[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] ossec-hids: getloglocation.c (HEAD) getloglocation.h (HEAD) log.c (HEAD) log.h (HEAD) [dcid]
- To: dancid@xxxxxxxxxxxxxxx
- Subject: [ossec-dev] ossec-hids: getloglocation.c (HEAD) getloglocation.h (HEAD) log.c (HEAD) log.h (HEAD) [dcid]
- From: OSSEC CVS <cvs-commit@xxxxxxxxx>
- Date: Wed, 6 Sep 2006 14:53:05 -0300 (ADT)
- Content-transfer-encoding: 8bit
Module name: ossec-hids
Changes by: dcid 06/09/06 14:53:03
Modified files:
getloglocation.c getloglocation.h log.c log.h
Log message:
Description: Fixing drop/allow regex.
Reviewed by: dcid
Bug:
Index: getloglocation.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/alerts/getloglocation.c,v
diff -u -r1.9 -r1.10
--- getloglocation.c 28 Aug 2006 18:45:24 -0000 1.9
+++ getloglocation.c 6 Sep 2006 17:53:03 -0000 1.10
@@ -24,6 +24,7 @@
/* OS_InitLog */
void OS_InitLog()
{
+ OS_InitFwLog();
__crt_day = 0;
Index: getloglocation.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/alerts/getloglocation.h,v
diff -u -r1.6 -r1.7
--- getloglocation.h 28 Aug 2006 18:45:24 -0000 1.6
+++ getloglocation.h 6 Sep 2006 17:53:03 -0000 1.7
@@ -22,6 +22,7 @@
*/
void OS_InitLog();
+void OS_InitFwLog();
/*
* Get the log file based on the date/logtype/
@@ -32,6 +33,7 @@
* -1 error
*/
int OS_GetLogLocation(Eventinfo *lf);
+
FILE *_eflog;
FILE *_aflog;
Index: log.c
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/alerts/log.c,v
diff -u -r1.17 -r1.18
--- log.c 20 Aug 2006 20:06:14 -0000 1.17
+++ log.c 6 Sep 2006 17:53:03 -0000 1.18
@@ -9,39 +9,19 @@
* Foundation
*/
-/* v0.4 (2005/09/10): Added logging for multiple events
- * v0.3 (2005/02/10)
- */
-
-/* Basic logging operations */
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
+#include "shared.h"
#include "log.h"
#include "alerts.h"
#include "getloglocation.h"
-
-#include "error_messages/error_messages.h"
-
-#include "headers/defs.h"
-#include "headers/os_err.h"
-#include "headers/debug_op.h"
-#include "headers/file_op.h"
-
-/* analysisd headers */
#include "rules.h"
#include "eventinfo.h"
#include "config.h"
-#define FWDROP "drop"
-#define FWALLOW "accept"
+
+/* Drop/allow patterns */
+OSMatch FWDROPpm;
+OSMatch FWALLOWpm;
/* OS_Store: v0.2, 2005/02/10 */
@@ -112,6 +92,25 @@
}
+
+void OS_InitFwLog()
+{
+ /* Initializing fw log regexes */
+ if(!OSMatch_Compile(FWDROP, &FWDROPpm, 0))
+ {
+ ErrorExit(REGEX_COMPILE, ARGV0, FWDROP,
+ FWDROPpm.error);
+ }
+
+ if(!OSMatch_Compile(FWALLOW, &FWALLOWpm, 0))
+ {
+ ErrorExit(REGEX_COMPILE, ARGV0, FWALLOW,
+ FWALLOWpm.error);
+ }
+
+}
+
+
/* FW_Log: v0.1, 2005/12/30 */
int FW_Log(Eventinfo *lf)
{
@@ -153,12 +152,12 @@
os_strdup("ALLOW", lf->action);
break;
default:
- if(strcasestr(lf->action, FWDROP) != NULL)
+ if(OSMatch_Execute(lf->action,strlen(lf->action),&FWDROPpm))
{
os_free(lf->action);
os_strdup("DROP", lf->action);
}
- else if(strcasestr(lf->action, FWALLOW) != NULL)
+ if(OSMatch_Execute(lf->action,strlen(lf->action),&FWALLOWpm))
{
os_free(lf->action);
os_strdup("ALLOW", lf->action);
Index: log.h
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/analysisd/alerts/log.h,v
diff -u -r1.3 -r1.4
--- log.h 29 Jan 2006 01:55:04 -0000 1.3
+++ log.h 6 Sep 2006 17:53:03 -0000 1.4
@@ -16,6 +16,9 @@
#include "eventinfo.h"
+#define FWDROP "drop"
+#define FWALLOW "accept"
+
void OS_Log(Eventinfo *lf);
void OS_Store(Eventinfo *lf);
int FW_Log(Eventinfo *lf);
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.