gchar *
sim_event_get_insert_clause_header (void)
{
gchar *query;
query = g_strdup_printf ("(id, "
"agent_ctx, "
"timestamp, "
"tzone, "
"sensor_id, "
"interface, "
"type, "
"plugin_id, "
"plugin_sid, "
"protocol, "
"src_ip, "
"dst_ip, "
"src_net, "
"dst_net, "
"src_port, "
"dst_port, "
"event_condition, "
"time_interval, "
"absolute, "
"priority, "
"reliability, "
"asset_src, "
"asset_dst, "
"risk_c, "
"risk_a, "
"alarm, "
"%s, "
"rep_prio_src, "
"rep_prio_dst, "
"rep_rel_src, "
"rep_rel_dst, "
"rep_act_src, "
"rep_act_dst, "
"src_hostname, "
"dst_hostname, "
"src_mac, "
"dst_mac, "
"src_host, "
"dst_host)",
sim_event_get_sql_fields ());
return query;
}
gchar*
sim_event_get_replace_clause(SimEvent *event)
{
gchar time[TIMEBUF_SIZE];
gchar *timestamp=time;
gchar *query;
gint c;
gint a;
int i;
/* Temporal HACK */
gchar uuidtext[37];
gchar *values;
gchar * e_rep_act_src = NULL, * e_rep_act_dst = NULL;
g_return_val_if_fail(event, NULL);
g_return_val_if_fail(SIM_IS_EVENT (event), NULL);
c = rint(event->risk_c);
a = rint(event->risk_a);
if (c < 0)
c = 0;
else if (c > 10)
c = 10;
if (a < 0)
a = 0;
else if (a > 10)
a = 10;
if(event->time_str)
timestamp=event->time_str;
else
strftime (timestamp, TIMEBUF_SIZE, "%F %T", gmtime ((time_t *) &event->time));
if (event->rep_act_src){
e_rep_act_src = g_new0 (gchar,strlen(event->rep_act_src)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_src,e_rep_act_src);
}
if (event->rep_act_dst){
e_rep_act_dst = g_new0 (gchar,strlen(event->rep_act_dst)*2+1);
gda_connection_escape_string (sim_database_get_conn (ossim.dbossim),event->rep_act_dst,e_rep_act_dst);
}
uuid_unparse_upper(event->uuid, uuidtext);
values = sim_event_get_text_escape_fields_values(event);
query
= g_strdup_printf(
"REPLACE INTO event "
"(id, timestamp, sensor, interface, type, plugin_id, plugin_sid, "
"protocol, src_ip, dst_ip, src_port, dst_port, "
"event_condition, value, time_interval, "
"priority, reliability, asset_src, asset_dst, risk_c, risk_a, alarm, "
"snort_sid, snort_cid, uuid, rep_prio_src, rep_prio_dst, rep_rel_src, "
"rep_rel_dst, rep_act_src, rep_act_dst, %s) "
" VALUES (%d, '%s', '%s', '%s', %d, %d, %d,"
" %d, %u, %u, %d, %d, %d, '%s', %d, %d, %d, %d, %d, %d, %d, %d, %u, %u,'%s',"
" %u, %u, %u, %u, '%s', '%s', %s)",
sim_event_get_sql_fields(), event->id, timestamp,
(event->sensor) ? event->sensor : "",
(event->interface) ? event->interface : "", event->type,
event->plugin_id, event->plugin_sid, event->protocol,
(event->src_ia) ? sim_inetaddr_ntohl(event->src_ia) : -1,
(event->dst_ia) ? sim_inetaddr_ntohl(event->dst_ia) : -1,
event->src_port, event->dst_port, event->condition,
(event->value) ? event->value : "", event->interval, event->priority,
event->reliability, event->asset_src, event->asset_dst, c, a,
event->alarm, event->snort_sid, event->snort_cid,
(!uuid_is_null(event->uuid) ? uuidtext : ""),
event->rep_prio_src, event->rep_prio_dst,
event->rep_rel_src, event->rep_rel_dst,
(event->rep_act_src) ? e_rep_act_src : "",
(event->rep_act_dst) ? e_rep_act_dst : "", values);
g_free(values);
g_free (e_rep_act_src);
g_free (e_rep_act_dst);
return query;
}
