/* Update each rule and print it to the logs */ static void LoopRule(RuleNode *curr_node, FILE *flog) { if (curr_node->ruleinfo->firedtimes) { fprintf(flog, "%d-%d-%d-%d\n", thishour, curr_node->ruleinfo->sigid, curr_node->ruleinfo->level, curr_node->ruleinfo->firedtimes); curr_node->ruleinfo->firedtimes = 0; } if (curr_node->child) { RuleNode *child_node = curr_node->child; while (child_node) { LoopRule(child_node, flog); child_node = child_node->next; } } return; }
/** void DumpLogstats(); * Dump the hourly stats about each rule. */ void DumpLogstats() { RuleNode *rulenode_pt; char logfile[OS_FLSIZE +1]; FILE *flog; /* Opening log file */ snprintf(logfile, OS_FLSIZE, "%s/%d/", STATSAVED, prev_year); if(IsDir(logfile) == -1) if(mkdir(logfile,0770) == -1) { merror(MKDIR_ERROR, ARGV0, logfile); return; } snprintf(logfile,OS_FLSIZE,"%s/%d/%s", STATSAVED, prev_year,prev_month); if(IsDir(logfile) == -1) if(mkdir(logfile,0770) == -1) { merror(MKDIR_ERROR,ARGV0,logfile); return; } /* Creating the logfile name */ snprintf(logfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log", STATSAVED, prev_year, prev_month, "totals", today); flog = fopen(logfile, "a"); if(!flog) { merror(FOPEN_ERROR, ARGV0, logfile); return; } rulenode_pt = OS_GetFirstRule(); if(!rulenode_pt) { ErrorExit("%s: Rules in an inconsistent state. Exiting.", ARGV0); } /* Looping on all the rules and printing the stats from them */ do { LoopRule(rulenode_pt, flog); }while((rulenode_pt = rulenode_pt->next) != NULL); /* Print total for the hour */ fprintf(flog, "%d--%d--%d--%d--%d\n\n", thishour, hourly_alerts, hourly_events, hourly_syscheck,hourly_firewall); hourly_alerts = 0; hourly_events = 0; hourly_syscheck = 0; hourly_firewall = 0; fclose(flog); }