X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fanalysisd%2Foutput%2Fzeromq.c;fp=src%2Fanalysisd%2Foutput%2Fzeromq.c;h=0b31d22aaec0ee97bd7b7dc15feb0ec7ea66692e;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/analysisd/output/zeromq.c b/src/analysisd/output/zeromq.c new file mode 100644 index 0000000..0b31d22 --- /dev/null +++ b/src/analysisd/output/zeromq.c @@ -0,0 +1,135 @@ +/* Copyright (C) 2015 Trend Micro Inc. + * All rights reserved. + * + * This program is a free software; you can redistribute it + * and/or modify it under the terms of the GNU General Public + * License (version 2) as published by the FSF - Free Software + * Foundation. + */ + +#ifdef ZEROMQ_OUTPUT_ENABLED + +#include "zeromq.h" + +#include "shared.h" +#include "rules.h" +#include "format/to_json.h" + + +/* Global variables */ +#if CZMQ_VERSION_MAJOR == 2 +static zctx_t *zeromq_context; +static void *zeromq_pubsocket; +#elif CZMQ_VERSION_MAJOR >= 3 +zsock_t *zeromq_pubsocket; +zactor_t *auth; +#endif + +#if CZMQ_VERSION_MAJOR == 2 +void zeromq_output_start(const char *uri) +{ + int rc; + + debug1("%s: DEBUG: New ZeroMQ Context", ARGV0); + zeromq_context = zctx_new(); + if (zeromq_context == NULL) { + merror("%s: Unable to initialize ZeroMQ library", ARGV0); + return; + } + + debug1("%s: DEBUG: New ZeroMQ Socket: ZMQ_PUB", ARGV0); + zeromq_pubsocket = zsocket_new(zeromq_context, ZMQ_PUB); + if (zeromq_pubsocket == NULL) { + merror("%s: Unable to initialize ZeroMQ Socket", ARGV0); + return; + } + + debug1("%s: DEBUG: Listening on ZeroMQ Socket: %s", ARGV0, uri); + rc = zsocket_bind(zeromq_pubsocket, "%s", uri); + if (rc) { + merror("%s: Unable to bind the ZeroMQ Socket: %s.", ARGV0, uri); + return; + } +} +#elif CZMQ_VERSION_MAJOR >= 3 +void zeromq_output_start(const char *uri, const char *client_cert_path, const char *server_cert_path) +{ + int rc; + + debug1("%s: DEBUG: New ZeroMQ Socket: ZMQ_PUB", ARGV0); + zeromq_pubsocket = zsock_new(ZMQ_PUB); + if (zeromq_pubsocket == NULL) { + merror("%s: Unable to initialize ZeroMQ Socket", ARGV0); + return; + } + + if (zsys_has_curve()) { + if (client_cert_path && server_cert_path) { + debug1("%s: DEBUG: Initiating CURVE for ZeroMQ Socket", ARGV0); + auth = zactor_new(zauth, NULL); + if (!auth) { + merror("%s: Unable to start auth for ZeroMQ Sock", ARGV0); + } + zstr_sendx(auth, "CURVE", client_cert_path, NULL); + zsock_wait(auth); + + zcert_t *server_cert = zcert_load(server_cert_path); + if (!server_cert) { + merror("%s: Unable to load server certificate: %s.", ARGV0, server_cert_path); + } + + zcert_apply(server_cert, zeromq_pubsocket); + zsock_set_curve_server(zeromq_pubsocket, 1); + + zcert_destroy(&server_cert); + } + } + + debug1("%s: DEBUG: Listening on ZeroMQ Socket: %s", ARGV0, uri); + rc = zsock_bind(zeromq_pubsocket, "%s", uri); + if (rc) { + merror("%s: Unable to bind the ZeroMQ Socket: %s.", ARGV0, uri); + return; + } +} +#endif + +#if CZMQ_VERSION_MAJOR == 2 +void zeromq_output_end() +{ + zsocket_destroy(zeromq_context, zeromq_pubsocket); + zctx_destroy(&zeromq_context); +} +#elif CZMQ_VERSION_MAJOR >= 3 +void zeromq_output_end() +{ + zsock_destroy(&zeromq_pubsocket); + zactor_destroy(&auth); +} +#endif + +#if CZMQ_VERSION_MAJOR == 2 +void zeromq_output_event(const Eventinfo *lf) +{ + char *json_alert = Eventinfo_to_jsonstr(lf); + + zmsg_t *msg = zmsg_new(); + zmsg_addstr(msg, "ossec.alerts"); + zmsg_addstr(msg, json_alert); + zmsg_send(&msg, zeromq_pubsocket); + free(json_alert); +} +#elif ZMQ_VERSION_MAJOR >= 3 +void zeromq_output_event(const Eventinfo *lf) +{ + char *json_alert = Eventinfo_to_jsonstr(lf); + + zmsg_t *msg = zmsg_new(); + zmsg_addstr(msg, "ossec.alerts"); + zmsg_addstr(msg, json_alert); + zmsg_send(&msg, zeromq_pubsocket); + free(json_alert); +} +#endif + +#endif