1 /* @(#) $Id: ./src/logcollector/read_ossecalert.c, 2012/03/30 dcid Exp $
4 /* Copyright (C) 2012 Daniel B. Cid (http://dcid.me)
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
17 #include "headers/read-alert.h"
18 #include "logcollector.h"
22 /* Read syslog files/snort fast/apache files */
23 void *read_ossecalert(int pos, int *rc, int drop_it)
29 char syslog_msg[OS_SIZE_2048 +1];
31 al_data = GetAlertData(0, logff[pos].fp);
38 memset(syslog_msg, '\0', OS_SIZE_2048 +1);
42 /* Adding source ip. */
44 ((al_data->srcip[0] == '(') &&
45 (al_data->srcip[1] == 'n') &&
46 (al_data->srcip[2] == 'o')))
52 snprintf(srcip_msg, 255, " srcip: %s;", al_data->srcip);
56 /* Adding username. */
58 ((al_data->user[0] == '(') &&
59 (al_data->user[1] == 'n') &&
60 (al_data->user[2] == 'o')))
66 snprintf(user_msg, 255, " user: %s;", al_data->user);
70 if(al_data->log[1] == NULL)
72 /* Building syslog message. */
73 snprintf(syslog_msg, OS_SIZE_2048,
74 "ossec: Alert Level: %d; Rule: %d - %s; "
75 "Location: %s;%s%s %s",
76 al_data->level, al_data->rule, al_data->comment,
87 while(al_data->log[j] != NULL)
89 tmp_msg = os_LoadString(tmp_msg, al_data->log[j]);
90 tmp_msg = os_LoadString(tmp_msg, "\n");
93 FreeAlertData(al_data);
98 if(strlen(tmp_msg) > 1596)
103 tmp_msg[1597] = '\0';
105 snprintf(syslog_msg, OS_SIZE_2048,
106 "ossec: Alert Level: %d; Rule: %d - %s; "
107 "Location: %s;%s%s %s",
108 al_data->level, al_data->rule, al_data->comment,
116 /* Clearing the memory */
117 FreeAlertData(al_data);
121 /* Sending message to queue */
124 if(SendMSG(logr_queue,syslog_msg,logff[pos].file, LOCALFILE_MQ) < 0)
126 merror(QUEUE_SEND, ARGV0);
127 if((logr_queue = StartMQ(DEFAULTQPATH,WRITE)) < 0)
129 ErrorExit(QUEUE_FATAL, ARGV0, DEFAULTQPATH);