📄 op_alert_syslog2.c
字号:
default: length = snprintf(op_data->message_buffer + op_data->header_length, MESSAGE_LENGTH - op_data->header_length, "[%d:%d:%d] %s [Classification: %s] " "[Priority: %d] {%s} %s -> %s", record->event.sig_generator, record->event.sig_id, record->event.sig_rev, sid != NULL ? sid->msg : "ALERT", class_type != NULL ? class_type->name : "Unknown", record->event.priority, protocol_names[record->protocol], src, dest); break; } if((rval = sendto(op_data->socket, op_data->message_buffer, op_data->header_length + length, 0, (struct sockaddr *)&op_data->sin, sizeof(op_data->sin))) == -1) LogMessage("%s: sendto error %u: %s\n", errno, strerror(errno)); return 0;}/* initialize the output processor for this particular instantiation */OpAlertSyslog2_Data *OpAlertSyslog2_ParseArgs(char *args){ OpAlertSyslog2_Data *data; char **toks; int num_toks; int i; int header_length = -1; char *index; if(pv.verbose) LogMessage("Parsing %s arguments: %s\n", MODULE_NAME, args); if(!(data = (OpAlertSyslog2_Data *)calloc(1, sizeof(OpAlertSyslog2_Data)))) { FatalError("Out of memory creating %s configuration\n", MODULE_NAME); return NULL; } data->facility = -1; data->severity = -1; data->socket = -1; if(args) { toks = mSplit(args, ";", 8, &num_toks, 0); /* XXX error check */ for(i = 0; i < num_toks; i++) { char *token = toks[i]; char **subtoks; int num_subtoks; long value; StripWhitespace(&token); if(*token == '\0') continue; /* split the token on ':' */ subtoks = mSplit(token, ":", 2, &num_subtoks, 0); /* XXX error check */ if(strcasecmp("facility", subtoks[0]) == 0) { if(data->facility >= 0) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } /* Process facility Argument */ if(num_subtoks != 2) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } if(String2Long(subtoks[1], &value) == 0) { if(value > MAX_FACILITY) FatalError("%s: Invalid %s argument: %s\n" MODULE_NAME, subtoks[0], subtoks[1]); else data->facility = value; } else { /* search for match in facility map */ int j = 0; while(facility_map[j].keyword) { if(strcasecmp(facility_map[j].keyword, subtoks[1]) == 0) { data->facility = facility_map[j].value; break; } j++; } if(data->facility < 0) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } } } else if(strcasecmp("severity", subtoks[0]) == 0) { if(data->severity >= 0) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } /* Process severity Argument */ if(num_subtoks != 2) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } if(String2Long(subtoks[1], &value) == 0) { if(value > MAX_FACILITY) FatalError("%s: Invalid %s argument: %s\n" MODULE_NAME, subtoks[0], subtoks[1]); else data->severity = value; } else { /* search for match in severity map */ int j = 0; while(severity_map[j].keyword) { if(strcasecmp(severity_map[j].keyword, subtoks[1]) == 0) { data->severity = severity_map[j].value; break; } j++; } if(data->severity < 0) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } } } else if(strcasecmp("hostname", subtoks[0]) == 0) { if(data->hostname) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } /* Must be < 255 bytes and must contain only alphanumeric * names and embedded '-'s */ if(IsValidHostname(subtoks[1]) != 1) FatalError("%s: %s argument is not a valid hostname: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); if(!(data->hostname = strdup(subtoks[1]))) FatalError("%s: Out of memory processing config\n"); } else if(strcasecmp("tag", subtoks[0]) == 0) { if(data->tag) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } if(IsValidSyslogTag(subtoks[1]) != 1) FatalError("%s: %s argument is not a valid syslog tag: " "%s\n", MODULE_NAME, subtoks[0], subtoks[1]); if(!(data->tag = strdup(subtoks[1]))) FatalError("%s: Out of memory processing config\n"); } else if(strcasecmp("syslog_host", subtoks[0]) == 0) { if(data->syslog_host) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } if(!(data->syslog_host = strdup(subtoks[1]))) FatalError("%s: Out of memory processing config\n"); } else if(strcasecmp("syslog_port", subtoks[0]) == 0) { if(data->syslog_port > 0) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } if(String2Long(subtoks[1], &value) != 0) FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); if(value < 1 || value > 65535) FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); data->syslog_port = value; } else if(strcasecmp("withpid", subtoks[0]) == 0) { if(num_subtoks != 1) { FatalError("%s: %s does not take arguments\n", MODULE_NAME, subtoks[0]); } data->pid_flag = 1; } else { FatalError("%s: Unknown argument: %s\n", MODULE_NAME, subtoks[0]); } FreeToks(subtoks, num_subtoks); } FreeToks(toks, num_toks); } if(data->facility == -1) data->facility = DEFAULT_FACILITY; if(data->severity == -1) data->severity = DEFAULT_SEVERITY; if(!data->tag) { if(!(data->tag = strdup(PROGRAM_NAME))) FatalError("%s: Out of memory processing config\n"); } if(!data->hostname) { char hostname[255]; char *index; if(gethostname(hostname, 255) != 0) FatalError("%s: Unable to get hostname\n"); /* since we may get a FQDN, munge the hostname */ if((index = strchr(hostname, '.'))) *index = '\0'; if(!(data->hostname = strdup(hostname))) FatalError("%s: Out of memory processing config\n"); } if(!data->syslog_host) { if(!(data->syslog_host = strdup(DEFAULT_SYSLOG_HOST))) FatalError("%s: Out of memory processing config\n"); } if(data->syslog_port == 0) data->syslog_port = DEFAULT_SYSLOG_PORT; /* calculate the syslog priority */ data->priority = data->facility * 8 + data->severity; /* allocate the message buffer */ if(!(data->message_buffer = calloc(MESSAGE_LENGTH, sizeof(char)))) FatalError("%s: Out of memory starting output plugin\n"); /* copy in the basic string */ if(data->pid_flag) header_length = snprintf(data->message_buffer, MESSAGE_LENGTH, "<%u>XXX XX XX:XX:XX %s %s[%u]: ", data->priority, data->hostname, data->tag, getpid()); else header_length = snprintf(data->message_buffer, MESSAGE_LENGTH, "<%u>XXX XX XX:XX:XX %s %s: ", data->priority, data->hostname, data->tag); if(header_length > MESSAGE_LENGTH) FatalError("%s: Message header length is too long: %i\n", header_length); data->header_length = header_length; if(!(index = strchr(data->message_buffer, '>'))) FatalError("%s: Error calculating priority field length\n"); data->month_offset = index - data->message_buffer + 1; data->timestamp_offset = data->month_offset + 4; if(pv.verbose) { } return data;}static int IsValidHostname(char *hostname){ char *index; int firstchar = 1; int lastdash = 0; if(!hostname) return 0; if(strlen(hostname) > 254) return 0; /* check characters */ index = hostname; while(*index) { if(!isalnum(*index)) { /* check for '-' */ if(*index == '-') { if(firstchar) return 0; lastdash = 1; } else return 0; } else { lastdash = 0; firstchar = 0; } index++; } if(firstchar || lastdash) return 0; return 1;}static int IsValidSyslogTag(char *syslog_tag){ char *index; int firstchar = 1; int lastdash = 0; if(!syslog_tag) return 0; if(strlen(syslog_tag) > 254) return 0; /* check characters */ index = syslog_tag; while(*index) { if(!isalnum(*index)) { /* check for '-' */ if(*index == '-') { if(firstchar) return 0; lastdash = 1; } else return 0; } else { lastdash = 0; firstchar = 0; } index++; } if(firstchar || lastdash) return 0; return 1;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -