1 /* @(#) $Id: alert.c,v 1.5 2009/06/24 17:06:29 dcid Exp $ */
3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 3) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
17 #include "config/config.h"
18 #include "os_net/os_net.h"
24 /** int OS_Alert_SendSyslog
25 * Sends an alert via syslog.
26 * Returns 1 on success or 0 on error.
28 int OS_Alert_SendSyslog(alert_data *al_data, SyslogConfig *syslog_config)
34 char syslog_msg[OS_SIZE_2048 +1];
38 if(syslog_config->socket < 0)
44 /* Clearing the memory before insert */
45 memset(syslog_msg, '\0', OS_SIZE_2048 +1);
48 /* Looking if location is set */
49 if(syslog_config->location)
51 if(!OSMatch_Execute(al_data->location,
52 strlen(al_data->location),
53 syslog_config->location))
60 /* Looking for the level */
61 if(syslog_config->level)
63 if(al_data->level < syslog_config->level)
70 /* Looking for rule id */
71 if(syslog_config->rule_id)
74 while(syslog_config->rule_id[id_i] != 0)
76 if(syslog_config->rule_id[id_i] == al_data->rule)
84 /* If we found, id is going to be a valid rule */
85 if(!syslog_config->rule_id[id_i])
92 /* Looking for the group */
93 if(syslog_config->group)
95 if(!OSMatch_Execute(al_data->group,
96 strlen(al_data->group),
97 syslog_config->group))
104 /* Fixing the timestamp to be syslog compatible.
105 * We have 2008 Jul 10 10:11:23
106 * Should be: Jul 10 10:11:23
108 tstamp = al_data->date;
109 if(strlen(al_data->date) > 14)
113 /* Fixing first digit if the day is < 10 */
119 /* Adding source ip. */
120 if(!al_data->srcip ||
121 ((al_data->srcip[0] == '(') &&
122 (al_data->srcip[1] == 'n') &&
123 (al_data->srcip[2] == 'o')))
129 snprintf(srcip_msg, 255, " srcip: %s;", al_data->srcip);
133 /* Adding username. */
135 ((al_data->user[0] == '(') &&
136 (al_data->user[1] == 'n') &&
137 (al_data->user[2] == 'o')))
143 snprintf(user_msg, 255, " user: %s;", al_data->user);
148 if(syslog_config->format == DEFAULT_CSYSLOG)
150 /* Building syslog message. */
151 snprintf(syslog_msg, OS_SIZE_2048,
152 "<%d>%s %s ossec: Alert Level: %d; Rule: %d - %s; "
153 "Location: %s;%s%s %s",
154 syslog_config->priority, tstamp, __shost,
155 al_data->level, al_data->rule, al_data->comment,
165 OS_SendUDPbySize(syslog_config->socket, strlen(syslog_msg), syslog_msg);