1 /* @(#) $Id: ./src/analysisd/dodiff.c, 2012/07/23 dcid Exp $
4 /* Copyright (C) 2010 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
18 #include "eventinfo.h"
21 char flastcontent[OS_SIZE_8192 +1];
22 char *fmsglast = "Previous output:";
24 static int _add2last(char *str, int strsize, char *file)
28 fp = fopen(file, "w");
31 /* Try to create the directories. */
33 char *diragent = NULL;
35 dirrule = strrchr(file, '/');
38 merror("%s: ERROR: Invalid file name to diff: %s",
44 diragent = strrchr(file, '/');
47 merror("%s: ERROR: Invalid file name to diff (2): %s",
53 /* Checking if the diragent exists. */
56 if(mkdir(file, 0770) == -1)
58 merror(MKDIR_ERROR, ARGV0, file);
66 if(mkdir(file, 0770) == -1)
68 merror(MKDIR_ERROR, ARGV0, file);
74 fp = fopen(file, "w");
77 merror(FOPEN_ERROR, ARGV0, file);
82 fwrite(str, strsize + 1, 1, fp);
88 int doDiff(RuleInfo *currently_rule, Eventinfo *lf)
92 char flastfile[OS_SIZE_2048 +1];
93 char flastcontent[OS_SIZE_8192 +1];
96 /* Cleaning up global. */
97 flastcontent[0] = '\0';
98 flastcontent[OS_SIZE_8192] = '\0';
99 currently_rule->last_events[0] = NULL;
103 if(lf->hostname[0] == '(')
105 htpt = strchr(lf->hostname, ')');
110 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname+1,
111 currently_rule->sigid, DIFF_LAST_FILE);
121 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname,
122 currently_rule->sigid, DIFF_LAST_FILE);
125 /* lf->size can't be too long. */
126 if(lf->size >= OS_SIZE_8192)
128 merror("%s: ERROR: event size (%d) too long for diff.", ARGV0, lf->size);
133 /* Checking if last diff exists. */
134 date_of_change = File_DateofChange(flastfile);
135 if(date_of_change <= 0)
137 if(!_add2last(lf->log, lf->size, flastfile))
139 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
148 fp = fopen(flastfile,"r");
151 merror(FOPEN_ERROR, ARGV0, flastfile);
155 n = fread(flastcontent, 1, OS_SIZE_8192, fp);
158 flastcontent[n] = '\0';
162 merror("%s: ERROR: read error on %s", ARGV0, flastfile);
169 /* Nothing changed. */
170 if(strcmp(flastcontent, lf->log) == 0)
176 if(!_add2last(lf->log, lf->size, flastfile))
178 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
181 currently_rule->last_events[0] = fmsglast;
182 currently_rule->last_events[1] = flastcontent;