1 /* @(#) $Id: ./src/logcollector/read_djb_multilog.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
16 /* Read DJB multilog */
20 #include "logcollector.h"
23 /* To translante between month (int) to month (char) */
24 char *(djb_month[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
25 "Sep","Oct","Nov","Dec"};
27 char djb_host[512 +1];
31 /* Initializes multilog. */
32 int init_djbmultilog(int pos)
34 char *djbp_name = NULL;
38 logff[pos].djb_program_name = NULL;
41 /* Initializing hostname. */
42 memset(djb_host, '\0', 512 +1);
45 if(gethostname(djb_host, 512 -1) != 0)
47 strncpy(djb_host, "unknown", 512 -1);
53 /* Remove domain part if available */
54 _ltmp = strchr(djb_host, '.');
59 strncpy(djb_host, "win32", 512 -1);
64 /* Multilog must be in the following format: /path/program_name/current */
65 tmp_str = strrchr(logff[pos].file, '/');
70 /* Must end with /current and must not be in the beginning of the string. */
71 if((strcmp(tmp_str, "/current") != 0) || (tmp_str == logff[pos].file))
80 /* Getting final name. */
81 djbp_name = strrchr(logff[pos].file, '/');
82 if(djbp_name == logff[pos].file)
89 os_strdup(djbp_name+1, logff[pos].djb_program_name);
93 verbose("%s: INFO: Using program name '%s' for DJB multilog file: '%s'.",
94 ARGV0, logff[pos].djb_program_name, logff[pos].file);
102 /* Read DJB multilog. */
103 void *read_djbmultilog(int pos, int *rc, int drop_it)
108 char str[OS_MAXSTR + 1];
109 char buffer[OS_MAXSTR + 1];
111 str[OS_MAXSTR]= '\0';
115 /* Must have a valid program name. */
116 if(!logff[pos].djb_program_name)
123 /* Getting new entry */
124 while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
127 /* Getting buffer size */
128 str_len = strlen(str);
131 /* Getting the last occurence of \n */
132 if ((p = strrchr(str, '\n')) != NULL)
136 /* If need clear is set, we just get the line and ignore it. */
149 /* Multilog messages have the following format:
150 * @40000000463246020c2ca16c xx...
154 isalnum((int)str[1]) &&
155 isalnum((int)str[2]) &&
156 isalnum((int)str[3]) &&
157 isalnum((int)str[24]) &&
160 /* Removing spaces and tabs */
162 while(*p == ' ' || *p == '\t')
168 /* If message has a valid syslog header, send as is. */
177 strncpy(buffer, p, OS_MAXSTR);
181 /* We will add a proper syslog header. */
186 djbtime = time(NULL);
187 pt = localtime(&djbtime);
190 /* Syslog time: Apr 27 14:50:32 */
191 snprintf(buffer, OS_MAXSTR, "%s %02d %02d:%02d:%02d %s %s: %s",
192 djb_month[pt->tm_mon],
198 logff[pos].djb_program_name,
206 debug2("%s: DEBUG: Invalid DJB log: '%s'", ARGV0, str);
211 debug2("%s: DEBUG: Reading DJB multilog message: '%s'", ARGV0, buffer);
214 /* Sending message to queue */
217 if(SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0)
219 merror(QUEUE_SEND, ARGV0);
220 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
222 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);