/** int Read_FileMon(file_queue *fileq, struct tm *p, int timeout)
* Reads from the monitored file.
*/
alert_data *Read_FileMon(file_queue *fileq, const struct tm *p, unsigned int timeout)
{
unsigned int i = 0;
alert_data *al_data;
/* If the file queue is not available, try to access it */
if(!fileq->fp)
{
if(Handle_Queue(fileq, 0) != 1)
{
file_sleep();
return(NULL);
}
}
/* Getting currently file */
if(p->tm_mday != fileq->day)
{
/* If the day changes, we need to get all remaining alerts. */
al_data = GetAlertData(fileq->flags, fileq->fp);
if(!al_data)
{
fileq->day = p->tm_mday;
fileq->year = p->tm_year+1900;
strncpy(fileq->mon, s_month[p->tm_mon], 3);
/* Getting latest file */
GetFile_Queue(fileq);
if(Handle_Queue(fileq, 0) != 1)
{
file_sleep();
return(NULL);
}
}
else
{
return(al_data);
}
}
/* Try up to timeout times to get an event */
while(i < timeout)
{
al_data = GetAlertData(fileq->flags, fileq->fp);
if(al_data)
{
return(al_data);
}
i++;
file_sleep();
}
/* Returning NULL if timeout expires. */
return(NULL);
}
* Foundation
*/
#include "shared.h"
#include "headers/read-alert.h"
#include "logcollector.h"
void *read_ossecalert(int pos, __attribute__((unused)) int *rc, int drop_it)
{
alert_data *al_data;
char user_msg[256];
char srcip_msg[256];
char syslog_msg[OS_SIZE_2048 + 1];
al_data = GetAlertData(0, logff[pos].fp);
if (!al_data) {
return (NULL);
}
memset(syslog_msg, '\0', OS_SIZE_2048 + 1);
/* Add source ip */
if (!al_data->srcip ||
((al_data->srcip[0] == '(') &&
(al_data->srcip[1] == 'n') &&
(al_data->srcip[2] == 'o'))) {
srcip_msg[0] = '\0';
} else {
snprintf(srcip_msg, 255, " srcip: %s;", al_data->srcip);
}
