/**
+ * collectd - src/snort.c
+ * Copyright (C) 2013 Kris Nielander
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
*
**/
+#include "collectd.h"
+#include "plugin.h" /* plugin_register_*, plugin_dispatch_values */
+#include "common.h" /* auxiliary functions */
+#include <sys/mman.h>
+#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-
-#include "collectd.h"
-#include "common.h" /* auxiliary functions */
-#include "plugin.h" /* plugin_register_*, plugin_dispatch_values */
struct metric_definition_s {
char *name;
- char *type_instance;
+ char *type;
int data_source_type;
int index;
struct metric_definition_s *next;
struct instance_definition_s {
char *name;
- char *interface;
char *path;
metric_definition_t **metric_list;
int metric_list_len;
value_t value;
value_list_t vl = VALUE_LIST_INIT;
- DEBUG("snort plugin: plugin_instance=%s type_instance=%s value=%s",
- id->name, md->type_instance, buf);
+ DEBUG("snort plugin: plugin_instance=%s type=%s value=%s", id->name,
+ md->type, buf);
if (buf == NULL)
return (-1);
sstrncpy(vl.host, hostname_g, sizeof (vl.host));
sstrncpy(vl.plugin, "snort", sizeof(vl.plugin));
sstrncpy(vl.plugin_instance, id->name, sizeof(vl.plugin_instance));
- sstrncpy(vl.type, "snort", sizeof(vl.type));
- sstrncpy(vl.type_instance, md->type_instance, sizeof(vl.type_instance));
+ sstrncpy(vl.type, md->type, sizeof(vl.type));
vl.time = id->last;
vl.interval = id->interval;
return (0);
}
-static int snort_read(user_data_t *ud){
- instance_definition_t *id;
- metric_definition_t *md;
- int fd;
+static int snort_read_buffer (instance_definition_t *id,
+ char const *buffer, size_t buffer_size)
+{
int i;
- int count;
char **metrics;
+ int metrics_num;
- struct stat sb;
- char *p, *buf, *buf_s;
+ char *buf, *buf_ptr;
- id = ud->data;
- DEBUG("snort plugin: snort_read (instance = %s)", id->name);
+ /* mmap, char pointers */
+ char const *p_end;
- fd = open(id->path, O_RDONLY);
- if (fd == -1){
- ERROR("snort plugin: Unable to open `%s'.", id->path);
- return (-1);
- }
+ /* Set the start value count. */
+ metrics_num = 1;
- if ((fstat(fd, &sb) != 0) || (!S_ISREG(sb.st_mode))){
- ERROR("snort plugin: \"%s\" is not a file.", id->path);
- return (-1);
+ /* Set the pointer to the last line of the file and count the fields.
+ (Skip the last two characters of the buffer: `\n' and `\0') */
+ for (p_end = (buffer + buffer_size) - 2; p_end > buffer; --p_end){
+ if (*p_end == ','){
+ ++metrics_num;
+ } else if (*p_end == '\n'){
+ ++p_end;
+ break;
+ }
}
- p = mmap(0, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
- if (p == MAP_FAILED){
- ERROR("snort plugin: mmap error");
+ if (metrics_num == 1){
+ ERROR("snort plugin: last line of `%s' does not contain enough values.", id->path);
return (-1);
}
- /* Find the key characters and stop on EOL (might be an EOL on the last line, skip that (-2)) */
- count = 0;
- for (i = sb.st_size - 2; i > 0; --i){
- if (p[i] == ',')
- ++count;
- else if (p[i] == '\n')
- break;
- }
-
- /* Move to the new line */
- i++;
-
- if (p[i] == '#'){
- ERROR("snort plugin: last line of perfmon file is a comment.");
+ if (*p_end == '#'){
+ ERROR("snort plugin: last line of `%s' is a comment.", id->path);
return (-1);
}
/* Copy the line to the buffer */
- buf_s = buf = strdup(&p[i]);
-
- /* Done with mmap and file pointer */
- close(fd);
- munmap(p, sb.st_size);
+ buf = strdup(p_end);
/* Create a list of all values */
- metrics = (char **)malloc(sizeof(char *) * count);
- if (metrics == NULL)
- return (-1);
+ metrics = calloc (metrics_num, sizeof (*metrics));
+ if (metrics == NULL) {
+ ERROR ("snort plugin: calloc failed.");
+ sfree (buf);
+ return (ENOMEM);
+ }
- for (i = 0; i < count; ++i)
- if ((p = strsep(&buf, ",")) != NULL)
- metrics[i] = p;
+ buf_ptr = buf;
+ i = 0;
+ while (buf_ptr != NULL) {
+ char *next = strchr (buf_ptr, ',');
+ if (next != NULL) {
+ *next = 0;
+ next++;
+ }
+ metrics[i] = buf_ptr;
+ buf_ptr = next;
+ i++;
+ }
+ assert (i == metrics_num);
/* Set last time */
- id->last = TIME_T_TO_CDTIME_T(strtol(metrics[0], NULL, 0));
+ id->last = TIME_T_TO_CDTIME_T(strtol(*metrics, NULL, 0));
/* Register values */
for (i = 0; i < id->metric_list_len; ++i){
- md = id->metric_list[i];
+ metric_definition_t *md = id->metric_list[i];
+
+ if (md->index >= metrics_num) {
+ ERROR ("snort plugin: Metric \"%s\": Request for index %i when "
+ "only %i fields are available.",
+ md->name, md->index, metrics_num);
+ continue;
+ }
+
snort_read_submit(id, md, metrics[md->index]);
}
/* Free up resources */
free(metrics);
- free(buf_s);
+ free(buf);
return (0);
}
-static void snort_metric_definition_destroy(void *arg){
- metric_definition_t *md;
+static int snort_read(user_data_t *ud){
+ instance_definition_t *id;
- md = arg;
- if (md == NULL)
- return;
+ int fd;
- if (md->name != NULL)
- DEBUG("snort plugin: Destroying metric definition `%s'.", md->name);
+ struct stat sb;
- sfree(md->name);
- sfree(md->type_instance);
- sfree(md);
-}
+ /* mmap, char pointers */
+ char *p_start;
-static int snort_config_add_metric_type_instance(metric_definition_t *md, oconfig_item_t *ci){
- if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
- WARNING("snort plugin: `TypeInstance' needs exactly one string argument.");
+ id = ud->data;
+ DEBUG("snort plugin: snort_read (instance = %s)", id->name);
+
+ fd = open(id->path, O_RDONLY);
+ if (fd == -1){
+ ERROR("snort plugin: Unable to open `%s'.", id->path);
return (-1);
}
- sfree(md->type_instance);
- md->type_instance = strdup(ci->values[0].value.string);
- if (md->type_instance == NULL)
+ if ((fstat(fd, &sb) != 0) || (!S_ISREG(sb.st_mode))){
+ ERROR("snort plugin: `%s' is not a file.", id->path);
+ close (fd);
return (-1);
+ }
- return (0);
-}
-
-static int snort_config_add_metric_data_source_type(metric_definition_t *md, oconfig_item_t *ci){
- if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
- WARNING("snort plugin: `DataSourceType' needs exactly one string argument.");
+ if (sb.st_size == 0){
+ ERROR("snort plugin: `%s' is empty.", id->path);
+ close (fd);
return (-1);
}
- if (strcasecmp(ci->values[0].value.string, "GAUGE") == 0)
- md->data_source_type = DS_TYPE_GAUGE;
- else if (strcasecmp(ci->values[0].value.string, "COUNTER") == 0)
- md->data_source_type = DS_TYPE_COUNTER;
- else if (strcasecmp(ci->values[0].value.string, "DERIVE") == 0)
- md->data_source_type = DS_TYPE_DERIVE;
- else if (strcasecmp(ci->values[0].value.string, "ABSOLUTE") == 0)
- md->data_source_type = DS_TYPE_ABSOLUTE;
- else {
- WARNING("snort plugin: Unrecognized value for `DataSourceType' `%s'.", ci->values[0].value.string);
+ p_start = mmap(/* addr = */ NULL, sb.st_size, PROT_READ, MAP_SHARED, fd,
+ /* offset = */ 0);
+ if (p_start == MAP_FAILED){
+ ERROR("snort plugin: mmap error");
+ close (fd);
return (-1);
}
+ snort_read_buffer (id, p_start, (size_t) sb.st_size);
+
+ /* Done with mmap and file pointer */
+ close(fd);
+ munmap(p_start, sb.st_size);
return (0);
}
+static void snort_metric_definition_destroy(void *arg){
+ metric_definition_t *md;
+
+ md = arg;
+ if (md == NULL)
+ return;
+
+ if (md->name != NULL)
+ DEBUG("snort plugin: Destroying metric definition `%s'.", md->name);
+
+ sfree(md->name);
+ sfree(md->type);
+ sfree(md);
+}
+
static int snort_config_add_metric_index(metric_definition_t *md, oconfig_item_t *ci){
if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_NUMBER)){
WARNING("snort plugin: `Index' needs exactly one integer argument.");
/* Parse metric */
static int snort_config_add_metric(oconfig_item_t *ci){
metric_definition_t *md;
+ const data_set_t *ds;
int status = 0;
int i;
- if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
- WARNING("snort plugin: The `Metric' config option needs exactly one string argument.");
- return (-1);
- }
-
- md = (metric_definition_t *)malloc(sizeof(metric_definition_t));
+ md = (metric_definition_t *)malloc(sizeof(*md));
if (md == NULL)
return (-1);
- memset(md, 0, sizeof(metric_definition_t));
+ memset(md, 0, sizeof(*md));
- md->name = strdup(ci->values[0].value.string);
- if (md->name == NULL){
- free(md);
+ md->name = NULL;
+ status = cf_util_get_string (ci, &md->name);
+ if (status != 0) {
+ sfree (md);
return (-1);
}
oconfig_item_t *option = ci->children + i;
status = 0;
- if (strcasecmp("TypeInstance", option->key) == 0)
- status = snort_config_add_metric_type_instance(md, option);
- else if (strcasecmp("DataSourceType", option->key) == 0)
- status = snort_config_add_metric_data_source_type(md, option);
+ if (strcasecmp("Type", option->key) == 0)
+ status = cf_util_get_string(option, &md->type);
else if (strcasecmp("Index", option->key) == 0)
status = snort_config_add_metric_index(md, option);
else {
}
/* Verify all necessary options have been set. */
- if (md->type_instance == NULL){
- WARNING("snort plugin: Option `TypeInstance' must be set.");
- status = -1;
- } else if (md->data_source_type == 0){
- WARNING("snort plugin: Option `DataSourceType' must be set.");
+ if (md->type == NULL){
+ WARNING("snort plugin: Option `Type' must be set.");
status = -1;
} else if (md->index == 0){
WARNING("snort plugin: Option `Index' must be set.");
return (-1);
}
- DEBUG("snort plugin: md = { name = %s, type_instance = %s, data_source_type = %d, index = %d }",
- md->name, md->type_instance, md->data_source_type, md->index);
+ /* Retrieve the data source type from the types db. */
+ ds = plugin_get_ds(md->type);
+ if (ds == NULL){
+ ERROR ("snort plugin: Failed to look up type \"%s\". "
+ "It may not be defined in the types.db file. "
+ "Please read the types.db(5) manual page for more details.",
+ md->type);
+ snort_metric_definition_destroy(md);
+ return (-1);
+ } else if (ds->ds_num != 1) {
+ ERROR ("snort plugin: The type \"%s\" has %i data sources. "
+ "Only types with a single data soure are supported.",
+ ds->type, ds->ds_num);
+ return (-1);
+ } else {
+ md->data_source_type = ds->ds->type;
+ }
+
+ DEBUG("snort plugin: md = { name = %s, type = %s, data_source_type = %d, index = %d }",
+ md->name, md->type, md->data_source_type, md->index);
if (metric_head == NULL)
metric_head = md;
DEBUG("snort plugin: Destroying instance definition `%s'.", id->name);
sfree(id->name);
- sfree(id->interface);
sfree(id->path);
sfree(id->metric_list);
sfree(id);
}
-static int snort_config_add_instance_interface(instance_definition_t *id, oconfig_item_t *ci){
- if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
- WARNING("snort plugin: The `Interface' config options needs exactly one string argument");
- return (-1);
- }
-
- sfree(id->interface);
- id->interface = strdup(ci->values[0].value.string);
- if (id->interface == NULL)
- return (-1);
-
- return (0);
-}
-
-static int snort_config_add_instance_path(instance_definition_t *id, oconfig_item_t *ci){
- if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
- WARNING("snort plugin: The `Path' config option needs exactly one string argument.");
- return (-1);
- }
-
- sfree(id->path);
- id->path = strdup(ci->values[0].value.string);
- if (id->path == NULL)
- return (-1);
-
- return (0);
-}
-
static int snort_config_add_instance_collect(instance_definition_t *id, oconfig_item_t *ci){
metric_definition_t *metric;
int i;
return (-1);
}
- id = (instance_definition_t *)malloc(sizeof(instance_definition_t));
+ id = (instance_definition_t *)malloc(sizeof(*id));
if (id == NULL)
return (-1);
- memset(id, 0, sizeof(instance_definition_t));
+ memset(id, 0, sizeof(*id));
id->name = strdup(ci->values[0].value.string);
if (id->name == NULL){
return (-1);
}
+ /* Use default interval. */
+ id->interval = plugin_get_interval();
+
for (i = 0; i < ci->children_num; ++i){
oconfig_item_t *option = ci->children + i;
status = 0;
- if (strcasecmp("Interface", option->key) == 0)
- status = snort_config_add_instance_interface(id, option);
- else if (strcasecmp("Path", option->key) == 0)
- status = snort_config_add_instance_path(id, option);
+ if (strcasecmp("Path", option->key) == 0)
+ status = cf_util_get_string(option, &id->path);
else if (strcasecmp("Collect", option->key) == 0)
status = snort_config_add_instance_collect(id, option);
else if (strcasecmp("Interval", option->key) == 0)
}
/* Verify all necessary options have been set. */
- if (id->interface == NULL){
- WARNING("snort plugin: Option `Interface' must be set.");
- status = -1;
- } else if (id->path == NULL){
+ if (id->path == NULL){
WARNING("snort plugin: Option `Path' must be set.");
status = -1;
} else if (id->metric_list == NULL){
WARNING("snort plugin: Option `Collect' must be set.");
status = -1;
- } else if (id->interval == 0){
- WARNING("snort plugin: Option `Interval' must be set.");
- status = -1;
- }
+ }
if (status != 0){
snort_instance_definition_destroy(id);
return (-1);
}
- DEBUG("snort plugin: id = { name = %s, interface = %s, path = %s }",
- id->name, id->interface, id->path);
+ DEBUG("snort plugin: id = { name = %s, path = %s }", id->name, id->path);
- /* Set callback data (worried about this one, it's not a pointer yet it get
- passed on to a callback) */
ssnprintf (cb_name, sizeof (cb_name), "snort-%s", id->name);
memset(&cb_data, 0, sizeof(cb_data));
cb_data.data = id;
return (0);
} /* int snort_config */
-static int snort_init(void){
- return (0);
-}
-
static int snort_shutdown(void){
metric_definition_t *metric_this;
metric_definition_t *metric_next;
void module_register(void){
plugin_register_complex_config("snort", snort_config);
- plugin_register_init("snort", snort_init);
plugin_register_shutdown("snort", snort_shutdown);
}
projects / collectd.git / blobdiff