1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
11 #include "config/config.h"
12 #include "config/dbd-config.h"
16 static int __DBSelectLocation(const char *location, const DBConfig *db_config) __attribute__((nonnull));
17 static int __DBInsertLocation(const char *location, const DBConfig *db_config) __attribute__((nonnull));
20 /* Select the maximum ID from the alert table
21 * Returns 0 if not found
23 int OS_SelectMaxID(const DBConfig *db_config)
26 char sql_query[OS_SIZE_1024];
28 memset(sql_query, '\0', OS_SIZE_1024);
31 snprintf(sql_query, OS_SIZE_1024 - 1,
32 "SELECT MAX(id) FROM "
33 "alert WHERE server_id = '%u'",
34 db_config->server_id);
36 result = osdb_query_select(db_config->conn, sql_query);
42 /* Select the location ID from the db
43 * Returns 0 if not found
45 static int __DBSelectLocation(const char *location, const DBConfig *db_config)
48 char sql_query[OS_SIZE_1024];
50 memset(sql_query, '\0', OS_SIZE_1024);
53 snprintf(sql_query, OS_SIZE_1024 - 1,
55 "location WHERE name = '%s' AND server_id = '%d' "
57 location, db_config->server_id);
59 result = osdb_query_select(db_config->conn, sql_query);
64 /* Insert location in to the db */
65 static int __DBInsertLocation(const char *location, const DBConfig *db_config)
67 char sql_query[OS_SIZE_1024];
69 memset(sql_query, '\0', OS_SIZE_1024);
72 snprintf(sql_query, OS_SIZE_1024 - 1,
74 "location(server_id, name) "
75 "VALUES ('%u', '%s')",
76 db_config->server_id, location);
78 if (!osdb_query_insert(db_config->conn, sql_query)) {
79 merror(DB_GENERROR, ARGV0);
85 /* Insert alert into to the db
86 * Returns 1 on success or 0 on error
88 int OS_Alert_InsertDB(const alert_data *al_data, DBConfig *db_config)
91 unsigned int location_id = 0;
92 unsigned short s_port = 0, d_port = 0;
94 char sql_query[OS_SIZE_8192 + 1];
97 /* Clear the memory before insert */
99 sql_query[OS_SIZE_8192] = '\0';
102 s_port = al_data->srcport;
104 /* Destination Port */
105 d_port = al_data->dstport;
108 osdb_escapestr(al_data->user);
109 osdb_escapestr(al_data->location);
111 /* We first need to insert the location */
112 loc_id = (int *) OSHash_Get(db_config->location_hash, al_data->location);
114 /* If we dont have location id, we must select and/or insert in the db */
116 location_id = __DBSelectLocation(al_data->location, db_config);
117 if (location_id == 0) {
119 __DBInsertLocation(al_data->location, db_config);
120 location_id = __DBSelectLocation(al_data->location, db_config);
124 merror("%s: Unable to insert location: '%s'.",
125 ARGV0, al_data->location);
130 os_calloc(1, sizeof(int), loc_id);
131 *loc_id = location_id;
132 OSHash_Add(db_config->location_hash, al_data->location, loc_id);
136 while (al_data->log[i]) {
137 size_t len = strlen(al_data->log[i]);
138 char templog[len + 2];
139 if (al_data->log[i + 1]) {
140 snprintf(templog, len + 2, "%s\n", al_data->log[i]);
142 snprintf(templog, len + 1, "%s", al_data->log[i]);
144 fulllog = os_LoadString(fulllog, templog);
148 if (fulllog == NULL) {
149 merror("%s: Unable to process log.", ARGV0);
153 osdb_escapestr(fulllog);
154 if (strlen(fulllog) > 7456) {
157 fulllog[7456] = '\0';
160 /* Generate final SQL */
161 switch (db_config->db_type) {
163 snprintf(sql_query, OS_SIZE_8192,
165 "alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,user,full_log,tld) "
166 "VALUES ('%u', '%u','%u','%u', '%u', '%s', '%u', '%s', '%u', '%s', '%s', '%s','%.2s')",
167 db_config->server_id, al_data->rule,
169 (unsigned int)time(0), *loc_id,
171 (unsigned short)s_port,
173 (unsigned short)d_port,
175 al_data->user, fulllog, al_data->srcgeoip);
179 snprintf(sql_query, OS_SIZE_8192,
181 "alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,\"user\",full_log) "
182 "VALUES ('%u', '%u','%u','%u', '%u', '%s', '%u', '%s', '%u', '%s', '%s', '%s')",
183 db_config->server_id, al_data->rule,
185 (unsigned int)time(0), *loc_id,
186 al_data->srcip != NULL ? al_data->srcip : "NULL",
187 (unsigned short)s_port,
188 al_data->dstip != NULL ? al_data->dstip : "NULL",
189 (unsigned short)d_port,
191 al_data->user != NULL ? al_data->user : "NULL",
199 /* Insert into the db */
200 if (!osdb_query_insert(db_config->conn, sql_query)) {
201 merror(DB_GENERROR, ARGV0);
204 db_config->alert_id++;