src/analysisd/picviz.c

   1 /* @(#) $Id: ./src/analysisd/picviz.c, 2011/09/08 dcid Exp $
   2  */
   3
   4 /* Copyright (C) 2009 Sebastien Tricaud
   5  * Copyright (C) 2009 Trend Micro Inc.
   6  * All right reserved.
   7  *
   8  * This program is a free software; you can redistribute it
   9  * and/or modify it under the terms of the GNU General Public
  10  * License (version 2) as published by the FSF - Free Software
  11  * Foundation
  12  */
  13
  14 #include "shared.h"
  15 #include "eventinfo.h"
  16
  17 static FILE *picviz_fp;
  18
  19 static char *(ossec2picviz[])={"blue","blue","blue","blue",
  20                                "green","green","green","green",
  21                                "orange", "orange", "orange", "orange",
  22                                "red", "red", "red", "red", "red"};
  23
  24
  25 void OS_PicvizOpen(char *socket)
  26 {
  27         picviz_fp = fopen(socket, "a");
  28     if(!picviz_fp)
  29     {
  30         merror("%s: Unable to open picviz socket file '%s'.",
  31                ARGV0, socket);
  32     }
  33 }
  34
  35 void OS_PicvizLog(Eventinfo *lf)
  36 {
  37         char *color = (lf->generated_rule->level > 15) ? "red" : ossec2picviz[lf->generated_rule->level];
  38
  39         char *hostname;
  40         char *location;
  41         char *srcip;
  42         char *dstip;
  43         char *srcuser;
  44         char *dstuser;
  45         char *prgname;
  46         char *comment;
  47
  48     if(!picviz_fp)
  49         return;
  50
  51
  52         hostname = lf->hostname ? lf->hostname : "";
  53         location = lf->location ? lf->location : "";
  54         srcip = lf->srcip ? lf->srcip : "";
  55         dstip = lf->dstip ? lf->dstip : "";
  56         srcuser = lf->srcuser ? lf->srcuser : "";
  57         dstuser = lf->dstuser ? lf->dstuser : "";
  58         prgname = lf->program_name ? lf->program_name : "";
  59         comment = lf->generated_rule->comment ? lf->generated_rule->comment : "";
  60
  61         fprintf(picviz_fp,
  62                         "time=\"%s\", host=\"%s\", file=\"%s\", sip=\"%s\", dip=\"%s\""
  63             ", srcuser=\"%s\", dstuser=\"%s\", prgnme=\"%s\", alert=\"%s\" [color=\"%s\"];\n",
  64             lf->hour,
  65                         hostname, location, srcip, dstip, srcuser, dstuser, prgname, comment, color);
  66
  67         fflush(picviz_fp);
  68
  69 }
  70
  71 void OS_PicvizClose(void)
  72 {
  73     if(picviz_fp)
  74             fclose(picviz_fp);
  75 }
  76