1 /* @(#) $Id: ./src/os_csyslogd/csyslogd.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
18 /* strnlen is a GNU extension */
24 #include "os_net/os_net.h"
28 /* OS_SyslogD: Monitor the alerts and sends them via syslog.
29 * Only return in case of error.
31 void OS_CSyslogD(SyslogConfig **syslog_config)
42 /* Getting currently time before starting */
47 /* Initating file queue - to read the alerts */
48 os_calloc(1, sizeof(file_queue), fileq);
49 while( (Init_FileQueue(fileq, p, 0) ) < 0 ) {
51 if( tries > OS_CSYSLOGD_MAX_TRIES ) {
52 merror("%s: ERROR: Could not open queue after %d tries, exiting!",
59 merror("%s: INFO: File queue connected.", ARGV0 );
62 /* Connecting to syslog. */
64 while(syslog_config[s])
66 syslog_config[s]->socket = OS_ConnectUDP(syslog_config[s]->port,
67 syslog_config[s]->server, 0);
68 if(syslog_config[s]->socket < 0)
70 merror(CONNS_ERROR, ARGV0, syslog_config[s]->server);
74 merror("%s: INFO: Forwarding alerts via syslog to: '%s:%d'.",
75 ARGV0, syslog_config[s]->server, syslog_config[s]->port);
83 /* Infinite loop reading the alerts and inserting them. */
90 /* Get message if available (timeout of 5 seconds) */
91 al_data = Read_FileMon(fileq, p, 5);
99 /* Sending via syslog */
101 while(syslog_config[s])
103 OS_Alert_SendSyslog(al_data, syslog_config[s]);
108 /* Clearing the memory */
109 FreeAlertData(al_data);
113 /* Format Field for output */
114 int field_add_string(char *dest, int size, const char *format, const char *value ) {
115 char buffer[OS_SIZE_2048];
117 int dest_sz = size - strnlen(dest, OS_SIZE_2048);
120 // Not enough room in the buffer
126 ((value[0] != '(') && (value[1] != 'n') && (value[2] != 'o')) ||
127 ((value[0] != '(') && (value[1] != 'u') && (value[2] != 'n')) ||
128 ((value[0] != 'u') && (value[1] != 'n') && (value[4] != 'k'))
131 len = snprintf(buffer, sizeof(buffer) - dest_sz - 1, format, value);
132 strncat(dest, buffer, dest_sz);
138 /* Add a field, but truncate if too long */
139 int field_add_truncated(char *dest, int size, const char *format, const char *value, int fmt_size ) {
140 char buffer[OS_SIZE_2048];
142 int available_sz = size - strnlen(dest, OS_SIZE_2048);
143 int total_sz = strlen(value) + strlen(format) - fmt_size;
144 int field_sz = available_sz - strlen(format) + fmt_size;
147 char trailer[] = "...";
150 if(available_sz <= 0 ) {
151 // Not enough room in the buffer
157 ((value[0] != '(') && (value[1] != 'n') && (value[2] != 'o')) ||
158 ((value[0] != '(') && (value[1] != 'u') && (value[2] != 'n')) ||
159 ((value[0] != 'u') && (value[1] != 'n') && (value[4] != 'k'))
163 if( (truncated=malloc(field_sz + 1)) != NULL ) {
164 if( total_sz > available_sz ) {
165 // Truncate and add a trailer
166 os_substr(truncated, value, 0, field_sz - strlen(trailer));
167 strcat(truncated, trailer);
170 strncpy(truncated,value,field_sz);
173 len = snprintf(buffer, available_sz, format, truncated);
174 strncat(dest, buffer, available_sz);
181 // Free the temporary pointer
187 /* Handle integers in the second position */
188 int field_add_int(char *dest, int size, const char *format, const int value ) {
191 int dest_sz = size - strnlen(dest, OS_SIZE_2048);
194 // Not enough room in the buffer
199 len = snprintf(buffer, sizeof(buffer), format, value);
200 strncat(dest, buffer, dest_sz);