/* Update each rule and print it to the logs */
static void LoopRule(RuleNode *curr_node, FILE *flog)
{
if (curr_node->ruleinfo->firedtimes) {
fprintf(flog, "%d-%d-%d-%d\n",
thishour,
curr_node->ruleinfo->sigid,
curr_node->ruleinfo->level,
curr_node->ruleinfo->firedtimes);
curr_node->ruleinfo->firedtimes = 0;
}
if (curr_node->child) {
RuleNode *child_node = curr_node->child;
while (child_node) {
LoopRule(child_node, flog);
child_node = child_node->next;
}
}
return;
}
/** void DumpLogstats();
* Dump the hourly stats about each rule.
*/
void DumpLogstats()
{
RuleNode *rulenode_pt;
char logfile[OS_FLSIZE +1];
FILE *flog;
/* Opening log file */
snprintf(logfile, OS_FLSIZE, "%s/%d/", STATSAVED, prev_year);
if(IsDir(logfile) == -1)
if(mkdir(logfile,0770) == -1)
{
merror(MKDIR_ERROR, ARGV0, logfile);
return;
}
snprintf(logfile,OS_FLSIZE,"%s/%d/%s", STATSAVED, prev_year,prev_month);
if(IsDir(logfile) == -1)
if(mkdir(logfile,0770) == -1)
{
merror(MKDIR_ERROR,ARGV0,logfile);
return;
}
/* Creating the logfile name */
snprintf(logfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log",
STATSAVED,
prev_year,
prev_month,
"totals",
today);
flog = fopen(logfile, "a");
if(!flog)
{
merror(FOPEN_ERROR, ARGV0, logfile);
return;
}
rulenode_pt = OS_GetFirstRule();
if(!rulenode_pt)
{
ErrorExit("%s: Rules in an inconsistent state. Exiting.",
ARGV0);
}
/* Looping on all the rules and printing the stats from them */
do
{
LoopRule(rulenode_pt, flog);
}while((rulenode_pt = rulenode_pt->next) != NULL);
/* Print total for the hour */
fprintf(flog, "%d--%d--%d--%d--%d\n\n",
thishour,
hourly_alerts, hourly_events, hourly_syscheck,hourly_firewall);
hourly_alerts = 0;
hourly_events = 0;
hourly_syscheck = 0;
hourly_firewall = 0;
fclose(flog);
}
