X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Fos_dbd%2Falert.c;h=991157c4ab75eeb6705220bffbbb299f4dee0034;hp=56fd1a35f57f9f525d1fbd6677bf9a1c10dcec7a;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a diff --git a/src/os_dbd/alert.c b/src/os_dbd/alert.c index 56fd1a3..991157c 100755 --- a/src/os_dbd/alert.c +++ b/src/os_dbd/alert.c @@ -1,11 +1,12 @@ -/* @(#) $Id: alert.c,v 1.8 2009/06/24 17:06:29 dcid Exp $ */ +/* @(#) $Id: ./src/os_dbd/alert.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation * * License details at the LICENSE file included with OSSEC or @@ -78,7 +79,7 @@ int __DBSelectLocation(char *location, DBConfig *db_config) int __DBInsertLocation(char *location, DBConfig *db_config) { char sql_query[OS_SIZE_1024]; - + memset(sql_query, '\0', OS_SIZE_1024); /* Generating SQL */ @@ -106,14 +107,18 @@ int __DBInsertLocation(char *location, DBConfig *db_config) */ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config) { + int i; unsigned int s_ip = 0, d_ip = 0, location_id = 0; + unsigned short s_port = 0, d_port = 0; int *loc_id; - char sql_query[OS_SIZE_2048 +1]; + char sql_query[OS_SIZE_8192 +1]; + char *fulllog = NULL; /* Clearing the memory before insert */ - memset(sql_query, '\0', OS_SIZE_2048 +1); - + sql_query[0] = '\0'; + sql_query[OS_SIZE_8192] = '\0'; + /* Converting srcip to int */ if(al_data->srcip) @@ -126,18 +131,34 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config) s_ip = net.s_addr; } } - d_ip = 0; + + /* Converting dstip to int */ + if(al_data->dstip) + { + struct in_addr net; + + /* Extracting ip address */ + if(inet_aton(al_data->dstip, &net)) + { + d_ip = net.s_addr; + } + } + + /* Source Port */ + s_port = al_data->srcport; + + /* Destination Port */ + d_port = al_data->dstport; /* Escaping strings */ osdb_escapestr(al_data->user); - osdb_escapestr(al_data->log[0]); /* We first need to insert the location */ loc_id = OSHash_Get(db_config->location_hash, al_data->location); - - + + /* If we dont have location id, we must select and/or insert in the db */ if(!loc_id) { @@ -151,7 +172,7 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config) if(!location_id) { - merror("%s: Unable to insert location: '%s'.", + merror("%s: Unable to insert location: '%s'.", ARGV0, al_data->location); return(0); } @@ -162,45 +183,75 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config) *loc_id = location_id; OSHash_Add(db_config->location_hash, al_data->location, loc_id); } - + + + i = 0; + while(al_data->log[i]) + { + long len = strlen(al_data->log[i]); + char templog[len+2]; + if (al_data->log[i+1]) { + snprintf(templog, len, "%s\n", al_data->log[i]); + } + else { + snprintf(templog, len, "%s", al_data->log[i]); + } + fulllog = os_LoadString(fulllog, templog); +// fulllog = os_LoadString(fulllog, al_data->log[i]); + i++; + } + osdb_escapestr(fulllog); + if(strlen(fulllog) > 7456) + { + fulllog[7454] = '.'; + fulllog[7455] = '.'; + fulllog[7456] = '\0'; + } + /* Inserting data */ if(db_config->db_type == POSTGDB) { /* On postgres we need to escape the user field. */ - snprintf(sql_query, OS_SIZE_2048, + snprintf(sql_query, OS_SIZE_8192, "INSERT INTO " "data(id, server_id, \"user\", full_log) " "VALUES ('%u', '%u', '%s', '%s') ", - db_config->alert_id, db_config->server_id, - al_data->user, al_data->log[0]); + db_config->alert_id, db_config->server_id, + al_data->user, fulllog); } else { - snprintf(sql_query, OS_SIZE_2048, + snprintf(sql_query, OS_SIZE_8192, "INSERT INTO " "data(id, server_id, user, full_log) " "VALUES ('%u', '%u', '%s', '%s') ", - db_config->alert_id, db_config->server_id, - al_data->user, al_data->log[0]); + db_config->alert_id, db_config->server_id, + al_data->user, fulllog); } - - + + free(fulllog); + fulllog = NULL; + + /* Inserting into the db */ if(!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } - + /* Generating final SQL */ - snprintf(sql_query, OS_SIZE_2048, + snprintf(sql_query, OS_SIZE_8192, "INSERT INTO " - "alert(id,server_id,rule_id,timestamp,location_id,src_ip) " - "VALUES ('%u', '%u', '%u','%u', '%u', '%lu')", + "alert(id,server_id,rule_id,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid) " + "VALUES ('%u', '%u', '%u','%u', '%u', '%lu', '%u', '%lu', '%u', '%s')", db_config->alert_id, db_config->server_id, al_data->rule, - (unsigned int)time(0), *loc_id, (unsigned long)ntohl(s_ip)); + (unsigned int)time(0), *loc_id, + (unsigned long)ntohl(s_ip), (unsigned short)s_port, + (unsigned long)ntohl(d_ip), (unsigned short)d_port, + al_data->alertid); /* Inserting into the db */ @@ -209,7 +260,7 @@ int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config) merror(DB_GENERROR, ARGV0); } - + db_config->alert_id++; return(1); }