3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
15 /* Read DJB multilog */
19 #include "logcollector.h"
22 /* To translante between month (int) to month (char) */
23 char *(djb_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
24 "Sep","Oct","Nov","Dec"};
26 char djb_host[512 +1];
30 /* Initializes multilog. */
31 int init_djbmultilog(int pos)
33 char *djbp_name = NULL;
37 logff[pos].djb_program_name = NULL;
40 /* Initializing hostname. */
41 memset(djb_host, '\0', 512 +1);
44 if(gethostname(djb_host, 512 -1) != 0)
46 strncpy(djb_host, "unknown", 512 -1);
52 /* Remove domain part if available */
53 _ltmp = strchr(djb_host, '.');
58 strncpy(djb_host, "win32", 512 -1);
63 /* Multilog must be in the following format: /path/program_name/current */
64 tmp_str = strrchr(logff[pos].file, '/');
69 /* Must end with /current and must not be in the beginning of the string. */
70 if((strcmp(tmp_str, "/current") != 0) || (tmp_str == logff[pos].file))
79 /* Getting final name. */
80 djbp_name = strrchr(logff[pos].file, '/');
81 if(djbp_name == logff[pos].file)
88 os_strdup(djbp_name+1, logff[pos].djb_program_name);
92 verbose("%s: INFO: Using program name '%s' for DJB multilog file: '%s'.",
93 ARGV0, logff[pos].djb_program_name, logff[pos].file);
101 /* Read DJB multilog. */
102 void *read_djbmultilog(int pos, int *rc, int drop_it)
107 char str[OS_MAXSTR + 1];
108 char buffer[OS_MAXSTR + 1];
110 str[OS_MAXSTR]= '\0';
114 /* Must have a valid program name. */
115 if(!logff[pos].djb_program_name)
122 /* Getting new entry */
123 while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
126 /* Getting buffer size */
127 str_len = strlen(str);
130 /* Getting the last occurence of \n */
131 if ((p = strrchr(str, '\n')) != NULL)
135 /* If need clear is set, we just get the line and ignore it. */
148 /* Multilog messages have the following format:
149 * @40000000463246020c2ca16c xx...
153 isalnum((int)str[1]) &&
154 isalnum((int)str[2]) &&
155 isalnum((int)str[3]) &&
156 isalnum((int)str[24]) &&
159 /* Removing spaces and tabs */
161 while(*p == ' ' || *p == '\t')
167 /* If message has a valid syslog header, send as is. */
176 strncpy(buffer, p, OS_MAXSTR);
180 /* We will add a proper syslog header. */
185 djbtime = time(NULL);
186 pt = localtime(&djbtime);
189 /* Syslog time: Apr 27 14:50:32 */
190 snprintf(buffer, OS_MAXSTR, "%s %02d %02d:%02d:%02d %s %s: %s",
191 djb_month[pt->tm_mon],
197 logff[pos].djb_program_name,
205 debug2("%s: DEBUG: Invalid DJB log: '%s'", ARGV0, str);
210 debug2("%s: DEBUG: Reading DJB multilog message: '%s'", ARGV0, buffer);
213 /* Sending message to queue */
216 if(SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0)
218 merror(QUEUE_SEND, ARGV0);
219 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
221 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);