char exec_msg[OS_SIZE_1024 +1];
char *ip;
char *user;
+ char *filename;
+ int do_free_filename = 0;
+ ip = user = filename = "-";
/* Cleaning the IP */
if(lf->srcip && (ar->ar_cmd->expect & SRCIP))
}
}
}
- else
- {
- ip = "-";
- }
-
/* Getting username */
if(lf->dstuser && (ar->ar_cmd->expect & USERNAME))
{
user = lf->dstuser;
}
- else
+
+ /* Get the filename */
+ if(lf->filename && (ar->ar_cmd->expect & FILENAME))
{
- user = "-";
+ filename = os_shell_escape(lf->filename);
+ do_free_filename = 1;
}
return;
snprintf(exec_msg, OS_SIZE_1024,
- "%s %s %s %d.%ld %d %s",
+ "%s %s %s %d.%ld %d %s %s",
ar->name,
user,
ip,
lf->time,
__crt_ftell,
lf->generated_rule->sigid,
- lf->location);
+ lf->location,
+ filename);
if(OS_SendUnix(*execq, exec_msg, 0) < 0)
{
if missing then it must of been generated by the local analysisd so prepend a false id tag */
if(lf->location[0] == '(') {
snprintf(exec_msg, OS_SIZE_1024,
- "%s %c%c%c %s %s %s %s %d.%ld %d",
+ "%s %c%c%c %s %s %s %s %d.%ld %d %s %s",
lf->location,
(ar->location & ALL_AGENTS)?ALL_AGENTS_C:NONE_C,
(ar->location & REMOTE_AGENT)?REMOTE_AGENT_C:NONE_C,
ip,
lf->time,
__crt_ftell,
- lf->generated_rule->sigid);
+ lf->generated_rule->sigid,
+ lf->location,
+ filename);
} else {
snprintf(exec_msg, OS_SIZE_1024,
- "(local_source) %s %c%c%c %s %s %s %s %d.%ld %d",
+ "(local_source) %s %c%c%c %s %s %s %s %d.%ld %d %s %s",
lf->location,
(ar->location & ALL_AGENTS)?ALL_AGENTS_C:NONE_C,
(ar->location & REMOTE_AGENT)?REMOTE_AGENT_C:NONE_C,
ip,
lf->time,
__crt_ftell,
- lf->generated_rule->sigid);
+ lf->generated_rule->sigid,
+ lf->location,
+ filename);
}
if((rc = OS_SendUnix(*arq, exec_msg, 0)) < 0)
}
}
+ // Clean up Memory
+ if ( filename != NULL && do_free_filename == 1 )
+ free(filename);
+
return;
}