void prelude_start(char *profile, int argc, char **argv)
{
int ret;
prelude_client = NULL;
ret = prelude_init(&argc, argv);
if (ret < 0) {
merror("%s: %s: Unable to initialize the Prelude library: %s.",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
return;
}
ret = prelude_client_new(&prelude_client,
profile != NULL ? profile : DEFAULT_ANALYZER_NAME);
if (!prelude_client) {
merror("%s: %s: Unable to create a prelude client object: %s.",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
return;
}
ret = setup_analyzer(prelude_client_get_analyzer(prelude_client));
if (ret < 0) {
merror("%s: %s: Unable to setup analyzer: %s",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
prelude_client_destroy(prelude_client,
PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
return;
}
ret = prelude_client_set_flags(prelude_client,
prelude_client_get_flags(prelude_client)
| PRELUDE_CLIENT_FLAGS_ASYNC_TIMER);
if (ret < 0) {
merror("%s: %s: Unable to set prelude client flags: %s.",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
}
/* Set uid and gid of ossec */
prelude_client_profile_set_uid(prelude_client_get_profile(prelude_client),
Privsep_GetUser(USER));
prelude_client_profile_set_gid(prelude_client_get_profile(prelude_client),
Privsep_GetGroup(GROUPGLOBAL));
ret = prelude_client_start(prelude_client);
if (ret < 0) {
merror("%s: %s: Unable to initialize prelude client: %s.",
ARGV0, prelude_strsource(ret), prelude_strerror(ret));
prelude_client_destroy(prelude_client,
PRELUDE_CLIENT_EXIT_STATUS_FAILURE);
return;
}
return;
}
int prelude_initialize_client(const char *analyzer_name){
int ret;
prelude_client = NULL;
ret = prelude_init(0, NULL);
if ( ret < 0 ) {
logg("Unable to initialize the prelude library : %s", prelude_strerror(ret));
return -1;
}
ret = prelude_client_new(&prelude_client, analyzer_name);
if ( ret < 0 ) {
logg("Unable to create a prelude client object : %s", prelude_strerror(ret));
return -1;
}
ret = idmef_analyzer_setup(prelude_client_get_analyzer(prelude_client), analyzer_name);
if ( ret < 0 ) {
logg("%s", prelude_strerror(ret));
return -1;
}
ret = prelude_client_start(prelude_client);
if ( ret < 0 || ! prelude_client ) {
logg("Unable to start prelude client : %s", prelude_strerror(ret));
prelude_client_destroy(prelude_client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
return -1;
}
ret = prelude_client_set_flags(prelude_client, PRELUDE_CLIENT_FLAGS_ASYNC_SEND|PRELUDE_CLIENT_FLAGS_ASYNC_TIMER);
if ( ret < 0) {
logg("Unable to send asynchrnous send and timer : %s", prelude_strerror(ret));
prelude_client_destroy(prelude_client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
return -1;
}
return 0;
}
int main(int argc, char **argv)
{
int ret;
ev_timer evt;
struct timeval end;
struct sigaction action;
/*
* Initialize libev.
*/
ev_default_loop(EVFLAG_AUTO);
/*
* make sure we ignore sighup until acceptable.
*/
#if !((defined _WIN32 || defined __WIN32__) && !defined __CYGWIN__)
action.sa_flags = 0;
action.sa_handler = SIG_IGN;
sigemptyset(&action.sa_mask);
sigaction(SIGHUP, &action, NULL);
#endif
memset(&start, 0, sizeof(start));
memset(&end, 0, sizeof(end));
prelude_init(&argc, argv);
global_argv = argv;
PRELUDE_PLUGIN_SET_PRELOADED_SYMBOLS();
ret = prelude_option_new_root(&lml_root_optlist);
if ( ret < 0 )
return ret;
ret = log_plugins_init(LOG_PLUGIN_DIR, lml_root_optlist);
if (ret < 0)
return ret;
prelude_log_debug(1, "Initialized %d logs plugins.\n", ret);
ret = lml_options_init(lml_root_optlist, argc, argv);
if ( ret < 0 )
exit(1);
/*
* setup signal handling
*/
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
action.sa_handler = sig_handler;
#ifdef SA_INTERRUPT
action.sa_flags |= SA_INTERRUPT;
#endif
sigaction(SIGTERM, &action, NULL);
sigaction(SIGINT, &action, NULL);
sigaction(SIGABRT, &action, NULL);
#if !((defined _WIN32 || defined __WIN32__) && !defined __CYGWIN__)
sigaction(SIGUSR1, &action, NULL);
sigaction(SIGQUIT, &action, NULL);
sigaction(SIGHUP, &action, NULL);
#endif
ret = file_server_start_monitoring();
if ( ret < 0 && ! config.udp_nserver ) {
prelude_log(PRELUDE_LOG_WARN, "No file or UDP server available for monitoring: terminating.\n");
return -1;
}
if ( config.daemon_mode ) {
prelude_daemonize(config.pidfile);
if ( config.pidfile )
free(config.pidfile);
ev_default_fork();
}
ev_timer_init(&evt, libev_timer_cb, 1, 1);
ev_timer_start(&evt);
/*
* Whether we are using batch-mode or file notification, we need
* to process the currently un-processed entry.
*/
gettimeofday(&start, NULL);
do {
ret = file_server_read_once();
prelude_timer_wake_up();
} while ( ret > 0 );
/*
* if either FAM or UDP server is enabled, we use polling to know
* if there are data available for reading. if batch_mode is set,
* then we revert to reading every data at once.
*/
if ( ! config.batch_mode )
wait_for_event();
else {
gettimeofday(&end, NULL);
/*
* only call prelude_client_destroy in case we are running in batch
* mode, causing an heartbeat to be sent to notice of a normal exit.
*/
if ( ! config.dry_run )
prelude_client_destroy(config.lml_client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
print_stats("", &end);
}
prelude_deinit();
return 0;
}