1 /* @(#) $Id: read_syslog.c,v 1.24 2009/06/24 17:06:27 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
16 #include "logcollector.h"
20 /* v0.3 (2005/08/24): Using fgets instead of fgetc
24 /* Read syslog files/snort fast/apache files */
25 void *read_syslog(int pos, int *rc, int drop_it)
29 char str[OS_MAXSTR+1];
36 /* Getting initial file location */
37 fgetpos(logff[pos].fp, &fp_pos);
39 while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
41 /* Getting the last occurence of \n */
42 if ((p = strrchr(str, '\n')) != NULL)
47 /* If we didn't get the new line, because the
48 * size is large, send what we got so far.
50 else if(strlen(str) >= (OS_MAXSTR - OS_LOG_HEADER - 2))
52 /* Message size > maximum allowed */
57 /* Message not complete. Return. */
58 debug1("%s: Message not complete. Trying again: '%s'", ARGV0,str);
59 fsetpos(logff[pos].fp, &fp_pos);
64 if ((p = strrchr(str, '\r')) != NULL)
69 /* Looking for empty string (only on windows) */
72 fgetpos(logff[pos].fp, &fp_pos);
76 /* Windows can have comment on their logs */
79 fgetpos(logff[pos].fp, &fp_pos);
84 debug2("%s: DEBUG: Reading syslog message: '%s'", ARGV0, str);
87 /* Sending message to queue */
90 if(SendMSG(logr_queue,str,logff[pos].file,
93 merror(QUEUE_SEND, ARGV0);
94 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
96 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);
101 /* Incorrectly message size */
104 merror("%s: Large message size: '%s'", ARGV0, str);
105 while(fgets(str, OS_MAXSTR - 2, logff[pos].fp) != NULL)
107 /* Getting the last occurence of \n */
108 if ((p = strrchr(str, '\n')) != NULL)
116 fgetpos(logff[pos].fp, &fp_pos);