-/* @(#) $Id: decoder.c,v 1.42 2009/06/24 17:06:23 dcid Exp $ */
+/* @(#) $Id: ./src/analysisd/decoders/decoder.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation.
*
- * License details at the LICENSE file included with OSSEC or
+ * License details at the LICENSE file included with OSSEC or
* online at: http://www.ossec.net/en/licensing.html
*/
-
+
#include "shared.h"
#include "os_regex/os_regex.h"
#include "os_xml/os_xml.h"
#ifdef TESTRULE
- print_out("\n**Phase 2: Completed decoding.");
- #endif
+ if(!alert_only)
+ {
+ print_out("\n**Phase 2: Completed decoding.");
+ }
+ #endif
- do
+ do
{
nnode = node->osdecoder;
/* First checking program name */
if(lf->program_name)
{
- if(!OSMatch_Execute(lf->program_name, lf->p_name_size,
+ if(!OSMatch_Execute(lf->program_name, lf->p_name_size,
nnode->program_name))
{
continue;
#ifdef TESTRULE
- print_out(" decoder: '%s'", nnode->name);
- #endif
-
+ if(!alert_only)print_out(" decoder: '%s'", nnode->name);
+ #endif
+
lf->decoder_info = nnode;
-
+
child_node = node->child;
{
char *llog;
- /* If we have an offset set, use it */
+ /* If we have an offset set, use it */
if(nnode->prematch_offset & AFTER_PARENT)
{
llog = pmatch;
return;
child_node = child_node->next;
- nnode = NULL;
+ nnode = NULL;
}
else
{
nnode->plugindecoder(lf);
return;
}
-
-
+
+
/* Getting the regex */
while(child_node)
{
}
/* ok to return */
- return;
+ return;
}while((node=node->next) != NULL);
#ifdef TESTRULE
- print_out(" No decoder matched.");
+ if(!alert_only)
+ {
+ print_out(" No decoder matched.");
+ }
#endif
-
+
}
void *DstUser_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" dstuser: '%s'", field);
+ if(!alert_only)print_out(" dstuser: '%s'", field);
#endif
-
+
lf->dstuser = field;
return(NULL);
}
void *SrcUser_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" srcuser: '%s'", field);
+ if(!alert_only)print_out(" srcuser: '%s'", field);
#endif
-
+
lf->srcuser = field;
return(NULL);
}
void *SrcIP_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" srcip: '%s'", field);
+ if(!alert_only)print_out(" srcip: '%s'", field);
#endif
-
+
lf->srcip = field;
return(NULL);
}
void *DstIP_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" dstip: '%s'", field);
+ if(!alert_only)print_out(" dstip: '%s'", field);
#endif
-
+
lf->dstip = field;
return(NULL);
}
void *SrcPort_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" srcport: '%s'", field);
+ if(!alert_only)print_out(" srcport: '%s'", field);
#endif
-
+
lf->srcport = field;
return(NULL);
}
void *DstPort_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" dstport: '%s'", field);
+ if(!alert_only)print_out(" dstport: '%s'", field);
#endif
-
+
lf->dstport = field;
return(NULL);
}
void *Protocol_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" proto: '%s'", field);
+ if(!alert_only)print_out(" proto: '%s'", field);
#endif
-
+
lf->protocol = field;
return(NULL);
}
void *Action_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" action: '%s'", field);
+ if(!alert_only)print_out(" action: '%s'", field);
#endif
-
+
lf->action = field;
return(NULL);
}
void *ID_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" id: '%s'", field);
+ if(!alert_only)print_out(" id: '%s'", field);
#endif
-
+
lf->id = field;
return(NULL);
}
void *Url_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" url: '%s'", field);
+ if(!alert_only)print_out(" url: '%s'", field);
#endif
-
+
lf->url = field;
return(NULL);
}
void *Data_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" extra_data: '%s'", field);
+ if(!alert_only)print_out(" extra_data: '%s'", field);
#endif
-
+
lf->data = field;
return(NULL);
}
void *Status_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" status: '%s'", field);
+ if(!alert_only)print_out(" status: '%s'", field);
#endif
-
+
lf->status = field;
return(NULL);
}
void *SystemName_FP(Eventinfo *lf, char *field)
{
#ifdef TESTRULE
- print_out(" system_name: '%s'", field);
+ if(!alert_only)print_out(" system_name: '%s'", field);
#endif
lf->systemname = field;
projects / ossec-hids.git / blobdiff