3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
19 #include "logcollector.h"
22 /* Starting last time */
23 char __mysql_last_time[18] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
27 /* Read syslog files/snort fast/apache files */
28 void *read_mysql_log(int pos, int *rc, int drop_it)
33 char str[OS_MAXSTR + 1];
34 char buffer[OS_MAXSTR + 1];
40 /* Getting new entry */
41 while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
44 /* Getting buffer size */
45 str_len = strlen(str);
48 /* Getting the last occurence of \n */
49 if ((p = strrchr(str, '\n')) != NULL)
53 /* If need clear is set, we just get the line and ignore it. */
67 if ((p = strrchr(str, '\r')) != NULL)
73 /* Looking for empty string (only on windows) */
80 /* Windows can have comment on their logs */
88 /* Mysql messages have the following format:
95 isdigit((int)str[0]) &&
96 isdigit((int)str[1]) &&
97 isdigit((int)str[2]) &&
98 isdigit((int)str[3]) &&
99 isdigit((int)str[4]) &&
100 isdigit((int)str[5]) &&
101 isdigit((int)str[7]) &&
102 isdigit((int)str[8]))
104 /* Saving last time */
105 strncpy(__mysql_last_time, str, 16);
106 __mysql_last_time[15] = '\0';
109 /* Removing spaces and tabs */
111 while(*p == ' ' || *p == '\t')
117 /* Valid MySQL message */
118 snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
119 __mysql_last_time, p);
123 /* Multiple events at the same second share the same
125 * 0909 2020 2020 2020 20
127 else if((str_len > 10) && (__mysql_last_time[0] != '\0') &&
140 /* Removing extra spaces and tabs */
141 while(*p == ' ' || *p == '\t')
146 /* Valid MySQL message */
147 snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
148 __mysql_last_time, p);
156 debug2("%s: DEBUG: Reading mysql messages: '%s'", ARGV0, buffer);
159 /* Sending message to queue */
162 if(SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0)
164 merror(QUEUE_SEND, ARGV0);
165 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
167 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);