-/* @(#) $Id: localfile-config.c,v 1.25 2009/11/03 21:07:32 dcid Exp $ */
+/* @(#) $Id: ./src/config/localfile-config.c, 2012/03/28 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
-
-#include "shared.h"
+
+#include "shared.h"
#include "localfile-config.h"
{
int pl = 0;
int i = 0;
-
- int glob_set = 0;
-
+
+ int glob_set = 0;
+
#ifndef WIN32
int glob_offset = 0;
#endif
char *xml_localfile_location = "location";
char *xml_localfile_command = "command";
char *xml_localfile_logformat = "log_format";
-
+ char *xml_localfile_frequency = "frequency";
+ char *xml_localfile_alias = "alias";
logreader *logf;
logreader_config *log_config;
log_config = (logreader_config *)d1;
- /* If config is not set, we need to create it */
+ /* If config is not set, we need to create it */
if(!log_config->config)
{
os_calloc(2, sizeof(logreader), log_config->config);
logf = log_config->config;
logf[0].file = NULL;
logf[0].command = NULL;
+ logf[0].alias = NULL;
logf[0].logformat = NULL;
logf[1].file = NULL;
logf[1].command = NULL;
+ logf[1].alias = NULL;
logf[1].logformat = NULL;
}
else
{
pl++;
}
-
+
/* Allocating more memory */
os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config);
logf = log_config->config;
logf[pl +1].file = NULL;
logf[pl +1].command = NULL;
+ logf[pl +1].alias = NULL;
logf[pl +1].logformat = NULL;
}
-
+
logf[pl].file = NULL;
logf[pl].command = NULL;
+ logf[pl].alias = NULL;
logf[pl].logformat = NULL;
logf[pl].fp = NULL;
logf[pl].ffile = NULL;
logf[pl].djb_program_name = NULL;
-
-
+ logf[pl].ign = 360;
+
+
/* Searching for entries related to files */
i = 0;
while(node[i])
}
else if(strcmp(node[i]->element,xml_localfile_command) == 0)
{
+ /* We don't accept remote commands from the manager - just in case. */
+ if(log_config->agent_cfg == 1 && log_config->accept_remote == 0)
+ {
+ merror("%s: Remote commands are not accepted from the manager. "
+ "Ignoring it on the agent.conf", ARGV0);
+
+ logf[pl].file = NULL;
+ logf[pl].ffile = NULL;
+ logf[pl].command = NULL;
+ logf[pl].alias = NULL;
+ logf[pl].logformat = NULL;
+ logf[pl].fp = NULL;
+ return(OS_INVALID);
+ }
+
os_strdup(node[i]->content, logf[pl].file);
logf[pl].command = logf[pl].file;
}
+ else if(strcmp(node[i]->element,xml_localfile_frequency) == 0)
+ {
+ if(!OS_StrIsNum(node[i]->content))
+ {
+ merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
+ return(OS_INVALID);
+ }
+
+ logf[pl].ign = atoi(node[i]->content);
+ }
else if(strcmp(node[i]->element,xml_localfile_location) == 0)
{
#ifdef WIN32
/* Expand variables on Windows. */
if(strchr(node[i]->content, '%'))
{
- int expandreturn = 0;
+ int expandreturn = 0;
char newfile[OS_MAXSTR +1];
newfile[OS_MAXSTR] = '\0';
- expandreturn = ExpandEnvironmentStrings(node[i]->content,
+ expandreturn = ExpandEnvironmentStrings(node[i]->content,
newfile, OS_MAXSTR);
if((expandreturn > 0) && (expandreturn < OS_MAXSTR))
os_strdup(newfile, node[i]->content);
}
- }
+ }
#endif
* We will call this file multiple times until
* there is no one else available.
*/
- #ifndef WIN32 /* No windows support for glob */
+ #ifndef WIN32 /* No windows support for glob */
if(strchr(node[i]->content, '*') ||
strchr(node[i]->content, '?') ||
strchr(node[i]->content, '['))
{
glob_t g;
-
+
/* Setting ot the first entry of the glob */
if(glob_set == 0)
glob_set = pl +1;
-
+
if(glob(node[i]->content, 0, NULL, &g) != 0)
{
merror(GLOB_ERROR, ARGV0, node[i]->content);
i++;
continue;
}
-
+
/* Checking for the last entry */
if((g.gl_pathv[glob_offset]) == NULL)
{
os_strdup(g.gl_pathv[glob_offset], logf[pl].file);
}
-
+
glob_offset++;
globfree(&g);
pl++;
os_realloc(logf, (pl +2)*sizeof(logreader), log_config->config);
logf = log_config->config;
-
+
logf[pl].file = NULL;
+ logf[pl].alias = NULL;
logf[pl].logformat = NULL;
logf[pl].fp = NULL;
logf[pl].ffile = NULL;
-
+
logf[pl +1].file = NULL;
+ logf[pl +1].alias = NULL;
logf[pl +1].logformat = NULL;
/* We can not increment the file count in here */
}
else if(strchr(node[i]->content, '%'))
#else
- if(strchr(node[i]->content, '%'))
+ if(strchr(node[i]->content, '%'))
#endif /* WIN32 */
/* We need the format file (based on date) */
os_strdup(node[i]->content, logf[pl].ffile);
os_strdup(node[i]->content, logf[pl].file);
}
-
-
+
+
/* Normal file */
else
{
if(strcmp(logf[pl].logformat, "syslog") == 0)
{
}
+ else if(strcmp(logf[pl].logformat, "generic") == 0)
+ {
+ }
else if(strcmp(logf[pl].logformat, "snort-full") == 0)
{
}
else if(strcmp(logf[pl].logformat, "mysql_log") == 0)
{
}
+ else if(strcmp(logf[pl].logformat, "ossecalert") == 0)
+ {
+ }
else if(strcmp(logf[pl].logformat, "mssql_log") == 0)
{
}
else if(strcmp(logf[pl].logformat, "command") == 0)
{
}
+ else if(strcmp(logf[pl].logformat, "full_command") == 0)
+ {
+ }
+ else if(strncmp(logf[pl].logformat, "multi-line", 10) == 0)
+ {
+ int x = 0;
+ logf[pl].logformat+=10;
+
+ while(logf[pl].logformat[0] == ' ')
+ logf[pl].logformat++;
+
+ if(logf[pl].logformat[0] != ':')
+ {
+ merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
+ return(OS_INVALID);
+ }
+ logf[pl].logformat++;
+
+ while(*logf[pl].logformat == ' ')
+ logf[pl].logformat++;
+
+ while(logf[pl].logformat[x] >= '0' && logf[pl].logformat[x] <= '9')
+ x++;
+
+ while(logf[pl].logformat[x] == ' ')
+ x++;
+
+ if(logf[pl].logformat[x] != '\0')
+ {
+ merror(XML_VALUEERR,ARGV0,node[i]->element,node[i]->content);
+ return(OS_INVALID);
+ }
+ }
else if(strcmp(logf[pl].logformat, EVENTLOG) == 0)
{
}
return(OS_INVALID);
}
}
+ else if(strcasecmp(node[i]->element,xml_localfile_alias) == 0)
+ {
+ os_strdup(node[i]->content, logf[pl].alias);
+ }
else
{
merror(XML_INVELEM, ARGV0, node[i]->element);
if(glob_set)
{
char *format;
-
+
/* Getting log format */
if(logf[pl].logformat)
{
merror(MISS_FILE, ARGV0);
return(OS_INVALID);
}
-
+
if(logf[i].logformat == NULL)
{
logf[i].logformat = format;
merror(MISS_FILE, ARGV0);
return(OS_INVALID);
}
-
+
/* Verifying a valid event log config */
if(strcmp(logf[pl].logformat, EVENTLOG) == 0)
{
}
}
- if(strcmp(logf[pl].logformat, "command") == 0)
+ if((strcmp(logf[pl].logformat, "command") == 0)||
+ (strcmp(logf[pl].logformat, "full_command") == 0))
{
if(!logf[pl].command)
{