/** int __DBInsertServer(char *server, char *info, DBConfig *db_config) * Inserts server in to the db. */ int __DBInsertServer(char *server, char *info, DBConfig *db_config) { char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); /* Checking if the server is present */ snprintf(sql_query, OS_SIZE_1024 -1, "SELECT id from server where hostname = '%s'", server); /* If not present, we insert */ if(osdb_query_select(db_config->conn, sql_query) == 0) { snprintf(sql_query, OS_SIZE_1024 -1, "INSERT INTO " "server(last_contact, version, hostname, information) " "VALUES ('%u', '%s', '%s', '%s')", (unsigned int)time(0), __version, server, info); /* Checking return code. */ if(!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } } /* If it is, we update it */ else { snprintf(sql_query, OS_SIZE_1024 -1, "UPDATE server SET " "last_contact='%u',version='%s',information='%s' " "WHERE hostname = '%s'", (unsigned int)time(0), __version, info, server); /* Checking return code. */ if(!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } } return(0); }
/* Insert location in to the db */ static int __DBInsertLocation(const char *location, const DBConfig *db_config) { char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); /* Generate SQL */ snprintf(sql_query, OS_SIZE_1024 - 1, "INSERT INTO " "location(server_id, name) " "VALUES ('%u', '%s')", db_config->server_id, location); if (!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } return (0); }
/** int __Groups_InsertGroup(char *group, DBConfig *db_config) * Insert group (categories) in to the db. */ int __Groups_InsertGroup(char *group, DBConfig *db_config) { char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); /* Generating SQL */ snprintf(sql_query, OS_SIZE_1024 -1, "INSERT INTO " "category(cat_name) " "VALUES ('%s')", group); /* Checking return code. */ if(!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } return(0); }
/** int __Groups_InsertGroup(int cat_id, int rule_id, DBConfig *db_config) * Insert group (categories) in to the db. */ int __Groups_InsertGroupMapping(int cat_id, int rule_id, DBConfig *db_config) { char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); /* Generating SQL */ snprintf(sql_query, OS_SIZE_1024 -1, "INSERT INTO " "signature_category_mapping(cat_id, rule_id) " "VALUES ('%u', '%u')", cat_id, rule_id); /* Checking return code. */ if(!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } return(0); }
/* Insert alert into to the db * Returns 1 on success or 0 on error */ int OS_Alert_InsertDB(const alert_data *al_data, DBConfig *db_config) { int i; unsigned int s_ip = 0, d_ip = 0, location_id = 0; unsigned short s_port = 0, d_port = 0; int *loc_id; char sql_query[OS_SIZE_8192 + 1]; char *fulllog = NULL; /* Clear the memory before insert */ sql_query[0] = '\0'; sql_query[OS_SIZE_8192] = '\0'; /* Converting srcip to int */ if(al_data->srcip) { struct in_addr net; /* Extracting ip address */ if(inet_aton(al_data->srcip, &net)) { s_ip = net.s_addr; } } /* Converting dstip to int */ if(al_data->dstip) { struct in_addr net; /* Extracting ip address */ if(inet_aton(al_data->dstip, &net)) { d_ip = net.s_addr; } } /* Source Port */ s_port = al_data->srcport; /* Destination Port */ d_port = al_data->dstport; /* Escape strings */ osdb_escapestr(al_data->user); osdb_escapestr(al_data->location); /* We first need to insert the location */ loc_id = (int *) OSHash_Get(db_config->location_hash, al_data->location); /* If we dont have location id, we must select and/or insert in the db */ if (!loc_id) { location_id = __DBSelectLocation(al_data->location, db_config); if (location_id == 0) { /* Insert it */ __DBInsertLocation(al_data->location, db_config); location_id = __DBSelectLocation(al_data->location, db_config); } if (!location_id) { merror("%s: Unable to insert location: '%s'.", ARGV0, al_data->location); return (0); } /* Add to hash */ os_calloc(1, sizeof(int), loc_id); *loc_id = location_id; OSHash_Add(db_config->location_hash, al_data->location, loc_id); } i = 0; while (al_data->log[i]) { size_t len = strlen(al_data->log[i]); char templog[len + 2]; if (al_data->log[i + 1]) { snprintf(templog, len + 2, "%s\n", al_data->log[i]); } else { snprintf(templog, len + 1, "%s", al_data->log[i]); } fulllog = os_LoadString(fulllog, templog); i++; } if (fulllog == NULL) { merror("%s: Unable to process log.", ARGV0); return (0); } osdb_escapestr(fulllog); if (strlen(fulllog) > 7456) { fulllog[7454] = '.'; fulllog[7455] = '.'; fulllog[7456] = '\0'; } /* Generate final SQL */ switch (db_config->db_type) { case MYSQLDB: snprintf(sql_query, OS_SIZE_8192, "INSERT INTO " "alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,user,full_log,tld) " "VALUES ('%u', '%u','%u','%u', '%u', '%lu', '%u', '%lu', '%u', '%s', '%s', '%s','%.2s')", db_config->server_id, al_data->rule, al_data->level, (unsigned int)time(0), *loc_id, (unsigned long)ntohl(s_ip), (unsigned short)s_port, (unsigned long)ntohl(d_ip), (unsigned short)d_port, al_data->alertid, al_data->user, fulllog, al_data->srcgeoip); break; case POSTGDB: snprintf(sql_query, OS_SIZE_8192, "INSERT INTO " "alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,\"user\",full_log) " "VALUES ('%u', '%u','%u','%u', '%u', '%s', '%u', '%s', '%u', '%s', '%s', '%s')", db_config->server_id, al_data->rule, al_data->level, (unsigned int)time(0), *loc_id, al_data->srcip, (unsigned short)s_port, al_data->dstip, (unsigned short)d_port, al_data->alertid, al_data->user, fulllog); break; } free(fulllog); fulllog = NULL; /* Insert into the db */ if (!osdb_query_insert(db_config->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } db_config->alert_id++; return (1); }
/** void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config) * Insert rules in to the db. */ void *_Rules_ReadInsertDB(RuleInfo *rule, void *db_config) { DBConfig *dbc = (DBConfig *)db_config; char sql_query[OS_SIZE_1024]; memset(sql_query, '\0', OS_SIZE_1024); /* Escaping strings */ osdb_escapestr(rule->group); osdb_escapestr(rule->comment); /* Checking level limit */ if(rule->level > 20) rule->level = 20; if(rule->level < 0) rule->level = 0; debug1("%s: DEBUG: entering _Rules_ReadInsertDB()", ARGV0); /* Checking rule limit */ if(rule->sigid < 0 || rule->sigid > 9999999) { merror("%s: Invalid rule id: %u", ARGV0, rule->sigid); return(NULL); } /* Inserting group into the signature mapping */ _Groups_ReadInsertDB(rule, db_config); debug2("%s: DEBUG: Inserting: %d", ARGV0, rule->sigid); /* Generating SQL */ snprintf(sql_query, OS_SIZE_1024 -1, "SELECT id FROM signature " "where rule_id = %u", rule->sigid); if(osdb_query_select(dbc->conn, sql_query) == 0) { snprintf(sql_query, OS_SIZE_1024 -1, "INSERT INTO " "signature(rule_id, level, description) " "VALUES ('%u','%u','%s')", rule->sigid, rule->level, rule->comment); } else { snprintf(sql_query, OS_SIZE_1024 -1, "UPDATE signature SET level='%u',description='%s' " "WHERE rule_id='%u'", rule->level, rule->comment,rule->sigid); } /* Checking return code. */ if(!osdb_query_insert(dbc->conn, sql_query)) { merror(DB_GENERROR, ARGV0); } return(NULL); }