1 /* @(#) $Id: file-queue.c,v 1.11 2009/06/24 18:53:08 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
16 /* File monitoring functions */
19 #include "file-queue.h"
22 /* To translante between month (int) to month (char) */
23 char *(s_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
24 "Sep","Oct","Nov","Dec"};
28 /** void file_sleep();
34 struct timeval fp_timeout;
36 fp_timeout.tv_sec = FQ_TIMEOUT;
37 fp_timeout.tv_usec = 0;
39 /* Waiting for the select timeout */
40 select(0, NULL, NULL, NULL, &fp_timeout);
43 /* Windows don't like select that way */
44 Sleep((FQ_TIMEOUT + 2) * 1000);
52 /** void GetFile_Queue(file_queue *fileq)
53 * Get the file queue for that specific hour
55 void GetFile_Queue(file_queue *fileq)
57 /* Creating the logfile name */
58 fileq->file_name[0] = '\0';
59 fileq->file_name[MAX_FQUEUE] = '\0';
61 if(fileq->flags & CRALERT_FP_SET)
63 snprintf(fileq->file_name, MAX_FQUEUE,
68 snprintf(fileq->file_name, MAX_FQUEUE,
69 "%s/%d/%s/ossec-alerts-%02d.log",
79 /** int Handle_Queue(file_queue *fileq)
80 * Re Handle the file queue.
82 int Handle_Queue(file_queue *fileq, int flags)
84 /* Closing if it is open */
85 if(!(flags & CRALERT_FP_SET))
94 /* We must be able to open the file, fseek and get the
95 * time of change from it.
97 fileq->fp = fopen(fileq->file_name, "r");
100 /* Queue not available */
106 /* Seeking the end of file */
107 if(!(flags & CRALERT_READ_ALL))
109 if(fseek(fileq->fp, 0, SEEK_END) < 0)
111 merror(FSEEK_ERROR, __local_name, fileq->file_name);
119 /* File change time */
120 if(fstat(fileno(fileq->fp), &fileq->f_status) < 0)
122 merror(FILE_ERROR, __local_name, fileq->file_name);
128 fileq->last_change = fileq->f_status.st_mtime;
135 /** int Init_FileQueue(file_queue *fileq, struct tm *p, int flags)
136 * Initiates the file monitoring.
138 int Init_FileQueue(file_queue *fileq, struct tm *p, int flags)
140 /* Initializing file_queue fields. */
141 if(!(flags & CRALERT_FP_SET))
145 fileq->last_change = 0;
148 fileq->day = p->tm_mday;
149 fileq->year = p->tm_year+1900;
151 strncpy(fileq->mon, s_month[p->tm_mon], 4);
152 memset(fileq->file_name, '\0',MAX_FQUEUE + 1);
155 /* Setting the supplied flags */
156 fileq->flags = flags;
159 /* Getting latest file */
160 GetFile_Queue(fileq);
163 /* Always seek end when starting the queue */
164 if(Handle_Queue(fileq, fileq->flags) < 0)
174 /** int Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
175 * Reads from the monitored file.
177 alert_data *Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
183 /* If the file queue is not available, try to access it */
186 if(Handle_Queue(fileq, 0) != 1)
194 /* Getting currently file */
195 if(p->tm_mday != fileq->day)
197 /* If the day changes, we need to get all remaining alerts. */
198 al_data = GetAlertData(fileq->flags, fileq->fp);
201 fileq->day = p->tm_mday;
202 fileq->year = p->tm_year+1900;
203 strncpy(fileq->mon, s_month[p->tm_mon], 4);
205 /* Getting latest file */
206 GetFile_Queue(fileq);
208 if(Handle_Queue(fileq, 0) != 1)
221 /* Try up to timeout times to get an event */
224 al_data = GetAlertData(fileq->flags, fileq->fp);
235 /* Returning NULL if timeout expires. */