X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Flogcollector%2Flogcollector.c;fp=src%2Flogcollector%2Flogcollector.c;h=5e3e3a254434cf74dc5c1e18a5bdb189233466c8;hp=f14f007ac1447d22edec9802d0c3772b75a70ec1;hb=a62b46c229549212d536867b7e5e24d7576ebe8b;hpb=d623b82886b9b5fbba3fa27c3bfac51f3f8af108 diff --git a/src/logcollector/logcollector.c b/src/logcollector/logcollector.c index f14f007..5e3e3a2 100755 --- a/src/logcollector/logcollector.c +++ b/src/logcollector/logcollector.c @@ -1,11 +1,11 @@ -/* @(#) $Id: logcollector.c,v 1.59 2009/11/03 21:07:32 dcid Exp $ */ +/* @(#) $Id$ */ /* Copyright (C) 2009 Trend Micro Inc. * All right reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation */ @@ -20,6 +20,22 @@ int _cday = 0; int update_fname(int i); +char *rand_keepalive_str(char *dst, int size) +{ + static const char text[] = "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "0123456789" + "!@#$%^&*()_+-=;'[],./?"; + int i, len = rand() % (size - 10); + strncpy(dst, "--MARK--: ", 12); + for ( i = 10; i < len; ++i ) + { + dst[i] = text[rand() % (sizeof text - 1)]; + } + dst[i] = '\0'; + return dst; +} + /** void LogCollectorStart() v0.4 * Handle file management. */ @@ -28,6 +44,10 @@ void LogCollectorStart() int i = 0, r = 0; int max_file = 0; int f_check = 0; + int curr_time = 0; + char keepalive[1024]; + + /* To check for inode changes */ struct stat tmp_stat; @@ -99,10 +119,18 @@ void LogCollectorStart() { logff[i].file = NULL; logff[i].fp = NULL; + logff[i].size = 0; if(logff[i].command) { logff[i].read = (void *)read_command; + + verbose("%s: INFO: Monitoring output of command(%d): %s", ARGV0, logff[i].ign, logff[i].command); + + if(!logff[i].alias) + { + os_strdup(logff[i].command, logff[i].alias); + } } else { @@ -110,6 +138,26 @@ void LogCollectorStart() ARGV0); } } + else if(strcmp(logff[i].logformat, "full_command") == 0) + { + logff[i].file = NULL; + logff[i].fp = NULL; + logff[i].size = 0; + if(logff[i].command) + { + logff[i].read = (void *)read_fullcommand; + + verbose("%s: INFO: Monitoring full output of command(%d): %s", ARGV0, logff[i].ign, logff[i].command); + + if(!logff[i].alias) + os_strdup(logff[i].command, logff[i].alias); + } + else + { + merror("%s: ERROR: Missing command argument. Ignoring it.", + ARGV0); + } + } else { @@ -173,6 +221,10 @@ void LogCollectorStart() } logff[i].read = (void *)read_djbmultilog; } + else if(logff[i].logformat[0] >= '0' && logff[i].logformat[0] <= '9') + { + logff[i].read = (void *)read_multiline; + } else { logff[i].read = (void *)read_syslog; @@ -189,6 +241,19 @@ void LogCollectorStart() } #endif } + + if(logff[i].alias) + { + int ii = 0; + while(logff[i].alias[ii] != '\0') + { + if(logff[i].alias[ii] == ':') + { + logff[i].alias[ii] = '\\'; + } + ii++; + } + } } @@ -243,9 +308,14 @@ void LogCollectorStart() if(!logff[i].fp) { /* Run the command. */ - if((f_check == VCHECK_FILES) && logff[i].command) + if(logff[i].command && (f_check %2)) { - logff[i].read(i, &r, 0); + curr_time = time(0); + if((curr_time - logff[i].size) >= logff[i].ign) + { + logff[i].size = curr_time; + logff[i].read(i, &r, 0); + } } continue; } @@ -338,7 +408,9 @@ void LogCollectorStart() /* Send keep alive message */ - SendMSG(logr_queue, "--MARK--", "ossec-keepalive", LOCALFILE_MQ); + + rand_keepalive_str(keepalive, 700); + SendMSG(logr_queue, keepalive, "ossec-keepalive", LOCALFILE_MQ); /* Zeroing f_check */