secwatch.c

Go to the documentation of this file.
00001 /*----------------------------------------------------------------------------
00002  secwatch - Copyright (C) 2006 Nic Stevens -- See COPYING for license details
00003 ------------------------------------------------------------------------------
00004  secwatch.c - This is the code for the main loop of secwatch. Here we pull log
00005  data, a line at time, and test it against the patterns (in pattern.c) We also
00006  do simple signal handling here (flush IP list and exit)
00007 -----------------------------------------------------------------------------*/
00008 #ifdef HAVE_CONFIG_H
00009 #include "config.h"
00010 #endif
00011 #include <stdio.h>
00012 #include <stdlib.h>
00013 #include <string.h>
00014 #include <unistd.h>
00015 #include <signal.h>
00016 #include <errno.h>
00017 #include "log.h"
00018 #include "strutil.h"
00019 #include "tail.h"
00020 #include "configfile.h"
00021 
00025 void sigHandler() {
00026      writeIpList();
00027      exit(0);
00028 }
00034 void secwatch(void) {
00035      char buf[32767];
00036      char ip[32];
00037      char *filename;
00038      int ipp;
00039      loadIpList();
00040      signal(SIGINT,sigHandler);
00041      signal(SIGKILL,sigHandler);
00042      signal(SIGABRT,sigHandler);
00043      signal(SIGTERM,sigHandler);
00044      writeLog("secwatch startup");
00045      while(1) {
00046           ipManage();
00047           if(taildata(&filename,buf,sizeof(buf)) > 0) {
00048                if(patternMatch(filename,buf,&ipp) == 0) {
00049                     if(sscanf(&buf[ipp],"%s",ip)) 
00050                          incrementHitCount(ip);
00051                     else
00052                          writeLog("Couldn't get ip from log line: [%s]",trim(buf));
00053                }
00054                processLogHooks(buf);
00055           }
00056           tailsleep(100);
00057      }
00058 }
Generated on Tue Oct 31 10:17:23 2006 for secwatch by  doxygen 1.4.6