/** int __DBInsertServer(char *server, char *info, DBConfig *db_config)
* Inserts server in to the db.
*/
int __DBInsertServer(char *server, char *info, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
/* Checking if the server is present */
snprintf(sql_query, OS_SIZE_1024 -1,
"SELECT id from server where hostname = '%s'",
server);
/* If not present, we insert */
if(osdb_query_select(db_config->conn, sql_query) == 0)
{
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
"server(last_contact, version, hostname, information) "
"VALUES ('%u', '%s', '%s', '%s')",
(unsigned int)time(0), __version, server, info);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_GENERROR, ARGV0);
}
}
/* If it is, we update it */
else
{
snprintf(sql_query, OS_SIZE_1024 -1,
"UPDATE server SET "
"last_contact='%u',version='%s',information='%s' "
"WHERE hostname = '%s'",
(unsigned int)time(0), __version, info, server);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_GENERROR, ARGV0);
}
}
return(0);
}
/* Insert location in to the db */
static int __DBInsertLocation(const char *location, const DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
/* Generate SQL */
snprintf(sql_query, OS_SIZE_1024 - 1,
"INSERT INTO "
"location(server_id, name) "
"VALUES ('%u', '%s')",
db_config->server_id, location);
if (!osdb_query_insert(db_config->conn, sql_query)) {
merror(DB_GENERROR, ARGV0);
}
return (0);
}
/** int __Groups_InsertGroup(char *group, DBConfig *db_config)
* Insert group (categories) in to the db.
*/
int __Groups_InsertGroup(char *group, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
"category(cat_name) "
"VALUES ('%s')",
group);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_GENERROR, ARGV0);
}
return(0);
}
/** int __Groups_InsertGroup(int cat_id, int rule_id, DBConfig *db_config)
* Insert group (categories) in to the db.
*/
int __Groups_InsertGroupMapping(int cat_id, int rule_id, DBConfig *db_config)
{
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
"signature_category_mapping(cat_id, rule_id) "
"VALUES ('%u', '%u')",
cat_id, rule_id);
/* Checking return code. */
if(!osdb_query_insert(db_config->conn, sql_query))
{
merror(DB_GENERROR, ARGV0);
}
return(0);
}
/* Insert alert into to the db
* Returns 1 on success or 0 on error
*/
int OS_Alert_InsertDB(const alert_data *al_data, DBConfig *db_config)
{
int i;
unsigned int s_ip = 0, d_ip = 0, location_id = 0;
unsigned short s_port = 0, d_port = 0;
int *loc_id;
char sql_query[OS_SIZE_8192 + 1];
char *fulllog = NULL;
/* Clear the memory before insert */
sql_query[0] = '\0';
sql_query[OS_SIZE_8192] = '\0';
/* Converting srcip to int */
if(al_data->srcip) {
struct in_addr net;
/* Extracting ip address */
if(inet_aton(al_data->srcip, &net)) {
s_ip = net.s_addr;
}
}
/* Converting dstip to int */
if(al_data->dstip) {
struct in_addr net;
/* Extracting ip address */
if(inet_aton(al_data->dstip, &net)) {
d_ip = net.s_addr;
}
}
/* Source Port */
s_port = al_data->srcport;
/* Destination Port */
d_port = al_data->dstport;
/* Escape strings */
osdb_escapestr(al_data->user);
osdb_escapestr(al_data->location);
/* We first need to insert the location */
loc_id = (int *) OSHash_Get(db_config->location_hash, al_data->location);
/* If we dont have location id, we must select and/or insert in the db */
if (!loc_id) {
location_id = __DBSelectLocation(al_data->location, db_config);
if (location_id == 0) {
/* Insert it */
__DBInsertLocation(al_data->location, db_config);
location_id = __DBSelectLocation(al_data->location, db_config);
}
if (!location_id) {
merror("%s: Unable to insert location: '%s'.",
ARGV0, al_data->location);
return (0);
}
/* Add to hash */
os_calloc(1, sizeof(int), loc_id);
*loc_id = location_id;
OSHash_Add(db_config->location_hash, al_data->location, loc_id);
}
i = 0;
while (al_data->log[i]) {
size_t len = strlen(al_data->log[i]);
char templog[len + 2];
if (al_data->log[i + 1]) {
snprintf(templog, len + 2, "%s\n", al_data->log[i]);
} else {
snprintf(templog, len + 1, "%s", al_data->log[i]);
}
fulllog = os_LoadString(fulllog, templog);
i++;
}
if (fulllog == NULL) {
merror("%s: Unable to process log.", ARGV0);
return (0);
}
osdb_escapestr(fulllog);
if (strlen(fulllog) > 7456) {
fulllog[7454] = '.';
fulllog[7455] = '.';
fulllog[7456] = '\0';
}
/* Generate final SQL */
switch (db_config->db_type) {
case MYSQLDB:
snprintf(sql_query, OS_SIZE_8192,
"INSERT INTO "
"alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,user,full_log,tld) "
"VALUES ('%u', '%u','%u','%u', '%u', '%lu', '%u', '%lu', '%u', '%s', '%s', '%s','%.2s')",
db_config->server_id, al_data->rule,
al_data->level,
(unsigned int)time(0), *loc_id,
(unsigned long)ntohl(s_ip), (unsigned short)s_port,
(unsigned long)ntohl(d_ip), (unsigned short)d_port,
al_data->alertid,
al_data->user, fulllog, al_data->srcgeoip);
break;
case POSTGDB:
snprintf(sql_query, OS_SIZE_8192,
"INSERT INTO "
"alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,\"user\",full_log) "
"VALUES ('%u', '%u','%u','%u', '%u', '%s', '%u', '%s', '%u', '%s', '%s', '%s')",
db_config->server_id, al_data->rule,
al_data->level,
(unsigned int)time(0), *loc_id,
al_data->srcip, (unsigned short)s_port,
al_data->dstip, (unsigned short)d_port,
al_data->alertid,
al_data->user, fulllog);
break;
}
free(fulllog);
fulllog = NULL;
/* Insert into the db */
if (!osdb_query_insert(db_config->conn, sql_query)) {
merror(DB_GENERROR, ARGV0);
}
db_config->alert_id++;
return (1);
}
/** void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
* Insert rules in to the db.
*/
void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config)
{
DBConfig *dbc = (DBConfig *)db_config;
char sql_query[OS_SIZE_1024];
memset(sql_query, '\0', OS_SIZE_1024);
/* Escaping strings */
osdb_escapestr(rule->group);
osdb_escapestr(rule->comment);
/* Checking level limit */
if(rule->level > 20)
rule->level = 20;
if(rule->level < 0)
rule->level = 0;
debug1("%s: DEBUG: entering _Rules_ReadInsertDB()", ARGV0);
/* Checking rule limit */
if(rule->sigid < 0 || rule->sigid > 9999999)
{
merror("%s: Invalid rule id: %u", ARGV0, rule->sigid);
return(NULL);
}
/* Inserting group into the signature mapping */
_Groups_ReadInsertDB(rule, db_config);
debug2("%s: DEBUG: Inserting: %d", ARGV0, rule->sigid);
/* Generating SQL */
snprintf(sql_query, OS_SIZE_1024 -1,
"SELECT id FROM signature "
"where rule_id = %u",
rule->sigid);
if(osdb_query_select(dbc->conn, sql_query) == 0)
{
snprintf(sql_query, OS_SIZE_1024 -1,
"INSERT INTO "
"signature(rule_id, level, description) "
"VALUES ('%u','%u','%s')",
rule->sigid, rule->level, rule->comment);
}
else
{
snprintf(sql_query, OS_SIZE_1024 -1,
"UPDATE signature SET level='%u',description='%s' "
"WHERE rule_id='%u'",
rule->level, rule->comment,rule->sigid);
}
/* Checking return code. */
if(!osdb_query_insert(dbc->conn, sql_query))
{
merror(DB_GENERROR, ARGV0);
}
return(NULL);
}
