-/* @(#) $Id: alert.c,v 1.8 2009/06/24 17:06:29 dcid Exp $ */
+/* @(#) $Id: ./src/os_dbd/alert.c, 2011/09/08 dcid Exp $
+ */
/* Copyright (C) 2009 Trend Micro Inc.
* All rights reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*
* License details at the LICENSE file included with OSSEC or
int __DBInsertLocation(char *location, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
-
+
memset(sql_query, '\0', OS_SIZE_1024);
/* Generating SQL */
*/
int OS_Alert_InsertDB(alert_data *al_data, DBConfig *db_config)
{
+ int i;
unsigned int s_ip = 0, d_ip = 0, location_id = 0;
+ unsigned short s_port = 0, d_port = 0;
int *loc_id;
- char sql_query[OS_SIZE_2048 +1];
+ char sql_query[OS_SIZE_8192 +1];
+ char *fulllog = NULL;
/* Clearing the memory before insert */
- memset(sql_query, '\0', OS_SIZE_2048 +1);
-
+ sql_query[0] = '\0';
+ sql_query[OS_SIZE_8192] = '\0';
+
/* Converting srcip to int */
if(al_data->srcip)
s_ip = net.s_addr;
}
}
- d_ip = 0;
+
+ /* Converting dstip to int */
+ if(al_data->dstip)
+ {
+ struct in_addr net;
+
+ /* Extracting ip address */
+ if(inet_aton(al_data->dstip, &net))
+ {
+ d_ip = net.s_addr;
+ }
+ }
+
+ /* Source Port */
+ s_port = al_data->srcport;
+
+ /* Destination Port */
+ d_port = al_data->dstport;
/* Escaping strings */
osdb_escapestr(al_data->user);
- osdb_escapestr(al_data->log[0]);
/* We first need to insert the location */
loc_id = OSHash_Get(db_config->location_hash, al_data->location);
-
-
+
+
/* If we dont have location id, we must select and/or insert in the db */
if(!loc_id)
{
if(!location_id)
{
- merror("%s: Unable to insert location: '%s'.",
+ merror("%s: Unable to insert location: '%s'.",
ARGV0, al_data->location);
return(0);
}
*loc_id = location_id;
OSHash_Add(db_config->location_hash, al_data->location, loc_id);
}
-
+
+
+ i = 0;
+ while(al_data->log[i])
+ {
+ long len = strlen(al_data->log[i]);
+ char templog[len+2];
+ if (al_data->log[i+1]) {
+ snprintf(templog, len+2, "%s\n", al_data->log[i]);
+ }
+ else {
+ snprintf(templog, len+1, "%s", al_data->log[i]);
+ }
+ fulllog = os_LoadString(fulllog, templog);
+// fulllog = os_LoadString(fulllog, al_data->log[i]);
+ i++;
+ }
+ osdb_escapestr(fulllog);
+ if(strlen(fulllog) > 7456)
+ {
+ fulllog[7454] = '.';
+ fulllog[7455] = '.';
+ fulllog[7456] = '\0';
+ }
+
/* Inserting data */
if(db_config->db_type == POSTGDB)
{
/* On postgres we need to escape the user field. */
- snprintf(sql_query, OS_SIZE_2048,
+ snprintf(sql_query, OS_SIZE_8192,
"INSERT INTO "
"data(id, server_id, \"user\", full_log) "
"VALUES ('%u', '%u', '%s', '%s') ",
- db_config->alert_id, db_config->server_id,
- al_data->user, al_data->log[0]);
+ db_config->alert_id, db_config->server_id,
+ al_data->user, fulllog);
}
else
{
- snprintf(sql_query, OS_SIZE_2048,
+ snprintf(sql_query, OS_SIZE_8192,
"INSERT INTO "
"data(id, server_id, user, full_log) "
"VALUES ('%u', '%u', '%s', '%s') ",
- db_config->alert_id, db_config->server_id,
- al_data->user, al_data->log[0]);
+ db_config->alert_id, db_config->server_id,
+ al_data->user, fulllog);
}
-
-
+
+ free(fulllog);
+ fulllog = NULL;
+
+
/* Inserting into the db */
if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_GENERROR, ARGV0);
}
-
+
/* Generating final SQL */
- snprintf(sql_query, OS_SIZE_2048,
+ snprintf(sql_query, OS_SIZE_8192,
"INSERT INTO "
- "alert(id,server_id,rule_id,timestamp,location_id,src_ip) "
- "VALUES ('%u', '%u', '%u','%u', '%u', '%lu')",
+ "alert(id,server_id,rule_id,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid) "
+ "VALUES ('%u', '%u', '%u','%u', '%u', '%lu', '%u', '%lu', '%u', '%s')",
db_config->alert_id, db_config->server_id, al_data->rule,
- (unsigned int)time(0), *loc_id, (unsigned long)ntohl(s_ip));
+ (unsigned int)time(0), *loc_id,
+ (unsigned long)ntohl(s_ip), (unsigned short)s_port,
+ (unsigned long)ntohl(d_ip), (unsigned short)d_port,
+ al_data->alertid);
/* Inserting into the db */
merror(DB_GENERROR, ARGV0);
}
-
+
db_config->alert_id++;
return(1);
}