src/analysisd/picviz.c

   1 /* @(#) $Id$ */
   2
   3 /* Copyright (C) 2009 Sebastien Tricaud
   4  * Copyright (C) 2009 Trend Micro Inc.
   5  * All right reserved.
   6  *
   7  * This program is a free software; you can redistribute it
   8  * and/or modify it under the terms of the GNU General Public
   9  * License (version 2) as published by the FSF - Free Software
  10  * Foundation
  11  */
  12
  13 #include "shared.h"
  14 #include "eventinfo.h"
  15
  16 static FILE *picviz_fp;
  17
  18 static char *(ossec2picviz[])={"blue","blue","blue","blue",
  19                                "green","green","green","green",
  20                                "orange", "orange", "orange", "orange",
  21                                "red", "red", "red", "red", "red"};
  22
  23
  24 void OS_PicvizOpen(char *socket)
  25 {
  26         picviz_fp = fopen(socket, "a");
  27     if(!picviz_fp)
  28     {
  29         merror("%s: Unable to open picviz socket file '%s'.",
  30                ARGV0, socket);
  31     }
  32 }
  33
  34 void OS_PicvizLog(Eventinfo *lf)
  35 {
  36         char *color = (lf->generated_rule->level > 15) ? "red" : ossec2picviz[lf->generated_rule->level];
  37
  38         char *hostname;
  39         char *location;
  40         char *srcip;
  41         char *dstip;
  42         char *srcuser;
  43         char *dstuser;
  44         char *prgname;
  45         char *comment;
  46
  47     if(!picviz_fp)
  48         return;
  49
  50
  51         hostname = lf->hostname ? lf->hostname : "";
  52         location = lf->location ? lf->location : "";
  53         srcip = lf->srcip ? lf->srcip : "";
  54         dstip = lf->dstip ? lf->dstip : "";
  55         srcuser = lf->srcuser ? lf->srcuser : "";
  56         dstuser = lf->dstuser ? lf->dstuser : "";
  57         prgname = lf->program_name ? lf->program_name : "";
  58         comment = lf->generated_rule->comment ? lf->generated_rule->comment : "";
  59
  60         fprintf(picviz_fp,
  61                         "time=\"%s\", host=\"%s\", file=\"%s\", sip=\"%s\", dip=\"%s\""
  62             ", srcuser=\"%s\", dstuser=\"%s\", prgnme=\"%s\", alert=\"%s\" [color=\"%s\"];\n",
  63             lf->hour,
  64                         hostname, location, srcip, dstip, srcuser, dstuser, prgname, comment, color);
  65
  66         fflush(picviz_fp);
  67
  68 }
  69
  70 void OS_PicvizClose(void)
  71 {
  72     if(picviz_fp)
  73             fclose(picviz_fp);
  74 }
  75