-/* @(#) $Id: ./src/logcollector/read_ossecalert.c, 2012/03/30 dcid Exp $
- */
-
/* Copyright (C) 2012 Daniel B. Cid (http://dcid.me)
* All right reserved.
*
* Foundation
*/
-/* Read the syslog */
-
-
#include "shared.h"
#include "headers/read-alert.h"
#include "logcollector.h"
-
-/* Read syslog files/snort fast/apache files */
-void *read_ossecalert(int pos, int *rc, int drop_it)
+void *read_ossecalert(int pos, __attribute__((unused)) int *rc, int drop_it)
{
alert_data *al_data;
char user_msg[256];
char srcip_msg[256];
+ char syslog_msg[OS_SIZE_2048 + 1];
*rc = 0;
- char syslog_msg[OS_SIZE_2048 +1];
-
al_data = GetAlertData(0, logff[pos].fp);
- if(!al_data)
- {
- return(NULL);
+ if (!al_data) {
+ return (NULL);
}
+ memset(syslog_msg, '\0', OS_SIZE_2048 + 1);
- memset(syslog_msg, '\0', OS_SIZE_2048 +1);
-
-
-
- /* Adding source ip. */
- if(!al_data->srcip ||
- ((al_data->srcip[0] == '(') &&
- (al_data->srcip[1] == 'n') &&
- (al_data->srcip[2] == 'o')))
- {
+ /* Add source ip */
+ if (!al_data->srcip ||
+ ((al_data->srcip[0] == '(') &&
+ (al_data->srcip[1] == 'n') &&
+ (al_data->srcip[2] == 'o'))) {
srcip_msg[0] = '\0';
- }
- else
- {
+ } else {
snprintf(srcip_msg, 255, " srcip: %s;", al_data->srcip);
}
-
- /* Adding username. */
- if(!al_data->user ||
- ((al_data->user[0] == '(') &&
- (al_data->user[1] == 'n') &&
- (al_data->user[2] == 'o')))
- {
+ /* Add username */
+ if (!al_data->user ||
+ ((al_data->user[0] == '(') &&
+ (al_data->user[1] == 'n') &&
+ (al_data->user[2] == 'o'))) {
user_msg[0] = '\0';
- }
- else
- {
+ } else {
snprintf(user_msg, 255, " user: %s;", al_data->user);
}
-
- if(al_data->log[1] == NULL)
- {
- /* Building syslog message. */
+ if (al_data->log[1] == NULL) {
+ /* Build syslog message */
snprintf(syslog_msg, OS_SIZE_2048,
- "ossec: Alert Level: %d; Rule: %d - %s; "
- "Location: %s;%s%s %s",
- al_data->level, al_data->rule, al_data->comment,
- al_data->location,
- srcip_msg,
- user_msg,
- al_data->log[0]);
- }
- else
- {
+ "ossec: Alert Level: %d; Rule: %d - %s; "
+ "Location: %s;%s%s %s",
+ al_data->level, al_data->rule, al_data->comment,
+ al_data->location,
+ srcip_msg,
+ user_msg,
+ al_data->log[0]);
+ } else {
char *tmp_msg = NULL;
short int j = 0;
- while(al_data->log[j] != NULL)
- {
+ while (al_data->log[j] != NULL) {
tmp_msg = os_LoadString(tmp_msg, al_data->log[j]);
tmp_msg = os_LoadString(tmp_msg, "\n");
- if(tmp_msg == NULL)
- {
+ if (tmp_msg == NULL) {
FreeAlertData(al_data);
- return(NULL);
+ return (NULL);
}
j++;
}
- if(strlen(tmp_msg) > 1596)
- {
+
+ if (tmp_msg == NULL) {
+ FreeAlertData(al_data);
+ return (NULL);
+ }
+
+ if (strlen(tmp_msg) > 1596) {
tmp_msg[1594] = '.';
tmp_msg[1595] = '.';
tmp_msg[1596] = '.';
tmp_msg[1597] = '\0';
}
snprintf(syslog_msg, OS_SIZE_2048,
- "ossec: Alert Level: %d; Rule: %d - %s; "
- "Location: %s;%s%s %s",
- al_data->level, al_data->rule, al_data->comment,
- al_data->location,
- srcip_msg,
- user_msg,
- tmp_msg);
+ "ossec: Alert Level: %d; Rule: %d - %s; "
+ "Location: %s;%s%s %s",
+ al_data->level, al_data->rule, al_data->comment,
+ al_data->location,
+ srcip_msg,
+ user_msg,
+ tmp_msg);
+
+ free(tmp_msg);
}
-
- /* Clearing the memory */
+ /* Clear the memory */
FreeAlertData(al_data);
-
-
- /* Sending message to queue */
- if(drop_it == 0)
- {
- if(SendMSG(logr_queue,syslog_msg,logff[pos].file, LOCALFILE_MQ) < 0)
- {
+ /* Send message to queue */
+ if (drop_it == 0) {
+ if (SendMSG(logr_queue, syslog_msg, logff[pos].file, LOCALFILE_MQ) < 0) {
merror(QUEUE_SEND, ARGV0);
- if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
- {
+ if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
}
}
}
- return(NULL);
+ return (NULL);
}
-