1 /* @(#) $Id: ./src/analysisd/dodiff.c, 2012/07/23 dcid Exp $
4 /* Copyright (C) 2010 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
18 #include "eventinfo.h"
21 char flastcontent[OS_SIZE_8192 +1];
22 char *fmsglast = "Previous output:";
24 static int _add2last(char *str, int strsize, char *file)
28 fp = fopen(file, "w");
31 /* Try to create the directories. */
33 char *diragent = NULL;
35 dirrule = strrchr(file, '/');
38 merror("%s: ERROR: Invalid file name to diff: %s",
44 diragent = strrchr(file, '/');
47 merror("%s: ERROR: Invalid file name to diff (2): %s",
53 /* Checking if the diragent exists. */
56 if(mkdir(file, 0770) == -1)
58 merror(MKDIR_ERROR, ARGV0, file);
66 if(mkdir(file, 0770) == -1)
68 merror(MKDIR_ERROR, ARGV0, file);
74 fp = fopen(file, "w");
77 merror(FOPEN_ERROR, ARGV0, file);
82 fwrite(str, strsize + 1, 1, fp);
88 int doDiff(RuleInfo *currently_rule, Eventinfo *lf)
92 char flastfile[OS_SIZE_2048 +1];
93 char fdifffile[OS_SIZE_2048 +1];
94 char flastcontent[OS_SIZE_8192 +1];
97 /* Cleaning up global. */
98 flastcontent[0] = '\0';
99 flastcontent[OS_SIZE_8192] = '\0';
100 currently_rule->last_events[0] = NULL;
104 if(lf->hostname[0] == '(')
106 htpt = strchr(lf->hostname, ')');
111 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname+1,
112 currently_rule->sigid, DIFF_LAST_FILE);
122 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname,
123 currently_rule->sigid, DIFF_LAST_FILE);
126 /* lf->size can't be too long. */
127 if(lf->size >= OS_SIZE_8192)
129 merror("%s: ERROR: event size (%d) too long for diff.", ARGV0, lf->size);
134 /* Checking if last diff exists. */
135 date_of_change = File_DateofChange(flastfile);
136 if(date_of_change <= 0)
138 if(!_add2last(lf->log, lf->size, flastfile))
140 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
149 fp = fopen(flastfile,"r");
152 merror(FOPEN_ERROR, ARGV0, flastfile);
156 n = fread(flastcontent, 1, OS_SIZE_8192, fp);
159 flastcontent[n] = '\0';
163 merror("%s: ERROR: read error on %s", ARGV0, flastfile);
170 /* Nothing changed. */
171 if(strcmp(flastcontent, lf->log) == 0)
177 /* File was modified. */
178 if(lf->hostname[0] == '(')
180 htpt = strchr(lf->hostname, ')');
185 snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname+1,
186 currently_rule->sigid, date_of_change);
196 snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname,
197 currently_rule->sigid, date_of_change);
200 rename(flastfile, fdifffile);
201 if(!_add2last(lf->log, lf->size, flastfile))
203 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
206 currently_rule->last_events[0] = fmsglast;
207 currently_rule->last_events[1] = flastcontent;