3 /* Copyright (C) 2010 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
17 #include "eventinfo.h"
20 char flastcontent[OS_SIZE_8192 +1];
21 char *fmsglast = "Previous output:";
23 static int _add2last(char *str, int strsize, char *file)
27 fp = fopen(file, "w");
30 /* Try to create the directories. */
32 char *diragent = NULL;
34 dirrule = strrchr(file, '/');
37 merror("%s: ERROR: Invalid file name to diff: %s",
43 diragent = strrchr(file, '/');
46 merror("%s: ERROR: Invalid file name to diff (2): %s",
52 /* Checking if the diragent exists. */
55 if(mkdir(file, 0770) == -1)
57 merror(MKDIR_ERROR, ARGV0, file);
65 if(mkdir(file, 0770) == -1)
67 merror(MKDIR_ERROR, ARGV0, file);
73 fp = fopen(file, "w");
76 merror(FOPEN_ERROR, ARGV0, file);
81 fwrite(str, strsize + 1, 1, fp);
87 int doDiff(RuleInfo *currently_rule, Eventinfo *lf)
91 char flastfile[OS_SIZE_2048 +1];
92 char fdifffile[OS_SIZE_2048 +1];
93 char flastcontent[OS_SIZE_8192 +1];
96 /* Cleaning up global. */
97 flastcontent[0] = '\0';
98 flastcontent[OS_SIZE_8192] = '\0';
99 currently_rule->last_events[0] = NULL;
102 if(lf->hostname[0] == '(')
104 htpt = strchr(lf->hostname, ')');
109 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname+1,
110 currently_rule->sigid, DIFF_LAST_FILE);
120 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname,
121 currently_rule->sigid, DIFF_LAST_FILE);
124 /* lf->size can't be too long. */
125 if(lf->size >= OS_SIZE_8192)
127 merror("%s: ERROR: event size (%d) too long for diff.", ARGV0, lf->size);
132 /* Checking if last diff exists. */
133 date_of_change = File_DateofChange(flastfile);
134 if(date_of_change <= 0)
136 merror("last file: %s",flastfile);
137 if(!_add2last(lf->log, lf->size, flastfile))
139 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
148 fp = fopen(flastfile,"r");
151 merror(FOPEN_ERROR, ARGV0, flastfile);
155 n = fread(flastcontent, 1, OS_SIZE_8192, fp);
158 flastcontent[n] = '\0';
162 merror("%s: ERROR: read error on %s", ARGV0, flastfile);
169 /* Nothing changed. */
170 if(strcmp(flastcontent, lf->log) == 0)
176 /* File was modified. */
177 if(lf->hostname[0] == '(')
179 htpt = strchr(lf->hostname, ')');
184 snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname+1,
185 currently_rule->sigid, date_of_change);
195 snprintf(fdifffile, OS_SIZE_2048, "%s/%s/%d/state.%d", DIFF_DIR, lf->hostname,
196 currently_rule->sigid, date_of_change);
199 rename(flastfile, fdifffile);
200 if(!_add2last(lf->log, lf->size, flastfile))
202 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
205 currently_rule->last_events[0] = fmsglast;
206 currently_rule->last_events[1] = flastcontent;