1 /* @(#) $Id: ./src/logcollector/read_mysql_log.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
20 #include "logcollector.h"
23 /* Starting last time */
24 char __mysql_last_time[18] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
28 /* Read syslog files/snort fast/apache files */
29 void *read_mysql_log(int pos, int *rc, int drop_it)
34 char str[OS_MAXSTR + 1];
35 char buffer[OS_MAXSTR + 1];
41 /* Getting new entry */
42 while(fgets(str, OS_MAXSTR - OS_LOG_HEADER, logff[pos].fp) != NULL)
45 /* Getting buffer size */
46 str_len = strlen(str);
49 /* Getting the last occurence of \n */
50 if ((p = strrchr(str, '\n')) != NULL)
54 /* If need clear is set, we just get the line and ignore it. */
68 if ((p = strrchr(str, '\r')) != NULL)
74 /* Looking for empty string (only on windows) */
81 /* Windows can have comment on their logs */
89 /* Mysql messages have the following format:
96 isdigit((int)str[0]) &&
97 isdigit((int)str[1]) &&
98 isdigit((int)str[2]) &&
99 isdigit((int)str[3]) &&
100 isdigit((int)str[4]) &&
101 isdigit((int)str[5]) &&
102 isdigit((int)str[7]) &&
103 isdigit((int)str[8]))
105 /* Saving last time */
106 strncpy(__mysql_last_time, str, 16);
107 __mysql_last_time[15] = '\0';
110 /* Removing spaces and tabs */
112 while(*p == ' ' || *p == '\t')
118 /* Valid MySQL message */
119 snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
120 __mysql_last_time, p);
124 /* Multiple events at the same second share the same
126 * 0909 2020 2020 2020 20
128 else if((str_len > 10) && (__mysql_last_time[0] != '\0') &&
141 /* Removing extra spaces and tabs */
142 while(*p == ' ' || *p == '\t')
147 /* Valid MySQL message */
148 snprintf(buffer, OS_MAXSTR, "MySQL log: %s %s",
149 __mysql_last_time, p);
157 debug2("%s: DEBUG: Reading mysql messages: '%s'", ARGV0, buffer);
160 /* Sending message to queue */
163 if(SendMSG(logr_queue, buffer, logff[pos].file, MYSQL_MQ) < 0)
165 merror(QUEUE_SEND, ARGV0);
166 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
168 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);