projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.7
[ossec-hids.git]
/
src
/
analysisd
/
stats.c
diff --git
a/src/analysisd/stats.c
b/src/analysisd/stats.c
index
2e2420a
..
764b5ed
100755
(executable)
--- a/
src/analysisd/stats.c
+++ b/
src/analysisd/stats.c
@@
-1,5
+1,6
@@
-/* @(#) $Id$ */
-
+/* @(#) $Id: ./src/analysisd/stats.c, 2011/09/08 dcid Exp $
+ */
+
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
@@
-28,7
+29,7
@@
char *(weekdays[])={"Sunday","Monday","Tuesday","Wednesday","Thursday",
"Friday","Saturday"};
char *(l_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
"Sep","Oct","Nov","Dec"};
"Friday","Saturday"};
char *(l_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
"Sep","Oct","Nov","Dec"};
-
+
/* Global vars */
/* Global vars */
@@
-62,7
+63,7
@@
void print_totals()
char logfile[OS_FLSIZE +1];
FILE *flog;
char logfile[OS_FLSIZE +1];
FILE *flog;
-
+
/* Creating the path for the logs */
snprintf(logfile, OS_FLSIZE,"%s/%d/", STATSAVED, prev_year);
if(IsDir(logfile) == -1)
/* Creating the path for the logs */
snprintf(logfile, OS_FLSIZE,"%s/%d/", STATSAVED, prev_year);
if(IsDir(logfile) == -1)
@@
-96,7
+97,7
@@
void print_totals()
merror(FOPEN_ERROR, ARGV0, logfile);
return;
}
merror(FOPEN_ERROR, ARGV0, logfile);
return;
}
-
+
/* Printing the hourly stats */
for(i=0;i<=23;i++)
{
/* Printing the hourly stats */
for(i=0;i<=23;i++)
{
@@
-104,7
+105,7
@@
void print_totals()
totals+=_CHour[i];
}
fprintf(flog,"Total events for day:%d\n", totals);
totals+=_CHour[i];
}
fprintf(flog,"Total events for day:%d\n", totals);
-
+
fclose(flog);
}
fclose(flog);
}
@@
-112,7
+113,7
@@
void print_totals()
/* gethour: v0.2
* Return the parameter (event_number + 20 % of it)
* If event_number < mindiff, return mindiff
/* gethour: v0.2
* Return the parameter (event_number + 20 % of it)
* If event_number < mindiff, return mindiff
- * If event_number > maxdiff, return maxdiff
+ * If event_number > maxdiff, return maxdiff
*/
int gethour(int event_number)
{
*/
int gethour(int event_number)
{
@@
-121,12
+122,12
@@
int gethour(int event_number)
event_diff = (event_number * percent_diff)/100;
event_diff++;
event_diff = (event_number * percent_diff)/100;
event_diff++;
-
+
if(event_diff < mindiff)
return(event_number + mindiff);
else if(event_diff > maxdiff)
return(event_number + maxdiff);
if(event_diff < mindiff)
return(event_number + mindiff);
else if(event_diff > maxdiff)
return(event_number + maxdiff);
-
+
return(event_number + event_diff);
}
return(event_number + event_diff);
}
@@
-136,24
+137,24
@@
void Update_Hour()
{
int i,j;
int inter;
{
int i,j;
int inter;
-
-
+
+
/* Print total number of logs received per hour */
print_totals();
/* Print total number of logs received per hour */
print_totals();
-
-
+
+
/* Hourly update */
_RHour[24]++;
inter = _RHour[24];
if(inter > 7)
inter = 7;
/* Hourly update */
_RHour[24]++;
inter = _RHour[24];
if(inter > 7)
inter = 7;
-
+
for(i=0;i<=24;i++)
{
char _hourly[128]; /* _hourly file */
for(i=0;i<=24;i++)
{
char _hourly[128]; /* _hourly file */
-
+
FILE *fp;
FILE *fp;
-
+
if(i != 24)
{
/* If saved hourly = 0, just copy the current hourly rate */
if(i != 24)
{
/* If saved hourly = 0, just copy the current hourly rate */
@@
-170,7
+171,7
@@
void Update_Hour()
{
_RHour[i]=(((3*_CHour[i])+(inter*_RHour[i]))/(inter+3))+25;
}
{
_RHour[i]=(((3*_CHour[i])+(inter*_RHour[i]))/(inter+3))+25;
}
-
+
else
{
/* The average is going to be the number of interactions +
else
{
/* The average is going to be the number of interactions +
@@
-179,7
+180,7
@@
void Update_Hour()
}
}
}
}
}
}
-
+
snprintf(_hourly,128,"%s/%d",STATQUEUE,i);
fp = fopen(_hourly, "w");
if(fp)
snprintf(_hourly,128,"%s/%d",STATQUEUE,i);
fp = fopen(_hourly, "w");
if(fp)
@@
-192,7
+193,7
@@
void Update_Hour()
{
merror(FOPEN_ERROR, "logstats", _hourly);
}
{
merror(FOPEN_ERROR, "logstats", _hourly);
}
-
+
_CHour[i] = 0; /* Zeroing the currently hour */
}
_CHour[i] = 0; /* Zeroing the currently hour */
}
@@
-206,7
+207,7
@@
void Update_Hour()
inter = _CWHour[i][24];
if(inter > 7)
inter = 7;
inter = _CWHour[i][24];
if(inter > 7)
inter = 7;
-
+
for(j=0;j<=24;j++)
{
if(j != 24)
for(j=0;j<=24;j++)
{
if(j != 24)
@@
-229,7
+230,7
@@
void Update_Hour()
}
}
}
}
}
}
-
+
snprintf(_weekly,128,"%s/%d/%d",STATWQUEUE,i,j);
fp = fopen(_weekly, "w");
if(fp)
snprintf(_weekly,128,"%s/%d/%d",STATWQUEUE,i,j);
fp = fopen(_weekly, "w");
if(fp)
@@
-241,9
+242,9
@@
void Update_Hour()
{
merror(FOPEN_ERROR, "logstats", _weekly);
}
{
merror(FOPEN_ERROR, "logstats", _weekly);
}
-
+
_CWHour[i][j] = 0;
_CWHour[i][j] = 0;
- }
+ }
}
_daily_errors = 0;
}
_daily_errors = 0;
@@
-286,8
+287,8
@@
int Check_Hour(Eventinfo *lf)
" between %d:00 and %d:00 is %d. We "
"reached %d.",__crt_hour,__crt_hour+1,
_RHour[__crt_hour],_CHour[__crt_hour]);
" between %d:00 and %d:00 is %d. We "
"reached %d.",__crt_hour,__crt_hour+1,
_RHour[__crt_hour],_CHour[__crt_hour]);
-
-
+
+
_fired = 1;
_daily_errors++;
return(1);
_fired = 1;
_daily_errors++;
return(1);
@@
-299,13
+300,13
@@
int Check_Hour(Eventinfo *lf)
/* We need to have at least 3 days of stats */
if(_RWHour[__crt_wday][24] <= 2)
return(0);
/* We need to have at least 3 days of stats */
if(_RWHour[__crt_wday][24] <= 2)
return(0);
-
+
/* checking for the hour during a specific day of the week */
if(_RWHour[__crt_wday][__crt_hour] != 0)
{
if(_CWHour[__crt_wday][__crt_hour] > _RWHour[__crt_wday][__crt_hour])
{
/* checking for the hour during a specific day of the week */
if(_RWHour[__crt_wday][__crt_hour] != 0)
{
if(_CWHour[__crt_wday][__crt_hour] > _RWHour[__crt_wday][__crt_hour])
{
- if(_CWHour[__crt_wday][__crt_hour] >
+ if(_CWHour[__crt_wday][__crt_hour] >
gethour(_RWHour[__crt_wday][__crt_hour]))
{
snprintf(__stats_comment, 191,
gethour(_RWHour[__crt_wday][__crt_hour]))
{
snprintf(__stats_comment, 191,
@@
-315,8
+316,8
@@
int Check_Hour(Eventinfo *lf)
weekdays[__crt_wday],
_RWHour[__crt_wday][__crt_hour],
_CWHour[__crt_wday][__crt_hour]);
weekdays[__crt_wday],
_RWHour[__crt_wday][__crt_hour],
_CWHour[__crt_wday][__crt_hour]);
-
-
+
+
_fired = 1;
_daily_errors++;
return(1);
_fired = 1;
_daily_errors++;
return(1);
@@
-354,7
+355,7
@@
int Start_Hour()
maxdiff = getDefine_Int("analysisd",
"stats_maxdiff",
10, 99999);
maxdiff = getDefine_Int("analysisd",
"stats_maxdiff",
10, 99999);
-
+
mindiff = getDefine_Int("analysisd",
"stats_mindiff",
10, 99999);
mindiff = getDefine_Int("analysisd",
"stats_mindiff",
10, 99999);
@@
-371,22
+372,22
@@
int Start_Hour()
_lastmsg = NULL;
_prevlast = NULL;
_pprevlast = NULL;
_lastmsg = NULL;
_prevlast = NULL;
_pprevlast = NULL;
-
-
+
+
/* They should not be null */
os_strdup(" ", _lastmsg);
os_strdup(" ", _prevlast);
os_strdup(" ", _pprevlast);
/* They should not be null */
os_strdup(" ", _lastmsg);
os_strdup(" ", _prevlast);
os_strdup(" ", _pprevlast);
-
-
- /* Creating the stat queue directories */
+
+
+ /* Creating the stat queue directories */
if(IsDir(STATWQUEUE) == -1)
if(mkdir(STATWQUEUE,0770) == -1)
{
merror("%s: logstat: Unable to create stat queue: %s",
ARGV0, STATWQUEUE);
return(-1);
if(IsDir(STATWQUEUE) == -1)
if(mkdir(STATWQUEUE,0770) == -1)
{
merror("%s: logstat: Unable to create stat queue: %s",
ARGV0, STATWQUEUE);
return(-1);
- }
+ }
if(IsDir(STATQUEUE) == -1)
if(mkdir(STATQUEUE,0770) == -1)
if(IsDir(STATQUEUE) == -1)
if(mkdir(STATQUEUE,0770) == -1)
@@
-394,7
+395,7
@@
int Start_Hour()
merror("%s: logstat: Unable to create stat queue: %s",
ARGV0, STATQUEUE);
return(-1);
merror("%s: logstat: Unable to create stat queue: %s",
ARGV0, STATQUEUE);
return(-1);
- }
+ }
/* Creating store dir */
if(IsDir(STATSAVED) == -1)
/* Creating store dir */
if(IsDir(STATSAVED) == -1)
@@
-414,7
+415,7
@@
int Start_Hour()
_CHour[i]=0;
if(File_DateofChange(_hourly) < 0)
_RHour[i] = 0;
_CHour[i]=0;
if(File_DateofChange(_hourly) < 0)
_RHour[i] = 0;
-
+
else
{
FILE *fp;
else
{
FILE *fp;
@@
-427,7
+428,7
@@
int Start_Hour()
_RHour[i] = 0;
if(_RHour[i] < 0)
_RHour[i] = 0;
if(_RHour[i] < 0)
- _RHour[i] = 0;
+ _RHour[i] = 0;
fclose(fp);
}
}
fclose(fp);
}
}
@@
-464,7
+465,7
@@
int Start_Hour()
_RWHour[i][j] = 0;
if(_RWHour[i][j] < 0)
_RWHour[i][j] = 0;
if(_RWHour[i][j] < 0)
- _RWHour[i][j] = 0;
+ _RWHour[i][j] = 0;
fclose(fp);
}
}
fclose(fp);
}
}
@@
-496,7
+497,7
@@
int LastMsg_Stats(char *log)
/* LastMsg_Change: v0.3: 2006/03/21
* v0.3: 2006/03/21: Some performance fixes.
/* LastMsg_Change: v0.3: 2006/03/21
* v0.3: 2006/03/21: Some performance fixes.
- * v0.2: 2005/03/17
+ * v0.2: 2005/03/17
* If the message is not repeated, rearrange the last
* received messages
*/
* If the message is not repeated, rearrange the last
* received messages
*/
@@
-504,12
+505,12
@@
void LastMsg_Change(char *log)
{
/* Removing the last one */
free(_pprevlast);
{
/* Removing the last one */
free(_pprevlast);
-
+
/* Moving the second to third and the last to second */
_pprevlast = _prevlast;
/* Moving the second to third and the last to second */
_pprevlast = _prevlast;
-
+
_prevlast = _lastmsg;
_prevlast = _lastmsg;
-
+
os_strdup(log, _lastmsg);
return;
os_strdup(log, _lastmsg);
return;