actions/action_alert_syslog.c

Go to the documentation of this file.
00001 #include <stdio.h>
00002 #include <string.h>
00003 #include <stdlib.h>
00004 #include <stdarg.h>
00005 #include "action_alert_syslog.h"
00006 
00007 #if 0
00008 #define DEBUG
00009 #define DEBUGPATH 1
00010 #endif
00011 
00012 #include "../engine/hlbrlib.h"
00013 
00014 typedef struct _hlbr_syslog_t {
00015     char *name;
00016     int val;
00017 } hlbr_syslog_t;
00018 
00019 hlbr_syslog_t hlbr_syslog_prioritys[] = {
00020     {"LOG_ALERT", LOG_ALERT},
00021     {"LOG_CRIT", LOG_CRIT},
00022     {"LOG_DEBUG", LOG_DEBUG},
00023     {"LOG_EMERG", LOG_EMERG},
00024     {"LOG_ERR", LOG_ERR},
00025     {"LOG_INFO", LOG_INFO},
00026     {"LOG_NOTICE", LOG_NOTICE},
00027     {"LOG_WARNING", LOG_WARNING},
00028 };
00029 
00030 hlbr_syslog_t hlbr_syslog_facilitys[] = {
00031 #ifdef LOG_AUTHPRIV     
00032     {"LOG_AUTHPRIV", LOG_AUTHPRIV},
00033 #endif  
00034 #ifdef LOG_FTP
00035     {"LOG_FTP", LOG_FTP},
00036 #endif
00037     {"LOG_AUTH", LOG_AUTH},
00038     {"LOG_CRON", LOG_CRON},
00039     {"LOG_DAEMON", LOG_DAEMON},
00040     {"LOG_KERN", LOG_KERN},
00041     {"LOG_LPR", LOG_LPR},
00042     {"LOG_MAIL", LOG_MAIL},
00043     {"LOG_NEWS", LOG_NEWS},
00044     {"LOG_SYSLOG", LOG_SYSLOG},
00045     {"LOG_USER", LOG_USER},
00046     {"LOG_UUCP", LOG_UUCP},
00047     {"LOG_LOCAL0", LOG_LOCAL0},
00048     {"LOG_LOCAL1", LOG_LOCAL1},
00049     {"LOG_LOCAL2", LOG_LOCAL2},
00050     {"LOG_LOCAL3", LOG_LOCAL3},
00051     {"LOG_LOCAL4", LOG_LOCAL4},
00052     {"LOG_LOCAL5", LOG_LOCAL5},
00053     {"LOG_LOCAL6", LOG_LOCAL6},
00054     {"LOG_LOCAL7", LOG_LOCAL7},
00055 };
00056 
00057 hlbr_syslog_t hlbr_syslog_options[] = {
00058 
00059 #ifdef LOG_CONS
00060     {"LOG_CONS", LOG_CONS},     /* Write directly to system console if  there  is  an  error  while sending to system logger. */
00061 #endif
00062 #ifdef LOG_NDELAY
00063     {"LOG_NDELAY", LOG_NDELAY}, /* Open  the  connection  immediately */
00064 #endif
00065 #ifdef LOG_NOWAIT
00066     {"LOG_NOWAIT", LOG_NOWAIT}, /* Don't wait for child processes that may have been created  while logging the message. */
00067 #endif
00068 #ifdef LOG_ODELAY
00069     {"LOG_ODELAY", LOG_ODELAY}, /* The converse of LOG_NDELAY; opening of the connection is delayed */
00070 #endif
00071 #ifdef LOG_PERROR
00072     {"LOG_PERROR", LOG_PERROR}, /* (Not in SUSv3.) Print to stderr as well. */
00073 #endif
00074 #ifdef LOG_PID
00075     {"LOG_PID", LOG_PID},       /* Include PID with each message */
00076 #endif
00077 };
00078 
00079 
00080 typedef struct action_syslog_rec_t {
00081     int priority, facility, options;
00082     int Active;
00083 } ActionSyslogRec;
00084 
00085 /* Shutdown syslog handler call closelog() */
00086 int ActionAlertSyslogShutdownFunc(void *Data)
00087 {
00088     ActionSyslogRec *data;
00089 
00090     DEBUGPATH;
00091 
00092     if (!Data) {
00093         DBG((printf("FAILED: %s(%p)\n", __FUNCTION__, Data)));
00094         return FALSE;
00095     }
00096 
00097     data = (ActionSyslogRec *) Data;
00098     if (data->Active == TRUE)
00099         closelog();
00100     memset(&data, 0x0, sizeof(ActionSyslogRec *));
00101     return TRUE;
00102 }
00103 
00104 /* call openlog() and setup shutdown handler for syslog */
00105 int SyslogInit(ActionSyslogRec * Data)
00106 {
00107     ActionSyslogRec *data;
00108 
00109     DEBUGPATH;
00110 
00111     if (!Data) {
00112         DBG((printf("FAILED: %s(%p)\n", __FUNCTION__, Data)));
00113         return FALSE;
00114     }
00115     data = (ActionSyslogRec *) Data;
00116     openlog("hlbr", data->options, data->facility);
00117     DBG((printf
00118          ("Calling openlog(\"%s\", 0%x, 0%x)\n", "hlbr", data->options,
00119           data->facility)
00120         ));
00121     data->Active = TRUE;
00122     AddShutdownHandler(ActionAlertSyslogShutdownFunc, data);
00123     return TRUE;
00124 }
00125 
00126 
00127 /* handle info messages */
00128 int AlertSyslogMessage(char *Message, void *Data)
00129 {
00130     ActionSyslogRec *data;
00131 
00132     DEBUGPATH;
00133 
00134     if (!Data) {
00135         DBG((printf("FAILED: %s(%p)\n", __FUNCTION__, Data)));
00136         return FALSE;
00137     }
00138     data = (ActionSyslogRec *) Data;
00139     if (data->Active != TRUE)
00140         SyslogInit(data);
00141 
00142     syslog(data->priority, "%s", ((Message != NULL) ? Message : "ALERT!"));
00143     return TRUE;
00144 }
00145 
00146 /* Write the alert message to syslog */
00147 int AlertSyslogAction(int RuleNum, int PacketSlot, void *Data)
00148 {
00149     char Buff[1024];
00150     PacketRec *p;
00151     ActionSyslogRec *data;
00152 
00153     DEBUGPATH;
00154     DBG((printf("Sending alert to syslog\n")));
00155 
00156     if (!Data) {
00157         DBG((printf("FAILED: %s(%p)\n", __FUNCTION__, Data)));
00158         return FALSE;
00159     }
00160 
00161     data = (ActionSyslogRec *) Data;
00162 
00163     if (data->Active != TRUE)
00164         SyslogInit(data);
00165 
00166     p = &Globals.Packets[PacketSlot];
00167     if (!ApplyMessage
00168         (Globals.Rules[RuleNum].MessageFormat, PacketSlot, Buff, 1024)) {
00169         printf("Couldn't apply message to packet for syslog\n");
00170         return FALSE;
00171     }
00172 
00173     syslog(data->priority, "%s", ((Buff != NULL) ? Buff : "ALERT!"));
00174     return TRUE;
00175 }
00176 
00177 void *AlertSyslogParseArgs(char *Args)
00178 {
00179     int idx;
00180     char *ptr;
00181     ActionSyslogRec *data;
00182     QueueList *ll, *list;
00183     QueueList *opt, *options;
00184 
00185     opt = options = ll = list = NULL;
00186     ptr = NULL;
00187 
00188     DEBUGPATH;
00189     DBG((printf("%s(%s)\n", __FUNCTION__, Args)));
00190 
00191     data = (ActionSyslogRec *) calloc(sizeof(ActionSyslogRec), 1);
00192     data->options = 0;
00193     data->facility = LOG_AUTH;
00194     data->priority = LOG_INFO;
00195 
00196     list = ListAdd(Args, list, ',');
00197     for (ll = list; ll != NULL; ll = ll->next) {
00198         if ((ptr = ParseCmp("facility", ll->item)) != NULL) {
00199             for (idx = 0; idx < ARRAYSIZE(hlbr_syslog_facilitys); idx++) {
00200                 if (strcasecmp(hlbr_syslog_facilitys[idx].name, ptr) == 0) {
00201                     DBG((printf
00202                          ("facility(%s) = %d\n", ptr,
00203                           hlbr_syslog_facilitys[idx].val)));
00204                     data->facility = hlbr_syslog_facilitys[idx].val;
00205                 }
00206             }
00207             FREE(ptr);
00208         }
00209         if ((ptr = ParseCmp("priority", ll->item)) != NULL) {
00210             for (idx = 0; idx < ARRAYSIZE(hlbr_syslog_prioritys); idx++) {
00211                 if (strcasecmp(hlbr_syslog_prioritys[idx].name, ptr) == 0) {
00212                     DBG((printf
00213                          ("priority(%s) = %d\n", ptr,
00214                           hlbr_syslog_prioritys[idx].val)));
00215                     data->priority = hlbr_syslog_prioritys[idx].val;
00216                 }
00217             }
00218             FREE(ptr);
00219         }
00220         if ((ptr = ParseCmp("options", ll->item)) != NULL) {
00221             options = ListAdd(ptr, options, '|');
00222             for (opt = options; opt != NULL; opt = opt->next) {
00223                 for (idx = 0; idx < ARRAYSIZE(hlbr_syslog_options); idx++) {
00224                     if (strcasecmp(hlbr_syslog_options[idx].name, opt->item)
00225                         == 0) {
00226                         DBG((printf
00227                              ("priority(%s) = %d\n", opt->item,
00228                               hlbr_syslog_options[idx].val)));
00229                         data->options |= hlbr_syslog_options[idx].val;
00230                     }
00231                 }
00232             }
00233             ListClear(options);
00234             FREE(ptr);
00235         }
00236     }
00237     ListClear(list);
00238     return data;
00239 }
00240 
00241 
00242 /********************************
00243 * Set up the alert Syslog stuff
00244 ********************************/
00245 int InitActionAlertSyslog()
00246 {
00247     int ActionID;
00248 
00249     DEBUGPATH;
00250 
00251     ActionID = CreateAction("alert syslog");
00252     if (ActionID == ACTION_NONE) {
00253         DBG((printf("Couldn't allocation action alert syslog\n")));
00254         return FALSE;
00255     }
00256 
00257     Globals.ActionItems[ActionID].ActionFunc = AlertSyslogAction;
00258     Globals.ActionItems[ActionID].MessageFunc = AlertSyslogMessage;
00259     Globals.ActionItems[ActionID].ParseArgs = AlertSyslogParseArgs;
00260 
00261     return TRUE;
00262 }
Generated on Sat Jul 7 23:33:09 2007 for HLBR by  doxygen 1.5.2