10 #include "zeromq_output.h"
15 static zctx_t *zeromq_context;
16 static void *zeromq_pubsocket;
19 void zeromq_output_start(char *uri, int argc, char **argv) {
23 debug1("%s: DEBUG: New ZeroMQ Context", ARGV0);
24 zeromq_context = zctx_new();
25 if (zeromq_context == NULL) {
26 merror("%s: Unable to initialize ZeroMQ library", ARGV0);
30 debug1("%s: DEBUG: New ZeroMQ Socket: ZMQ_PUB", ARGV0);
31 zeromq_pubsocket = zsocket_new(zeromq_context, ZMQ_PUB);
32 if (zeromq_pubsocket == NULL) {
33 merror("%s: Unable to initialize ZeroMQ Socket", ARGV0);
37 debug1("%s: DEBUG: Listening on ZeroMQ Socket: %s", ARGV0, uri);
38 rc = zsocket_bind(zeromq_pubsocket, uri);
40 merror("%s: Unable to bind the ZeroMQ Socket: %s.", ARGV0, uri);
47 void zeromq_output_end() {
48 zsocket_destroy(zeromq_context, zeromq_pubsocket);
49 zctx_destroy(&zeromq_context);
53 void zeromq_output_event(Eventinfo *lf){
54 char *json_alert = Eventinfo_to_jsonstr(lf);
55 zmsg_t *msg = zmsg_new();
56 zmsg_addstr(msg, "ossec.alerts");
57 zmsg_addstr(msg, json_alert);
58 zmsg_send(&msg, zeromq_pubsocket);
62 /* Convert Eventinfo to json */
63 char *Eventinfo_to_jsonstr(Eventinfo *lf) {
68 root = cJSON_CreateObject();
69 cJSON_AddItemToObject(root, "rule", rule=cJSON_CreateObject());
71 cJSON_AddNumberToObject(rule, "level", lf->generated_rule->level);
73 if (lf->generated_rule->comment) cJSON_AddStringToObject(rule, "comment", lf->generated_rule->comment);
74 if (lf->generated_rule->sigid) cJSON_AddNumberToObject(rule, "sidid", lf->generated_rule->sigid);
75 if (lf->generated_rule->cve) cJSON_AddStringToObject(rule, "cve", lf->generated_rule->cve);
76 if (lf->generated_rule->cve) cJSON_AddStringToObject(rule, "info", lf->generated_rule->info);
79 if (lf->action) cJSON_AddStringToObject(root, "action", lf->action);
80 if (lf->srcip) cJSON_AddStringToObject(root, "srcip", lf->srcip);
81 if (lf->srcport) cJSON_AddStringToObject(root, "srcport", lf->srcport);
82 if (lf->srcuser) cJSON_AddStringToObject(root, "srcuser", lf->srcuser);
83 if (lf->dstip) cJSON_AddStringToObject(root, "dstip", lf->dstip);
84 if (lf->dstport) cJSON_AddStringToObject(root, "dstport", lf->dstport);
85 if (lf->dstuser) cJSON_AddStringToObject(root, "dstuser", lf->dstuser);
86 if (lf->location) cJSON_AddStringToObject(root, "location", lf->location);
87 if (lf->full_log) cJSON_AddStringToObject(root, "full_log", lf->full_log);
89 cJSON_AddItemToObject(root, "file", file_diff=cJSON_CreateObject());
91 cJSON_AddStringToObject(file_diff, "path", lf->filename);
93 if (lf->md5_before && lf->md5_after && strcmp(lf->md5_before, lf->md5_after) != 0 ) {
94 cJSON_AddStringToObject(file_diff,"md5_before", lf->md5_before);
95 cJSON_AddStringToObject(file_diff,"md5_after", lf->md5_after);
97 if (lf->sha1_before && lf->sha1_after && !strcmp(lf->sha1_before, lf->sha1_after) != 0) {
98 cJSON_AddStringToObject(file_diff,"sha1_before", lf->sha1_before);
99 cJSON_AddStringToObject(file_diff,"sha1_after", lf->sha1_after);
101 if (lf->owner_before && lf->owner_after && !strcmp(lf->owner_before, lf->owner_after) != 0) {
102 cJSON_AddStringToObject(file_diff,"owner_before", lf->owner_before);
103 cJSON_AddStringToObject(file_diff,"owner_after", lf->owner_after);
105 if (lf->gowner_before && lf->gowner_after && !strcmp(lf->gowner_before, lf->gowner_after) != 0 ) {
106 cJSON_AddStringToObject(file_diff,"gowner_before", lf->gowner_before);
107 cJSON_AddStringToObject(file_diff,"gowner_after", lf->gowner_after);
109 if (lf->perm_before && lf->perm_after && lf->perm_before != lf->perm_after) {
110 cJSON_AddNumberToObject(file_diff, "perm_before", lf->perm_before);
111 cJSON_AddNumberToObject(file_diff, "perm_after", lf->perm_after);
114 out=cJSON_PrintUnformatted(root);
projects / ossec-hids.git / blob