#include <stdio.h>#include <stdlib.h>#include <string.h>#include <unistd.h>#include <signal.h>#include <errno.h>#include "log.h"#include "strutil.h"#include "tail.h"#include "configfile.h"Include dependency graph for secwatch.c:
Go to the source code of this file.
Functions | |
| void | sigHandler () |
| void | secwatch (void) |
|
|
secwatch watches log files looking for repeat attemps based on patterns if secwatch thinks an external source is making too many failed attemps that source's packets will be dropped for a specified time. Definition at line 34 of file secwatch.c. References incrementHitCount(), ipManage(), loadIpList(), patternMatch(), processLogHooks(), sigHandler(), taildata(), tailsleep(), trim(), and writeLog(). 00034 { 00035 char buf[32767]; 00036 char ip[32]; 00037 char *filename; 00038 int ipp; 00039 loadIpList(); 00040 signal(SIGINT,sigHandler); 00041 signal(SIGKILL,sigHandler); 00042 signal(SIGABRT,sigHandler); 00043 signal(SIGTERM,sigHandler); 00044 writeLog("secwatch startup"); 00045 while(1) { 00046 ipManage(); 00047 if(taildata(&filename,buf,sizeof(buf)) > 0) { 00048 if(patternMatch(filename,buf,&ipp) == 0) { 00049 if(sscanf(&buf[ipp],"%s",ip)) 00050 incrementHitCount(ip); 00051 else 00052 writeLog("Couldn't get ip from log line: [%s]",trim(buf)); 00053 } 00054 processLogHooks(buf); 00055 } 00056 tailsleep(100); 00057 } 00058 }
Here is the call graph for this function:  |
|
|
flush the IP list to disk on a signal and exit. Definition at line 25 of file secwatch.c. References writeIpList(). Referenced by secwatch(). 00025 { 00026 writeIpList(); 00027 exit(0); 00028 }
Here is the call graph for this function:  |
1.4.6