X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fconfig%2Fcsyslogd-config.c;h=77d268e6694021cef6038af4e11694160631df43;hp=1ce60821fe2125a5bb6cf3b182a088222150ea47;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/config/csyslogd-config.c b/src/config/csyslogd-config.c index 1ce6082..77d268e 100644 --- a/src/config/csyslogd-config.c +++ b/src/config/csyslogd-config.c @@ -1,4 +1,5 @@ -/* @(#) $Id$ */ +/* @(#) $Id: ./src/config/csyslogd-config.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. @@ -34,7 +35,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) GeneralConfig *gen_config = (GeneralConfig *)config; SyslogConfig **syslog_config = (SyslogConfig **)gen_config->data; - + /* Getting Granular mail_to size */ if(syslog_config) { @@ -42,7 +43,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) s++; } - + /* Allocating the memory for the config. */ os_realloc(syslog_config, (s + 2) * sizeof(SyslogConfig *), syslog_config); os_calloc(1, sizeof(SyslogConfig), syslog_config[s]); @@ -56,6 +57,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) syslog_config[s]->location = NULL; syslog_config[s]->level = 0; syslog_config[s]->port = 514; + syslog_config[s]->format = DEFAULT_CSYSLOG; /* local 0 facility (16) + severity 4 - warning. --default */ syslog_config[s]->priority = (16 * 8) + 4; @@ -116,24 +118,24 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) else if(isdigit((int)*str_pt)) { int id_i = 0; - + r_id = atoi(str_pt); debug1("%s: DEBUG: Adding '%d' to syslog alerting", ARGV0, r_id); - + if(syslog_config[s]->rule_id) { while(syslog_config[s]->rule_id[id_i]) id_i++; } - + os_realloc(syslog_config[s]->rule_id, (id_i +2) * sizeof(int), syslog_config[s]->rule_id); - + syslog_config[s]->rule_id[id_i + i] = 0; syslog_config[s]->rule_id[id_i] = r_id; - + str_pt = strchr(str_pt, ','); if(str_pt) { @@ -165,6 +167,21 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) { /* Default is full format */ } + else if (strcmp(node[i]->content, "cef") == 0) + { + /* Enable the CEF format */ + syslog_config[s]->format = CEF_CSYSLOG; + } + else if (strcmp(node[i]->content, "json") == 0) + { + /* Enable the JSON format */ + syslog_config[s]->format = JSON_CSYSLOG; + } + else if (strcmp(node[i]->content, "splunk") == 0) + { + /* Enable the Splunk Key/Value format */ + syslog_config[s]->format = SPLUNK_CSYSLOG; + } else { merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content); @@ -174,7 +191,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) else if(strcmp(node[i]->element, xml_syslog_location) == 0) { os_calloc(1, sizeof(OSMatch),syslog_config[s]->location); - if(!OSMatch_Compile(node[i]->content, + if(!OSMatch_Compile(node[i]->content, syslog_config[s]->location, 0)) { merror(REGEX_COMPILE, ARGV0, node[i]->content, @@ -185,7 +202,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) else if(strcmp(node[i]->element, xml_syslog_group) == 0) { os_calloc(1, sizeof(OSMatch),syslog_config[s]->group); - if(!OSMatch_Compile(node[i]->content, + if(!OSMatch_Compile(node[i]->content, syslog_config[s]->group, 0)) { merror(REGEX_COMPILE, ARGV0, node[i]->content, @@ -208,7 +225,7 @@ int Read_CSyslog(XML_NODE node, void *config, void *config2) merror(XML_INV_CSYSLOG, ARGV0); return(OS_INVALID); } - + gen_config->data = syslog_config; return(0);