1 /* @(#) $Id: alert.c,v 1.8 2009/06/24 17:06:29 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
17 #include "config/config.h"
22 /** int OS_SelectMaxID(DBConfig *db_config)
23 * Selects the maximum ID from the alert table.
24 * Returns 0 if not found.
26 int OS_SelectMaxID(DBConfig *db_config)
29 char sql_query[OS_SIZE_1024];
31 memset(sql_query, '\0', OS_SIZE_1024);
35 snprintf(sql_query, OS_SIZE_1024 -1,
36 "SELECT MAX(id) FROM "
37 "alert WHERE server_id = '%u'",
38 db_config->server_id);
41 /* Checking return code. */
42 result = osdb_query_select(db_config->conn, sql_query);
48 /** int __DBSelectLocation(char *locaton, DBConfig *db_config)
49 * Selects the location ID from the db.
50 * Returns 0 if not found.
52 int __DBSelectLocation(char *location, DBConfig *db_config)
55 char sql_query[OS_SIZE_1024];
57 memset(sql_query, '\0', OS_SIZE_1024);
61 snprintf(sql_query, OS_SIZE_1024 -1,
63 "location WHERE name = '%s' AND server_id = '%d' "
65 location, db_config->server_id);
68 /* Checking return code. */
69 result = osdb_query_select(db_config->conn, sql_query);
75 /** int __DBInsertLocation(char *location, DBConfig *db_config)
76 * Inserts location in to the db.
78 int __DBInsertLocation(char *location, DBConfig *db_config)
80 char sql_query[OS_SIZE_1024];
82 memset(sql_query, '\0', OS_SIZE_1024);
85 snprintf(sql_query, OS_SIZE_1024 -1,
87 "location(server_id, name) "
88 "VALUES ('%u', '%s')",
89 db_config->server_id, location);
92 /* Checking return code. */
93 if(!osdb_query_insert(db_config->conn, sql_query))
95 merror(DB_GENERROR, ARGV0);
103 /** int OS_Alert_InsertDB(DBConfig *db_config)
104 * Insert alert into to the db.
105 * Returns 1 on success or 0 on error.
107 int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
109 unsigned int s_ip = 0, d_ip = 0, location_id = 0;
111 char sql_query[OS_SIZE_2048 +1];
114 /* Clearing the memory before insert */
115 memset(sql_query, '\0', OS_SIZE_2048 +1);
118 /* Converting srcip to int */
123 /* Extracting ip address */
124 if(inet_aton(al_data->srcip, &net))
132 /* Escaping strings */
133 osdb_escapestr(al_data->user);
134 osdb_escapestr(al_data->log[0]);
137 /* We first need to insert the location */
138 loc_id = OSHash_Get(db_config->location_hash, al_data->location);
141 /* If we dont have location id, we must select and/or insert in the db */
144 location_id = __DBSelectLocation(al_data->location, db_config);
148 __DBInsertLocation(al_data->location, db_config);
149 location_id = __DBSelectLocation(al_data->location, db_config);
154 merror("%s: Unable to insert location: '%s'.",
155 ARGV0, al_data->location);
161 os_calloc(1, sizeof(int), loc_id);
162 *loc_id = location_id;
163 OSHash_Add(db_config->location_hash, al_data->location, loc_id);
168 if(db_config->db_type == POSTGDB)
170 /* On postgres we need to escape the user field. */
171 snprintf(sql_query, OS_SIZE_2048,
173 "data(id, server_id, \"user\", full_log) "
174 "VALUES ('%u', '%u', '%s', '%s') ",
175 db_config->alert_id, db_config->server_id,
176 al_data->user, al_data->log[0]);
180 snprintf(sql_query, OS_SIZE_2048,
182 "data(id, server_id, user, full_log) "
183 "VALUES ('%u', '%u', '%s', '%s') ",
184 db_config->alert_id, db_config->server_id,
185 al_data->user, al_data->log[0]);
189 /* Inserting into the db */
190 if(!osdb_query_insert(db_config->conn, sql_query))
192 merror(DB_GENERROR, ARGV0);
197 /* Generating final SQL */
198 snprintf(sql_query, OS_SIZE_2048,
200 "alert(id,server_id,rule_id,timestamp,location_id,src_ip) "
201 "VALUES ('%u', '%u', '%u','%u', '%u', '%lu')",
202 db_config->alert_id, db_config->server_id, al_data->rule,
203 (unsigned int)time(0), *loc_id, (unsigned long)ntohl(s_ip));
206 /* Inserting into the db */
207 if(!osdb_query_insert(db_config->conn, sql_query))
209 merror(DB_GENERROR, ARGV0);
213 db_config->alert_id++;