32
+        if ((p = strrchr(str, '\r')) != NULL) {
             *p = '\0';
         }
 
-        /* Looking for empty string (only on windows) */
-        if(strlen(str) <= 2)
-        {
+        /* Look for empty string (only on Windows) */
+        if (strlen(str) <= 2) {
             fgetpos(logff[pos].fp, &fp_pos);
             continue;
         }
 
         /* Windows can have comment on their logs */
-        if(str[0] == '#')
-        {
+        if (str[0] == '#') {
             fgetpos(logff[pos].fp, &fp_pos);
             continue;
         }
-        #endif
-                      
+#endif
+
         debug2("%s: DEBUG: Reading syslog message: '%s'", ARGV0, str);
 
-        
-        /* Sending message to queue */
-        if(drop_it == 0)
-        {
-            if(SendMSG(logr_queue,str,logff[pos].file,
-                        LOCALFILE_MQ) < 0)
-            {
+        /* Send message to queue */
+        if (drop_it == 0) {
+            if (SendMSG(logr_queue, str, logff[pos].file,
+                        LOCALFILE_MQ) < 0) {
                 merror(QUEUE_SEND, ARGV0);
-                if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
-                {
+                if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
                     ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
                 }
             }
         }
 
-        /* Incorrectly message size */
-        if(__ms)
-        {
-            merror("%s: Large message size: '%s'", ARGV0, str);
-            while(fgets(str, OS_MAXSTR - 2, logff[pos].fp) != NULL)
-            {
-                /* Getting the last occurence of \n */
-                if ((p = strrchr(str, '\n')) != NULL)
-                {
+        /* Incorrect message size */
+        if (__ms) {
+            // strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2)
+            // truncate str before logging to ossec.log
+#define OUTSIZE 4096
+            char buf[OUTSIZE + 1];
+            buf[OUTSIZE] = '\0';
+            snprintf(buf, OUTSIZE, "%s", str);
+            merror("%s: Large message size(length=%d): '%s...'", ARGV0, (int)strlen(str), buf);
+            while (fgets(str, OS_MAXSTR - 2, logff[pos].fp) != NULL) {
+                /* Get the last occurrence of \n */
+                if (strrchr(str, '\n') != NULL) {
                     break;
                 }
             }
             __ms = 0;
         }
-        
+
         fgetpos(logff[pos].fp, &fp_pos);
         continue;
     }
 
-    return(NULL); 
+    return (NULL);
 }
 
-/* EOF */