X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Falerts%2Fgetloglocation.c;fp=src%2Fanalysisd%2Falerts%2Fgetloglocation.c;h=5a500907f72da3157447b4aa1f170388e74464b7;hp=652696a8eea3ad71143fafcb3f5ff7da28d470c0;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/analysisd/alerts/getloglocation.c b/src/analysisd/alerts/getloglocation.c old mode 100755 new mode 100644 index 652696a..5a50090 --- a/src/analysisd/alerts/getloglocation.c +++ b/src/analysisd/alerts/getloglocation.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/analysisd/alerts/getloglocation.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * @@ -10,190 +7,282 @@ * Foundation */ - /* Get the log directory/file based on the day/month/year */ - -/* analysisd headers */ #include "getloglocation.h" +#include "config.h" + +/* Global definitions */ +FILE *_eflog; +FILE *_aflog; +FILE *_fflog; +FILE *_jflog; +FILE *_ejflog; + +/* Global variables */ +static int __crt_day; +static char __elogfile[OS_FLSIZE + 1]; +static char __alogfile[OS_FLSIZE + 1]; +static char __flogfile[OS_FLSIZE + 1]; +static char __jlogfile[OS_FLSIZE + 1]; +static char __ejlogfile[OS_FLSIZE + 1]; -int __crt_day; -char __elogfile[OS_FLSIZE+1]; -char __alogfile[OS_FLSIZE+1]; -char __flogfile[OS_FLSIZE+1]; - -/* OS_InitLog */ void OS_InitLog() { OS_InitFwLog(); __crt_day = 0; - /* alerts and events log file */ - memset(__alogfile,'\0',OS_FLSIZE +1); - memset(__elogfile,'\0',OS_FLSIZE +1); - memset(__flogfile,'\0',OS_FLSIZE +1); + /* Alerts and events log file */ + memset(__alogfile, '\0', OS_FLSIZE + 1); + memset(__elogfile, '\0', OS_FLSIZE + 1); + memset(__flogfile, '\0', OS_FLSIZE + 1); + memset(__jlogfile, '\0', OS_FLSIZE + 1); + memset(__ejlogfile, '\0', OS_FLSIZE + 1); _eflog = NULL; _aflog = NULL; _fflog = NULL; + _jflog = NULL; + _ejflog = NULL; - /* Setting the umask */ + /* Set the umask */ umask(0027); } - -/* gzips a log file -int OS_CompressLog(int yesterday, char *prev_month, int prev_year) - - -- moved to monitord. -*/ - - - - -/* OS_GetLogLocation: v0.1, 2005/04/25 */ -int OS_GetLogLocation(Eventinfo *lf) +int OS_GetLogLocation(const Eventinfo *lf) { - /* Checking what directories to create - * Checking if the year directory is there. + /* Check what directories to create + * Check if the year directory is there * If not, create it. Same for the month directory. */ - + + /* For the events */ - if(_eflog) - { - if(ftell(_eflog) == 0) + if (_eflog) { + if (ftell(_eflog) == 0) { unlink(__elogfile); + } fclose(_eflog); _eflog = NULL; } - snprintf(__elogfile,OS_FLSIZE,"%s/%d/", EVENTS, lf->year); - if(IsDir(__elogfile) == -1) - if(mkdir(__elogfile,0770) == -1) - { - ErrorExit(MKDIR_ERROR,ARGV0,__elogfile); + snprintf(__elogfile, OS_FLSIZE, "%s/%d/", EVENTS, lf->year); + if (IsDir(__elogfile) == -1) + if (mkdir(__elogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __elogfile, errno, strerror(errno)); } - snprintf(__elogfile,OS_FLSIZE,"%s/%d/%s", EVENTS, lf->year,lf->mon); + snprintf(__elogfile, OS_FLSIZE, "%s/%d/%s", EVENTS, lf->year, lf->mon); - if(IsDir(__elogfile) == -1) - if(mkdir(__elogfile,0770) == -1) - { - ErrorExit(MKDIR_ERROR,ARGV0,__elogfile); + if (IsDir(__elogfile) == -1) + if (mkdir(__elogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __elogfile, errno, strerror(errno)); } + /* Create the logfile name */ + snprintf(__elogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log", + EVENTS, + lf->year, + lf->mon, + "archive", + lf->day); + + _eflog = fopen(__elogfile, "a"); + if (!_eflog) { + ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __elogfile); + } - /* Creating the logfile name */ - snprintf(__elogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log", - EVENTS, - lf->year, - lf->mon, - "archive", - lf->day); + /* Create a symlink */ + unlink(EVENTS_DAILY); + if (link(__elogfile, EVENTS_DAILY) == -1) { + ErrorExit(LINK_ERROR, ARGV0, __elogfile, EVENTS_DAILY, errno, strerror(errno)); + } + /* For the events in JSON */ + if (Config.logall_json) { + /* Create the json archives logfile name */ + + if (_ejflog) { + if (ftell(_ejflog) == 0) { + unlink(__ejlogfile); + } + fclose(_ejflog); + _ejflog = NULL; + } - _eflog = fopen(__elogfile,"a"); - if(!_eflog) - ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__elogfile); + snprintf(__ejlogfile, OS_FLSIZE, "%s/%d/", EVENTS, lf->year); + if (IsDir(__ejlogfile) == -1) + if (mkdir(__ejlogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __ejlogfile, errno, strerror(errno)); + } + + snprintf(__ejlogfile, OS_FLSIZE, "%s/%d/%s", EVENTS, lf->year, lf->mon); + + if (IsDir(__ejlogfile) == -1) + if (mkdir(__ejlogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __ejlogfile, errno, strerror(errno)); + } - /* Creating a symlink */ - unlink(EVENTS_DAILY); - link(__elogfile, EVENTS_DAILY); + snprintf(__ejlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json", + EVENTS, + lf->year, + lf->mon, + "archive", + lf->day); - /* for the alerts logs */ - if(_aflog) - { - if(ftell(_aflog) == 0) + _ejflog = fopen(__ejlogfile, "a"); + + if (!_ejflog) { + ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __ejlogfile); + } + + /* Create a symlink */ + unlink(EVENTSJSON_DAILY); + + if (link(__ejlogfile, EVENTSJSON_DAILY) == -1) { + ErrorExit(LINK_ERROR, ARGV0, __ejlogfile, EVENTSJSON_DAILY, errno, strerror(errno)); + } + } + + /* For the alerts logs */ + if (_aflog) { + if (ftell(_aflog) == 0) { unlink(__alogfile); + } fclose(_aflog); _aflog = NULL; } - snprintf(__alogfile,OS_FLSIZE,"%s/%d/", ALERTS, lf->year); - if(IsDir(__alogfile) == -1) - if(mkdir(__alogfile,0770) == -1) - { - ErrorExit(MKDIR_ERROR,ARGV0,__alogfile); + snprintf(__alogfile, OS_FLSIZE, "%s/%d/", ALERTS, lf->year); + if (IsDir(__alogfile) == -1) + if (mkdir(__alogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __alogfile, errno, strerror(errno)); } - snprintf(__alogfile,OS_FLSIZE,"%s/%d/%s", ALERTS, lf->year,lf->mon); + snprintf(__alogfile, OS_FLSIZE, "%s/%d/%s", ALERTS, lf->year, lf->mon); - if(IsDir(__alogfile) == -1) - if(mkdir(__alogfile,0770) == -1) - { - ErrorExit(MKDIR_ERROR,ARGV0,__alogfile); + if (IsDir(__alogfile) == -1) + if (mkdir(__alogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __alogfile, errno, strerror(errno)); } + /* Create the logfile name */ + snprintf(__alogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log", + ALERTS, + lf->year, + lf->mon, + "alerts", + lf->day); - /* Creating the logfile name */ - snprintf(__alogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log", - ALERTS, - lf->year, - lf->mon, - "alerts", - lf->day); - - _aflog = fopen(__alogfile,"a"); + _aflog = fopen(__alogfile, "a"); - if(!_aflog) - ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__alogfile); + if (!_aflog) { + ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __alogfile); + } - /* Creating a symlink */ + /* Create a symlink */ unlink(ALERTS_DAILY); - link(__alogfile, ALERTS_DAILY); + if (link(__alogfile, ALERTS_DAILY) == -1) { + ErrorExit(LINK_ERROR, ARGV0, __alogfile, ALERTS_DAILY, errno, strerror(errno)); + } + + if (Config.jsonout_output) { + + if (_jflog) { + if (ftell(_jflog) == 0) { + unlink(__jlogfile); + } + fclose(_jflog); + _jflog = NULL; + } + + snprintf(__jlogfile, OS_FLSIZE, "%s/%d/", ALERTS, lf->year); + if (IsDir(__jlogfile) == -1) + if (mkdir(__jlogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __jlogfile, errno, strerror(errno)); + } + + snprintf(__jlogfile, OS_FLSIZE, "%s/%d/%s", ALERTS, lf->year, lf->mon); + + if (IsDir(__jlogfile) == -1) + if (mkdir(__jlogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __jlogfile, errno, strerror(errno)); + } + + + + /* Create the json logfile name */ + snprintf(__jlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json", + ALERTS, + lf->year, + lf->mon, + "alerts", + lf->day); + + _jflog = fopen(__jlogfile, "a"); + + if (!_jflog) { + ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __jlogfile); + } + + /* Create a symlink */ + unlink(ALERTSJSON_DAILY); + + if (link(__jlogfile, ALERTSJSON_DAILY) == -1) { + ErrorExit(LINK_ERROR, ARGV0, __jlogfile, ALERTSJSON_DAILY, errno, strerror(errno)); + } + + } /* For the firewall events */ - if(_fflog) - { - if(ftell(_fflog) == 0) + if (_fflog) { + if (ftell(_fflog) == 0) { unlink(__flogfile); + } fclose(_fflog); _fflog = NULL; } - snprintf(__flogfile,OS_FLSIZE,"%s/%d/", FWLOGS, lf->year); - if(IsDir(__flogfile) == -1) - if(mkdir(__flogfile,0770) == -1) - { - ErrorExit(MKDIR_ERROR,ARGV0,__flogfile); + snprintf(__flogfile, OS_FLSIZE, "%s/%d/", FWLOGS, lf->year); + if (IsDir(__flogfile) == -1) + if (mkdir(__flogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __flogfile, errno, strerror(errno)); } - snprintf(__flogfile,OS_FLSIZE,"%s/%d/%s", FWLOGS, lf->year,lf->mon); + snprintf(__flogfile, OS_FLSIZE, "%s/%d/%s", FWLOGS, lf->year, lf->mon); - if(IsDir(__flogfile) == -1) - if(mkdir(__flogfile,0770) == -1) - { - ErrorExit(MKDIR_ERROR,ARGV0,__flogfile); + if (IsDir(__flogfile) == -1) + if (mkdir(__flogfile, 0770) == -1) { + ErrorExit(MKDIR_ERROR, ARGV0, __flogfile, errno, strerror(errno)); } + /* Create the logfile name */ + snprintf(__flogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log", + FWLOGS, + lf->year, + lf->mon, + "firewall", + lf->day); - /* Creating the logfile name */ - snprintf(__flogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log", - FWLOGS, - lf->year, - lf->mon, - "firewall", - lf->day); - - _fflog = fopen(__flogfile,"a"); - - if(!_fflog) - ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__flogfile); + _fflog = fopen(__flogfile, "a"); + if (!_fflog) { + ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __flogfile); + } - /* Creating a symlink */ + /* Create a symlink */ unlink(FWLOGS_DAILY); - link(__flogfile, FWLOGS_DAILY); + if (link(__flogfile, FWLOGS_DAILY) == -1) { + ErrorExit(LINK_ERROR, ARGV0, __flogfile, FWLOGS_DAILY, errno, strerror(errno)); + } /* Setting the new day */ __crt_day = lf->day; - return(0); + return (0); } -/* EOF */