X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Flogcollector%2Fread_djb_multilog.c;fp=src%2Flogcollector%2Fread_djb_multilog.c;h=43c57ba5bfc400bfa577f07ef7f8c3ebd2d58142;hp=be4f56fc1b5fd6964ad45b542dd74b024a7023ed;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/logcollector/read_djb_multilog.c b/src/logcollector/read_djb_multilog.c old mode 100755 new mode 100644 index be4f56f..43c57ba --- a/src/logcollector/read_djb_multilog.c +++ b/src/logcollector/read_djb_multilog.c @@ -1,6 +1,3 @@ -/* @(#) $Id: ./src/logcollector/read_djb_multilog.c, 2011/09/08 dcid Exp $ - */ - /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * @@ -8,217 +5,169 @@ * and/or modify it under the terms of the GNU General Public * License (version 2) as published by the FSF - Free Software * Foundation. - * - * License details at the LICENSE file included with OSSEC or - * online at: http://www.ossec.net/en/licensing.html */ /* Read DJB multilog */ - #include "shared.h" #include "logcollector.h" -/* To translante between month (int) to month (char) */ -char *(djb_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug", - "Sep","Oct","Nov","Dec"}; - -char djb_host[512 +1]; +/* To translate between month (int) to month (char) */ +static const char *(djb_month[]) = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; +static char djb_host[512 + 1]; - -/* Initializes multilog. */ +/* Initialize multilog */ int init_djbmultilog(int pos) { char *djbp_name = NULL; char *tmp_str = NULL; - logff[pos].djb_program_name = NULL; + /* Initialize hostname */ + memset(djb_host, '\0', 512 + 1); - /* Initializing hostname. */ - memset(djb_host, '\0', 512 +1); - - #ifndef WIN32 - if(gethostname(djb_host, 512 -1) != 0) - { - strncpy(djb_host, "unknown", 512 -1); - } - else - { +#ifndef WIN32 + if (gethostname(djb_host, 512 - 1) != 0) { + strncpy(djb_host, "unknown", 512 - 1); + } else { char *_ltmp; /* Remove domain part if available */ _ltmp = strchr(djb_host, '.'); - if(_ltmp) + if (_ltmp) { *_ltmp = '\0'; + } } - #else - strncpy(djb_host, "win32", 512 -1); - #endif - - +#else + strncpy(djb_host, "win32", 512 - 1); +#endif /* Multilog must be in the following format: /path/program_name/current */ tmp_str = strrchr(logff[pos].file, '/'); - if(!tmp_str) - return(0); - - - /* Must end with /current and must not be in the beginning of the string. */ - if((strcmp(tmp_str, "/current") != 0) || (tmp_str == logff[pos].file)) - { - return(0); + if (!tmp_str) { + return (0); } + /* Must end with /current and must not be in the beginning of the string */ + if ((strcmp(tmp_str, "/current") != 0) || (tmp_str == logff[pos].file)) { + return (0); + } tmp_str[0] = '\0'; - - /* Getting final name. */ + /* Get final name */ djbp_name = strrchr(logff[pos].file, '/'); - if(djbp_name == logff[pos].file) - { + if (djbp_name == logff[pos].file) { tmp_str[0] = '/'; - return(0); + return (0); } - - os_strdup(djbp_name+1, logff[pos].djb_program_name); + os_strdup(djbp_name + 1, logff[pos].djb_program_name); tmp_str[0] = '/'; - verbose("%s: INFO: Using program name '%s' for DJB multilog file: '%s'.", ARGV0, logff[pos].djb_program_name, logff[pos].file); - - return(1); + return (1); } - - -/* Read DJB multilog. */ void *read_djbmultilog(int pos, int *rc, int drop_it) { - int str_len = 0; + size_t str_len = 0; int need_clear = 0; char *p; char str[OS_MAXSTR + 1]; char buffer[OS_MAXSTR + 1]; - str[OS_MAXSTR]= '\0'; + str[OS_MAXSTR] = '\0'; *rc = 0; - - /* Must have a valid program name. */ - if(!logff[pos].djb_program_name) - { - return(NULL); + /* Must have a valid program name */ + if (!logff[pos].djb_program_name) { + return (NULL); } - - - /* Getting new entry */ - while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) - { - - /* Getting buffer size */ + /* Get new entry */ + while (fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) { + /* Get buffer size */ str_len = strlen(str); - - /* Getting the last occurence of \n */ - if ((p = strrchr(str, '\n')) != NULL) - { + /* Getting the last occurrence of \n */ + if ((p = strrchr(str, '\n')) != NULL) { *p = '\0'; - /* If need clear is set, we just get the line and ignore it. */ - if(need_clear) - { + /* If need_clear is set, we just get the line and ignore it */ + if (need_clear) { need_clear = 0; continue; } - } - else - { + } else { need_clear = 1; } - /* Multilog messages have the following format: * @40000000463246020c2ca16c xx... */ - if((str_len > 26) && - (str[0] == '@') && - isalnum((int)str[1]) && - isalnum((int)str[2]) && - isalnum((int)str[3]) && - isalnum((int)str[24]) && - (str[25] == ' ')) - { - /* Removing spaces and tabs */ + if ((str_len > 26) && + (str[0] == '@') && + isalnum((int)str[1]) && + isalnum((int)str[2]) && + isalnum((int)str[3]) && + isalnum((int)str[24]) && + (str[25] == ' ')) { + /* Remove spaces and tabs */ p = str + 26; - while(*p == ' ' || *p == '\t') - { + while (*p == ' ' || *p == '\t') { p++; } - - /* If message has a valid syslog header, send as is. */ - if((str_len > 44) && - (p[3] == ' ') && - (p[6] == ' ') && - (p[9] == ':') && - (p[12] == ':') && - (p[15] == ' ')) - { - p+=16; + /* If message has a valid syslog header, send as is */ + if ((str_len > 44) && + (p[3] == ' ') && + (p[6] == ' ') && + (p[9] == ':') && + (p[12] == ':') && + (p[15] == ' ')) { + p += 16; strncpy(buffer, p, OS_MAXSTR); - } - else - { - /* We will add a proper syslog header. */ + } else { + /* We will add a proper syslog header */ time_t djbtime; struct tm *pt; - djbtime = time(NULL); pt = localtime(&djbtime); - /* Syslog time: Apr 27 14:50:32 */ snprintf(buffer, OS_MAXSTR, "%s %02d %02d:%02d:%02d %s %s: %s", - djb_month[pt->tm_mon], - pt->tm_mday, - pt->tm_hour, - pt->tm_min, - pt->tm_sec, - djb_host, - logff[pos].djb_program_name, - p); + djb_month[pt->tm_mon], + pt->tm_mday, + pt->tm_hour, + pt->tm_min, + pt->tm_sec, + djb_host, + logff[pos].djb_program_name, + p); } } - - else - { + else { debug2("%s: DEBUG: Invalid DJB log: '%s'", ARGV0, str); continue; } - debug2("%s: DEBUG: Reading DJB multilog message: '%s'", ARGV0, buffer); - - /* Sending message to queue */ - if(drop_it == 0) - { - if(SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0) - { + /* Send message to queue */ + if (drop_it == 0) { + if (SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0) { merror(QUEUE_SEND, ARGV0); - if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0) - { + if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) { ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH); } } @@ -227,7 +176,6 @@ void *read_djbmultilog(int pos, int *rc, int drop_it) continue; } - return(NULL); + return (NULL); } -/* EOF */