3 * This program is free software; you can redistribute it and/or modify it
4 * under the terms of the GNU General Public License as published by the
5 * Free Software Foundation; only version 2 of the License is applicable.
7 * This program is distributed in the hope that it will be useful, but
8 * WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * General Public License for more details.
12 * You should have received a copy of the GNU General Public License along
13 * with this program; if not, write to the Free Software Foundation, Inc.,
14 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 * Kris Nielander <nielander@fox-it.com>
19 * This plugin is based on the snmp plugin by Florian octo Forster.
30 #include "common.h" /* auxiliary functions */
31 #include "plugin.h" /* plugin_register_*, plugin_dispatch_values */
33 struct metric_definition_s {
38 struct metric_definition_s *next;
40 typedef struct metric_definition_s metric_definition_t;
42 struct instance_definition_s {
46 metric_definition_t **metric_list;
50 struct instance_definition_s *next;
52 typedef struct instance_definition_s instance_definition_t;
55 static metric_definition_t *metric_head = NULL;
57 static int snort_read_submit(instance_definition_t *id, metric_definition_t *md,
60 /* Registration variables */
62 value_list_t vl = VALUE_LIST_INIT;
64 DEBUG("snort plugin: plugin_instance=%s type_instance=%s value=%s",
65 id->name, md->type_instance, buf);
71 parse_value(buf, &value, md->data_source_type);
77 sstrncpy(vl.host, hostname_g, sizeof (vl.host));
78 sstrncpy(vl.plugin, "snort", sizeof(vl.plugin));
79 sstrncpy(vl.plugin_instance, id->name, sizeof(vl.plugin_instance));
80 sstrncpy(vl.type, "snort", sizeof(vl.type));
81 sstrncpy(vl.type_instance, md->type_instance, sizeof(vl.type_instance));
84 vl.interval = id->interval;
86 DEBUG("snort plugin: -> plugin_dispatch_values (&vl);");
87 plugin_dispatch_values(&vl);
92 static int snort_read(user_data_t *ud){
93 instance_definition_t *id;
94 metric_definition_t *md;
102 char *p, *buf, *buf_s;
105 DEBUG("snort plugin: snort_read (instance = %s)", id->name);
107 fd = open(id->path, O_RDONLY);
109 ERROR("snort plugin: Unable to open `%s'.", id->path);
113 if ((fstat(fd, &sb) != 0) || (!S_ISREG(sb.st_mode))){
114 ERROR("snort plugin: \"%s\" is not a file.", id->path);
118 p = mmap(0, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
119 if (p == MAP_FAILED){
120 ERROR("snort plugin: mmap error");
124 /* Find the key characters and stop on EOL (might be an EOL on the last line, skip that (-2)) */
126 for (i = sb.st_size - 2; i > 0; --i){
129 else if (p[i] == '\n')
133 /* Move to the new line */
137 ERROR("snort plugin: last line of perfmon file is a comment.");
141 /* Copy the line to the buffer */
142 buf_s = buf = strdup(&p[i]);
144 /* Done with mmap and file pointer */
146 munmap(p, sb.st_size);
148 /* Create a list of all values */
149 metrics = (char **)malloc(sizeof(char *) * count);
153 for (i = 0; i < count; ++i)
154 if ((p = strsep(&buf, ",")) != NULL)
158 id->last = TIME_T_TO_CDTIME_T(strtol(metrics[0], NULL, 0));
160 /* Register values */
161 for (i = 0; i < id->metric_list_len; ++i){
162 md = id->metric_list[i];
163 snort_read_submit(id, md, metrics[md->index]);
166 /* Free up resources */
172 static void snort_metric_definition_destroy(void *arg){
173 metric_definition_t *md;
179 if (md->name != NULL)
180 DEBUG("snort plugin: Destroying metric definition `%s'.", md->name);
183 sfree(md->type_instance);
187 static int snort_config_add_metric_type_instance(metric_definition_t *md, oconfig_item_t *ci){
188 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
189 WARNING("snort plugin: `TypeInstance' needs exactly one string argument.");
193 sfree(md->type_instance);
194 md->type_instance = strdup(ci->values[0].value.string);
195 if (md->type_instance == NULL)
201 static int snort_config_add_metric_data_source_type(metric_definition_t *md, oconfig_item_t *ci){
202 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
203 WARNING("snort plugin: `DataSourceType' needs exactly one string argument.");
207 if (strcasecmp(ci->values[0].value.string, "GAUGE") == 0)
208 md->data_source_type = DS_TYPE_GAUGE;
209 else if (strcasecmp(ci->values[0].value.string, "COUNTER") == 0)
210 md->data_source_type = DS_TYPE_COUNTER;
211 else if (strcasecmp(ci->values[0].value.string, "DERIVE") == 0)
212 md->data_source_type = DS_TYPE_DERIVE;
213 else if (strcasecmp(ci->values[0].value.string, "ABSOLUTE") == 0)
214 md->data_source_type = DS_TYPE_ABSOLUTE;
216 WARNING("snort plugin: Unrecognized value for `DataSourceType' `%s'.", ci->values[0].value.string);
223 static int snort_config_add_metric_index(metric_definition_t *md, oconfig_item_t *ci){
224 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_NUMBER)){
225 WARNING("snort plugin: `Index' needs exactly one integer argument.");
229 md->index = (int)ci->values[0].value.number;
231 WARNING("snort plugin: `Index' must be higher than 0.");
239 static int snort_config_add_metric(oconfig_item_t *ci){
240 metric_definition_t *md;
244 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
245 WARNING("snort plugin: The `Metric' config option needs exactly one string argument.");
249 md = (metric_definition_t *)malloc(sizeof(metric_definition_t));
252 memset(md, 0, sizeof(metric_definition_t));
254 md->name = strdup(ci->values[0].value.string);
255 if (md->name == NULL){
260 for (i = 0; i < ci->children_num; ++i){
261 oconfig_item_t *option = ci->children + i;
264 if (strcasecmp("TypeInstance", option->key) == 0)
265 status = snort_config_add_metric_type_instance(md, option);
266 else if (strcasecmp("DataSourceType", option->key) == 0)
267 status = snort_config_add_metric_data_source_type(md, option);
268 else if (strcasecmp("Index", option->key) == 0)
269 status = snort_config_add_metric_index(md, option);
271 WARNING("snort plugin: Option `%s' not allowed here.", option->key);
280 snort_metric_definition_destroy(md);
284 /* Verify all necessary options have been set. */
285 if (md->type_instance == NULL){
286 WARNING("snort plugin: Option `TypeInstance' must be set.");
288 } else if (md->data_source_type == 0){
289 WARNING("snort plugin: Option `DataSourceType' must be set.");
291 } else if (md->index == 0){
292 WARNING("snort plugin: Option `Index' must be set.");
297 snort_metric_definition_destroy(md);
301 DEBUG("snort plugin: md = { name = %s, type_instance = %s, data_source_type = %d, index = %d }",
302 md->name, md->type_instance, md->data_source_type, md->index);
304 if (metric_head == NULL)
307 metric_definition_t *last;
309 while (last->next != NULL)
317 static void snort_instance_definition_destroy(void *arg){
318 instance_definition_t *id;
324 if (id->name != NULL)
325 DEBUG("snort plugin: Destroying instance definition `%s'.", id->name);
328 sfree(id->interface);
330 sfree(id->metric_list);
334 static int snort_config_add_instance_interface(instance_definition_t *id, oconfig_item_t *ci){
335 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
336 WARNING("snort plugin: The `Interface' config options needs exactly one string argument");
340 sfree(id->interface);
341 id->interface = strdup(ci->values[0].value.string);
342 if (id->interface == NULL)
348 static int snort_config_add_instance_path(instance_definition_t *id, oconfig_item_t *ci){
349 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
350 WARNING("snort plugin: The `Path' config option needs exactly one string argument.");
355 id->path = strdup(ci->values[0].value.string);
356 if (id->path == NULL)
362 static int snort_config_add_instance_collect(instance_definition_t *id, oconfig_item_t *ci){
363 metric_definition_t *metric;
366 if (ci->values_num < 1){
367 WARNING("snort plugin: The `Collect' config option needs at least one argument.");
371 /* Verify string arguments */
372 for (i = 0; i < ci->values_num; ++i)
373 if (ci->values[i].type != OCONFIG_TYPE_STRING){
374 WARNING("snort plugin: All arguments to `Collect' must be strings.");
378 id->metric_list = (metric_definition_t **)malloc(sizeof(metric_definition_t *) * ci->values_num);
379 if (id->metric_list == NULL)
382 for (i = 0; i < ci->values_num; ++i){
383 for (metric = metric_head; metric != NULL; metric = metric->next)
384 if (strcasecmp(ci->values[i].value.string, metric->name) == 0)
388 WARNING("snort plugin: `Collect' argument not found `%s'.", ci->values[i].value.string);
392 DEBUG("snort plugin: id { name=%s md->name=%s }", id->name, metric->name);
394 id->metric_list[i] = metric;
395 id->metric_list_len++;
402 static int snort_config_add_instance(oconfig_item_t *ci){
404 instance_definition_t* id;
408 /* Registration variables */
409 char cb_name[DATA_MAX_NAME_LEN];
411 struct timespec cb_interval;
413 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
414 WARNING("snort plugin: The `Instance' config option needs exactly one string argument.");
418 id = (instance_definition_t *)malloc(sizeof(instance_definition_t));
421 memset(id, 0, sizeof(instance_definition_t));
423 id->name = strdup(ci->values[0].value.string);
424 if (id->name == NULL){
429 for (i = 0; i < ci->children_num; ++i){
430 oconfig_item_t *option = ci->children + i;
433 if (strcasecmp("Interface", option->key) == 0)
434 status = snort_config_add_instance_interface(id, option);
435 else if (strcasecmp("Path", option->key) == 0)
436 status = snort_config_add_instance_path(id, option);
437 else if (strcasecmp("Collect", option->key) == 0)
438 status = snort_config_add_instance_collect(id, option);
439 else if (strcasecmp("Interval", option->key) == 0)
440 cf_util_get_cdtime(option, &id->interval);
442 WARNING("snort plugin: Option `%s' not allowed here.", option->key);
451 snort_instance_definition_destroy(id);
455 /* Verify all necessary options have been set. */
456 if (id->interface == NULL){
457 WARNING("snort plugin: Option `Interface' must be set.");
459 } else if (id->path == NULL){
460 WARNING("snort plugin: Option `Path' must be set.");
462 } else if (id->metric_list == NULL){
463 WARNING("snort plugin: Option `Collect' must be set.");
465 } else if (id->interval == 0){
466 WARNING("snort plugin: Option `Interval' must be set.");
471 snort_instance_definition_destroy(id);
475 DEBUG("snort plugin: id = { name = %s, interface = %s, path = %s }",
476 id->name, id->interface, id->path);
478 /* Set callback data (worried about this one, it's not a pointer yet it get
479 passed on to a callback) */
480 ssnprintf (cb_name, sizeof (cb_name), "snort-%s", id->name);
481 memset(&cb_data, 0, sizeof(cb_data));
483 cb_data.free_func = snort_instance_definition_destroy;
484 CDTIME_T_TO_TIMESPEC(id->interval, &cb_interval);
485 status = plugin_register_complex_read(NULL, cb_name, snort_read, &cb_interval, &cb_data);
488 ERROR("snort plugin: Registering complex read function failed.");
489 snort_instance_definition_destroy(id);
497 static int snort_config(oconfig_item_t *ci){
499 for (i = 0; i < ci->children_num; ++i){
500 oconfig_item_t *child = ci->children + i;
501 if (strcasecmp("Metric", child->key) == 0)
502 snort_config_add_metric(child);
503 else if (strcasecmp("Instance", child->key) == 0)
504 snort_config_add_instance(child);
506 WARNING("snort plugin: Ignore unknown config option `%s'.", child->key);
510 } /* int snort_config */
512 static int snort_init(void){
516 static int snort_shutdown(void){
517 metric_definition_t *metric_this;
518 metric_definition_t *metric_next;
520 metric_this = metric_head;
523 while (metric_this != NULL){
524 metric_next = metric_this->next;
525 snort_metric_definition_destroy(metric_this);
526 metric_this = metric_next;
532 void module_register(void){
533 plugin_register_complex_config("snort", snort_config);
534 plugin_register_init("snort", snort_init);
535 plugin_register_shutdown("snort", snort_shutdown);
projects / collectd.git / blob