1 /* Copyright (C) 2010 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
14 static int _add2last(const char *str, size_t strsize, const char *file)
18 fp = fopen(file, "w");
20 /* Try to create the directories */
22 char *diragent = NULL;
24 dirrule = strrchr(file, '/');
26 merror("%s: ERROR: Invalid file name to diff: %s",
32 diragent = strrchr(file, '/');
34 merror("%s: ERROR: Invalid file name to diff (2): %s",
40 /* Check if the diragent exists */
41 if (IsDir(file) != 0) {
42 if (mkdir(file, 0770) == -1) {
43 merror(MKDIR_ERROR, ARGV0, file, errno, strerror(errno));
49 if (IsDir(file) != 0) {
50 if (mkdir(file, 0770) == -1) {
51 merror(MKDIR_ERROR, ARGV0, file, errno, strerror(errno));
57 fp = fopen(file, "w");
59 merror(FOPEN_ERROR, ARGV0, file, errno, strerror(errno));
64 fwrite(str, strsize + 1, 1, fp);
69 int doDiff(RuleInfo *rule, const Eventinfo *lf)
71 time_t date_of_change;
73 char flastfile[OS_SIZE_2048 + 1];
74 char flastcontent[OS_SIZE_8192 + 1];
77 flastcontent[0] = '\0';
78 flastcontent[OS_SIZE_8192] = '\0';
79 rule->last_events[0] = NULL;
81 if (lf->hostname[0] == '(') {
82 htpt = strchr(lf->hostname, ')');
86 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname + 1,
87 rule->sigid, DIFF_LAST_FILE);
94 snprintf(flastfile, OS_SIZE_2048, "%s/%s/%d/%s", DIFF_DIR, lf->hostname,
95 rule->sigid, DIFF_LAST_FILE);
98 /* lf->size can't be too long */
99 if (lf->size >= OS_SIZE_8192) {
100 merror("%s: ERROR: event size (%ld) too long for diff.", ARGV0, lf->size);
104 /* Check if last diff exists */
105 date_of_change = File_DateofChange(flastfile);
106 if (date_of_change <= 0) {
107 if (!_add2last(lf->log, lf->size, flastfile)) {
108 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
115 fp = fopen(flastfile, "r");
117 merror(FOPEN_ERROR, ARGV0, flastfile, errno, strerror(errno));
121 n = fread(flastcontent, 1, OS_SIZE_8192, fp);
123 flastcontent[n] = '\0';
125 merror("%s: ERROR: read error on %s", ARGV0, flastfile);
132 /* Nothing changed */
133 if (strcmp(flastcontent, lf->log) == 0) {
137 if (!_add2last(lf->log, lf->size, flastfile)) {
138 merror("%s: ERROR: unable to create last file: %s", ARGV0, flastfile);
141 rule->last_events[0] = "Previous output:";
142 rule->last_events[1] = flastcontent;