1 /* @(#) $Id: ./src/logcollector/read_mssql_log.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
20 #include "logcollector.h"
24 /* Send mssql message and check the return code.
26 void __send_mssql_msg(int pos, int drop_it, char *buffer)
28 debug2("%s: DEBUG: Reading MSSQL message: '%s'", ARGV0, buffer);
31 if(SendMSG(logr_queue, buffer, logff[pos].file, LOCALFILE_MQ) < 0)
33 merror(QUEUE_SEND, ARGV0);
34 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
36 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
44 /* Read PostgreSQL log files */
45 void *read_mssql_log(int pos, int *rc, int drop_it)
50 char str[OS_MAXSTR + 1];
51 char buffer[OS_MAXSTR + 1];
54 /* Zeroing buffer and str */
56 buffer[OS_MAXSTR] = '\0';
61 /* Getting new entry */
62 while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
65 /* Getting buffer size */
66 str_len = strlen(str);
69 /* Checking str_len size. Very useless, but just to make sure.. */
70 if(str_len >= sizeof(buffer) -2)
72 str_len = sizeof(buffer) -10;
76 /* Getting the last occurence of \n */
77 if ((p = strrchr(str, '\n')) != NULL)
81 /* If need clear is set, we just get the line and ignore it. */
95 if ((p = strrchr(str, '\r')) != NULL)
101 /* Looking for empty string (only on windows) */
108 /* Windows can have comment on their logs */
117 /* MSSQL messages have the following formats:
118 * 2009-03-25 04:47:30.01 Server
119 * 2003-10-09 00:00:06.68 sys1
120 * 2009-02-06 11:48:59 Server
128 isdigit((int)str[0]) &&
129 isdigit((int)str[1]) &&
130 isdigit((int)str[2]) &&
131 isdigit((int)str[3]))
134 /* If the saved message is empty, set it and continue. */
135 if(buffer[0] == '\0')
137 strncpy(buffer, str, str_len + 2);
141 /* If not, send the saved one and store the new one for later */
144 __send_mssql_msg(pos, drop_it, buffer);
147 /* Storing current one at the buffer */
148 strncpy(buffer, str, str_len + 2);
153 /* Query logs can be in multiple lines.
154 * They always start with a tab in the additional ones.
156 else if((str_len > 2) && (buffer[0] != '\0'))
158 /* Size of the buffer */
159 int buffer_len = strlen(buffer);
163 /* Removing extra spaces and tabs */
164 while(*p == ' ' || *p == '\t')
170 /* Adding additional message to the saved buffer. */
171 if(sizeof(buffer) - buffer_len > str_len +256)
173 /* Here we make sure that the size of the buffer
174 * minus what was used (strlen) is greater than
175 * the length of the received message.
177 buffer[buffer_len] = ' ';
178 buffer[buffer_len +1] = '\0';
179 strncat(buffer, str, str_len +3);
187 /* Send whatever is stored. */
188 if(buffer[0] != '\0')
190 __send_mssql_msg(pos, drop_it, buffer);