X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Fdecoders%2Fplugins%2Fsymantecws_decoder.c;fp=src%2Fanalysisd%2Fdecoders%2Fplugins%2Fsymantecws_decoder.c;h=dac35a489f05d09d63428c43ac1527c39396fdc0;hp=5ee3ecc423adff0df0dec8451965b0d7e257ad30;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/src/analysisd/decoders/plugins/symantecws_decoder.c b/src/analysisd/decoders/plugins/symantecws_decoder.c
index 5ee3ecc..dac35a4 100644
--- a/src/analysisd/decoders/plugins/symantecws_decoder.c
+++ b/src/analysisd/decoders/plugins/symantecws_decoder.c
@@ -1,6 +1,3 @@
-/* @(#) $Id: ./src/analysisd/decoders/plugins/symantecws_decoder.c, 2011/09/08 dcid Exp $
- */
-
 /* Copyright (C) 2009 Trend Micro Inc.
  * All rights reserved.
  *
@@ -8,25 +5,22 @@
  * and/or modify it under the terms of the GNU General Public
  * License (version 2) as published by the FSF - Free Software
  * Foundation.
- *
- * License details at the LICENSE file included with OSSEC or
- * online at: http://www.ossec.net/en/licensing.html
  */
 
+#include "../plugin_decoders.h"
+
 #include "shared.h"
 #include "eventinfo.h"
 
 
-/* Symantec Web Security decoder init */
 void *SymantecWS_Decoder_Init()
 {
     debug1("%s: Initializing SymantecWS decoder..", ARGV0);
 
     /* There is nothing to do over here */
-    return(NULL);
+    return (NULL);
 }
 
-
 /* Symantec Web Security decoder
  * Will extract the action, srcip, id, url and username.
  *
@@ -38,113 +32,98 @@ void *SymantecWS_Decoder_Init()
 void *SymantecWS_Decoder_Exec(Eventinfo *lf)
 {
     int count = 0;
-    char buf_str[OS_SIZE_1024 +1];
+    char buf_str[OS_SIZE_1024 + 1];
     char *tmp_str = NULL;
 
-    /* Initializing buffer */
+    /* Initialize buffer */
     buf_str[0] = '\0';
     buf_str[OS_SIZE_1024] = '\0';
 
-
-    /* Removing date and time */
-    if(!(tmp_str = strchr(lf->log, ',')))
-    {
-        return(NULL);
+    /* Remove date and time */
+    if (!(tmp_str = strchr(lf->log, ','))) {
+        return (NULL);
     }
-    if(!(tmp_str = strchr(tmp_str, ',')))
-    {
-        return(NULL);
+    if (!(tmp_str = strchr(tmp_str, ','))) {
+        return (NULL);
     }
     tmp_str++;
 
-
-    /* Getting all the values */
-    while(tmp_str != NULL)
-    {
-        /* Checking if we have the username */
-        if(strncmp(tmp_str, "10=", 3) == 0)
-        {
+    /* Get all the values */
+    while (tmp_str != NULL) {
+        /* Check if we have the username */
+        if (strncmp(tmp_str, "10=", 3) == 0) {
             count = 0;
-            tmp_str+=3;
-            while(*tmp_str != '\0' && count < 128 && *tmp_str != ',')
-            {
+            tmp_str += 3;
+            while (*tmp_str != '\0' && count < 128 && *tmp_str != ',') {
                 buf_str[count] = *tmp_str;
-                count++; tmp_str++;
+                count++;
+                tmp_str++;
             }
             buf_str[count] = '\0';
 
-            if(!lf->dstuser)
-            {
+            if (!lf->dstuser) {
                 os_strdup(buf_str, lf->dstuser);
             }
         }
 
-        /* Checking the ip address */
-        else if(strncmp(tmp_str, "11=", 3) == 0)
-        {
+        /* Check the IP address */
+        else if (strncmp(tmp_str, "11=", 3) == 0) {
             count = 0;
-            tmp_str+=3;
-            while(*tmp_str != '\0' && count < 128 && *tmp_str != ',')
-            {
+            tmp_str += 3;
+            while (*tmp_str != '\0' && count < 128 && *tmp_str != ',') {
                 buf_str[count] = *tmp_str;
-                count++; tmp_str++;
+                count++;
+                tmp_str++;
             }
             buf_str[count] = '\0';
 
-            /* Avoiding memory leaks -- only adding the first one */
-            if(!lf->srcip)
-            {
+            /* Avoid memory leaks -- only adding the first one */
+            if (!lf->srcip) {
                 os_strdup(buf_str, lf->srcip);
             }
         }
 
-        /* Getting the URL */
-        else if(strncmp(tmp_str, "60=", 3) == 0)
-        {
+        /* Get the URL */
+        else if (strncmp(tmp_str, "60=", 3) == 0) {
             count = 0;
-            tmp_str+=3;
-            while(*tmp_str != '\0' && count < OS_SIZE_1024 && *tmp_str != ',')
-            {
+            tmp_str += 3;
+            while (*tmp_str != '\0' && count < OS_SIZE_1024 && *tmp_str != ',') {
                 buf_str[count] = *tmp_str;
-                count++; tmp_str++;
+                count++;
+                tmp_str++;
             }
             buf_str[count] = '\0';
 
-            /* Avoiding memory leaks -- only adding the first one */
-            if(!lf->url)
-            {
+            /* Avoid memory leaks -- only adding the first one */
+            if (!lf->url) {
                 os_strdup(buf_str, lf->url);
             }
         }
 
-        /* Getting ID */
-        else if((strncmp(tmp_str, "3=", 2) == 0) ||
-                (strncmp(tmp_str, "2=", 2) == 0))
-        {
+        /* Get ID */
+        else if ((strncmp(tmp_str, "3=", 2) == 0) ||
+                 (strncmp(tmp_str, "2=", 2) == 0)) {
             count = 0;
-            while(*tmp_str != '\0' && count < 9)
-            {
+            while (*tmp_str != '\0' && count < 9) {
                 buf_str[count] = *tmp_str;
-                count++; tmp_str++;
+                count++;
+                tmp_str++;
             }
             buf_str[count] = '\0';
 
-            /* Avoiding memory leaks -- only adding the first one */
-            if(!lf->id)
-            {
+            /* Avoid memory leaks -- only adding the first one */
+            if (!lf->id) {
                 os_strdup(buf_str, lf->id);
             }
         }
 
-        /* Getting next entry */
+        /* Get next entry */
         tmp_str = strchr(tmp_str, ',');
-        if(tmp_str)
-        {
+        if (tmp_str) {
             tmp_str++;
         }
     }
 
-    return(NULL);
+    return (NULL);
 }
 
-/* END Decoder */