X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Flogcollector%2Fread_syslog.c;h=688fd4b5f3b6ac879ec842fb857080812cbb38ea;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=5f0bd69703824aa925150d2ce1e6df2f79260b8d;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/logcollector/read_syslog.c b/src/logcollector/read_syslog.c old mode 100755 new mode 100644 index 5f0bd69..688fd4b --- a/src/logcollector/read_syslog.c +++ b/src/logcollector/read_syslog.c @@ -1,123 +1,108 @@ -/* @(#) $Id: read_syslog.c,v 1.24 2009/06/24 17:06:27 dcid Exp $ */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation */ /* Read the syslog */ - #include "shared.h" #include "logcollector.h" - -/* v0.3 (2005/08/24): Using fgets instead of fgetc - * v0.2 (2005/04/04) - */ - -/* Read syslog files/snort fast/apache files */ +/* Read syslog files */ void *read_syslog(int pos, int *rc, int drop_it) { int __ms = 0; char *p; - char str[OS_MAXSTR+1]; - + char str[OS_MAXSTR + 1]; fpos_t fp_pos; - str[OS_MAXSTR]= '\0'; + str[OS_MAXSTR] = '\0'; *rc = 0; - /* Getting initial file location */ + /* Get initial file location */ fgetpos(logff[pos].fp, &fp_pos); - while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) - { - /* Getting the last occurence of \n */ - if ((p = strrchr(str, '\n')) != NULL) - { + while (fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) { + /* Get the last occurrence of \n */ + if ((p = strrchr(str, '\n')) != NULL) { *p = '\0'; - } - + /* From issue #913 @ybonnamy */ + } else if((p = strchr(str, '\0')) != NULL) { + /* Replace NUL with a space */ + *p = ' '; + } + /* If we didn't get the new line, because the * size is large, send what we got so far. */ - else if(strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2)) - { + else if (strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2)) { /* Message size > maximum allowed */ __ms = 1; - } - else - { + } else { /* Message not complete. Return. */ - debug1("%s: Message not complete. Trying again: '%s'", ARGV0,str); + debug1("%s: Message not complete. Trying again: '%s'", ARGV0, str); fsetpos(logff[pos].fp, &fp_pos); break; - } - - #ifdef WIN32 - if ((p = strrchr(str, '\r')) != NULL) - { + } + +#ifdef WIN32 + if ((p = strrchr(str, '\r')) != NULL) { *p = '\0'; } - /* Looking for empty string (only on windows) */ - if(strlen(str) <= 2) - { + /* Look for empty string (only on Windows) */ + if (strlen(str) <= 2) { fgetpos(logff[pos].fp, &fp_pos); continue; } /* Windows can have comment on their logs */ - if(str[0] == '#') - { + if (str[0] == '#') { fgetpos(logff[pos].fp, &fp_pos); continue; } - #endif - +#endif + debug2("%s: DEBUG: Reading syslog message: '%s'", ARGV0, str); - - /* Sending message to queue */ - if(drop_it == 0) - { - if(SendMSG(logr_queue,str,logff[pos].file, - LOCALFILE_MQ) < 0) - { + /* Send message to queue */ + if (drop_it == 0) { + if (SendMSG(logr_queue, str, logff[pos].file, + LOCALFILE_MQ) < 0) { merror(QUEUE_SEND, ARGV0); - if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); } } } - /* Incorrectly message size */ - if(__ms) - { - merror("%s: Large message size: '%s'", ARGV0, str); - while(fgets(str, OS_MAXSTR - 2, logff[pos].fp) != NULL) - { - /* Getting the last occurence of \n */ - if ((p = strrchr(str, '\n')) != NULL) - { + /* Incorrect message size */ + if (__ms) { + // strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2) + // truncate str before logging to ossec.log +#define OUTSIZE 4096 + char buf[OUTSIZE + 1]; + buf[OUTSIZE] = '\0'; + snprintf(buf, OUTSIZE, "%s", str); + merror("%s: Large message size(length=%d): '%s...'", ARGV0, (int)strlen(str), buf); + while (fgets(str, OS_MAXSTR - 2, logff[pos].fp) != NULL) { + /* Get the last occurrence of \n */ + if (strrchr(str, '\n') != NULL) { break; } } __ms = 0; } - + fgetpos(logff[pos].fp, &fp_pos); continue; } - return(NULL); + return (NULL); } -/* EOF */