1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
10 /* Read DJB multilog */
13 #include "logcollector.h"
16 /* To translate between month (int) to month (char) */
17 static const char *(djb_month[]) = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
18 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
20 static char djb_host[512 + 1];
23 /* Initialize multilog */
24 int init_djbmultilog(int pos)
26 char *djbp_name = NULL;
29 logff[pos].djb_program_name = NULL;
31 /* Initialize hostname */
32 memset(djb_host, '\0', 512 + 1);
35 if (gethostname(djb_host, 512 - 1) != 0) {
36 strncpy(djb_host, "unknown", 512 - 1);
40 /* Remove domain part if available */
41 _ltmp = strchr(djb_host, '.');
47 strncpy(djb_host, "win32", 512 - 1);
50 /* Multilog must be in the following format: /path/program_name/current */
51 tmp_str = strrchr(logff[pos].file, '/');
56 /* Must end with /current and must not be in the beginning of the string */
57 if ((strcmp(tmp_str, "/current") != 0) || (tmp_str == logff[pos].file)) {
64 djbp_name = strrchr(logff[pos].file, '/');
65 if (djbp_name == logff[pos].file) {
70 os_strdup(djbp_name + 1, logff[pos].djb_program_name);
73 verbose("%s: INFO: Using program name '%s' for DJB multilog file: '%s'.",
74 ARGV0, logff[pos].djb_program_name, logff[pos].file);
79 void *read_djbmultilog(int pos, int *rc, int drop_it)
84 char str[OS_MAXSTR + 1];
85 char buffer[OS_MAXSTR + 1];
87 str[OS_MAXSTR] = '\0';
90 /* Must have a valid program name */
91 if (!logff[pos].djb_program_name) {
96 while (fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL) {
98 str_len = strlen(str);
100 /* Getting the last occurrence of \n */
101 if ((p = strrchr(str, '\n')) != NULL) {
104 /* If need_clear is set, we just get the line and ignore it */
113 /* Multilog messages have the following format:
114 * @40000000463246020c2ca16c xx...
116 if ((str_len > 26) &&
118 isalnum((int)str[1]) &&
119 isalnum((int)str[2]) &&
120 isalnum((int)str[3]) &&
121 isalnum((int)str[24]) &&
123 /* Remove spaces and tabs */
125 while (*p == ' ' || *p == '\t') {
129 /* If message has a valid syslog header, send as is */
130 if ((str_len > 44) &&
137 strncpy(buffer, p, OS_MAXSTR);
139 /* We will add a proper syslog header */
143 djbtime = time(NULL);
144 pt = localtime(&djbtime);
146 /* Syslog time: Apr 27 14:50:32 */
147 snprintf(buffer, OS_MAXSTR, "%s %02d %02d:%02d:%02d %s %s: %s",
148 djb_month[pt->tm_mon],
154 logff[pos].djb_program_name,
160 debug2("%s: DEBUG: Invalid DJB log: '%s'", ARGV0, str);
164 debug2("%s: DEBUG: Reading DJB multilog message: '%s'", ARGV0, buffer);
166 /* Send message to queue */
168 if (SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0) {
169 merror(QUEUE_SEND, ARGV0);
170 if ((logr_queue = StartMQ(DEFAULTQPATH, WRITE)) < 0) {
171 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);