-/* @(#) $Id: logcollector.c,v 1.59 2009/11/03 21:07:32 dcid Exp $ */
+/* @(#) $Id$ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
int update_fname(int i);
+char *rand_keepalive_str(char *dst, int size)
+{
+ static const char text[] = "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "0123456789"
+ "!@#$%^&*()_+-=;'[],./?";
+ int i, len = rand() % (size - 10);
+ strncpy(dst, "--MARK--: ", 12);
+ for ( i = 10; i < len; ++i )
+ {
+ dst[i] = text[rand() % (sizeof text - 1)];
+ }
+ dst[i] = '\0';
+ return dst;
+}
+
/** void LogCollectorStart() v0.4
* Handle file management.
*/
int i = 0, r = 0;
int max_file = 0;
int f_check = 0;
+ int curr_time = 0;
+ char keepalive[1024];
+
+
/* To check for inode changes */
struct stat tmp_stat;
{
logff[i].file = NULL;
logff[i].fp = NULL;
+ logff[i].size = 0;
if(logff[i].command)
{
logff[i].read = (void *)read_command;
+
+ verbose("%s: INFO: Monitoring output of command(%d): %s", ARGV0, logff[i].ign, logff[i].command);
+
+ if(!logff[i].alias)
+ {
+ os_strdup(logff[i].command, logff[i].alias);
+ }
}
else
{
ARGV0);
}
}
+ else if(strcmp(logff[i].logformat, "full_command") == 0)
+ {
+ logff[i].file = NULL;
+ logff[i].fp = NULL;
+ logff[i].size = 0;
+ if(logff[i].command)
+ {
+ logff[i].read = (void *)read_fullcommand;
+
+ verbose("%s: INFO: Monitoring full output of command(%d): %s", ARGV0, logff[i].ign, logff[i].command);
+
+ if(!logff[i].alias)
+ os_strdup(logff[i].command, logff[i].alias);
+ }
+ else
+ {
+ merror("%s: ERROR: Missing command argument. Ignoring it.",
+ ARGV0);
+ }
+ }
else
{
}
logff[i].read = (void *)read_djbmultilog;
}
+ else if(logff[i].logformat[0] >= '0' && logff[i].logformat[0] <= '9')
+ {
+ logff[i].read = (void *)read_multiline;
+ }
else
{
logff[i].read = (void *)read_syslog;
}
#endif
}
+
+ if(logff[i].alias)
+ {
+ int ii = 0;
+ while(logff[i].alias[ii] != '\0')
+ {
+ if(logff[i].alias[ii] == ':')
+ {
+ logff[i].alias[ii] = '\\';
+ }
+ ii++;
+ }
+ }
}
if(!logff[i].fp)
{
/* Run the command. */
- if((f_check == VCHECK_FILES) && logff[i].command)
+ if(logff[i].command && (f_check %2))
{
- logff[i].read(i, &r, 0);
+ curr_time = time(0);
+ if((curr_time - logff[i].size) >= logff[i].ign)
+ {
+ logff[i].size = curr_time;
+ logff[i].read(i, &r, 0);
+ }
}
continue;
}
/* Send keep alive message */
- SendMSG(logr_queue, "--MARK--", "ossec-keepalive", LOCALFILE_MQ);
+
+ rand_keepalive_str(keepalive, 700);
+ SendMSG(logr_queue, keepalive, "ossec-keepalive", LOCALFILE_MQ);
/* Zeroing f_check */