diff -Nru sagan-0.1.9/AUTHORS sagan-0.2.0/AUTHORS --- sagan-0.1.9/AUTHORS 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/AUTHORS 2011-08-21 16:53:30.000000000 +0000 @@ -0,0 +1,11 @@ + +Primary code development was done by Champ Clark III (champ@quadrantsec.com). + +Many people have contributed to the project. I'm hoping in the future +to have this file point to a Wiki of all contributors to the project. +For more information, please see http://sagan.quadrantsec.com + +- Merlyn Cousins (AKA - DrForbin] - Lot of help with code clean up, testing + and suggestions. + + diff -Nru sagan-0.1.9/ChangeLog sagan-0.2.0/ChangeLog --- sagan-0.1.9/ChangeLog 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/ChangeLog 2011-08-21 16:53:30.000000000 +0000 @@ -1,5 +1,5 @@ Please see : -https://wiki.softwink.com/bin/view/Main/SaganChangeLog +https://wiki.quadrantsec.com/bin/view/Main/SaganChangeLog diff -Nru sagan-0.1.9/config.h sagan-0.2.0/config.h --- sagan-0.1.9/config.h 2011-04-18 18:32:17.000000000 +0000 +++ sagan-0.2.0/config.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,285 +0,0 @@ -/* config.h. Generated from config.h.in by configure. */ -/* config.h.in. Generated from configure.in by autoheader. */ - -/* Define if building universal (internal helper macro) */ -/* #undef AC_APPLE_UNIVERSAL_BUILD */ - -/* Sagan configuration file */ -#define CONFIG_FILE_PATH "/usr/local/etc/sagan.conf" - -/* Define to 1 if you have the header file. */ -#define HAVE_ARPA_INET_H 1 - -/* Define to 1 if you have the `connect' function. */ -#define HAVE_CONNECT 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_CTYPE_H 1 - -/* Define to 1 if you have the `dup2' function. */ -#define HAVE_DUP2 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_ERRNO_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_FCNTL_H 1 - -/* Define to 1 if you have the `fork' function. */ -#define HAVE_FORK 1 - -/* Define to 1 if you have the `gethostbyname' function. */ -#define HAVE_GETHOSTBYNAME 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_GETOPT_H 1 - -/* Define to 1 if you have the `getopt_long' function. */ -#define HAVE_GETOPT_LONG 1 - -/* Define to 1 if you have the `htons' function. */ -#define HAVE_HTONS 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_INTTYPES_H 1 - -/* Define to 1 if you have the `dnet' library (-ldnet). */ -#define HAVE_LIBDNET 1 - -/* Define to 1 if you have the `esmtp' library (-lesmtp). */ -#define HAVE_LIBESMTP 1 - -/* Define to 1 if you have the `lognorm' library (-llognorm). */ -#define HAVE_LIBLOGNORM 1 - -/* Define to 1 if you have the `m' library (-lm). */ -#define HAVE_LIBM 1 - -/* Define to 1 if you have the `mysqlclient_r' library (-lmysqlclient_r). */ -#define HAVE_LIBMYSQLCLIENT_R 1 - -/* Define to 1 if you have the `pcap' library (-lpcap). */ -#define HAVE_LIBPCAP 1 - -/* Define to 1 if you have the `pcre' library (-lpcre). */ -#define HAVE_LIBPCRE 1 - -/* Define to 1 if you have the `pq' library (-lpq). */ -#define HAVE_LIBPQ 1 - -/* Define to 1 if you have the `prelude' library (-lprelude). */ -#define HAVE_LIBPRELUDE 1 - -/* Define to 1 if you have the `pthread' library (-lpthread). */ -#define HAVE_LIBPTHREAD 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_LIMITS_H 1 - -/* Define to 1 if your system has a GNU libc compatible `malloc' function, and - to 0 otherwise. */ -#define HAVE_MALLOC 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_NETINET_IN_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_PCRE_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_PTHREAD_H 1 - -/* Define to 1 if your system has a GNU libc compatible `realloc' function, - and to 0 otherwise. */ -#define HAVE_REALLOC 1 - -/* Define to 1 if you have the `recv' function. */ -#define HAVE_RECV 1 - -/* Define to 1 if you have the `select' function. */ -#define HAVE_SELECT 1 - -/* Define to 1 if you have the `send' function. */ -#define HAVE_SEND 1 - -/* Define to 1 if you have the `sizeof' function. */ -/* #undef HAVE_SIZEOF */ - -/* Define to 1 if you have the `snprintf' function. */ -#define HAVE_SNPRINTF 1 - -/* Define to 1 if you have the `socket' function. */ -#define HAVE_SOCKET 1 - -/* Define to 1 if `stat' has the bug that it succeeds when given the - zero-length file name argument. */ -/* #undef HAVE_STAT_EMPTY_STRING_BUG */ - -/* Define to 1 if you have the header file. */ -#define HAVE_STDARG_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDINT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDIO_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the `strchr' function. */ -#define HAVE_STRCHR 1 - -/* Define to 1 if you have the `strcmp' function. */ -#define HAVE_STRCMP 1 - -/* Define to 1 if you have the `strdup' function. */ -#define HAVE_STRDUP 1 - -/* Define to 1 if you have the `strftime' function. */ -#define HAVE_STRFTIME 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the `strlcat' function. */ -/* #undef HAVE_STRLCAT */ - -/* Define to 1 if you have the `strlcpy' function. */ -/* #undef HAVE_STRLCPY */ - -/* Define to 1 if you have the `strlen' function. */ -#define HAVE_STRLEN 1 - -/* Define to 1 if you have the `strncat' function. */ -#define HAVE_STRNCAT 1 - -/* Define to 1 if you have the `strspn' function. */ -#define HAVE_STRSPN 1 - -/* Define to 1 if you have the `strstr' function. */ -#define HAVE_STRSTR 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_SELECT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_SOCKET_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_TIME_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have that is POSIX.1 compatible. */ -#define HAVE_SYS_WAIT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_TIME_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the `vfork' function. */ -#define HAVE_VFORK 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_VFORK_H */ - -/* Define to 1 if `fork' works. */ -#define HAVE_WORKING_FORK 1 - -/* Define to 1 if `vfork' works. */ -#define HAVE_WORKING_VFORK 1 - -/* Define to 1 if you have the `write' function. */ -#define HAVE_WRITE 1 - -/* Define to 1 if `lstat' dereferences a symlink specified with a trailing - slash. */ -#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 - -/* Name of package */ -#define PACKAGE "sagan" - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "sagan@mailman.softwink.com" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "sagan" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "Sagan 0.1.9" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "sagan" - -/* Define to the home page for this package. */ -#define PACKAGE_URL "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "0.1.9" - -/* Define as the return type of signal handlers (`int' or `void'). */ -#define RETSIGTYPE void - -/* Define to the type of arg 1 for `select'. */ -#define SELECT_TYPE_ARG1 int - -/* Define to the type of args 2, 3 and 4 for `select'. */ -#define SELECT_TYPE_ARG234 (fd_set *) - -/* Define to the type of arg 5 for `select'. */ -#define SELECT_TYPE_ARG5 (struct timeval *) - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define to 1 if you can safely include both and . */ -#define TIME_WITH_SYS_TIME 1 - -/* Define to 1 if your declares `struct tm'. */ -/* #undef TM_IN_SYS_TIME */ - -/* Version number of package */ -#define VERSION "0.1.9" - -/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most - significant byte first (like Motorola and SPARC, unlike Intel). */ -#if defined AC_APPLE_UNIVERSAL_BUILD -# if defined __BIG_ENDIAN__ -# define WORDS_BIGENDIAN 1 -# endif -#else -# ifndef WORDS_BIGENDIAN -/* # undef WORDS_BIGENDIAN */ -# endif -#endif - -/* Define to empty if `const' does not conform to ANSI C. */ -/* #undef const */ - -/* Define to rpl_malloc if the replacement function should be used. */ -/* #undef malloc */ - -/* Define to `int' if does not define. */ -/* #undef pid_t */ - -/* Define to rpl_realloc if the replacement function should be used. */ -/* #undef realloc */ - -/* Define to `unsigned int' if does not define. */ -/* #undef size_t */ - -/* Define as `fork' if `vfork' does not work. */ -/* #undef vfork */ diff -Nru sagan-0.1.9/config.status sagan-0.2.0/config.status --- sagan-0.1.9/config.status 2011-04-18 18:32:17.000000000 +0000 +++ sagan-0.2.0/config.status 2011-08-21 16:59:22.000000000 +0000 @@ -448,7 +448,7 @@ This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." -ac_pwd='/home/champ/code/sagan-0.1.9' +ac_pwd='/home/champ/code/sagan-0.2.0' srcdir='.' INSTALL='/usr/bin/install -c' MKDIR_P='/bin/mkdir -p' @@ -633,7 +633,7 @@ S["DEPDIR"]=".deps" S["am__untar"]="${AMTAR} xf -" S["am__tar"]="${AMTAR} chof - \"$$tardir\"" -S["AMTAR"]="${SHELL} /home/champ/code/sagan-0.1.9/missing --run tar" +S["AMTAR"]="${SHELL} /home/champ/code/sagan-0.2.0/missing --run tar" S["am__leading_dot"]="." S["SET_MAKE"]="" S["AWK"]="gawk" @@ -641,19 +641,19 @@ S["MKDIR_P"]="/bin/mkdir -p" S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s" S["STRIP"]="" -S["install_sh"]="${SHELL} /home/champ/code/sagan-0.1.9/install-sh" -S["MAKEINFO"]="${SHELL} /home/champ/code/sagan-0.1.9/missing --run makeinfo" -S["AUTOHEADER"]="${SHELL} /home/champ/code/sagan-0.1.9/missing --run autoheader" -S["AUTOMAKE"]="${SHELL} /home/champ/code/sagan-0.1.9/missing --run automake-1.11" -S["AUTOCONF"]="${SHELL} /home/champ/code/sagan-0.1.9/missing --run autoconf" -S["ACLOCAL"]="${SHELL} /home/champ/code/sagan-0.1.9/missing --run aclocal-1.11" +S["install_sh"]="${SHELL} /home/champ/code/sagan-0.2.0/install-sh" +S["MAKEINFO"]="${SHELL} /home/champ/code/sagan-0.2.0/missing --run makeinfo" +S["AUTOHEADER"]="${SHELL} /home/champ/code/sagan-0.2.0/missing --run autoheader" +S["AUTOMAKE"]="${SHELL} /home/champ/code/sagan-0.2.0/missing --run automake-1.11" +S["AUTOCONF"]="${SHELL} /home/champ/code/sagan-0.2.0/missing --run autoconf" +S["ACLOCAL"]="${SHELL} /home/champ/code/sagan-0.2.0/missing --run aclocal-1.11" S["PACKAGE"]="sagan" S["CYGPATH_W"]="echo" S["am__isrc"]="" S["INSTALL_DATA"]="${INSTALL} -m 644" S["INSTALL_SCRIPT"]="${INSTALL}" S["INSTALL_PROGRAM"]="${INSTALL}" -S["VERSION"]="0.1.9" +S["VERSION"]="0.2.0" S["EGREP"]="/bin/grep -E" S["GREP"]="/bin/grep" S["CPP"]="gcc -E" @@ -666,17 +666,17 @@ S["CC"]="gcc" S["ENDIAN"]="little" S["target_os"]="linux-gnu" -S["target_vendor"]="unknown" -S["target_cpu"]="x86_64" -S["target"]="x86_64-unknown-linux-gnu" +S["target_vendor"]="pc" +S["target_cpu"]="i686" +S["target"]="i686-pc-linux-gnu" S["host_os"]="linux-gnu" -S["host_vendor"]="unknown" -S["host_cpu"]="x86_64" -S["host"]="x86_64-unknown-linux-gnu" +S["host_vendor"]="pc" +S["host_cpu"]="i686" +S["host"]="i686-pc-linux-gnu" S["build_os"]="linux-gnu" -S["build_vendor"]="unknown" -S["build_cpu"]="x86_64" -S["build"]="x86_64-unknown-linux-gnu" +S["build_vendor"]="pc" +S["build_cpu"]="i686" +S["build"]="i686-pc-linux-gnu" S["target_alias"]="" S["host_alias"]="" S["build_alias"]="" @@ -773,7 +773,7 @@ D["HAVE_STDINT_H"]=" 1" D["HAVE_UNISTD_H"]=" 1" D["PACKAGE"]=" \"sagan\"" -D["VERSION"]=" \"0.1.9\"" +D["VERSION"]=" \"0.2.0\"" D["STDC_HEADERS"]=" 1" D["HAVE_SYS_WAIT_H"]=" 1" D["HAVE_STDIO_H"]=" 1" @@ -844,10 +844,10 @@ D["HAVE_LIBDNET"]=" 1" D["CONFIG_FILE_PATH"]=" \"/usr/local/etc/sagan.conf\"" D["PACKAGE_NAME"]=" \"sagan\"" -D["PACKAGE_STRING"]=" \"Sagan 0.1.9\"" -D["PACKAGE_BUGREPORT"]=" \"sagan@mailman.softwink.com\"" +D["PACKAGE_STRING"]=" \"Sagan 0.2.0\"" +D["PACKAGE_BUGREPORT"]=" \"cclark@quadrantsec.com\"" D["PACKAGE_TARNAME"]=" \"sagan\"" -D["PACKAGE_VERSION"]=" \"0.1.9\"" +D["PACKAGE_VERSION"]=" \"0.2.0\"" for (key in D) D_is_set[key] = 1 FS = "" } diff -Nru sagan-0.1.9/configure sagan-0.2.0/configure --- sagan-0.1.9/configure 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/configure 2011-08-21 16:53:30.000000000 +0000 @@ -6699,7 +6699,7 @@ else as_fn_error "The liblognorm library cannot be found. This library is important for the correlation aspects of Sagan! Please see -https://wiki.softwink.com/bin/view/Main/LibLogNorm. To disable this feature +https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature use the --disable-lognorm flag. " "$LINENO" 5 fi @@ -6790,7 +6790,7 @@ else as_fn_error "The libpcap library cannot be found. This library is used to run Sagan in a syslog 'sniffer' mode. Please see -https://wiki.softwink.com/bin/view/Main/PLog. To disable this feature use +https://wiki.quadrantsec.com/bin/view/Main/PLog. To disable this feature use the --disable-libpcap flag. " "$LINENO" 5 fi @@ -6845,7 +6845,7 @@ else as_fn_error "The libdnet library cannot be found. This library is used for Sagan's Unified2 output support. Please see -https://wiki.softwink.com/bin/view/Main/Unified2Output for more information. +https://wiki.quadrantsec.com/bin/view/Main/Unified2Output for more information. To disable this feature use the --disable-libdnet flag. " "$LINENO" 5 fi @@ -6868,7 +6868,7 @@ _ACEOF cat >>confdefs.h <<_ACEOF -#define PACKAGE_BUGREPORT "sagan@mailman.softwink.com" +#define PACKAGE_BUGREPORT "cclark@quadrantsec.com" _ACEOF cat >>confdefs.h <<_ACEOF @@ -8324,10 +8324,10 @@ $as_echo " ,-._,-. Sagan has been configured!" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: \/)\"(\/ " >&5 $as_echo " \/)\"(\/ " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: (_o_) Champ Clark III & The Softwink Team: http://www.softwink.com" >&5 -$as_echo " (_o_) Champ Clark III & The Softwink Team: http://www.softwink.com" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: / \/) Copyright (C) 2009-2011 Softwink, Inc., et al." >&5 -$as_echo " / \/) Copyright (C) 2009-2011 Softwink, Inc., et al." >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: (_o_) Champ Clark III & The Quadrant InfoSec Team [quadrantsec.com]" >&5 +$as_echo " (_o_) Champ Clark III & The Quadrant InfoSec Team [quadrantsec.com]" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: / \/) Copyright (C) 2009-2011 Quadrant Information Security, et al." >&5 +$as_echo " / \/) Copyright (C) 2009-2011 Quadrant Information Security, et al." >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: (|| ||) " >&5 $as_echo " (|| ||) " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: oo-oo " >&5 diff -Nru sagan-0.1.9/configure.in sagan-0.2.0/configure.in --- sagan-0.1.9/configure.in 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/configure.in 2011-08-21 16:53:30.000000000 +0000 @@ -250,7 +250,7 @@ #AC_CHECK_HEADER([lognorm.h]) AC_CHECK_LIB(lognorm, main,,AC_MSG_ERROR(The liblognorm library cannot be found. This library is important for the correlation aspects of Sagan! Please see -https://wiki.softwink.com/bin/view/Main/LibLogNorm. To disable this feature +https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature use the --disable-lognorm flag. )) fi @@ -265,7 +265,7 @@ AC_CHECK_HEADER([netinet/udp.h]) AC_CHECK_LIB(pcap, main,,AC_MSG_ERROR(The libpcap library cannot be found. This library is used to run Sagan in a syslog 'sniffer' mode. Please see -https://wiki.softwink.com/bin/view/Main/PLog. To disable this feature use +https://wiki.quadrantsec.com/bin/view/Main/PLog. To disable this feature use the --disable-libpcap flag. )) fi @@ -274,7 +274,7 @@ AC_CHECK_HEADER([dnet.h]) AC_CHECK_LIB(dnet, main,,AC_MSG_ERROR(The libdnet library cannot be found. This library is used for Sagan's Unified2 output support. Please see -https://wiki.softwink.com/bin/view/Main/Unified2Output for more information. +https://wiki.quadrantsec.com/bin/view/Main/Unified2Output for more information. To disable this feature use the --disable-libdnet flag. )) fi @@ -284,7 +284,7 @@ AC_DEFINE_UNQUOTED(PACKAGE_NAME, "sagan" ) AC_DEFINE_UNQUOTED(PACKAGE_STRING, "Sagan $VERSION") -AC_DEFINE_UNQUOTED(PACKAGE_BUGREPORT, "sagan@mailman.softwink.com" ) +AC_DEFINE_UNQUOTED(PACKAGE_BUGREPORT, "cclark@quadrantsec.com" ) AC_DEFINE_UNQUOTED(PACKAGE_TARNAME, "sagan" ) AC_DEFINE_UNQUOTED(PACKAGE_VERSION, "$VERSION" ) @@ -299,8 +299,8 @@ AC_MSG_RESULT([]) AC_MSG_RESULT([ ,-._,-. Sagan has been configured!]) AC_MSG_RESULT([ \/)"(\/ ]) -AC_MSG_RESULT([ (_o_) Champ Clark III & The Softwink Team: http://www.softwink.com]) -AC_MSG_RESULT([ / \/) Copyright (C) 2009-2011 Softwink, Inc., et al.]) +AC_MSG_RESULT([ (_o_) Champ Clark III & The Quadrant InfoSec Team [[quadrantsec.com]]]) +AC_MSG_RESULT([ / \/) Copyright (C) 2009-2011 Quadrant Information Security, et al.]) AC_MSG_RESULT([ (|| ||) ]) AC_MSG_RESULT([ oo-oo ]) AC_MSG_RESULT([]) diff -Nru sagan-0.1.9/debian/changelog sagan-0.2.0/debian/changelog --- sagan-0.1.9/debian/changelog 2011-11-24 08:23:48.000000000 +0000 +++ sagan-0.2.0/debian/changelog 2011-12-17 16:04:27.000000000 +0000 @@ -1,8 +1,13 @@ -sagan (0.1.9-1build1) precise; urgency=low +sagan (0.2.0-1) unstable; urgency=low - * Rebuild for libmysqlclient transition + * Imported Upstream version 0.2.0 + - Fifo handling on start should not block now (Closes: #639254) + * Add patch to fix build (Closes: #652166) + - Do not include lognorm.h directly, this is a private header + * Convert to DH version 8 + * Add .gitignore file - -- Clint Byrum Thu, 24 Nov 2011 00:23:48 -0800 + -- Pierre Chifflier Sat, 17 Dec 2011 16:04:27 +0000 sagan (0.1.9-1) unstable; urgency=low diff -Nru sagan-0.1.9/debian/compat sagan-0.2.0/debian/compat --- sagan-0.1.9/debian/compat 2011-07-15 06:34:25.000000000 +0000 +++ sagan-0.2.0/debian/compat 2011-12-17 15:53:32.000000000 +0000 @@ -1 +1 @@ -7 +8 diff -Nru sagan-0.1.9/debian/control sagan-0.2.0/debian/control --- sagan-0.1.9/debian/control 2011-07-15 18:59:15.000000000 +0000 +++ sagan-0.2.0/debian/control 2011-12-17 15:53:41.000000000 +0000 @@ -2,7 +2,7 @@ Section: admin Priority: extra Maintainer: Pierre Chifflier -Build-Depends: debhelper (>= 7.0.50~), +Build-Depends: debhelper (>= 8), autotools-dev, pkg-config, libpcre3-dev, diff -Nru sagan-0.1.9/debian/patches/01-do-not-include-lognorm-private-header.patch sagan-0.2.0/debian/patches/01-do-not-include-lognorm-private-header.patch --- sagan-0.1.9/debian/patches/01-do-not-include-lognorm-private-header.patch 1970-01-01 00:00:00.000000000 +0000 +++ sagan-0.2.0/debian/patches/01-do-not-include-lognorm-private-header.patch 2011-12-17 15:47:40.000000000 +0000 @@ -0,0 +1,36 @@ +Index: sagan/src/sagan-config.c +=================================================================== +--- sagan.orig/src/sagan-config.c 2011-12-17 15:46:08.623749411 +0000 ++++ sagan/src/sagan-config.c 2011-12-17 15:47:02.735750508 +0000 +@@ -48,7 +48,6 @@ + #ifdef HAVE_LIBLOGNORM + #include + #include +-#include + #endif + + #include "version.h" +Index: sagan/src/sagan-signal.c +=================================================================== +--- sagan.orig/src/sagan-signal.c 2011-12-17 15:46:08.623749411 +0000 ++++ sagan/src/sagan-signal.c 2011-12-17 15:47:13.735750768 +0000 +@@ -41,7 +41,6 @@ + #ifdef HAVE_LIBLOGNORM + #include + #include +-#include + static ln_ctx ctx; + int liblognorm_count; + #endif +Index: sagan/src/sagan.c +=================================================================== +--- sagan.orig/src/sagan.c 2011-12-17 15:46:08.627749388 +0000 ++++ sagan/src/sagan.c 2011-12-17 15:47:21.043750956 +0000 +@@ -55,7 +55,6 @@ + #ifdef HAVE_LIBLOGNORM + #include + #include +-#include + #endif + + #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) diff -Nru sagan-0.1.9/debian/patches/series sagan-0.2.0/debian/patches/series --- sagan-0.1.9/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ sagan-0.2.0/debian/patches/series 2011-12-17 15:46:36.000000000 +0000 @@ -0,0 +1 @@ +01-do-not-include-lognorm-private-header.patch diff -Nru sagan-0.1.9/etc/sagan.8 sagan-0.2.0/etc/sagan.8 --- sagan-0.1.9/etc/sagan.8 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/etc/sagan.8 2011-08-21 16:53:30.000000000 +0000 @@ -2,7 +2,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH SAGAN 8 "February 15, 2011" +.TH SAGAN 8 "July 7, 2011" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: @@ -48,25 +48,25 @@ .B \-h, \-\-help Show summary of options. .TP -.B \-d, \-\-debug -Enable debugging +.B \-d, \-\-debug [option] +Enable debugging. Options are syslog, load, sql, smtp, normalize and plog .TP .B \-D, \-\-daemon Make process a daemon (fork to the background) .TP -.B \-U, \-\-user +.B \-u, \-\-user [username] Run as user (defaults to 'sagan') .TP -.B \-c, \-\-chroot -Chroot to username 'sagan's home +.B \-c, \-\-chroot [directory] +Chroots the Sagan process to the specified directory .TP -.B \-f, \-\-config +.B \-f, \-\-config [file] Sagan configuration file to load .TP -.B \-p, \-\-program -Run Sagan in syslog-ng's 'program' mode +.B \-l, \-\-log [file] +Set log file locaton and name. .SH AUTHOR -Sagan was written by Champ Clark III +Sagan was written by Champ Clark III .PP This manual page was written by Pierre Chifflier , for the Debian project (and may be used by others). diff -Nru sagan-0.1.9/etc/sagan.conf sagan-0.2.0/etc/sagan.conf --- sagan-0.1.9/etc/sagan.conf 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/etc/sagan.conf 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ -# ,-._,-. Sagan configuration file [http://sagan.softwink.com] -# \/)"(\/ By Champ Clark III & The Softwink Team: http://www.softwink.com -# (_o_) Copyright (C) 2009-2011 Softwink, Inc., et al. +# ,-._,-. Sagan configuration file [http://sagan.quadrantsec.com] +# \/)"(\/ Champ Clark III & The Quadrant InfoSec Team: http://quadrantsec.com +# (_o_) Copyright (C) 2009-2011 Quadrant Information Security., et al. # / \/) # (|| ||) # oo-oo @@ -21,25 +21,34 @@ # The --program flag can override this variable and force Sagan to use # stdin. # -# [optional] - Depending on system configuration. +# [Required] var FIFO /var/run/sagan.fifo # This variable contains the path of the Sagan rule sets. It is required. +# +# [Required] var RULE_PATH /usr/local/etc/sagan-rules # Where Sagan should store it's lock file. +# +# [Optional] var LOCKFILE /var/run/sagan/sagan.pid -# This is for storage of Sagan runtime information. +# Where Sagan should store alerts, in a text/alert format. +# +# [Optional] -var SAGANLOG /var/log/sagan/sagan.log +var ALERTLOG /var/log/sagan/alert -# Where Sagan should store alerts, in a text file format. +# This is the path where Sagan related files are stored. For example, +# Unified2 output files would be stored under this path. +# +# [Optional] -var ALERTLOG /var/log/sagan/alert +var SAGANLOGPATH /var/log/sagan # This is the IP address _of_ the Sagan system. These options are used # if Sagan is unable to determine a TCP/IP network address and/or port. @@ -55,13 +64,15 @@ # # [Defaults to 17 [UDP], which is what normal 'syslog' traffic is. If you # want TCP to be the desired effect, change this option to "6". +# +# [Optional] ; sagan_proto 17 # Disable DNS warnings. Sagan will warn every time it has to do a DNS lookup # when attempting to normalize a log entry. You typically don't want to # do DNS lookups with the log analysis. More information can be found at: -# https://wiki.softwink.com/bin/view/Main/SaganDNS. If it's not possible +# https://wiki.quadrantsec.com/bin/view/Main/SaganDNS. If it's not possible # to gather the true TCP/IP address information, you can supress these # warnings here. @@ -78,7 +89,8 @@ # IDS/IPS data and log data. We don't really have an "interface", so we create # one known as "syslog", or what ever you'd like to call it. # -# [Required if logging to a Snort database] +# [Required if logging directly to a Snort database. Not to be confused with +# Unified2 output]] ; sagan_hostname sagan ; sagan_interface syslog @@ -108,6 +120,8 @@ # # The "max_ext_threads" limits the amount of threads that can be created, # which defaults to 50. +# +# [Optional] ; max_ext_threads 50 ; output external: /home/champ/stdout parsable @@ -121,6 +135,7 @@ # The max number of threads that can be spawned for SMTP. This defaults to # 50. +# ; max_email_threads 50 @@ -145,19 +160,6 @@ ; output email: smtpserver=192.168.0.1:25 from=sagan-alert@example.com ############################################################################## -# Logzilla (AKA : php-syslog-ng) database configuration specifics -############################################################################## - -# If you'd like Sagan to log information to a Logzilla database (MySQL or -# PostgreSQL), then you'll need to enabled this option. The -# "max_logzilla_threads" option specifies the maximum number of threads that -# can be used to log to a Logzilla database. This defaults to 50. - -; max_logzilla_threads 50 -; output logzilla: full, mysql, user=sagan password=secret dbname=syslog host=192.168.0.1 -; output logzilla: alert, postgresql, user=sagan password=secret dbname=syslog host=192.168.0.1 - -############################################################################## # Prelude (IDMEF) output plug in ############################################################################## diff -Nru sagan-0.1.9/extra/conversion/ossec-sagan.pl sagan-0.2.0/extra/conversion/ossec-sagan.pl --- sagan-0.1.9/extra/conversion/ossec-sagan.pl 2011-04-18 16:26:16.000000000 +0000 +++ sagan-0.2.0/extra/conversion/ossec-sagan.pl 2011-08-21 16:53:30.000000000 +0000 @@ -4,10 +4,10 @@ ## This utility takes a series of OSSEC rules, and generates a series of compatible SAGAN rules. ## Originally developed by Michael Iverson. ## -## Copyright (c) 2009-2011, Softwink, Inc. +## Copyright (c) 2009-2011, Quadrant Information Security ## All rights reserved. ## -## Please submit any custom rules or ideas sagan-sigs@mailman.softwink.com mailing list +## Please submit any custom rules or ideas sagan-sigs@quadrantsec.com mailing list ## ##************************************************************* ## Redistribution and use in source and binary forms, with or without modification, are permitted provided that the @@ -149,10 +149,10 @@ ## OSSEC SAGAN RULES (autogenerated) ## ## Sagan is: -## Copyright (c) 2009-2010, Softwink, Inc. +## Copyright (c) 2009-2010, Quadrant Information Security. ## All rights reserved. ## -## Please submit any custom rules or ideas to sagan-submit@softwink.com or the sagan-sigs mailing list +## Please submit any custom rules or ideas to sagan-submit@quadrantsec.com or the sagan-sigs mailing list ## ##************************************************************* ## Redistribution and use in source and binary forms, with or without modification, are permitted provided that the diff -Nru sagan-0.1.9/extra/sagan-gtk/sagan-gtk.c sagan-0.2.0/extra/sagan-gtk/sagan-gtk.c --- sagan-0.1.9/extra/sagan-gtk/sagan-gtk.c 2011-04-18 16:26:16.000000000 +0000 +++ sagan-0.2.0/extra/sagan-gtk/sagan-gtk.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as diff -Nru sagan-0.1.9/extra/sagan-notify/sagan-notify.c sagan-0.2.0/extra/sagan-notify/sagan-notify.c --- sagan-0.1.9/extra/sagan-notify/sagan-notify.c 2011-04-18 16:26:16.000000000 +0000 +++ sagan-0.2.0/extra/sagan-notify/sagan-notify.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as diff -Nru sagan-0.1.9/FAQ sagan-0.2.0/FAQ --- sagan-0.1.9/FAQ 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/FAQ 2011-08-21 16:53:30.000000000 +0000 @@ -1,4 +1,4 @@ For the Sagan FAQ, please see: -https://wiki.softwink.com/bin/view/Main/SaganFAQ +https://wiki.quadrantsec.com/bin/view/Main/SaganFAQ diff -Nru sagan-0.1.9/INSTALL sagan-0.2.0/INSTALL --- sagan-0.1.9/INSTALL 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/INSTALL 2011-08-21 16:53:30.000000000 +0000 @@ -1,4 +1,4 @@ Please see: -https://wiki.softwink.com/bin/view/Main/SaganHOWTO +https://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO diff -Nru sagan-0.1.9/Makefile sagan-0.2.0/Makefile --- sagan-0.1.9/Makefile 2011-04-18 18:32:17.000000000 +0000 +++ sagan-0.2.0/Makefile 1970-01-01 00:00:00.000000000 +0000 @@ -1,717 +0,0 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. -# Makefile. Generated from Makefile.in by configure. - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - - - -pkgdatadir = $(datadir)/sagan -pkgincludedir = $(includedir)/sagan -pkglibdir = $(libdir)/sagan -pkglibexecdir = $(libexecdir)/sagan -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = x86_64-unknown-linux-gnu -host_triplet = x86_64-unknown-linux-gnu -target_triplet = x86_64-unknown-linux-gnu -subdir = . -DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(srcdir)/config.h.in \ - $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \ - TODO config.guess config.sub depcomp install-sh missing -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ - configure.lineno config.status.lineno -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir dist dist-all distcheck -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = $(SUBDIRS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -distdir = $(PACKAGE)-$(VERSION) -top_distdir = $(distdir) -am__remove_distdir = \ - { test ! -d "$(distdir)" \ - || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -fr "$(distdir)"; }; } -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -DIST_ARCHIVES = $(distdir).tar.gz -GZIP_ENV = --best -distuninstallcheck_listfiles = find . -type f -print -distcleancheck_listfiles = find . -type f -print -ACLOCAL = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run aclocal-1.11 -AMTAR = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run tar -AUTOCONF = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run autoconf -AUTOHEADER = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run autoheader -AUTOMAKE = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run automake-1.11 -AWK = gawk -CC = gcc -CCDEPMODE = depmode=gcc3 -CFLAGS = -g -O2 -CPP = gcc -E -CPPFLAGS = -CYGPATH_W = echo -DEFS = -DHAVE_CONFIG_H -DEPDIR = .deps -ECHO_C = -ECHO_N = -n -ECHO_T = -EGREP = /bin/grep -E -ENDIAN = little -EXEEXT = -GREP = /bin/grep -INSTALL = /usr/bin/install -c -INSTALL_DATA = ${INSTALL} -m 644 -INSTALL_PROGRAM = ${INSTALL} -INSTALL_SCRIPT = ${INSTALL} -INSTALL_STRIP_PROGRAM = $(install_sh) -c -s -LDFLAGS = -LIBOBJS = -LIBS = -ldnet -lpcap -llognorm -lprelude -lesmtp -lpq -lmysqlclient_r -lm -lpthread -lpcre -LTLIBOBJS = -MAKEINFO = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run makeinfo -MKDIR_P = /bin/mkdir -p -OBJEXT = o -PACKAGE = sagan -PACKAGE_BUGREPORT = -PACKAGE_NAME = -PACKAGE_STRING = -PACKAGE_TARNAME = -PACKAGE_URL = -PACKAGE_VERSION = -PATH_SEPARATOR = : -SET_MAKE = -SHELL = /bin/sh -STRIP = -VERSION = 0.1.9 -abs_builddir = /home/champ/code/sagan-0.1.9 -abs_srcdir = /home/champ/code/sagan-0.1.9 -abs_top_builddir = /home/champ/code/sagan-0.1.9 -abs_top_srcdir = /home/champ/code/sagan-0.1.9 -ac_ct_CC = gcc -am__include = include -am__leading_dot = . -am__quote = -am__tar = ${AMTAR} chof - "$$tardir" -am__untar = ${AMTAR} xf - -bindir = ${exec_prefix}/bin -build = x86_64-unknown-linux-gnu -build_alias = -build_cpu = x86_64 -build_os = linux-gnu -build_vendor = unknown -builddir = . -datadir = ${datarootdir} -datarootdir = ${prefix}/share -docdir = ${datarootdir}/doc/${PACKAGE} -dvidir = ${docdir} -exec_prefix = ${prefix} -host = x86_64-unknown-linux-gnu -host_alias = -host_cpu = x86_64 -host_os = linux-gnu -host_vendor = unknown -htmldir = ${docdir} -includedir = ${prefix}/include -infodir = ${datarootdir}/info -install_sh = ${SHELL} /home/champ/code/sagan-0.1.9/install-sh -libdir = ${exec_prefix}/lib -libexecdir = ${exec_prefix}/libexec -localedir = ${datarootdir}/locale -localstatedir = ${prefix}/var -mandir = ${datarootdir}/man -mkdir_p = /bin/mkdir -p -oldincludedir = /usr/include -pdfdir = ${docdir} -prefix = /usr/local -program_transform_name = s,x,x, -psdir = ${docdir} -sbindir = ${exec_prefix}/sbin -sharedstatedir = ${prefix}/com -srcdir = . -sysconfdir = ${prefix}/etc -target = x86_64-unknown-linux-gnu -target_alias = -target_cpu = x86_64 -target_os = linux-gnu -target_vendor = unknown -top_build_prefix = -top_builddir = . -top_srcdir = . -AUTOMAKE_OPIONS = foreign no-dependencies -SUBDIRS = src -INCLUDES = @INCLUDES@ -all: config.h - $(MAKE) $(AM_MAKEFLAGS) all-recursive - -.SUFFIXES: -am--refresh: - @: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ - $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - echo ' $(SHELL) ./config.status'; \ - $(SHELL) ./config.status;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - $(SHELL) ./config.status --recheck - -$(top_srcdir)/configure: $(am__configure_deps) - $(am__cd) $(srcdir) && $(AUTOCONF) -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) -$(am__aclocal_m4_deps): - -config.h: stamp-h1 - @if test ! -f $@; then \ - rm -f stamp-h1; \ - $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \ - else :; fi - -stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status - @rm -f stamp-h1 - cd $(top_builddir) && $(SHELL) ./config.status config.h -$(srcdir)/config.h.in: $(am__configure_deps) - ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) - rm -f stamp-h1 - touch $@ - -distclean-hdr: - -rm -f config.h stamp-h1 - -# This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - $(am__remove_distdir) - test -d "$(distdir)" || mkdir "$(distdir)" - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done - -test -n "$(am__skip_mode_fix)" \ - || find "$(distdir)" -type d ! -perm -755 \ - -exec chmod u+rwx,go+rx {} \; -o \ - ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ - ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ - ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ - || chmod -R a+r "$(distdir)" -dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) - -dist-bzip2: distdir - tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 - $(am__remove_distdir) - -dist-lzma: distdir - tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma - $(am__remove_distdir) - -dist-xz: distdir - tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz - $(am__remove_distdir) - -dist-tarZ: distdir - tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z - $(am__remove_distdir) - -dist-shar: distdir - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz - $(am__remove_distdir) - -dist-zip: distdir - -rm -f $(distdir).zip - zip -rq $(distdir).zip $(distdir) - $(am__remove_distdir) - -dist dist-all: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) - -# This target untars the dist file and tries a VPATH configuration. Then -# it guarantees that the distribution is self-contained by making another -# tarfile. -distcheck: dist - case '$(DIST_ARCHIVES)' in \ - *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ - *.tar.bz2*) \ - bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ - *.tar.lzma*) \ - lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ - *.tar.xz*) \ - xz -dc $(distdir).tar.xz | $(am__untar) ;;\ - *.tar.Z*) \ - uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ - *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ - *.zip*) \ - unzip $(distdir).zip ;;\ - esac - chmod -R a-w $(distdir); chmod a+w $(distdir) - mkdir $(distdir)/_build - mkdir $(distdir)/_inst - chmod a-w $(distdir) - test -d $(distdir)/_build || exit 0; \ - dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ - && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ - && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ - && ../configure --srcdir=.. --prefix="$$dc_install_base" \ - $(DISTCHECK_CONFIGURE_FLAGS) \ - && $(MAKE) $(AM_MAKEFLAGS) \ - && $(MAKE) $(AM_MAKEFLAGS) dvi \ - && $(MAKE) $(AM_MAKEFLAGS) check \ - && $(MAKE) $(AM_MAKEFLAGS) install \ - && $(MAKE) $(AM_MAKEFLAGS) installcheck \ - && $(MAKE) $(AM_MAKEFLAGS) uninstall \ - && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ - distuninstallcheck \ - && chmod -R a-w "$$dc_install_base" \ - && ({ \ - (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ - && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ - && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ - && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ - distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ - } || { rm -rf "$$dc_destdir"; exit 1; }) \ - && rm -rf "$$dc_destdir" \ - && $(MAKE) $(AM_MAKEFLAGS) dist \ - && rm -rf $(DIST_ARCHIVES) \ - && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ - && cd "$$am__cwd" \ - || exit 1 - $(am__remove_distdir) - @(echo "$(distdir) archives ready for distribution: "; \ - list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ - sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' -distuninstallcheck: - @$(am__cd) '$(distuninstallcheck_dir)' \ - && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ - || { echo "ERROR: files left after uninstall:" ; \ - if test -n "$(DESTDIR)"; then \ - echo " (check DESTDIR support)"; \ - fi ; \ - $(distuninstallcheck_listfiles) ; \ - exit 1; } >&2 -distcleancheck: distclean - @if test '$(srcdir)' = . ; then \ - echo "ERROR: distcleancheck can only run from a VPATH build" ; \ - exit 1 ; \ - fi - @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ - || { echo "ERROR: files left in build directory after distclean:" ; \ - $(distcleancheck_listfiles) ; \ - exit 1; } >&2 -check-am: all-am -check: check-recursive -all-am: Makefile config.h -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive - -clean-am: clean-generic mostlyclean-am - -distclean: distclean-recursive - -rm -f $(am__CONFIG_DISTCLEAN_FILES) - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-hdr distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: install-data-local - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: - -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -f $(am__CONFIG_DISTCLEAN_FILES) - -rm -rf $(top_srcdir)/autom4te.cache - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-generic - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ - ctags-recursive install-am install-strip tags-recursive - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am am--refresh check check-am clean clean-generic \ - ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \ - dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \ - distclean distclean-generic distclean-hdr distclean-tags \ - distcleancheck distdir distuninstallcheck dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-local install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic pdf pdf-am ps ps-am tags tags-recursive \ - uninstall uninstall-am - - -# Install BFD include file, and others that it needs. -#install-data-local: -# @$(NORMAL_INSTALL) -# $(mkinstalldirs) $(sysconfdir) -# $(INSTALL_DATA)sagan.conf $(sysconfdir)/sagan.conf - -install-data-local: - test -z "$(DESTDIR)$(sysconfdir)" || /bin/mkdir -p "$(DESTDIR)$(sysconfdir)" - test -f "$(DESTDIR)$(sysconfdir)/sagan.conf" || $(INSTALL_DATA) etc/sagan.conf "$(DESTDIR)$(sysconfdir)/sagan.conf" - test -z "$(DESTDIR)$(sbindir)" || /bin/mkdir -p "$(DESTDIR)$(sbindir)" - $(INSTALL) -d "$(DESTDIR)$(mandir)/man8" - $(INSTALL) -m 644 etc/sagan.8 "$(DESTDIR)$(mandir)/man8" - $(INSTALL) -m 755 src/sagan "$(DESTDIR)$(sbindir)/sagan" - $(INSTALL) -d "$(DESTDIR)/var/log/sagan" - $(INSTALL) -d "$(DESTDIR)/var/run/sagan" - @echo "" - @echo "------------------------------------------------------------------------------" - @echo "Sagan has been installed! You still need to do a few more things before your" - @echo "up and running. Please see https://wiki.softwink.com/bin/view/Main/SaganHOWTO" - @echo "for more information." - @echo "------------------------------------------------------------------------------" - @echo "" - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff -Nru sagan-0.1.9/Makefile.am sagan-0.2.0/Makefile.am --- sagan-0.1.9/Makefile.am 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/Makefile.am 2011-08-21 16:53:30.000000000 +0000 @@ -20,9 +20,9 @@ $(INSTALL) -d "$(DESTDIR)/var/run/sagan" @echo "" @echo "------------------------------------------------------------------------------" - @echo "Sagan has been installed! You still need to do a few more things before your" - @echo "up and running. Please see https://wiki.softwink.com/bin/view/Main/SaganHOWTO" - @echo "for more information." + @echo "Sagan has been installed! You still need to do a few more things before your" + @echo "up and running. See https://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO for" + @echo "more information." @echo "------------------------------------------------------------------------------" @echo "" diff -Nru sagan-0.1.9/Makefile.in sagan-0.2.0/Makefile.in --- sagan-0.1.9/Makefile.in 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/Makefile.in 2011-08-21 16:53:30.000000000 +0000 @@ -706,9 +706,9 @@ $(INSTALL) -d "$(DESTDIR)/var/run/sagan" @echo "" @echo "------------------------------------------------------------------------------" - @echo "Sagan has been installed! You still need to do a few more things before your" - @echo "up and running. Please see https://wiki.softwink.com/bin/view/Main/SaganHOWTO" - @echo "for more information." + @echo "Sagan has been installed! You still need to do a few more things before your" + @echo "up and running. See https://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO for" + @echo "more information." @echo "------------------------------------------------------------------------------" @echo "" diff -Nru sagan-0.1.9/NEWS sagan-0.2.0/NEWS --- sagan-0.1.9/NEWS 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/NEWS 2011-08-21 16:53:30.000000000 +0000 @@ -1,2 +1,2 @@ -For News, see http://sagan.softwink.com +For News, see http://sagan.quadrantsec.com diff -Nru sagan-0.1.9/README sagan-0.2.0/README --- sagan-0.1.9/README 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/README 2011-08-21 16:53:30.000000000 +0000 @@ -1,5 +1,5 @@ For installation information, please see: -https://wiki.softwink.com/bin/view/Main/SaganHOWTO +https://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO diff -Nru sagan-0.1.9/src/.deps/parse-ip.Po sagan-0.2.0/src/.deps/parse-ip.Po --- sagan-0.1.9/src/.deps/parse-ip.Po 2011-04-18 18:32:24.000000000 +0000 +++ sagan-0.2.0/src/.deps/parse-ip.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,134 +0,0 @@ -parse-ip.o: parsers/parse-ip.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/netinet/in.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h \ - /usr/include/sys/socket.h /usr/include/sys/uio.h \ - /usr/include/bits/uio.h /usr/include/bits/socket.h \ - /usr/include/bits/sockaddr.h /usr/include/asm/socket.h \ - /usr/include/asm-x86_64/socket.h /usr/include/asm/sockios.h \ - /usr/include/asm-x86_64/sockios.h /usr/include/bits/socket2.h \ - /usr/include/bits/in.h /usr/include/arpa/inet.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h sagan.h /usr/include/pcre.h version.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/netinet/in.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/bits/in.h: - -/usr/include/arpa/inet.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -sagan.h: - -/usr/include/pcre.h: - -version.h: diff -Nru sagan-0.1.9/src/.deps/parse-port.Po sagan-0.2.0/src/.deps/parse-port.Po --- sagan-0.1.9/src/.deps/parse-port.Po 2011-04-18 18:32:24.000000000 +0000 +++ sagan-0.2.0/src/.deps/parse-port.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,170 +0,0 @@ -parse-port.o: parsers/parse-port.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h /usr/include/pwd.h \ - /usr/include/grp.h /usr/include/errno.h /usr/include/bits/errno.h \ - /usr/include/linux/errno.h /usr/include/asm/errno.h \ - /usr/include/asm-x86_64/errno.h /usr/include/asm-generic/errno.h \ - /usr/include/asm-generic/errno-base.h /usr/include/stdlib.h \ - /usr/include/sys/types.h /usr/include/time.h /usr/include/endian.h \ - /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/sys/select.h /usr/include/bits/select.h \ - /usr/include/bits/sigset.h /usr/include/bits/time.h \ - /usr/include/sys/sysmacros.h /usr/include/bits/pthreadtypes.h \ - /usr/include/alloca.h /usr/include/bits/stdlib.h \ - /usr/include/sys/time.h /usr/include/netinet/in.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/sys/socket.h \ - /usr/include/sys/uio.h /usr/include/bits/uio.h \ - /usr/include/bits/socket.h /usr/include/bits/sockaddr.h \ - /usr/include/asm/socket.h /usr/include/asm-x86_64/socket.h \ - /usr/include/asm/sockios.h /usr/include/asm-x86_64/sockios.h \ - /usr/include/bits/socket2.h /usr/include/bits/in.h \ - /usr/include/arpa/inet.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h sagan.h /usr/include/pcre.h version.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/pwd.h: - -/usr/include/grp.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/sys/time.h: - -/usr/include/netinet/in.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/bits/in.h: - -/usr/include/arpa/inet.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -sagan.h: - -/usr/include/pcre.h: - -version.h: diff -Nru sagan-0.1.9/src/.deps/sagan-alert.Po sagan-0.2.0/src/.deps/sagan-alert.Po --- sagan-0.1.9/src/.deps/sagan-alert.Po 2011-04-18 18:32:24.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-alert.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,114 +0,0 @@ -sagan-alert.o: output-plugins/sagan-alert.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h sagan.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/pcre.h version.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/pcre.h: - -version.h: diff -Nru sagan-0.1.9/src/.deps/sagan-classifications.Po sagan-0.2.0/src/.deps/sagan-classifications.Po --- sagan-0.1.9/src/.deps/sagan-classifications.Po 2011-04-18 18:32:20.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-classifications.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,173 +0,0 @@ -sagan-classifications.o: sagan-classifications.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h /usr/include/pthread.h \ - /usr/include/sched.h /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/ctype.h /usr/include/errno.h \ - /usr/include/bits/errno.h /usr/include/linux/errno.h \ - /usr/include/asm/errno.h /usr/include/asm-x86_64/errno.h \ - /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/fcntl.h /usr/include/bits/fcntl.h \ - /usr/include/bits/fcntl2.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/bits/signum.h \ - /usr/include/bits/siginfo.h /usr/include/bits/sigaction.h \ - /usr/include/bits/sigcontext.h /usr/include/bits/sigstack.h \ - /usr/include/bits/sigthread.h /usr/include/pcre.h version.h sagan.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/ctype.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/fcntl.h: - -/usr/include/bits/fcntl.h: - -/usr/include/bits/fcntl2.h: - -/usr/include/sys/stat.h: - -/usr/include/bits/stat.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -/usr/include/pcre.h: - -version.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: diff -Nru sagan-0.1.9/src/.deps/sagan-config.Po sagan-0.2.0/src/.deps/sagan-config.Po --- sagan-0.1.9/src/.deps/sagan-config.Po 2011-04-18 18:32:22.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-config.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,267 +0,0 @@ -sagan-config.o: sagan-config.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h /usr/include/pthread.h \ - /usr/include/sched.h /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/ctype.h /usr/include/errno.h \ - /usr/include/bits/errno.h /usr/include/linux/errno.h \ - /usr/include/asm/errno.h /usr/include/asm-x86_64/errno.h \ - /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/fcntl.h /usr/include/bits/fcntl.h \ - /usr/include/bits/fcntl2.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/bits/signum.h \ - /usr/include/bits/siginfo.h /usr/include/bits/sigaction.h \ - /usr/include/bits/sigcontext.h /usr/include/bits/sigstack.h \ - /usr/include/bits/sigthread.h /usr/include/netinet/in.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h \ - /usr/include/sys/socket.h /usr/include/sys/uio.h \ - /usr/include/bits/uio.h /usr/include/bits/socket.h \ - /usr/include/bits/sockaddr.h /usr/include/asm/socket.h \ - /usr/include/asm-x86_64/socket.h /usr/include/asm/sockios.h \ - /usr/include/asm-x86_64/sockios.h /usr/include/bits/socket2.h \ - /usr/include/bits/in.h /usr/include/arpa/inet.h /usr/include/math.h \ - /usr/include/bits/huge_val.h /usr/include/bits/mathdef.h \ - /usr/include/bits/mathcalls.h /usr/include/bits/mathinline.h \ - /usr/include/liblognorm.h /usr/include/libee/libee.h \ - /usr/local/include/libestr.h /usr/include/libee/obj.h \ - /usr/include/libee/ctx.h /usr/include/libee/timestamp.h \ - /usr/include/libee/ctx.h /usr/include/libee/timestamp.h \ - /usr/include/libee/value.h /usr/include/libee/fieldtype.h \ - /usr/include/libee/field.h /usr/include/libee/valnode.h \ - /usr/include/libee/fieldbucket.h /usr/include/libee/primitivetype.h \ - /usr/include/libee/tagbucket.h /usr/include/libee/event.h \ - /usr/include/ptree.h /usr/include/lognorm.h /usr/include/ptree.h \ - version.h sagan.h /usr/include/pcre.h output-plugins/sagan-unified2.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/ctype.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/fcntl.h: - -/usr/include/bits/fcntl.h: - -/usr/include/bits/fcntl2.h: - -/usr/include/sys/stat.h: - -/usr/include/bits/stat.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -/usr/include/netinet/in.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/bits/in.h: - -/usr/include/arpa/inet.h: - -/usr/include/math.h: - -/usr/include/bits/huge_val.h: - -/usr/include/bits/mathdef.h: - -/usr/include/bits/mathcalls.h: - -/usr/include/bits/mathinline.h: - -/usr/include/liblognorm.h: - -/usr/include/libee/libee.h: - -/usr/local/include/libestr.h: - -/usr/include/libee/obj.h: - -/usr/include/libee/ctx.h: - -/usr/include/libee/timestamp.h: - -/usr/include/libee/ctx.h: - -/usr/include/libee/timestamp.h: - -/usr/include/libee/value.h: - -/usr/include/libee/fieldtype.h: - -/usr/include/libee/field.h: - -/usr/include/libee/valnode.h: - -/usr/include/libee/fieldbucket.h: - -/usr/include/libee/primitivetype.h: - -/usr/include/libee/tagbucket.h: - -/usr/include/libee/event.h: - -/usr/include/ptree.h: - -/usr/include/lognorm.h: - -/usr/include/ptree.h: - -version.h: - -sagan.h: - -/usr/include/pcre.h: - -output-plugins/sagan-unified2.h: diff -Nru sagan-0.1.9/src/.deps/sagan-esmtp.Po sagan-0.2.0/src/.deps/sagan-esmtp.Po --- sagan-0.1.9/src/.deps/sagan-esmtp.Po 2011-04-18 18:32:25.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-esmtp.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,146 +0,0 @@ -sagan-esmtp.o: output-plugins/sagan-esmtp.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/signal.h /usr/include/bits/sigset.h \ - /usr/include/bits/signum.h /usr/include/time.h \ - /usr/include/bits/siginfo.h /usr/include/bits/sigaction.h \ - /usr/include/bits/sigcontext.h /usr/include/bits/sigstack.h \ - /usr/include/bits/pthreadtypes.h /usr/include/bits/sigthread.h \ - /usr/include/libesmtp.h /usr/include/pthread.h /usr/include/endian.h \ - /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/sched.h /usr/include/bits/sched.h /usr/include/bits/time.h \ - /usr/include/bits/setjmp.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/stdlib.h /usr/include/bits/string3.h \ - /usr/include/sys/types.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/sys/sysmacros.h \ - /usr/include/alloca.h /usr/include/bits/stdlib.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h sagan.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h /usr/include/pcre.h \ - output-plugins/sagan-esmtp.h version.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/signal.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/signum.h: - -/usr/include/time.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/bits/sigthread.h: - -/usr/include/libesmtp.h: - -/usr/include/pthread.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/bits/time.h: - -/usr/include/bits/setjmp.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/stdlib.h: - -/usr/include/bits/string3.h: - -/usr/include/sys/types.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/pcre.h: - -output-plugins/sagan-esmtp.h: - -version.h: diff -Nru sagan-0.1.9/src/.deps/sagan-external.Po sagan-0.2.0/src/.deps/sagan-external.Po --- sagan-0.1.9/src/.deps/sagan-external.Po 2011-04-18 18:32:25.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-external.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,154 +0,0 @@ -sagan-external.o: output-plugins/sagan-external.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h \ - /usr/include/sys/wait.h /usr/include/bits/signum.h \ - /usr/include/bits/siginfo.h /usr/include/bits/sigaction.h \ - /usr/include/bits/sigcontext.h /usr/include/bits/sigstack.h \ - /usr/include/bits/sigthread.h /usr/include/sys/resource.h \ - /usr/include/bits/resource.h /usr/include/bits/waitflags.h \ - /usr/include/bits/waitstatus.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h sagan.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/pcre.h version.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/sys/wait.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -/usr/include/sys/resource.h: - -/usr/include/bits/resource.h: - -/usr/include/bits/waitflags.h: - -/usr/include/bits/waitstatus.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/pcre.h: - -version.h: diff -Nru sagan-0.1.9/src/.deps/sagan-key.Po sagan-0.2.0/src/.deps/sagan-key.Po --- sagan-0.1.9/src/.deps/sagan-key.Po 2011-04-18 18:32:23.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-key.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,119 +0,0 @@ -sagan-key.o: sagan-key.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/signal.h \ - /usr/include/bits/signum.h /usr/include/bits/siginfo.h \ - /usr/include/bits/sigaction.h /usr/include/bits/sigcontext.h \ - /usr/include/bits/sigstack.h /usr/include/bits/sigthread.h \ - /usr/include/pthread.h /usr/include/sched.h /usr/include/bits/sched.h \ - /usr/include/bits/setjmp.h version.h sagan.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/pcre.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/signal.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/bits/setjmp.h: - -version.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/pcre.h: diff -Nru sagan-0.1.9/src/.deps/sagan-lockfile.Po sagan-0.2.0/src/.deps/sagan-lockfile.Po --- sagan-0.1.9/src/.deps/sagan-lockfile.Po 2011-04-18 18:32:22.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-lockfile.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,137 +0,0 @@ -sagan-lockfile.o: sagan-lockfile.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h \ - /usr/include/bits/signum.h /usr/include/bits/siginfo.h \ - /usr/include/bits/sigaction.h /usr/include/bits/sigcontext.h \ - /usr/include/bits/sigstack.h /usr/include/bits/sigthread.h sagan.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h /usr/include/pcre.h \ - version.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/sys/stat.h: - -/usr/include/bits/stat.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/pcre.h: - -version.h: diff -Nru sagan-0.1.9/src/.deps/sagan-logzilla.Po sagan-0.2.0/src/.deps/sagan-logzilla.Po --- sagan-0.1.9/src/.deps/sagan-logzilla.Po 2011-04-18 18:32:25.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-logzilla.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,154 +0,0 @@ -sagan-logzilla.o: output-plugins/sagan-logzilla.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/string.h /usr/include/bits/string.h \ - /usr/include/bits/string2.h /usr/include/endian.h \ - /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/stdlib.h /usr/include/bits/string3.h \ - /usr/include/pthread.h /usr/include/sched.h /usr/include/time.h \ - /usr/include/bits/sched.h /usr/include/bits/time.h \ - /usr/include/signal.h /usr/include/bits/sigset.h \ - /usr/include/bits/pthreadtypes.h /usr/include/bits/setjmp.h \ - /usr/include/unistd.h /usr/include/bits/posix_opt.h \ - /usr/include/bits/confname.h /usr/include/getopt.h \ - /usr/include/bits/unistd.h sagan.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/pcre.h /usr/include/sys/types.h \ - /usr/include/sys/select.h /usr/include/bits/select.h \ - /usr/include/sys/sysmacros.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h output-plugins/sagan-logzilla.h version.h \ - /usr/include/mysql/mysql.h /usr/include/mysql/mysql_version.h \ - /usr/include/mysql/mysql_com.h /usr/include/mysql/mysql_time.h \ - /usr/include/mysql/typelib.h /usr/include/mysql/my_alloc.h \ - /usr/include/mysql/my_list.h /usr/include/mysql/errmsg.h \ - /usr/include/libpq-fe.h /usr/include/postgres_ext.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/stdlib.h: - -/usr/include/bits/string3.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/time.h: - -/usr/include/bits/sched.h: - -/usr/include/bits/time.h: - -/usr/include/signal.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/bits/setjmp.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/pcre.h: - -/usr/include/sys/types.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -output-plugins/sagan-logzilla.h: - -version.h: - -/usr/include/mysql/mysql.h: - -/usr/include/mysql/mysql_version.h: - -/usr/include/mysql/mysql_com.h: - -/usr/include/mysql/mysql_time.h: - -/usr/include/mysql/typelib.h: - -/usr/include/mysql/my_alloc.h: - -/usr/include/mysql/my_list.h: - -/usr/include/mysql/errmsg.h: - -/usr/include/libpq-fe.h: - -/usr/include/postgres_ext.h: diff -Nru sagan-0.1.9/src/.deps/sagan-plog.Po sagan-0.2.0/src/.deps/sagan-plog.Po --- sagan-0.1.9/src/.deps/sagan-plog.Po 2011-04-18 18:32:24.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-plog.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,196 +0,0 @@ -sagan-plog.o: sagan-plog.c ../config.h /usr/include/unistd.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h /usr/include/bits/posix_opt.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/confname.h /usr/include/getopt.h \ - /usr/include/bits/unistd.h /usr/include/stdlib.h \ - /usr/include/sys/types.h /usr/include/time.h /usr/include/endian.h \ - /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/sys/select.h /usr/include/bits/select.h \ - /usr/include/bits/sigset.h /usr/include/bits/time.h \ - /usr/include/sys/sysmacros.h /usr/include/bits/pthreadtypes.h \ - /usr/include/alloca.h /usr/include/bits/stdlib.h /usr/include/ctype.h \ - /usr/include/stdio.h /usr/include/libio.h /usr/include/_G_config.h \ - /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/pcap.h /usr/include/pcap/pcap.h /usr/include/sys/time.h \ - /usr/include/pcap/bpf.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/sys/socket.h \ - /usr/include/sys/uio.h /usr/include/bits/uio.h \ - /usr/include/bits/socket.h /usr/include/bits/sockaddr.h \ - /usr/include/asm/socket.h /usr/include/asm-x86_64/socket.h \ - /usr/include/asm/sockios.h /usr/include/asm-x86_64/sockios.h \ - /usr/include/bits/socket2.h /usr/include/netinet/in.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h /usr/include/bits/in.h \ - /usr/include/net/if.h /usr/include/net/if_arp.h \ - /usr/include/netinet/in_systm.h /usr/include/netinet/if_ether.h \ - /usr/include/linux/if_ether.h /usr/include/linux/types.h \ - /usr/include/inttypes.h /usr/include/linux/posix_types.h \ - /usr/include/linux/stddef.h /usr/include/asm/posix_types.h \ - /usr/include/asm-x86_64/posix_types.h /usr/include/asm/types.h \ - /usr/include/asm-x86_64/types.h /usr/include/net/ethernet.h \ - /usr/include/netinet/ip.h /usr/include/netinet/udp.h \ - /usr/include/arpa/inet.h sagan.h /usr/include/pcre.h - -../config.h: - -/usr/include/unistd.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/ctype.h: - -/usr/include/stdio.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/pcap.h: - -/usr/include/pcap/pcap.h: - -/usr/include/sys/time.h: - -/usr/include/pcap/bpf.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/netinet/in.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/bits/in.h: - -/usr/include/net/if.h: - -/usr/include/net/if_arp.h: - -/usr/include/netinet/in_systm.h: - -/usr/include/netinet/if_ether.h: - -/usr/include/linux/if_ether.h: - -/usr/include/linux/types.h: - -/usr/include/inttypes.h: - -/usr/include/linux/posix_types.h: - -/usr/include/linux/stddef.h: - -/usr/include/asm/posix_types.h: - -/usr/include/asm-x86_64/posix_types.h: - -/usr/include/asm/types.h: - -/usr/include/asm-x86_64/types.h: - -/usr/include/net/ethernet.h: - -/usr/include/netinet/ip.h: - -/usr/include/netinet/udp.h: - -/usr/include/arpa/inet.h: - -sagan.h: - -/usr/include/pcre.h: diff -Nru sagan-0.1.9/src/.deps/sagan.Po sagan-0.2.0/src/.deps/sagan.Po --- sagan-0.1.9/src/.deps/sagan.Po 2011-04-18 18:32:20.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,388 +0,0 @@ -sagan.o: sagan.c ../config.h /usr/include/stdio.h /usr/include/features.h \ - /usr/include/sys/cdefs.h /usr/include/bits/wordsize.h \ - /usr/include/gnu/stubs.h /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h /usr/include/pthread.h \ - /usr/include/sched.h /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/ctype.h /usr/include/errno.h \ - /usr/include/bits/errno.h /usr/include/linux/errno.h \ - /usr/include/asm/errno.h /usr/include/asm-x86_64/errno.h \ - /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/fcntl.h /usr/include/bits/fcntl.h \ - /usr/include/bits/fcntl2.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/bits/signum.h \ - /usr/include/bits/siginfo.h /usr/include/bits/sigaction.h \ - /usr/include/bits/sigcontext.h /usr/include/bits/sigstack.h \ - /usr/include/bits/sigthread.h /usr/include/pcre.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h \ - /usr/include/limits.h /usr/include/bits/posix1_lim.h \ - /usr/include/bits/local_lim.h /usr/include/linux/limits.h \ - /usr/include/bits/posix2_lim.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/inttypes.h sagan.h version.h \ - /usr/include/liblognorm.h /usr/include/libee/libee.h \ - /usr/local/include/libestr.h /usr/include/libee/obj.h \ - /usr/include/libee/ctx.h /usr/include/libee/timestamp.h \ - /usr/include/libee/ctx.h /usr/include/libee/timestamp.h \ - /usr/include/libee/value.h /usr/include/libee/fieldtype.h \ - /usr/include/libee/field.h /usr/include/libee/valnode.h \ - /usr/include/libee/fieldbucket.h /usr/include/libee/primitivetype.h \ - /usr/include/libee/tagbucket.h /usr/include/libee/event.h \ - /usr/include/ptree.h /usr/include/lognorm.h /usr/include/ptree.h \ - output-plugins/sagan-snort.h output-plugins/sagan-logzilla.h \ - /usr/include/libprelude/prelude.h \ - /usr/include/libprelude/prelude-inttypes.h \ - /usr/include/libprelude/common.h /usr/include/libprelude/idmef.h \ - /usr/include/libprelude/prelude-list.h \ - /usr/include/libprelude/prelude-string.h \ - /usr/include/libprelude/idmef-time.h \ - /usr/include/libprelude/prelude-config.h /usr/include/sys/time.h \ - /usr/include/libprelude/idmef-data.h \ - /usr/include/libprelude/idmef-class.h \ - /usr/include/libprelude/idmef-value.h \ - /usr/include/libprelude/prelude-io.h \ - /usr/include/libprelude/idmef-value-type.h \ - /usr/include/libprelude/idmef-criteria.h \ - /usr/include/libprelude/idmef-path.h \ - /usr/include/libprelude/idmef-tree-wrap.h \ - /usr/include/libprelude/prelude-msg.h \ - /usr/include/libprelude/idmef-criterion-value.h \ - /usr/include/libprelude/idmef-message-helpers.h \ - /usr/include/libprelude/idmef-message-read.h \ - /usr/include/libprelude/prelude-msgbuf.h \ - /usr/include/libprelude/prelude-client.h \ - /usr/include/libprelude/prelude-client-profile.h \ - /usr/include/libprelude/prelude-ident.h \ - /usr/include/libprelude/prelude-connection.h \ - /usr/include/libprelude/prelude-connection-pool.h \ - /usr/include/libprelude/idmef-message-write.h \ - /usr/include/libprelude/idmef-additional-data.h \ - /usr/include/libprelude/prelude-log.h /usr/include/sys/socket.h \ - /usr/include/sys/uio.h /usr/include/bits/uio.h \ - /usr/include/bits/socket.h /usr/include/bits/sockaddr.h \ - /usr/include/asm/socket.h /usr/include/asm-x86_64/socket.h \ - /usr/include/asm/sockios.h /usr/include/asm-x86_64/sockios.h \ - /usr/include/bits/socket2.h /usr/include/netinet/in.h \ - /usr/include/bits/in.h /usr/include/libprelude/prelude-error.h \ - /usr/include/libprelude/prelude-thread.h \ - /usr/include/libprelude/prelude-option.h \ - /usr/include/libprelude/prelude-async.h \ - /usr/include/libprelude/prelude-linked-object.h \ - /usr/include/libprelude/prelude-plugin.h \ - /usr/include/libprelude/prelude-timer.h output-plugins/sagan-prelude.h \ - output-plugins/sagan-unified2.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/ctype.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/fcntl.h: - -/usr/include/bits/fcntl.h: - -/usr/include/bits/fcntl2.h: - -/usr/include/sys/stat.h: - -/usr/include/bits/stat.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -/usr/include/pcre.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h: - -/usr/include/limits.h: - -/usr/include/bits/posix1_lim.h: - -/usr/include/bits/local_lim.h: - -/usr/include/linux/limits.h: - -/usr/include/bits/posix2_lim.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/inttypes.h: - -sagan.h: - -version.h: - -/usr/include/liblognorm.h: - -/usr/include/libee/libee.h: - -/usr/local/include/libestr.h: - -/usr/include/libee/obj.h: - -/usr/include/libee/ctx.h: - -/usr/include/libee/timestamp.h: - -/usr/include/libee/ctx.h: - -/usr/include/libee/timestamp.h: - -/usr/include/libee/value.h: - -/usr/include/libee/fieldtype.h: - -/usr/include/libee/field.h: - -/usr/include/libee/valnode.h: - -/usr/include/libee/fieldbucket.h: - -/usr/include/libee/primitivetype.h: - -/usr/include/libee/tagbucket.h: - -/usr/include/libee/event.h: - -/usr/include/ptree.h: - -/usr/include/lognorm.h: - -/usr/include/ptree.h: - -output-plugins/sagan-snort.h: - -output-plugins/sagan-logzilla.h: - -/usr/include/libprelude/prelude.h: - -/usr/include/libprelude/prelude-inttypes.h: - -/usr/include/libprelude/common.h: - -/usr/include/libprelude/idmef.h: - -/usr/include/libprelude/prelude-list.h: - -/usr/include/libprelude/prelude-string.h: - -/usr/include/libprelude/idmef-time.h: - -/usr/include/libprelude/prelude-config.h: - -/usr/include/sys/time.h: - -/usr/include/libprelude/idmef-data.h: - -/usr/include/libprelude/idmef-class.h: - -/usr/include/libprelude/idmef-value.h: - -/usr/include/libprelude/prelude-io.h: - -/usr/include/libprelude/idmef-value-type.h: - -/usr/include/libprelude/idmef-criteria.h: - -/usr/include/libprelude/idmef-path.h: - -/usr/include/libprelude/idmef-tree-wrap.h: - -/usr/include/libprelude/prelude-msg.h: - -/usr/include/libprelude/idmef-criterion-value.h: - -/usr/include/libprelude/idmef-message-helpers.h: - -/usr/include/libprelude/idmef-message-read.h: - -/usr/include/libprelude/prelude-msgbuf.h: - -/usr/include/libprelude/prelude-client.h: - -/usr/include/libprelude/prelude-client-profile.h: - -/usr/include/libprelude/prelude-ident.h: - -/usr/include/libprelude/prelude-connection.h: - -/usr/include/libprelude/prelude-connection-pool.h: - -/usr/include/libprelude/idmef-message-write.h: - -/usr/include/libprelude/idmef-additional-data.h: - -/usr/include/libprelude/prelude-log.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/netinet/in.h: - -/usr/include/bits/in.h: - -/usr/include/libprelude/prelude-error.h: - -/usr/include/libprelude/prelude-thread.h: - -/usr/include/libprelude/prelude-option.h: - -/usr/include/libprelude/prelude-async.h: - -/usr/include/libprelude/prelude-linked-object.h: - -/usr/include/libprelude/prelude-plugin.h: - -/usr/include/libprelude/prelude-timer.h: - -output-plugins/sagan-prelude.h: - -output-plugins/sagan-unified2.h: diff -Nru sagan-0.1.9/src/.deps/sagan-prelude.Po sagan-0.2.0/src/.deps/sagan-prelude.Po --- sagan-0.1.9/src/.deps/sagan-prelude.Po 2011-04-18 18:32:25.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-prelude.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,305 +0,0 @@ -sagan-prelude.o: output-plugins/sagan-prelude.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/string.h /usr/include/bits/string.h \ - /usr/include/bits/string2.h /usr/include/endian.h \ - /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/stdlib.h /usr/include/bits/string3.h \ - /usr/include/libprelude/prelude.h \ - /usr/include/libprelude/prelude-inttypes.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/inttypes.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h \ - /usr/include/limits.h /usr/include/bits/posix1_lim.h \ - /usr/include/bits/local_lim.h /usr/include/linux/limits.h \ - /usr/include/bits/posix2_lim.h /usr/include/libprelude/common.h \ - /usr/include/libprelude/idmef.h /usr/include/sys/types.h \ - /usr/include/time.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/libprelude/prelude-list.h \ - /usr/include/libprelude/prelude-string.h \ - /usr/include/libprelude/idmef-time.h \ - /usr/include/libprelude/prelude-config.h /usr/include/sys/time.h \ - /usr/include/libprelude/idmef-data.h \ - /usr/include/libprelude/idmef-class.h \ - /usr/include/libprelude/idmef-value.h \ - /usr/include/libprelude/prelude-io.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h \ - /usr/include/libprelude/idmef-value-type.h \ - /usr/include/libprelude/idmef-criteria.h \ - /usr/include/libprelude/idmef-path.h \ - /usr/include/libprelude/idmef-tree-wrap.h \ - /usr/include/libprelude/prelude-msg.h \ - /usr/include/libprelude/idmef-criterion-value.h \ - /usr/include/libprelude/idmef-message-helpers.h \ - /usr/include/libprelude/idmef-message-read.h \ - /usr/include/libprelude/prelude-msgbuf.h \ - /usr/include/libprelude/prelude-client.h \ - /usr/include/libprelude/prelude-client-profile.h \ - /usr/include/libprelude/prelude-ident.h \ - /usr/include/libprelude/prelude-connection.h \ - /usr/include/libprelude/prelude-connection-pool.h \ - /usr/include/libprelude/idmef-message-write.h \ - /usr/include/libprelude/idmef-additional-data.h \ - /usr/include/libprelude/prelude-log.h /usr/include/sys/socket.h \ - /usr/include/sys/uio.h /usr/include/bits/uio.h \ - /usr/include/bits/socket.h /usr/include/bits/sockaddr.h \ - /usr/include/asm/socket.h /usr/include/asm-x86_64/socket.h \ - /usr/include/asm/sockios.h /usr/include/asm-x86_64/sockios.h \ - /usr/include/bits/socket2.h /usr/include/netinet/in.h \ - /usr/include/bits/in.h /usr/include/libprelude/prelude-error.h \ - /usr/include/errno.h /usr/include/bits/errno.h \ - /usr/include/linux/errno.h /usr/include/asm/errno.h \ - /usr/include/asm-x86_64/errno.h /usr/include/asm-generic/errno.h \ - /usr/include/asm-generic/errno-base.h \ - /usr/include/libprelude/prelude-thread.h \ - /usr/include/libprelude/prelude-option.h \ - /usr/include/libprelude/prelude-async.h \ - /usr/include/libprelude/prelude-linked-object.h \ - /usr/include/libprelude/prelude-plugin.h \ - /usr/include/libprelude/prelude-timer.h /usr/include/pthread.h \ - /usr/include/sched.h /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h version.h sagan.h /usr/include/pcre.h \ - /usr/include/alloca.h /usr/include/bits/stdlib.h \ - output-plugins/sagan-prelude.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/stdlib.h: - -/usr/include/bits/string3.h: - -/usr/include/libprelude/prelude.h: - -/usr/include/libprelude/prelude-inttypes.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/inttypes.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h: - -/usr/include/limits.h: - -/usr/include/bits/posix1_lim.h: - -/usr/include/bits/local_lim.h: - -/usr/include/linux/limits.h: - -/usr/include/bits/posix2_lim.h: - -/usr/include/libprelude/common.h: - -/usr/include/libprelude/idmef.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/libprelude/prelude-list.h: - -/usr/include/libprelude/prelude-string.h: - -/usr/include/libprelude/idmef-time.h: - -/usr/include/libprelude/prelude-config.h: - -/usr/include/sys/time.h: - -/usr/include/libprelude/idmef-data.h: - -/usr/include/libprelude/idmef-class.h: - -/usr/include/libprelude/idmef-value.h: - -/usr/include/libprelude/prelude-io.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/libprelude/idmef-value-type.h: - -/usr/include/libprelude/idmef-criteria.h: - -/usr/include/libprelude/idmef-path.h: - -/usr/include/libprelude/idmef-tree-wrap.h: - -/usr/include/libprelude/prelude-msg.h: - -/usr/include/libprelude/idmef-criterion-value.h: - -/usr/include/libprelude/idmef-message-helpers.h: - -/usr/include/libprelude/idmef-message-read.h: - -/usr/include/libprelude/prelude-msgbuf.h: - -/usr/include/libprelude/prelude-client.h: - -/usr/include/libprelude/prelude-client-profile.h: - -/usr/include/libprelude/prelude-ident.h: - -/usr/include/libprelude/prelude-connection.h: - -/usr/include/libprelude/prelude-connection-pool.h: - -/usr/include/libprelude/idmef-message-write.h: - -/usr/include/libprelude/idmef-additional-data.h: - -/usr/include/libprelude/prelude-log.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/netinet/in.h: - -/usr/include/bits/in.h: - -/usr/include/libprelude/prelude-error.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/libprelude/prelude-thread.h: - -/usr/include/libprelude/prelude-option.h: - -/usr/include/libprelude/prelude-async.h: - -/usr/include/libprelude/prelude-linked-object.h: - -/usr/include/libprelude/prelude-plugin.h: - -/usr/include/libprelude/prelude-timer.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -version.h: - -sagan.h: - -/usr/include/pcre.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -output-plugins/sagan-prelude.h: diff -Nru sagan-0.1.9/src/.deps/sagan-references.Po sagan-0.2.0/src/.deps/sagan-references.Po --- sagan-0.1.9/src/.deps/sagan-references.Po 2011-04-18 18:32:22.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-references.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,173 +0,0 @@ -sagan-references.o: sagan-references.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h /usr/include/pthread.h \ - /usr/include/sched.h /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/ctype.h /usr/include/errno.h \ - /usr/include/bits/errno.h /usr/include/linux/errno.h \ - /usr/include/asm/errno.h /usr/include/asm-x86_64/errno.h \ - /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/fcntl.h /usr/include/bits/fcntl.h \ - /usr/include/bits/fcntl2.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/bits/signum.h \ - /usr/include/bits/siginfo.h /usr/include/bits/sigaction.h \ - /usr/include/bits/sigcontext.h /usr/include/bits/sigstack.h \ - /usr/include/bits/sigthread.h /usr/include/pcre.h version.h sagan.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/ctype.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/fcntl.h: - -/usr/include/bits/fcntl.h: - -/usr/include/bits/fcntl2.h: - -/usr/include/sys/stat.h: - -/usr/include/bits/stat.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -/usr/include/pcre.h: - -version.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: diff -Nru sagan-0.1.9/src/.deps/sagan-rules.Po sagan-0.2.0/src/.deps/sagan-rules.Po --- sagan-0.1.9/src/.deps/sagan-rules.Po 2011-04-18 18:32:23.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-rules.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,158 +0,0 @@ -sagan-rules.o: sagan-rules.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h /usr/include/pthread.h \ - /usr/include/sched.h /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/ctype.h /usr/include/errno.h \ - /usr/include/bits/errno.h /usr/include/linux/errno.h \ - /usr/include/asm/errno.h /usr/include/asm-x86_64/errno.h \ - /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/fcntl.h /usr/include/bits/fcntl.h \ - /usr/include/bits/fcntl2.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/pcre.h version.h sagan.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/ctype.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/fcntl.h: - -/usr/include/bits/fcntl.h: - -/usr/include/bits/fcntl2.h: - -/usr/include/sys/stat.h: - -/usr/include/bits/stat.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/pcre.h: - -version.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: diff -Nru sagan-0.1.9/src/.deps/sagan-signal.Po sagan-0.2.0/src/.deps/sagan-signal.Po --- sagan-0.1.9/src/.deps/sagan-signal.Po 2011-04-18 18:32:23.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-signal.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,371 +0,0 @@ -sagan-signal.o: sagan-signal.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/signal.h \ - /usr/include/bits/signum.h /usr/include/bits/siginfo.h \ - /usr/include/bits/sigaction.h /usr/include/bits/sigcontext.h \ - /usr/include/bits/sigstack.h /usr/include/bits/sigthread.h \ - /usr/include/pthread.h /usr/include/sched.h /usr/include/bits/sched.h \ - /usr/include/bits/setjmp.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h version.h sagan.h /usr/include/pcre.h \ - /usr/include/liblognorm.h /usr/include/libee/libee.h \ - /usr/local/include/libestr.h /usr/include/libee/obj.h \ - /usr/include/string.h /usr/include/bits/string.h \ - /usr/include/bits/string2.h /usr/include/bits/string3.h \ - /usr/include/libee/ctx.h /usr/include/libee/timestamp.h \ - /usr/include/libee/ctx.h /usr/include/libee/timestamp.h \ - /usr/include/libee/value.h /usr/include/libee/fieldtype.h \ - /usr/include/libee/field.h /usr/include/libee/valnode.h \ - /usr/include/libee/fieldbucket.h /usr/include/libee/primitivetype.h \ - /usr/include/libee/tagbucket.h /usr/include/libee/event.h \ - /usr/include/ptree.h /usr/include/lognorm.h /usr/include/ptree.h \ - /usr/include/libprelude/prelude.h \ - /usr/include/libprelude/prelude-inttypes.h /usr/include/inttypes.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h \ - /usr/include/limits.h /usr/include/bits/posix1_lim.h \ - /usr/include/bits/local_lim.h /usr/include/linux/limits.h \ - /usr/include/bits/posix2_lim.h /usr/include/libprelude/common.h \ - /usr/include/libprelude/idmef.h /usr/include/libprelude/prelude-list.h \ - /usr/include/libprelude/prelude-string.h \ - /usr/include/libprelude/idmef-time.h \ - /usr/include/libprelude/prelude-config.h /usr/include/sys/time.h \ - /usr/include/libprelude/idmef-data.h \ - /usr/include/libprelude/idmef-class.h \ - /usr/include/libprelude/idmef-value.h \ - /usr/include/libprelude/prelude-io.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h \ - /usr/include/libprelude/idmef-value-type.h \ - /usr/include/libprelude/idmef-criteria.h \ - /usr/include/libprelude/idmef-path.h \ - /usr/include/libprelude/idmef-tree-wrap.h \ - /usr/include/libprelude/prelude-msg.h \ - /usr/include/libprelude/idmef-criterion-value.h \ - /usr/include/libprelude/idmef-message-helpers.h \ - /usr/include/libprelude/idmef-message-read.h \ - /usr/include/libprelude/prelude-msgbuf.h \ - /usr/include/libprelude/prelude-client.h \ - /usr/include/libprelude/prelude-client-profile.h \ - /usr/include/libprelude/prelude-ident.h \ - /usr/include/libprelude/prelude-connection.h \ - /usr/include/libprelude/prelude-connection-pool.h \ - /usr/include/libprelude/idmef-message-write.h \ - /usr/include/libprelude/idmef-additional-data.h \ - /usr/include/libprelude/prelude-log.h /usr/include/sys/socket.h \ - /usr/include/sys/uio.h /usr/include/bits/uio.h \ - /usr/include/bits/socket.h /usr/include/bits/sockaddr.h \ - /usr/include/asm/socket.h /usr/include/asm-x86_64/socket.h \ - /usr/include/asm/sockios.h /usr/include/asm-x86_64/sockios.h \ - /usr/include/bits/socket2.h /usr/include/netinet/in.h \ - /usr/include/bits/in.h /usr/include/libprelude/prelude-error.h \ - /usr/include/errno.h /usr/include/bits/errno.h \ - /usr/include/linux/errno.h /usr/include/asm/errno.h \ - /usr/include/asm-x86_64/errno.h /usr/include/asm-generic/errno.h \ - /usr/include/asm-generic/errno-base.h \ - /usr/include/libprelude/prelude-thread.h \ - /usr/include/libprelude/prelude-option.h \ - /usr/include/libprelude/prelude-async.h \ - /usr/include/libprelude/prelude-linked-object.h \ - /usr/include/libprelude/prelude-plugin.h \ - /usr/include/libprelude/prelude-timer.h output-plugins/sagan-unified2.h \ - output-plugins/sagan-snort.h output-plugins/sagan-logzilla.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/signal.h: - -/usr/include/bits/signum.h: - -/usr/include/bits/siginfo.h: - -/usr/include/bits/sigaction.h: - -/usr/include/bits/sigcontext.h: - -/usr/include/bits/sigstack.h: - -/usr/include/bits/sigthread.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/bits/setjmp.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -version.h: - -sagan.h: - -/usr/include/pcre.h: - -/usr/include/liblognorm.h: - -/usr/include/libee/libee.h: - -/usr/local/include/libestr.h: - -/usr/include/libee/obj.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/libee/ctx.h: - -/usr/include/libee/timestamp.h: - -/usr/include/libee/ctx.h: - -/usr/include/libee/timestamp.h: - -/usr/include/libee/value.h: - -/usr/include/libee/fieldtype.h: - -/usr/include/libee/field.h: - -/usr/include/libee/valnode.h: - -/usr/include/libee/fieldbucket.h: - -/usr/include/libee/primitivetype.h: - -/usr/include/libee/tagbucket.h: - -/usr/include/libee/event.h: - -/usr/include/ptree.h: - -/usr/include/lognorm.h: - -/usr/include/ptree.h: - -/usr/include/libprelude/prelude.h: - -/usr/include/libprelude/prelude-inttypes.h: - -/usr/include/inttypes.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h: - -/usr/include/limits.h: - -/usr/include/bits/posix1_lim.h: - -/usr/include/bits/local_lim.h: - -/usr/include/linux/limits.h: - -/usr/include/bits/posix2_lim.h: - -/usr/include/libprelude/common.h: - -/usr/include/libprelude/idmef.h: - -/usr/include/libprelude/prelude-list.h: - -/usr/include/libprelude/prelude-string.h: - -/usr/include/libprelude/idmef-time.h: - -/usr/include/libprelude/prelude-config.h: - -/usr/include/sys/time.h: - -/usr/include/libprelude/idmef-data.h: - -/usr/include/libprelude/idmef-class.h: - -/usr/include/libprelude/idmef-value.h: - -/usr/include/libprelude/prelude-io.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/libprelude/idmef-value-type.h: - -/usr/include/libprelude/idmef-criteria.h: - -/usr/include/libprelude/idmef-path.h: - -/usr/include/libprelude/idmef-tree-wrap.h: - -/usr/include/libprelude/prelude-msg.h: - -/usr/include/libprelude/idmef-criterion-value.h: - -/usr/include/libprelude/idmef-message-helpers.h: - -/usr/include/libprelude/idmef-message-read.h: - -/usr/include/libprelude/prelude-msgbuf.h: - -/usr/include/libprelude/prelude-client.h: - -/usr/include/libprelude/prelude-client-profile.h: - -/usr/include/libprelude/prelude-ident.h: - -/usr/include/libprelude/prelude-connection.h: - -/usr/include/libprelude/prelude-connection-pool.h: - -/usr/include/libprelude/idmef-message-write.h: - -/usr/include/libprelude/idmef-additional-data.h: - -/usr/include/libprelude/prelude-log.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/netinet/in.h: - -/usr/include/bits/in.h: - -/usr/include/libprelude/prelude-error.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/libprelude/prelude-thread.h: - -/usr/include/libprelude/prelude-option.h: - -/usr/include/libprelude/prelude-async.h: - -/usr/include/libprelude/prelude-linked-object.h: - -/usr/include/libprelude/prelude-plugin.h: - -/usr/include/libprelude/prelude-timer.h: - -output-plugins/sagan-unified2.h: - -output-plugins/sagan-snort.h: - -output-plugins/sagan-logzilla.h: diff -Nru sagan-0.1.9/src/.deps/sagan-snort.Po sagan-0.2.0/src/.deps/sagan-snort.Po --- sagan-0.1.9/src/.deps/sagan-snort.Po 2011-04-18 18:32:25.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-snort.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,189 +0,0 @@ -sagan-snort.o: output-plugins/sagan-snort.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/netinet/in.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/sys/socket.h \ - /usr/include/sys/uio.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/bits/uio.h \ - /usr/include/bits/socket.h /usr/include/bits/sockaddr.h \ - /usr/include/asm/socket.h /usr/include/asm-x86_64/socket.h \ - /usr/include/asm/sockios.h /usr/include/asm-x86_64/sockios.h \ - /usr/include/bits/socket2.h /usr/include/bits/in.h \ - /usr/include/arpa/inet.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/stdlib.h /usr/include/bits/string3.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/inttypes.h \ - /usr/include/unistd.h /usr/include/bits/posix_opt.h \ - /usr/include/bits/confname.h /usr/include/getopt.h \ - /usr/include/bits/unistd.h output-plugins/sagan-snort.h sagan.h \ - /usr/include/pcre.h version.h /usr/include/mysql/mysql.h \ - /usr/include/mysql/mysql_version.h /usr/include/mysql/mysql_com.h \ - /usr/include/mysql/mysql_time.h /usr/include/mysql/typelib.h \ - /usr/include/mysql/my_alloc.h /usr/include/mysql/my_list.h \ - /usr/include/mysql/errmsg.h /usr/include/libpq-fe.h \ - /usr/include/postgres_ext.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/netinet/in.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/bits/in.h: - -/usr/include/arpa/inet.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/stdlib.h: - -/usr/include/bits/string3.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/inttypes.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -output-plugins/sagan-snort.h: - -sagan.h: - -/usr/include/pcre.h: - -version.h: - -/usr/include/mysql/mysql.h: - -/usr/include/mysql/mysql_version.h: - -/usr/include/mysql/mysql_com.h: - -/usr/include/mysql/mysql_time.h: - -/usr/include/mysql/typelib.h: - -/usr/include/mysql/my_alloc.h: - -/usr/include/mysql/my_list.h: - -/usr/include/mysql/errmsg.h: - -/usr/include/libpq-fe.h: - -/usr/include/postgres_ext.h: diff -Nru sagan-0.1.9/src/.deps/sagan-stats.Po sagan-0.2.0/src/.deps/sagan-stats.Po --- sagan-0.1.9/src/.deps/sagan-stats.Po 2011-04-18 18:32:23.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-stats.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,114 +0,0 @@ -sagan-stats.o: sagan-stats.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/string.h /usr/include/bits/string.h \ - /usr/include/bits/string2.h /usr/include/endian.h \ - /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/stdlib.h /usr/include/bits/string3.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/inttypes.h sagan.h \ - /usr/include/pcre.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/sys/select.h /usr/include/bits/select.h \ - /usr/include/bits/sigset.h /usr/include/bits/time.h \ - /usr/include/sys/sysmacros.h /usr/include/bits/pthreadtypes.h \ - /usr/include/alloca.h /usr/include/bits/stdlib.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/stdlib.h: - -/usr/include/bits/string3.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/inttypes.h: - -sagan.h: - -/usr/include/pcre.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: diff -Nru sagan-0.1.9/src/.deps/sagan-strlcat.Po sagan-0.2.0/src/.deps/sagan-strlcat.Po --- sagan-0.1.9/src/.deps/sagan-strlcat.Po 2011-04-18 18:32:23.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-strlcat.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,63 +0,0 @@ -sagan-strlcat.o: sagan-strlcat.c ../config.h /usr/include/sys/types.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h /usr/include/bits/types.h \ - /usr/include/bits/typesizes.h /usr/include/time.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/stdlib.h /usr/include/bits/string3.h - -../config.h: - -/usr/include/sys/types.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/time.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/stdlib.h: - -/usr/include/bits/string3.h: diff -Nru sagan-0.1.9/src/.deps/sagan-strlcpy.Po sagan-0.2.0/src/.deps/sagan-strlcpy.Po --- sagan-0.1.9/src/.deps/sagan-strlcpy.Po 2011-04-18 18:32:23.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-strlcpy.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,63 +0,0 @@ -sagan-strlcpy.o: sagan-strlcpy.c ../config.h /usr/include/sys/types.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h /usr/include/bits/types.h \ - /usr/include/bits/typesizes.h /usr/include/time.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/stdlib.h /usr/include/bits/string3.h - -../config.h: - -/usr/include/sys/types.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/time.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/stdlib.h: - -/usr/include/bits/string3.h: diff -Nru sagan-0.1.9/src/.deps/sagan-unified2.Po sagan-0.2.0/src/.deps/sagan-unified2.Po --- sagan-0.1.9/src/.deps/sagan-unified2.Po 2011-04-18 18:32:26.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-unified2.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,240 +0,0 @@ -sagan-unified2.o: output-plugins/sagan-unified2.c ../config.h \ - /usr/include/stdio.h /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h /usr/include/stdlib.h \ - /usr/include/sys/types.h /usr/include/time.h /usr/include/endian.h \ - /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/sys/select.h /usr/include/bits/select.h \ - /usr/include/bits/sigset.h /usr/include/bits/time.h \ - /usr/include/sys/sysmacros.h /usr/include/bits/pthreadtypes.h \ - /usr/include/alloca.h /usr/include/bits/stdlib.h /usr/include/errno.h \ - /usr/include/bits/errno.h /usr/include/linux/errno.h \ - /usr/include/asm/errno.h /usr/include/asm-x86_64/errno.h \ - /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/arpa/inet.h /usr/include/netinet/in.h \ - /usr/include/sys/socket.h /usr/include/sys/uio.h \ - /usr/include/bits/uio.h /usr/include/bits/socket.h \ - /usr/include/bits/sockaddr.h /usr/include/asm/socket.h \ - /usr/include/asm-x86_64/socket.h /usr/include/asm/sockios.h \ - /usr/include/asm-x86_64/sockios.h /usr/include/bits/socket2.h \ - /usr/include/bits/in.h /usr/include/string.h /usr/include/bits/string.h \ - /usr/include/bits/string2.h /usr/include/bits/string3.h \ - /usr/include/dnet.h /usr/include/dnet/os.h /usr/include/sys/param.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h \ - /usr/include/limits.h /usr/include/bits/posix1_lim.h \ - /usr/include/bits/local_lim.h /usr/include/linux/limits.h \ - /usr/include/bits/posix2_lim.h /usr/include/linux/param.h \ - /usr/include/asm/param.h /usr/include/asm-x86_64/param.h \ - /usr/include/netdb.h /usr/include/rpc/netdb.h /usr/include/bits/netdb.h \ - /usr/include/inttypes.h /usr/include/dnet/eth.h /usr/include/dnet/ip.h \ - /usr/include/dnet/ip6.h /usr/include/dnet/addr.h \ - /usr/include/dnet/arp.h /usr/include/dnet/icmp.h \ - /usr/include/dnet/tcp.h /usr/include/dnet/udp.h \ - /usr/include/dnet/intf.h /usr/include/dnet/route.h \ - /usr/include/dnet/fw.h /usr/include/dnet/tun.h /usr/include/dnet/blob.h \ - /usr/include/dnet/rand.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h sagan.h \ - /usr/include/pcre.h output-plugins/sagan-unified2.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/arpa/inet.h: - -/usr/include/netinet/in.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/bits/in.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/dnet.h: - -/usr/include/dnet/os.h: - -/usr/include/sys/param.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/limits.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include-fixed/syslimits.h: - -/usr/include/limits.h: - -/usr/include/bits/posix1_lim.h: - -/usr/include/bits/local_lim.h: - -/usr/include/linux/limits.h: - -/usr/include/bits/posix2_lim.h: - -/usr/include/linux/param.h: - -/usr/include/asm/param.h: - -/usr/include/asm-x86_64/param.h: - -/usr/include/netdb.h: - -/usr/include/rpc/netdb.h: - -/usr/include/bits/netdb.h: - -/usr/include/inttypes.h: - -/usr/include/dnet/eth.h: - -/usr/include/dnet/ip.h: - -/usr/include/dnet/ip6.h: - -/usr/include/dnet/addr.h: - -/usr/include/dnet/arp.h: - -/usr/include/dnet/icmp.h: - -/usr/include/dnet/tcp.h: - -/usr/include/dnet/udp.h: - -/usr/include/dnet/intf.h: - -/usr/include/dnet/route.h: - -/usr/include/dnet/fw.h: - -/usr/include/dnet/tun.h: - -/usr/include/dnet/blob.h: - -/usr/include/dnet/rand.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -sagan.h: - -/usr/include/pcre.h: - -output-plugins/sagan-unified2.h: diff -Nru sagan-0.1.9/src/.deps/sagan-usage.Po sagan-0.2.0/src/.deps/sagan-usage.Po --- sagan-0.1.9/src/.deps/sagan-usage.Po 2011-04-18 18:32:24.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-usage.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,92 +0,0 @@ -sagan-usage.o: sagan-usage.c ../config.h /usr/include/stdio.h \ - /usr/include/features.h /usr/include/sys/cdefs.h \ - /usr/include/bits/wordsize.h /usr/include/gnu/stubs.h \ - /usr/include/gnu/stubs-64.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/libio.h /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h sagan.h \ - /usr/include/stdint.h /usr/include/bits/wchar.h /usr/include/pcre.h \ - /usr/include/stdlib.h /usr/include/sys/types.h /usr/include/time.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/alloca.h \ - /usr/include/bits/stdlib.h version.h - -../config.h: - -/usr/include/stdio.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -sagan.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/pcre.h: - -/usr/include/stdlib.h: - -/usr/include/sys/types.h: - -/usr/include/time.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -version.h: diff -Nru sagan-0.1.9/src/.deps/sagan-util.Po sagan-0.2.0/src/.deps/sagan-util.Po --- sagan-0.1.9/src/.deps/sagan-util.Po 2011-04-18 18:32:24.000000000 +0000 +++ sagan-0.2.0/src/.deps/sagan-util.Po 1970-01-01 00:00:00.000000000 +0000 @@ -1,210 +0,0 @@ -sagan-util.o: sagan-util.c ../config.h /usr/include/mysql/mysql.h \ - /usr/include/sys/types.h /usr/include/features.h \ - /usr/include/sys/cdefs.h /usr/include/bits/wordsize.h \ - /usr/include/gnu/stubs.h /usr/include/gnu/stubs-64.h \ - /usr/include/bits/types.h /usr/include/bits/typesizes.h \ - /usr/include/time.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h \ - /usr/include/endian.h /usr/include/bits/endian.h \ - /usr/include/bits/byteswap.h /usr/include/sys/select.h \ - /usr/include/bits/select.h /usr/include/bits/sigset.h \ - /usr/include/bits/time.h /usr/include/sys/sysmacros.h \ - /usr/include/bits/pthreadtypes.h /usr/include/mysql/mysql_version.h \ - /usr/include/mysql/mysql_com.h /usr/include/mysql/mysql_time.h \ - /usr/include/mysql/typelib.h /usr/include/mysql/my_alloc.h \ - /usr/include/mysql/my_list.h /usr/include/stdio.h /usr/include/libio.h \ - /usr/include/_G_config.h /usr/include/wchar.h \ - /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h \ - /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ - /usr/include/bits/stdio.h /usr/include/bits/stdio2.h /usr/include/pwd.h \ - /usr/include/grp.h /usr/include/errno.h /usr/include/bits/errno.h \ - /usr/include/linux/errno.h /usr/include/asm/errno.h \ - /usr/include/asm-x86_64/errno.h /usr/include/asm-generic/errno.h \ - /usr/include/asm-generic/errno-base.h /usr/include/stdlib.h \ - /usr/include/alloca.h /usr/include/bits/stdlib.h \ - /usr/include/sys/time.h /usr/include/netinet/in.h /usr/include/stdint.h \ - /usr/include/bits/wchar.h /usr/include/sys/socket.h \ - /usr/include/sys/uio.h /usr/include/bits/uio.h \ - /usr/include/bits/socket.h /usr/include/bits/sockaddr.h \ - /usr/include/asm/socket.h /usr/include/asm-x86_64/socket.h \ - /usr/include/asm/sockios.h /usr/include/asm-x86_64/sockios.h \ - /usr/include/bits/socket2.h /usr/include/bits/in.h \ - /usr/include/arpa/inet.h /usr/include/netdb.h /usr/include/rpc/netdb.h \ - /usr/include/bits/netdb.h /usr/include/string.h \ - /usr/include/bits/string.h /usr/include/bits/string2.h \ - /usr/include/bits/string3.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/signal.h \ - /usr/include/bits/setjmp.h /usr/include/unistd.h \ - /usr/include/bits/posix_opt.h /usr/include/bits/confname.h \ - /usr/include/getopt.h /usr/include/bits/unistd.h /usr/include/ctype.h \ - sagan.h /usr/include/pcre.h version.h - -../config.h: - -/usr/include/mysql/mysql.h: - -/usr/include/sys/types.h: - -/usr/include/features.h: - -/usr/include/sys/cdefs.h: - -/usr/include/bits/wordsize.h: - -/usr/include/gnu/stubs.h: - -/usr/include/gnu/stubs-64.h: - -/usr/include/bits/types.h: - -/usr/include/bits/typesizes.h: - -/usr/include/time.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stddef.h: - -/usr/include/endian.h: - -/usr/include/bits/endian.h: - -/usr/include/bits/byteswap.h: - -/usr/include/sys/select.h: - -/usr/include/bits/select.h: - -/usr/include/bits/sigset.h: - -/usr/include/bits/time.h: - -/usr/include/sys/sysmacros.h: - -/usr/include/bits/pthreadtypes.h: - -/usr/include/mysql/mysql_version.h: - -/usr/include/mysql/mysql_com.h: - -/usr/include/mysql/mysql_time.h: - -/usr/include/mysql/typelib.h: - -/usr/include/mysql/my_alloc.h: - -/usr/include/mysql/my_list.h: - -/usr/include/stdio.h: - -/usr/include/libio.h: - -/usr/include/_G_config.h: - -/usr/include/wchar.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/stdarg.h: - -/usr/include/bits/stdio_lim.h: - -/usr/include/bits/sys_errlist.h: - -/usr/include/bits/stdio.h: - -/usr/include/bits/stdio2.h: - -/usr/include/pwd.h: - -/usr/include/grp.h: - -/usr/include/errno.h: - -/usr/include/bits/errno.h: - -/usr/include/linux/errno.h: - -/usr/include/asm/errno.h: - -/usr/include/asm-x86_64/errno.h: - -/usr/include/asm-generic/errno.h: - -/usr/include/asm-generic/errno-base.h: - -/usr/include/stdlib.h: - -/usr/include/alloca.h: - -/usr/include/bits/stdlib.h: - -/usr/include/sys/time.h: - -/usr/include/netinet/in.h: - -/usr/include/stdint.h: - -/usr/include/bits/wchar.h: - -/usr/include/sys/socket.h: - -/usr/include/sys/uio.h: - -/usr/include/bits/uio.h: - -/usr/include/bits/socket.h: - -/usr/include/bits/sockaddr.h: - -/usr/include/asm/socket.h: - -/usr/include/asm-x86_64/socket.h: - -/usr/include/asm/sockios.h: - -/usr/include/asm-x86_64/sockios.h: - -/usr/include/bits/socket2.h: - -/usr/include/bits/in.h: - -/usr/include/arpa/inet.h: - -/usr/include/netdb.h: - -/usr/include/rpc/netdb.h: - -/usr/include/bits/netdb.h: - -/usr/include/string.h: - -/usr/include/bits/string.h: - -/usr/include/bits/string2.h: - -/usr/include/bits/string3.h: - -/usr/include/pthread.h: - -/usr/include/sched.h: - -/usr/include/bits/sched.h: - -/usr/include/signal.h: - -/usr/include/bits/setjmp.h: - -/usr/include/unistd.h: - -/usr/include/bits/posix_opt.h: - -/usr/include/bits/confname.h: - -/usr/include/getopt.h: - -/usr/include/bits/unistd.h: - -/usr/include/ctype.h: - -sagan.h: - -/usr/include/pcre.h: - -version.h: diff -Nru sagan-0.1.9/src/Makefile sagan-0.2.0/src/Makefile --- sagan-0.1.9/src/Makefile 2011-04-18 18:32:17.000000000 +0000 +++ sagan-0.2.0/src/Makefile 2011-08-21 16:59:22.000000000 +0000 @@ -32,9 +32,9 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -build_triplet = x86_64-unknown-linux-gnu -host_triplet = x86_64-unknown-linux-gnu -target_triplet = x86_64-unknown-linux-gnu +build_triplet = i686-pc-linux-gnu +host_triplet = i686-pc-linux-gnu +target_triplet = i686-pc-linux-gnu bin_PROGRAMS = sagan$(EXEEXT) subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in @@ -57,8 +57,8 @@ sagan-util.$(OBJEXT) sagan-plog.$(OBJEXT) parse-ip.$(OBJEXT) \ parse-port.$(OBJEXT) sagan-alert.$(OBJEXT) \ sagan-snort.$(OBJEXT) sagan-esmtp.$(OBJEXT) \ - sagan-external.$(OBJEXT) sagan-logzilla.$(OBJEXT) \ - sagan-prelude.$(OBJEXT) sagan-unified2.$(OBJEXT) + sagan-external.$(OBJEXT) sagan-prelude.$(OBJEXT) \ + sagan-unified2.$(OBJEXT) sagan_OBJECTS = $(am_sagan_OBJECTS) sagan_LDADD = $(LDADD) DEFAULT_INCLUDES = -I. -I$(top_builddir) @@ -74,11 +74,11 @@ ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run aclocal-1.11 -AMTAR = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run tar -AUTOCONF = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run autoconf -AUTOHEADER = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run autoheader -AUTOMAKE = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run automake-1.11 +ACLOCAL = ${SHELL} /home/champ/code/sagan-0.2.0/missing --run aclocal-1.11 +AMTAR = ${SHELL} /home/champ/code/sagan-0.2.0/missing --run tar +AUTOCONF = ${SHELL} /home/champ/code/sagan-0.2.0/missing --run autoconf +AUTOHEADER = ${SHELL} /home/champ/code/sagan-0.2.0/missing --run autoheader +AUTOMAKE = ${SHELL} /home/champ/code/sagan-0.2.0/missing --run automake-1.11 AWK = gawk CC = gcc CCDEPMODE = depmode=gcc3 @@ -104,7 +104,7 @@ LIBOBJS = LIBS = -ldnet -lpcap -llognorm -lprelude -lesmtp -lpq -lmysqlclient_r -lm -lpthread -lpcre LTLIBOBJS = -MAKEINFO = ${SHELL} /home/champ/code/sagan-0.1.9/missing --run makeinfo +MAKEINFO = ${SHELL} /home/champ/code/sagan-0.2.0/missing --run makeinfo MKDIR_P = /bin/mkdir -p OBJEXT = o PACKAGE = sagan @@ -118,11 +118,11 @@ SET_MAKE = SHELL = /bin/sh STRIP = -VERSION = 0.1.9 -abs_builddir = /home/champ/code/sagan-0.1.9/src -abs_srcdir = /home/champ/code/sagan-0.1.9/src -abs_top_builddir = /home/champ/code/sagan-0.1.9 -abs_top_srcdir = /home/champ/code/sagan-0.1.9 +VERSION = 0.2.0 +abs_builddir = /home/champ/code/sagan-0.2.0/src +abs_srcdir = /home/champ/code/sagan-0.2.0/src +abs_top_builddir = /home/champ/code/sagan-0.2.0 +abs_top_srcdir = /home/champ/code/sagan-0.2.0 ac_ct_CC = gcc am__include = include am__leading_dot = . @@ -130,26 +130,26 @@ am__tar = ${AMTAR} chof - "$$tardir" am__untar = ${AMTAR} xf - bindir = ${exec_prefix}/bin -build = x86_64-unknown-linux-gnu +build = i686-pc-linux-gnu build_alias = -build_cpu = x86_64 +build_cpu = i686 build_os = linux-gnu -build_vendor = unknown +build_vendor = pc builddir = . datadir = ${datarootdir} datarootdir = ${prefix}/share docdir = ${datarootdir}/doc/${PACKAGE} dvidir = ${docdir} exec_prefix = ${prefix} -host = x86_64-unknown-linux-gnu +host = i686-pc-linux-gnu host_alias = -host_cpu = x86_64 +host_cpu = i686 host_os = linux-gnu -host_vendor = unknown +host_vendor = pc htmldir = ${docdir} includedir = ${prefix}/include infodir = ${datarootdir}/info -install_sh = ${SHELL} /home/champ/code/sagan-0.1.9/install-sh +install_sh = ${SHELL} /home/champ/code/sagan-0.2.0/install-sh libdir = ${exec_prefix}/lib libexecdir = ${exec_prefix}/libexec localedir = ${datarootdir}/locale @@ -165,11 +165,11 @@ sharedstatedir = ${prefix}/com srcdir = . sysconfdir = ${prefix}/etc -target = x86_64-unknown-linux-gnu +target = i686-pc-linux-gnu target_alias = -target_cpu = x86_64 +target_cpu = i686 target_os = linux-gnu -target_vendor = unknown +target_vendor = pc top_build_prefix = ../ top_builddir = .. top_srcdir = .. @@ -196,7 +196,6 @@ output-plugins/sagan-snort.c \ output-plugins/sagan-esmtp.c \ output-plugins/sagan-external.c \ -output-plugins/sagan-logzilla.c \ output-plugins/sagan-prelude.c \ output-plugins/sagan-unified2.c @@ -290,7 +289,6 @@ include ./$(DEPDIR)/sagan-external.Po include ./$(DEPDIR)/sagan-key.Po include ./$(DEPDIR)/sagan-lockfile.Po -include ./$(DEPDIR)/sagan-logzilla.Po include ./$(DEPDIR)/sagan-plog.Po include ./$(DEPDIR)/sagan-prelude.Po include ./$(DEPDIR)/sagan-references.Po @@ -403,20 +401,6 @@ # DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \ # $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sagan-external.obj `if test -f 'output-plugins/sagan-external.c'; then $(CYGPATH_W) 'output-plugins/sagan-external.c'; else $(CYGPATH_W) '$(srcdir)/output-plugins/sagan-external.c'; fi` -sagan-logzilla.o: output-plugins/sagan-logzilla.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sagan-logzilla.o -MD -MP -MF $(DEPDIR)/sagan-logzilla.Tpo -c -o sagan-logzilla.o `test -f 'output-plugins/sagan-logzilla.c' || echo '$(srcdir)/'`output-plugins/sagan-logzilla.c - $(am__mv) $(DEPDIR)/sagan-logzilla.Tpo $(DEPDIR)/sagan-logzilla.Po -# source='output-plugins/sagan-logzilla.c' object='sagan-logzilla.o' libtool=no \ -# DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \ -# $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sagan-logzilla.o `test -f 'output-plugins/sagan-logzilla.c' || echo '$(srcdir)/'`output-plugins/sagan-logzilla.c - -sagan-logzilla.obj: output-plugins/sagan-logzilla.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sagan-logzilla.obj -MD -MP -MF $(DEPDIR)/sagan-logzilla.Tpo -c -o sagan-logzilla.obj `if test -f 'output-plugins/sagan-logzilla.c'; then $(CYGPATH_W) 'output-plugins/sagan-logzilla.c'; else $(CYGPATH_W) '$(srcdir)/output-plugins/sagan-logzilla.c'; fi` - $(am__mv) $(DEPDIR)/sagan-logzilla.Tpo $(DEPDIR)/sagan-logzilla.Po -# source='output-plugins/sagan-logzilla.c' object='sagan-logzilla.obj' libtool=no \ -# DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \ -# $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sagan-logzilla.obj `if test -f 'output-plugins/sagan-logzilla.c'; then $(CYGPATH_W) 'output-plugins/sagan-logzilla.c'; else $(CYGPATH_W) '$(srcdir)/output-plugins/sagan-logzilla.c'; fi` - sagan-prelude.o: output-plugins/sagan-prelude.c $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sagan-prelude.o -MD -MP -MF $(DEPDIR)/sagan-prelude.Tpo -c -o sagan-prelude.o `test -f 'output-plugins/sagan-prelude.c' || echo '$(srcdir)/'`output-plugins/sagan-prelude.c $(am__mv) $(DEPDIR)/sagan-prelude.Tpo $(DEPDIR)/sagan-prelude.Po diff -Nru sagan-0.1.9/src/Makefile.am sagan-0.2.0/src/Makefile.am --- sagan-0.1.9/src/Makefile.am 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/Makefile.am 2011-08-21 16:53:30.000000000 +0000 @@ -24,7 +24,6 @@ output-plugins/sagan-snort.c \ output-plugins/sagan-esmtp.c \ output-plugins/sagan-external.c \ -output-plugins/sagan-logzilla.c \ output-plugins/sagan-prelude.c \ output-plugins/sagan-unified2.c diff -Nru sagan-0.1.9/src/Makefile.in sagan-0.2.0/src/Makefile.in --- sagan-0.1.9/src/Makefile.in 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/Makefile.in 2011-08-21 16:53:30.000000000 +0000 @@ -57,8 +57,8 @@ sagan-util.$(OBJEXT) sagan-plog.$(OBJEXT) parse-ip.$(OBJEXT) \ parse-port.$(OBJEXT) sagan-alert.$(OBJEXT) \ sagan-snort.$(OBJEXT) sagan-esmtp.$(OBJEXT) \ - sagan-external.$(OBJEXT) sagan-logzilla.$(OBJEXT) \ - sagan-prelude.$(OBJEXT) sagan-unified2.$(OBJEXT) + sagan-external.$(OBJEXT) sagan-prelude.$(OBJEXT) \ + sagan-unified2.$(OBJEXT) sagan_OBJECTS = $(am_sagan_OBJECTS) sagan_LDADD = $(LDADD) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) @@ -196,7 +196,6 @@ output-plugins/sagan-snort.c \ output-plugins/sagan-esmtp.c \ output-plugins/sagan-external.c \ -output-plugins/sagan-logzilla.c \ output-plugins/sagan-prelude.c \ output-plugins/sagan-unified2.c @@ -290,7 +289,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sagan-external.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sagan-key.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sagan-lockfile.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sagan-logzilla.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sagan-plog.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sagan-prelude.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sagan-references.Po@am__quote@ @@ -403,20 +401,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sagan-external.obj `if test -f 'output-plugins/sagan-external.c'; then $(CYGPATH_W) 'output-plugins/sagan-external.c'; else $(CYGPATH_W) '$(srcdir)/output-plugins/sagan-external.c'; fi` -sagan-logzilla.o: output-plugins/sagan-logzilla.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sagan-logzilla.o -MD -MP -MF $(DEPDIR)/sagan-logzilla.Tpo -c -o sagan-logzilla.o `test -f 'output-plugins/sagan-logzilla.c' || echo '$(srcdir)/'`output-plugins/sagan-logzilla.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sagan-logzilla.Tpo $(DEPDIR)/sagan-logzilla.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='output-plugins/sagan-logzilla.c' object='sagan-logzilla.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sagan-logzilla.o `test -f 'output-plugins/sagan-logzilla.c' || echo '$(srcdir)/'`output-plugins/sagan-logzilla.c - -sagan-logzilla.obj: output-plugins/sagan-logzilla.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sagan-logzilla.obj -MD -MP -MF $(DEPDIR)/sagan-logzilla.Tpo -c -o sagan-logzilla.obj `if test -f 'output-plugins/sagan-logzilla.c'; then $(CYGPATH_W) 'output-plugins/sagan-logzilla.c'; else $(CYGPATH_W) '$(srcdir)/output-plugins/sagan-logzilla.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sagan-logzilla.Tpo $(DEPDIR)/sagan-logzilla.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='output-plugins/sagan-logzilla.c' object='sagan-logzilla.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sagan-logzilla.obj `if test -f 'output-plugins/sagan-logzilla.c'; then $(CYGPATH_W) 'output-plugins/sagan-logzilla.c'; else $(CYGPATH_W) '$(srcdir)/output-plugins/sagan-logzilla.c'; fi` - sagan-prelude.o: output-plugins/sagan-prelude.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sagan-prelude.o -MD -MP -MF $(DEPDIR)/sagan-prelude.Tpo -c -o sagan-prelude.o `test -f 'output-plugins/sagan-prelude.c' || echo '$(srcdir)/'`output-plugins/sagan-prelude.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sagan-prelude.Tpo $(DEPDIR)/sagan-prelude.Po diff -Nru sagan-0.1.9/src/output-plugins/sagan-alert.c sagan-0.2.0/src/output-plugins/sagan-alert.c --- sagan-0.1.9/src/output-plugins/sagan-alert.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-alert.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -35,23 +35,23 @@ #include #include "sagan.h" + #include "version.h" struct rule_struct *rulestruct; struct ref_struct *refstruct; -struct _SaganConfig *config; void sagan_alert( SaganEvent *Event ) { char tmpref[2048]=""; -fprintf(config->sagan_alert_stream, "\n[**] [%s] %s [**]\n", rulestruct[Event->found].s_sid, Event->f_msg); -fprintf(config->sagan_alert_stream, "[Classification: %s] [Priority: %d]\n", rulestruct[Event->found].s_classtype, rulestruct[Event->found].s_pri ); -fprintf(config->sagan_alert_stream, "%s %s %s:%d -> %s:%d %s %s\n", Event->date, Event->time, Event->ip_src, Event->src_port, Event->ip_dst, Event->dst_port, Event->facility, Event->priority); -fprintf(config->sagan_alert_stream, "Message: %s\n", Event->message); +fprintf(Event->config->sagan_alert_stream, "\n[**] [%s] %s [**]\n", rulestruct[Event->found].s_sid, Event->f_msg); +fprintf(Event->config->sagan_alert_stream, "[Classification: %s] [Priority: %d]\n", rulestruct[Event->found].s_classtype, rulestruct[Event->found].s_pri ); +fprintf(Event->config->sagan_alert_stream, "%s %s %s:%d -> %s:%d %s %s\n", Event->date, Event->time, Event->ip_src, Event->src_port, Event->ip_dst, Event->dst_port, Event->facility, Event->priority); +fprintf(Event->config->sagan_alert_stream, "Message: %s\n", Event->message); snprintf(tmpref, sizeof(tmpref), "%s", reflookup( Event->found, 0 )); -if ( strcmp(tmpref, "")) fprintf(config->sagan_alert_stream, "%s\n", tmpref); +if ( strcmp(tmpref, "")) fprintf(Event->config->sagan_alert_stream, "%s\n", tmpref); -fflush(config->sagan_alert_stream); +fflush(Event->config->sagan_alert_stream); } diff -Nru sagan-0.1.9/src/output-plugins/sagan-esmtp.c sagan-0.2.0/src/output-plugins/sagan-esmtp.c --- sagan-0.1.9/src/output-plugins/sagan-esmtp.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-esmtp.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -40,11 +40,10 @@ #include #include "sagan.h" + #include "sagan-esmtp.h" #include "version.h" -struct _SaganConfig *config; -struct _SaganDebug *debug; struct _SaganCounters *counters; struct rule_struct *rulestruct; @@ -67,7 +66,7 @@ if ( rulestruct[Event->found].email_flag ) { snprintf(tmpemail, sizeof(tmpemail), "%s", rulestruct[Event->found].email); } else { - if ( config->sagan_sendto_flag ) snprintf(tmpemail, sizeof(tmpemail), "%s", config->sagan_esmtp_to); + if ( Event->config->sagan_sendto_flag ) snprintf(tmpemail, sizeof(tmpemail), "%s", Event->config->sagan_esmtp_to); } if ((r = snprintf(tmpa, sizeof(tmpa), @@ -82,7 +81,7 @@ "[Classification: %s] [Priority: %d]\n" "%s %s %s:%d -> %s:%d %s %s\n" "Syslog message: %s\r\n%s\n\r", - config->sagan_esmtp_from, + Event->config->sagan_esmtp_from, tmpemail, Event->f_msg, rulestruct[Event->found].s_sid, @@ -99,7 +98,7 @@ Event->priority, Event->message, tmpref)) < 0) { - sagan_log(0, "[%s, line %d] Cannot build mail.", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Cannot build mail.", __FILE__, __LINE__); goto failure; } @@ -118,31 +117,31 @@ sigaction (SIGPIPE, &sa, NULL); if((session = smtp_create_session ()) == NULL) { - sagan_log(0, "[%s, line %d] Cannot create smtp session.", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Cannot create smtp session.", __FILE__, __LINE__); goto failure; } if((message = smtp_add_message (session)) == NULL) { - sagan_log(1, "[%s, line %d] Cannot add message to smtp session.", __FILE__, __LINE__); + sagan_log(Event->config, 1, "[%s, line %d] Cannot add message to smtp session.", __FILE__, __LINE__); goto failure; } -if(!smtp_set_server (session, config->sagan_esmtp_server)) { - sagan_log(0, "[%s, line %d] Cannot set smtp server.", __FILE__, __LINE__); +if(!smtp_set_server (session, Event->config->sagan_esmtp_server)) { + sagan_log(Event->config, 0, "[%s, line %d] Cannot set smtp server.", __FILE__, __LINE__); goto failure; } -if((r = fixlf(tmpb, tmpa)) <= 0) { - sagan_log(0, "[%s, line %d] Cannot fixlf.", __FILE__, __LINE__); +if((r = fixlf(Event->config, tmpb, tmpa)) <= 0) { + sagan_log(Event->config, 0, "[%s, line %d] Cannot fixlf.", __FILE__, __LINE__); goto failure; } if(!smtp_set_message_str (message, tmpb)) { - sagan_log(0, "[%s, line %d] Cannot set message string.", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Cannot set message string.", __FILE__, __LINE__); goto failure; } -if(!smtp_set_reverse_path (message, config->sagan_esmtp_from)) { - sagan_log(0, "[%s, line %d] Cannot reverse path.", __FILE__, __LINE__); +if(!smtp_set_reverse_path (message, Event->config->sagan_esmtp_from)) { + sagan_log(Event->config, 0, "[%s, line %d] Cannot reverse path.", __FILE__, __LINE__); goto failure; } -if((recipient = smtp_add_recipient (message, config->sagan_esmtp_to)) == NULL) { - sagan_log(0, "[%s, line %d] Cannot add recipient.", __FILE__, __LINE__); +if((recipient = smtp_add_recipient (message, Event->config->sagan_esmtp_to)) == NULL) { + sagan_log(Event->config, 0, "[%s, line %d] Cannot add recipient.", __FILE__, __LINE__); goto failure; } @@ -154,7 +153,7 @@ * we might be storing alerts another way */ - sagan_log(0, "[%s, line %d] SMTP Error: %s", __FILE__, __LINE__, smtp_strerror (smtp_errno (), errtmp, sizeof(errtmp))); + sagan_log(Event->config, 0, "[%s, line %d] SMTP Error: %s", __FILE__, __LINE__, smtp_strerror (smtp_errno (), errtmp, sizeof(errtmp))); counters->saganesmtpdrop++; } else { @@ -162,7 +161,8 @@ /* SMTP sent successful */ status = smtp_message_transfer_status (message); - if ( debug->debugesmtp ) sagan_log(0, "SMTP %d %s", status->code, (status->text != NULL) ? status->text : "\n"); + + if ( Event->debug->debugesmtp ) sagan_log(Event->config, 0, "SMTP %d %s", status->code, (status->text != NULL) ? status->text : "\n"); } @@ -179,7 +179,7 @@ } int -fixlf(char *d, char *s) +fixlf( _SaganConfig *config, char *d, char *s) { int sl=0; int i=0; @@ -196,13 +196,13 @@ if((sl=strlen(s)) >= MAX_EMAILSIZE) { s[MAX_EMAILSIZE]='\0'; sl=MAX_EMAILSIZE; - sagan_log(0, "[%s, line %d] Mail too large.", __FILE__, __LINE__); + sagan_log(config, 0, "[%s, line %d] Mail too large.", __FILE__, __LINE__); } for(i=0;i=MAX_EMAILSIZE){ d[MAX_EMAILSIZE]='\0'; - sagan_log(0, "[%s, line %d] Mail too large.", __FILE__, __LINE__); + sagan_log(config, 0, "[%s, line %d] Mail too large.", __FILE__, __LINE__); break; } if(i>0 && s[i] == '\n' && s[i-1] != '\r'){ diff -Nru sagan-0.1.9/src/output-plugins/sagan-esmtp.h sagan-0.2.0/src/output-plugins/sagan-esmtp.h --- sagan-0.1.9/src/output-plugins/sagan-esmtp.h 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-esmtp.h 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -26,7 +26,7 @@ #ifdef HAVE_LIBESMTP -int fixlf(char *, char *); +int fixlf(_SaganConfig *, char *, char *); #endif diff -Nru sagan-0.1.9/src/output-plugins/sagan-external.c sagan-0.2.0/src/output-plugins/sagan-external.c --- sagan-0.1.9/src/output-plugins/sagan-external.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-external.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -38,9 +38,9 @@ #include #include "sagan.h" + #include "version.h" -struct _SaganConfig *config; struct _SaganCounters *counters; struct rule_struct *rulestruct; @@ -57,7 +57,7 @@ int ret; char tmp[6]; -if ( config->sagan_exttype == 1 ) { +if ( Event->config->sagan_exttype == 1 ) { /* Parsable */ @@ -82,14 +82,14 @@ if ( pipe(in) < 0 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Cannot create input pipe!", __FILE__, __LINE__); + removelockfile(Event->config); + sagan_log(Event->config, 1, "[%s, line %d] Cannot create input pipe!", __FILE__, __LINE__); } if ( pipe(out) < 0 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Cannot create output pipe!", __FILE__, __LINE__); + removelockfile(Event->config); + sagan_log(Event->config, 1, "[%s, line %d] Cannot create output pipe!", __FILE__, __LINE__); } @@ -109,9 +109,9 @@ close(out[0]); pthread_mutex_unlock( &ext_mutex ); - ret=execl(config->sagan_extern, config->sagan_extern, NULL, (char *)NULL); - removelockfile(); - sagan_log(1, "[%s, line %d] Cannot execute %s", __FILE__, __LINE__, config->sagan_extern); + ret=execl(Event->config->sagan_extern, Event->config->sagan_extern, NULL, (char *)NULL); + removelockfile(Event->config); + sagan_log(Event->config, 0, "[%s, line %d] Cannot execute %s", __FILE__, __LINE__, Event->config->sagan_extern); } pthread_mutex_lock( &ext_mutex ); diff -Nru sagan-0.1.9/src/output-plugins/sagan-logzilla.c sagan-0.2.0/src/output-plugins/sagan-logzilla.c --- sagan-0.1.9/src/output-plugins/sagan-logzilla.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-logzilla.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,249 +0,0 @@ -/* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III -** -** This program is free software; you can redistribute it and/or modify -** it under the terms of the GNU General Public License Version 2 as -** published by the Free Software Foundation. You may not use, modify or -** distribute this program under any other version of the GNU General -** Public License. -** -** This program is distributed in the hope that it will be useful, -** but WITHOUT ANY WARRANTY; without even the implied warranty of -** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -** GNU General Public License for more details. -** -** You should have received a copy of the GNU General Public License -** along with this program; if not, write to the Free Software -** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -/* sagan-logzilla.c - * - * Logs to a Logzilla SQL database. - * See http://code.google.com/p/php-syslog-ng/ - * - */ - - -#ifdef HAVE_CONFIG_H -#include "config.h" /* From autoconf */ -#endif - -#if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) - -#include -#include -#include -#include - -#include "sagan.h" -#include "sagan-logzilla.h" -#include "version.h" - - -#ifdef HAVE_LIBMYSQLCLIENT_R -#include -#include -MYSQL *connection, *mysql_logzilla; -#endif - -#ifdef HAVE_LIBPQ -#include -PGconn *psql_logzilla; -PGresult *result; -char pgconnect[2048]; -#endif - -struct _SaganConfig *config; -struct _SaganCounters *counters; - -pthread_mutex_t logzilla_db_mutex; - -int logzilla_db_connect( void ) { - -char *dbh=NULL; -char *dbu=NULL; -char *dbp=NULL; -char *dbn=NULL; - -dbu = config->logzilla_user; -dbh = config->logzilla_dbhost; -dbp = config->logzilla_password; -dbn = config->logzilla_dbname; - -/********************/ -/* MySQL connection */ -/********************/ - -#ifdef HAVE_LIBMYSQLCLIENT_R -if ( config->logzilla_dbtype == 1 ) { - -mysql_thread_init(); -mysql_logzilla = mysql_init(NULL); - -if ( mysql_logzilla == NULL ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error initializing MySQL", __FILE__, __LINE__ ); - } - - -my_bool reconnect = 1; -mysql_options(mysql_logzilla,MYSQL_READ_DEFAULT_GROUP,config->logzilla_dbname); - -/* Re-connect to the database if the connection is lost */ - -mysql_options(mysql_logzilla,MYSQL_OPT_RECONNECT, &reconnect); - -if (!mysql_real_connect(mysql_logzilla, dbh, dbu, dbp, dbn, MYSQL_PORT, NULL, 0)) { - sagan_log(1, "[%s, line %d] MySQL Error %u: \"%s\"", __FILE__, __LINE__, mysql_errno(mysql_logzilla), mysql_error(mysql_logzilla)); - } - -} -#endif -/*************************/ -/* PostgreSQL connection */ -/*************************/ - -#ifdef HAVE_LIBPQ -if ( config->logzilla_dbtype == 2 ) { - -//isthreadsafe = PQisthreadsafe(); // check - -snprintf(pgconnect, sizeof(pgconnect), "hostaddr = '%s' port = '%d' dbname = '%s' user = '%s' password = '%s' connect_timeout = '30'", dbh, 5432 , dbn, dbu, dbp); - -psql_logzilla = PQconnectdb(pgconnect); - -if (!psql_logzilla) { - removelockfile(); - sagan_log(1, "[%s, line %d] PostgreSQL: PQconnect Error", __FILE__, __LINE__); - } - -if (PQstatus(psql_logzilla) != CONNECTION_OK) { - removelockfile(); - sagan_log(1, "[%s, line %d] PostgreSQL status not OK", __FILE__, __LINE__); - } - -} -#endif - -return(0); -} /* End of logzilla_connect */ - - -/**************************************************************************** - * Query Database | iorq == 0 (SELECT) iorq == 1 (INSERT) * - * For SELECT, we typically only want one value back (row[0]) so return it * - * For INSERT, we don't need or get any results back * - ****************************************************************************/ - -char *logzilla_db_query ( int dbtype, char *sql ) { - -pthread_mutex_lock( &logzilla_db_mutex ); - -char sqltmp[MAXSQL]; /* Make this a MAXSQL or something */ -char *re=NULL; /* "return" point for row */ - -int mysql_last_errno = 0; -int mysql_reconnect_count = 0; - -strlcpy(sqltmp, sql, sizeof(sqltmp)); - -#ifdef HAVE_LIBMYSQLCLIENT_R -if ( config->logzilla_dbtype == 1 ) { - -MYSQL_RES *logzilla_res; -MYSQL_ROW logzilla_row; - -while ( mysql_real_query(mysql_logzilla, sqltmp, strlen(sqltmp)) != 0 ) { - - mysql_last_errno = mysql_errno(mysql_logzilla); - - if ( mysql_last_errno == CR_CONNECTION_ERROR || - mysql_last_errno == CR_CONN_HOST_ERROR || - mysql_last_errno == CR_SERVER_GONE_ERROR ) { - mysql_reconnect_count++; - sagan_log(0, "[%s, line %d] Lost connection to MySQL database. Trying %d", __FILE__, __LINE__, mysql_reconnect_count); - sleep(2); // Give the DB time to recover - - } else { - - sagan_log(1, "[%s, line %d] MySQL Error [%u:] \"%s\"\nOffending SQL statement: %s", __FILE__, __LINE__, mysql_errno(mysql_logzilla), mysql_error(mysql_logzilla), sqltmp); - } - -} - -if ( mysql_reconnect_count != 0 ) { /* If there's a reconnect_count, we must of lost connection */ - sagan_log(0, "MySQL connection re-established!"); /* Log it */ - mysql_reconnect_count=0; /* Reset the counter */ - } - - -logzilla_res = mysql_use_result(mysql_logzilla); - -if ( logzilla_res != NULL ) { - while((logzilla_row = mysql_fetch_row(logzilla_res))) { - snprintf(sqltmp, sizeof(sqltmp), "%s", logzilla_row[0]); - re=sqltmp; - } - } - -mysql_free_result(logzilla_res); -pthread_mutex_unlock( &logzilla_db_mutex ); -return(re); -} -#else -removelockfile(); -sagan_log(1, "Sagan was not compiled with MySQL support. Aborting!"); -#endif - -#ifdef HAVE_LIBPQ -if ( config->logzilla_dbtype == 2 ) { - -if (( result = PQexec(psql_logzilla, sql )) == NULL ) { -// removelockfile(); - sagan_log(0, "[%s, line %d] PostgreSQL Error: %s", __FILE__, __LINE__, PQerrorMessage( psql_logzilla )); - } - -if ( PQntuples(result) != 0 ) { - re = PQgetvalue(result,0,0); - } - -PQclear(result); -pthread_mutex_unlock( &logzilla_db_mutex); -return(re); - -} -#else -removelockfile(); -sagan_log(1, "[%s, line %d] Sagan was not compiled with PostgreSQL support. Aborting!", __FILE__, __LINE__); -#endif - -return(0); -} - - -void sagan_logzilla_thread ( SaganEvent *Event ) { - -char sqltmp[MAXSQL]; -char *sql=NULL; - -char escprg[MAXPROGRAM]; -char escmsg[MAX_SYSLOGMSG]; - -snprintf(escprg, sizeof(escprg), "%s", sql_escape(Event->program, 1)); -snprintf(escmsg, sizeof(escmsg), "%s", sql_escape(Event->message, 1)); - -snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO logs (host, facility, priority, level, tag, program, msg, fo, lo) VALUES ('%s', '%s', '%s', '%s', '%s', %s, %s, '%s %s', '%s %s')", Event->host, Event->facility, Event->priority, Event->level, Event->tag, escprg , escmsg, Event->date, Event->time, Event->date, Event->time ); - - -sql=sqltmp; -logzilla_db_query(config->logzilla_dbtype, sql); - -pthread_mutex_lock ( &logzilla_db_mutex ); -counters->threadlogzillac--; -pthread_mutex_unlock ( &logzilla_db_mutex ); - -} - -#endif diff -Nru sagan-0.1.9/src/output-plugins/sagan-logzilla.h sagan-0.2.0/src/output-plugins/sagan-logzilla.h --- sagan-0.1.9/src/output-plugins/sagan-logzilla.h 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-logzilla.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -/* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III -** -** This program is free software; you can redistribute it and/or modify -** it under the terms of the GNU General Public License Version 2 as -** published by the Free Software Foundation. You may not use, modify or -** distribute this program under any other version of the GNU General -** Public License. -** -** This program is distributed in the hope that it will be useful, -** but WITHOUT ANY WARRANTY; without even the implied warranty of -** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -** GNU General Public License for more details. -** -** You should have received a copy of the GNU General Public License -** along with this program; if not, write to the Free Software -** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -/* sagan-logzilla.h */ - -#if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) - -int logzilla_db_connect( void ); -char *logzilla_db_query ( int , char * ); - -#endif diff -Nru sagan-0.1.9/src/output-plugins/sagan-prelude.c sagan-0.2.0/src/output-plugins/sagan-prelude.c --- sagan-0.1.9/src/output-plugins/sagan-prelude.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-prelude.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -43,15 +43,15 @@ #include "version.h" #include "sagan.h" + #include "sagan-prelude.h" -struct _SaganConfig *config; struct _SaganCounters *counters; #define ANALYZER_CLASS "Log Analyzer" #define ANALYZER_MODEL "Sagan" -#define ANALYZER_MANUFACTURER "http://sagan.softwink.com" -#define ANALYZER_SID_URL "https://wiki.softwink.com/bin/view/Main/" +#define ANALYZER_MANUFACTURER "http://sagan.quadrantsec.com" +#define ANALYZER_SID_URL "https://wiki.quadrantsec.com/bin/view/Main/" #define DEFAULT_ANALYZER_NAME "sagan" #define ANALYZER_INTERFACE "syslog" @@ -61,7 +61,7 @@ /* Init the Prelude sub system. */ -void PreludeInit(void) +void PreludeInit( _SaganConfig *config ) { int ret; @@ -71,37 +71,37 @@ ret = prelude_thread_init(NULL); if ( ret < 0 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] %s: Unable to init the Prelude thread subsystem: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] %s: Unable to init the Prelude thread subsystem: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); } ret = prelude_init(NULL, NULL); if ( ret < 0 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] %s: Unable to init the Prelude library: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] %s: Unable to init the Prelude library: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); } ret = prelude_client_new(&preludeclient, config->sagan_prelude_profile ? config->sagan_prelude_profile : DEFAULT_ANALYZER_NAME); if ( ret < 0 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] %s: Unable to create a Prelude client object: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] %s: Unable to create a Prelude client object: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); } flags = PRELUDE_CLIENT_FLAGS_ASYNC_SEND|PRELUDE_CLIENT_FLAGS_ASYNC_TIMER; ret = prelude_client_set_flags(preludeclient, prelude_client_get_flags(preludeclient) | flags); if ( ret < 0 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] %s: Unable to set asynchronous send and timer: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] %s: Unable to set asynchronous send and timer: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); } setup_analyzer(prelude_client_get_analyzer(preludeclient)); ret = prelude_client_start(preludeclient); if ( ret < 0 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] %s: Unable to initialize Prelude client: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] %s: Unable to initialize Prelude client: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); } @@ -139,7 +139,7 @@ return 0; } -int add_int_data(idmef_alert_t *alert, const char *meaning, uint32_t data) +int add_int_data( _SaganConfig *config, idmef_alert_t *alert, const char *meaning, uint32_t data) { int ret; prelude_string_t *str; @@ -153,14 +153,14 @@ ret = idmef_additional_data_new_meaning(ad, &str); if ( ret < 0 ) { - sagan_log(0,"%s: error creating additional-data meaning: %s.\n", + sagan_log(config, 0,"%s: error creating additional-data meaning: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; } ret = prelude_string_set_ref(str, meaning); if ( ret < 0 ) { - sagan_log(0, "%s: error setting integer data meaning: %s.\n", + sagan_log(config, 0, "%s: error setting integer data meaning: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; } @@ -193,52 +193,52 @@ ret = idmef_message_new(&idmef); if ( ret < 0 ) { prelude_client_destroy(preludeclient, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); - sagan_log(1, "[%s, line %d] Error in idmef_message_new(). Aborting", __FILE__, __LINE__); + sagan_log(Event->config, 1, "[%s, line %d] Error in idmef_message_new(). Aborting", __FILE__, __LINE__); } ret = idmef_message_new_alert(idmef, &alert); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] Error in idmef_message_new_alert()", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Error in idmef_message_new_alert()", __FILE__, __LINE__); goto err; } ret = idmef_alert_new_classification(alert, &class); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] Error in idmef_alert_new_classification()", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Error in idmef_alert_new_classification()", __FILE__, __LINE__); goto err; } ret = idmef_classification_new_text(class, &str); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] Error in idmef_classification_new_text()", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Error in idmef_classification_new_text()", __FILE__, __LINE__); goto err; } prelude_string_set_ref(str, rulestruct[Event->found].s_msg ); -ret = event_to_impact(rulestruct[Event->found].s_pri, alert); +ret = event_to_impact(Event->config, rulestruct[Event->found].s_pri, alert); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] event_to_impact() failed", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] event_to_impact() failed", __FILE__, __LINE__); goto err; } ret = event_to_reference(rulestruct[Event->found].s_sid, class); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] event_to_reference() failed", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] event_to_reference() failed", __FILE__, __LINE__); goto err; } -ret = event_to_source_target(Event->ip_src, Event->ip_dst, Event->src_port, Event->dst_port, rulestruct[Event->found].ip_proto, alert); +ret = event_to_source_target(Event->config, Event->ip_src, Event->ip_dst, Event->src_port, Event->dst_port, rulestruct[Event->found].ip_proto, alert); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] event_to_source_target() failed", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] event_to_source_target() failed", __FILE__, __LINE__); goto err; } sid = atoi(rulestruct[Event->found].s_sid); rev = atoi(rulestruct[Event->found].s_rev); -ret = syslog_to_data(rulestruct[Event->found].s_sid, rulestruct[Event->found].s_rev, rulestruct[Event->found].ip_proto, Event->message, alert); +ret = syslog_to_data(Event->config, rulestruct[Event->found].s_sid, rulestruct[Event->found].s_rev, rulestruct[Event->found].ip_proto, Event->message, alert); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] syslog_to_data() failed", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] syslog_to_data() failed", __FILE__, __LINE__); goto err; } @@ -256,7 +256,7 @@ /* Assigns severity to an event. For example, priority 1 == High */ -int event_to_impact(int pri, idmef_alert_t *alert) +int event_to_impact(_SaganConfig *config, int pri, idmef_alert_t *alert) { int ret; @@ -265,10 +265,10 @@ idmef_assessment_t *assessment; ret = idmef_alert_new_assessment(alert, &assessment); - if ( ret < 0 ) sagan_log(1, "[%s, line %d] Error in idmef_alert_new_assessment(). Abort.", __FILE__, __LINE__); + if ( ret < 0 ) sagan_log(config, 1, "[%s, line %d] Error in idmef_alert_new_assessment(). Abort.", __FILE__, __LINE__); ret = idmef_assessment_new_impact(assessment, &impact); - if ( ret < 0 ) sagan_log(1,"[%s, line %d] Error in idmef_assessment_new_impact(). Abort.", __FILE__, __LINE__); + if ( ret < 0 ) sagan_log(config, 1,"[%s, line %d] Error in idmef_assessment_new_impact(). Abort.", __FILE__, __LINE__); if ( pri == 1 ) severity = IDMEF_IMPACT_SEVERITY_HIGH; else if ( pri == 2 ) severity = IDMEF_IMPACT_SEVERITY_MEDIUM; @@ -299,7 +299,7 @@ /* Supply target/source/port information */ -int event_to_source_target(char *ip_src, char *ip_dst, int src_port, int dst_port, int proto, idmef_alert_t *alert) +int event_to_source_target( _SaganConfig *config, char *ip_src, char *ip_dst, int src_port, int dst_port, int proto, idmef_alert_t *alert) { int ret; @@ -369,22 +369,22 @@ return 0; } -int syslog_to_data ( char *sid, char *rev, int proto, char *message, idmef_alert_t *alert ) +int syslog_to_data ( _SaganConfig *config, char *sid, char *rev, int proto, char *message, idmef_alert_t *alert ) { int i; i = atoi(sid); -add_int_data(alert, "sagan_rule_sid", i); +add_int_data(config, alert, "sagan_rule_sid", i); i = atoi(rev); -add_int_data(alert, "sagan_rule_rev", i ); +add_int_data(config, alert, "sagan_rule_rev", i ); -add_int_data(alert, "ip_ver", 4); +add_int_data(config, alert, "ip_ver", 4); -add_int_data(alert, "ip_proto", proto); +add_int_data(config, alert, "ip_proto", proto); -add_byte_data(alert, "payload", message, strlen(message)); +add_byte_data(config, alert, "payload", message, strlen(message)); return 0; @@ -392,7 +392,7 @@ /* Setup for the payload information */ -int add_byte_data(idmef_alert_t *alert, const char *meaning, const unsigned char *data, size_t size) +int add_byte_data( _SaganConfig *config , idmef_alert_t *alert, const char *meaning, const unsigned char *data, size_t size) { int ret; @@ -404,19 +404,19 @@ ret = idmef_additional_data_set_byte_string_ref(ad, data, size); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] %s Error setting byte string data: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + sagan_log(config, 0, "[%s, line %d] %s Error setting byte string data: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); return -1; } ret = idmef_additional_data_new_meaning(ad, &str); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] %s Error creating additional-data meaning: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + sagan_log(config, 0, "[%s, line %d] %s Error creating additional-data meaning: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); return -1; } ret = prelude_string_set_ref(str, meaning); if ( ret < 0 ) { - sagan_log(0, "[%s, line %d] %s Error setting byte string data meaning: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); + sagan_log(config, 0, "[%s, line %d] %s Error setting byte string data meaning: %s", __FILE__, __LINE__, prelude_strsource(ret), prelude_strerror(ret)); return -1; } diff -Nru sagan-0.1.9/src/output-plugins/sagan-prelude.h sagan-0.2.0/src/output-plugins/sagan-prelude.h --- sagan-0.1.9/src/output-plugins/sagan-prelude.h 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-prelude.h 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -26,15 +26,15 @@ #ifdef HAVE_LIBPRELUDE -void PreludeInit(void); +void PreludeInit( _SaganConfig *); int setup_analyzer(idmef_analyzer_t *); -int add_int_data(idmef_alert_t *, const char *, uint32_t ); +int add_int_data(_SaganConfig *, idmef_alert_t *, const char *, uint32_t ); void sagan_prelude( SaganEvent * ); -int event_to_impact(int, idmef_alert_t *); +int event_to_impact(_SaganConfig *, int, idmef_alert_t *); int event_to_reference(char *, idmef_classification_t *); -int event_to_source_target(char *, char *, int ,int ,int , idmef_alert_t *); -int syslog_to_data( char * , char * , int , char *, idmef_alert_t * ); -int add_byte_data(idmef_alert_t *, const char *, const unsigned char *, size_t); +int event_to_source_target(_SaganConfig *, char *, char *, int ,int ,int , idmef_alert_t *); +int syslog_to_data( _SaganConfig *, char * , char * , int , char *, idmef_alert_t * ); +int add_byte_data( _SaganConfig *, idmef_alert_t *, const char *, const unsigned char *, size_t); int add_sagan_reference(idmef_classification_t *, char *); #endif diff -Nru sagan-0.1.9/src/output-plugins/sagan-snort.c sagan-0.2.0/src/output-plugins/sagan-snort.c --- sagan-0.1.9/src/output-plugins/sagan-snort.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-snort.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -43,9 +43,10 @@ #include #include +#include "sagan.h" #include "sagan-snort.h" -#include "sagan.h" + #include "version.h" @@ -62,8 +63,6 @@ char pgconnect[2048]; #endif -struct _SaganConfig *config; -struct _SaganDebug *debug; struct _SaganCounters *counters; struct rule_struct *rulestruct; @@ -75,7 +74,7 @@ /* Connection to various types of databases */ /********************************************/ -int db_connect( void ) { +int db_connect( _SaganConfig *config ) { char *dbh=NULL; char *dbu=NULL; @@ -98,8 +97,8 @@ mysql = mysql_init(NULL); if ( mysql == NULL ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error initializing MySQL", __FILE__, __LINE__); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error initializing MySQL", __FILE__, __LINE__); } @@ -111,7 +110,7 @@ mysql_options(mysql,MYSQL_OPT_RECONNECT, &reconnect); if (!mysql_real_connect(mysql, dbh, dbu, dbp, dbn, MYSQL_PORT, NULL, 0)) { - sagan_log(1, "[%s, line %d] MySQL Error %u: \"%s\"", __FILE__, __LINE__, mysql_errno(mysql), mysql_error(mysql)); + sagan_log(config, 1, "[%s, line %d] MySQL Error %u: \"%s\"", __FILE__, __LINE__, mysql_errno(mysql), mysql_error(mysql)); } } @@ -131,13 +130,13 @@ psql = PQconnectdb(pgconnect); if (!psql) { - removelockfile(); - sagan_log(1, "[%s, line %d] PostgreSQL: PQconnect Error", __FILE__, __LINE__); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] PostgreSQL: PQconnect Error", __FILE__, __LINE__); } if (PQstatus(psql) != CONNECTION_OK) { - removelockfile(); - sagan_log(1, "[%s, line %d] PostgreSQL status not OK", __FILE__, __LINE__); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] PostgreSQL status not OK", __FILE__, __LINE__); } } @@ -152,7 +151,7 @@ * For INSERT, we don't need or get any results back * ****************************************************************************/ -char *db_query ( int dbtype, char *sql ) { +char *db_query ( _SaganDebug *debug, _SaganConfig *config, char *sql ) { char sqltmp[MAXSQL]; /* Make this a MAXSQL or something */ char *re=NULL; /* "return" point for row */ @@ -164,10 +163,11 @@ strlcpy(sqltmp, sql, sizeof(sqltmp)); -if ( debug->debugsql ) sagan_log(0, "%s", sqltmp); + +if ( debug->debugsql ) sagan_log(config, 0, "%s", sqltmp); #ifdef HAVE_LIBMYSQLCLIENT_R -if ( dbtype == 1 ) { +if ( config->dbtype == 1 ) { MYSQL_RES *res; MYSQL_ROW row; @@ -180,19 +180,20 @@ mysql_last_errno == CR_CONN_HOST_ERROR || mysql_last_errno == CR_SERVER_GONE_ERROR ) { mysql_reconnect_count++; - sagan_log(0, "[%s, line %d] Lost connection to MySQL database. Trying %d", __FILE__, __LINE__, mysql_reconnect_count); + sagan_log(config, 0, "[%s, line %d] Lost connection to MySQL database. Trying %d", __FILE__, __LINE__, mysql_reconnect_count); sleep(2); // Give the DB time to recover } else { - sagan_log(0, "[%s, line %d] MySQL Error [%u:] \"%s\"\nOffending SQL statement: %s\n", __FILE__, __LINE__, mysql_errno(mysql), mysql_error(mysql), sqltmp); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] MySQL Error [%u:] \"%s\"\nOffending SQL statement: %s\n", __FILE__, __LINE__, mysql_errno(mysql), mysql_error(mysql), sqltmp); } } if ( mysql_reconnect_count != 0 ) { /* If there's a reconnect_count, we must of lost connection */ - sagan_log(0, "MySQL connection re-established!"); /* Log it */ + sagan_log(config, 0, "MySQL connection re-established!"); /* Log it */ mysql_reconnect_count=0; /* Reset the counter */ } @@ -210,26 +211,26 @@ return(re); } #else -if ( dbtype == 1 ) { - removelockfile(); - sagan_log(1, "Sagan was not compiled with MySQL support. Aborting!"); +if ( config->dbtype == 1 ) { + removelockfile(config); + sagan_log(config, 1, "Sagan was not compiled with MySQL support. Aborting!"); } #endif #ifdef HAVE_LIBPQ -if ( dbtype == 2 ) { +if ( config->dbtype == 2 ) { if (( result = PQexec(psql, sqltmp )) == NULL ) { //removelockfile(); - sagan_log(0, "[%s, line %d] PostgreSQL Error: %s", __FILE__, __LINE__, PQerrorMessage( psql )); + sagan_log(config, 0, "[%s, line %d] PostgreSQL Error: %s", __FILE__, __LINE__, PQerrorMessage( psql )); } if (PQresultStatus(result) != PGRES_COMMAND_OK && PQresultStatus(result) != PGRES_TUPLES_OK) { - sagan_log(0, "[%s, line %d] PostgreSQL Error: %s", __FILE__, __LINE__, PQerrorMessage( psql )); + sagan_log(config, 0, "[%s, line %d] PostgreSQL Error: %s", __FILE__, __LINE__, PQerrorMessage( psql )); PQclear(result); //removelockfile(); - sagan_log(0, "DB Query failed: %s", sqltmp); + sagan_log(config, 0, "DB Query failed: %s", sqltmp); } if ( PQntuples(result) != 0 ) { @@ -242,9 +243,9 @@ } #else -if ( dbtype == 2 ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Sagan was not compiled with PostgreSQL support. Aborting!", __FILE__, __LINE__); +if ( config->dbtype == 2 ) { + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Sagan was not compiled with PostgreSQL support. Aborting!", __FILE__, __LINE__); } #endif @@ -255,31 +256,31 @@ /* Get's the current sensor ID or creates a new one if this is the first run */ /*****************************************************************************/ -int get_sensor_id ( char *hostname, char *interface, char *filter, int detail, int dbtype ) { +int get_sensor_id ( _SaganDebug *debug, _SaganConfig *config ) { + char sqltmp[MAXSQL]; char *sql; char *sqlout; -snprintf(sqltmp, sizeof(sqltmp), "SELECT sid FROM sensor WHERE hostname='%s' AND interface='%s' AND filter='%s' AND detail='%d' AND encoding='0'", hostname, interface, filter, detail); +snprintf(sqltmp, sizeof(sqltmp), "SELECT sid FROM sensor WHERE hostname='%s' AND interface='%s' AND filter='%s' AND detail='%d' AND encoding='0'", config->sagan_hostname, config->sagan_interface, config->sagan_filter, config->sagan_detail); sql=sqltmp; -sqlout = db_query( dbtype, sql ); +sqlout = db_query(debug, config, sql); if ( sqlout == NULL ) { /* Insert new sensor ID */ - snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO sensor (hostname, interface, filter, detail, encoding, last_cid) VALUES ('%s', '%s', '%s', '%u', '0', '0')", hostname, interface, filter, detail); + snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO sensor (hostname, interface, filter, detail, encoding, last_cid) VALUES ('%s', '%s', '%s', '%u', '0', '0')", config->sagan_hostname, config->sagan_interface, config->sagan_filter, config->sagan_detail); sql=sqltmp; - db_query(dbtype, sql); + db_query(debug, config, sql); /* Get new sensor ID */ - snprintf(sqltmp, sizeof(sqltmp), "SELECT sid FROM sensor WHERE hostname='%s' AND interface='%s' AND filter='%s' AND detail='%d' AND encoding='0'", hostname, interface, filter, detail); + snprintf(sqltmp, sizeof(sqltmp), "SELECT sid FROM sensor WHERE hostname='%s' AND interface='%s' AND filter='%s' AND detail='%d' AND encoding='0'", config->sagan_hostname, config->sagan_interface, config->sagan_filter, config->sagan_detail); sql=sqltmp; - sqlout = db_query( dbtype, sql ); + sqlout = db_query(debug, config, sql); } config->sensor_id = atoi(sqlout); -//return(sensor_id); return(0); } @@ -288,7 +289,7 @@ /* Get the last used CID and increment it */ /******************************************/ -uint64_t get_cid ( int sensor_sid, int dbtype ) { +uint64_t get_cid ( _SaganDebug *debug, _SaganConfig *config ) { char sqltmp[MAXSQL]; char *sql; @@ -296,10 +297,10 @@ uint64_t t_cid; -snprintf(sqltmp, sizeof(sqltmp), "SELECT last_cid from sensor where sid=%d and hostname='%s' and interface='%s' and filter='%s' and detail=%d", sensor_sid, config->sagan_hostname, config->sagan_interface, config->sagan_filter, config->sagan_detail); +snprintf(sqltmp, sizeof(sqltmp), "SELECT last_cid from sensor where sid=%d and hostname='%s' and interface='%s' and filter='%s' and detail=%d", config->sensor_id, config->sagan_hostname, config->sagan_interface, config->sagan_filter, config->sagan_detail); sql=sqltmp; -sqlout = db_query( dbtype, sql ); +sqlout = db_query( debug, config, sql ); if ( sqlout == NULL ) { t_cid = 0; /* Returned NULL, no CID found */ @@ -315,8 +316,7 @@ /* Get signature ID. If on doesn't exsist, put one in. */ /*********************************************************/ - -int get_sig_sid(char *t_msg, char *t_sig_rev, char *t_sig_sid, char *classtype, int t_sig_pri, int dbtype ) { +int get_sig_sid ( SaganEvent *Event ) { char sqltmp[MAXSQL]; @@ -325,47 +325,47 @@ int sig_class_id; int t_sig_id; -snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_class_id from sig_class where sig_class_name='%s'", classtype); +snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_class_id from sig_class where sig_class_name='%s'", rulestruct[Event->found].s_classtype); sql=sqltmp; -sqlout = db_query( dbtype, sql ); +sqlout = db_query( Event->debug, Event->config, sql ); if ( sqlout == NULL ) { /* classification hasn't been recorded in sig_class, so put it in */ - snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO sig_class(sig_class_id, sig_class_name) VALUES (DEFAULT, '%s')", classtype); + snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO sig_class(sig_class_id, sig_class_name) VALUES (DEFAULT, '%s')", rulestruct[Event->found].s_classtype); sql=sqltmp; - db_query( dbtype, sql); + db_query( Event->debug, Event->config, sql); /* Grab new ID */ - snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_class_id from sig_class where sig_class_name='%s'", classtype); + snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_class_id from sig_class where sig_class_name='%s'", rulestruct[Event->found].s_classtype); sql=sqltmp; - sqlout = db_query( dbtype, sql ); + sqlout = db_query( Event->debug, Event->config, sql ); } sig_class_id = atoi(sqlout); /* Look for the signature id */ -snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_id FROM signature WHERE sig_name='%s' AND sig_rev=%s AND sig_sid=%s", t_msg, t_sig_rev, t_sig_sid); +snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_id FROM signature WHERE sig_name='%s' AND sig_rev=%s AND sig_sid=%s", rulestruct[Event->found].s_msg, rulestruct[Event->found].s_rev, rulestruct[Event->found].s_sid); sql=sqltmp; -sqlout = db_query( dbtype, sql ); +sqlout = db_query( Event->debug, Event->config, sql ); /* If not found, create a new entry for it */ if ( sqlout == NULL ) { - snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO signature(sig_name, sig_class_id, sig_priority, sig_rev, sig_sid) VALUES ('%s', '%d', '%d', '%s', '%s' )", t_msg, sig_class_id, t_sig_pri, t_sig_rev, t_sig_sid); + snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO signature(sig_name, sig_class_id, sig_priority, sig_rev, sig_sid) VALUES ('%s', '%d', '%d', '%s', '%s' )", rulestruct[Event->found].s_msg, sig_class_id, rulestruct[Event->found].s_pri, rulestruct[Event->found].s_rev, rulestruct[Event->found].s_sid ); sql=sqltmp; - db_query( dbtype, sql ); + db_query( Event->debug, Event->config, sql ); /* Get the new ID of the new entry */ - snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_id FROM signature WHERE sig_name='%s' AND sig_rev=%s AND sig_sid=%s", t_msg, t_sig_rev, t_sig_sid); + snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_id FROM signature WHERE sig_name='%s' AND sig_rev=%s AND sig_sid=%s", rulestruct[Event->found].s_msg, rulestruct[Event->found].s_rev, rulestruct[Event->found].s_sid ); sql=sqltmp; - sqlout = db_query( dbtype, sql );; + sqlout = db_query( Event->debug, Event->config, sql ); } t_sig_id = atoi(sqlout); @@ -378,19 +378,19 @@ /* Insert into event table */ /***************************/ -void insert_event (int t_sid, uint64_t t_cid, int t_sig_sid, int dbtype, char *date, char *time ) { +void insert_event ( SaganEvent *Event, int sig_sid, char *date, char *time ) { char sqltmp[MAXSQL]; char *sql; pthread_mutex_lock( &db_mutex ); -snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO event(sid, cid, signature, timestamp) VALUES ('%d', '%" PRIu64 "', '%d', '%s %s')", t_sid, t_cid, t_sig_sid, date, time ); +snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO event(sid, cid, signature, timestamp) VALUES ('%d', '%" PRIu64 "', '%d', '%s %s')", Event->config->sensor_id, Event->cid, sig_sid, date, time ); sql=sqltmp; pthread_mutex_unlock( &db_mutex ); -db_query( dbtype, sql ); +db_query( Event->debug, Event->config, sql ); } @@ -399,43 +399,44 @@ /* Insert data into iphdr and tcphdr - most of this is bogus as we're not really TCP/IP */ /****************************************************************************************/ -void insert_hdr(int t_sid, uint64_t t_cid, char *t_ipsrc, char *t_ipdst, int t_ipproto, int endian, int dbtype, int dst_port, int src_port) { - +void insert_hdr ( SaganEvent *Event, char *ipsrc, char *ipdst ) { char sqltmp[MAXSQL]; char *sql; +int ipproto = rulestruct[Event->found].ip_proto; + /* Temp. store 32bit IP address for DB insertion */ /* 4 == IPv4 */ -snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO iphdr VALUES ( '%d', '%" PRIu64 "', '%d', '%d', '4', '0', '0', '0', '0', '0', '0', '0', '%d', '0' )", t_sid, t_cid, ip2bit(t_ipsrc, endian), ip2bit(t_ipdst, endian), t_ipproto ); +snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO iphdr VALUES ( '%d', '%" PRIu64 "', '%u', '%u', '4', '0', '0', '0', '0', '0', '0', '0', '%d', '0' )", Event->config->sensor_id, Event->cid, ip2bit(Event->config, ipsrc ), ip2bit(Event->config, ipdst), ipproto ); sql=sqltmp; -db_query( dbtype, sql ); +db_query( Event->debug, Event->config, sql ); /* "tcp" */ -if ( t_ipproto == 6 ) { -snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO tcphdr VALUES ( '%d', '%" PRIu64 "', '%d', '%d', '0', '0', '0', '0', '0', '0', '0', '0' )", t_sid, t_cid, src_port, dst_port ); +if ( ipproto == 6 ) { +snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO tcphdr VALUES ( '%d', '%" PRIu64 "', '%d', '%d', '0', '0', '0', '0', '0', '0', '0', '0' )", Event->config->sensor_id, Event->cid, Event->src_port, Event->dst_port ); sql=sqltmp; -db_query( dbtype, sql ); +db_query( Event->debug, Event->config, sql ); } /* "udp" */ -if ( t_ipproto == 17 ) { -snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO udphdr VALUES ( '%d', '%" PRIu64 "', '%d', '%d', '0', '0' )", t_sid, t_cid, src_port, dst_port ); +if ( ipproto == 17 ) { +snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO udphdr VALUES ( '%d', '%" PRIu64 "', '%d', '%d', '0', '0' )", Event->config->sensor_id, Event->cid, Event->src_port, Event->dst_port ); sql=sqltmp; -db_query( dbtype, sql ); +db_query( Event->debug, Event->config, sql ); } /* Basic ICMP - Set to type 8 (echo) , code of 8 */ /* May expand on this if there's actually a use for it */ -if ( t_ipproto == 1 ) { -snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO icmphdr VALUES ( '%d', '%" PRIu64 "', '8', '8', '0', '0', '0' )", t_sid, t_cid ); +if ( ipproto == 1 ) { +snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO icmphdr VALUES ( '%d', '%" PRIu64 "', '8', '8', '0', '0', '0' )", Event->config->sensor_id, Event->cid ); sql=sqltmp; -db_query( dbtype, sql ); +db_query( Event->debug, Event->config, sql ); } @@ -445,16 +446,16 @@ /* Insert into payload table */ /*****************************/ -void insert_payload ( int t_sid, uint64_t t_cid, char *t_hex_data, int dbtype ) { +void insert_payload ( SaganEvent *Event, char *t_hex_data ) { char sqltmp[MAXSQL]; char *sql; pthread_mutex_lock( &db_mutex ); -snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO data(sid, cid, data_payload) VALUES ('%d', '%" PRIu64 "', '%s')", t_sid, t_cid, t_hex_data); +snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO data(sid, cid, data_payload) VALUES ('%d', '%" PRIu64 "', '%s')", Event->config->sensor_id, Event->cid, t_hex_data); sql=sqltmp; pthread_mutex_unlock( &db_mutex ); -db_query( dbtype, sql ); +db_query( Event->debug, Event->config, sql ); } @@ -462,14 +463,14 @@ /* Record last cid */ /*******************/ -void record_last_cid ( void ) { +void record_last_cid ( _SaganDebug *debug, _SaganConfig *config ) { char sqltmp[MAXSQL]; char *sql; snprintf(sqltmp, sizeof(sqltmp), "UPDATE sensor SET last_cid='%" PRIu64 "' where sid=%d and hostname='%s' and interface='%s' and filter='%s' and detail=%d", counters->sigcid, config->sensor_id, config->sagan_hostname, config->sagan_interface, config->sagan_filter, config->sagan_detail); sql=sqltmp; -db_query( config->dbtype, sql ); +db_query( debug, config, sql ); } @@ -477,7 +478,7 @@ /* Reference system */ /********************/ -void query_reference ( char *ref, char *rule_sid, int sig_sid, int seq ) +void query_reference ( _SaganDebug *debug, _SaganConfig *config, char *ref, char *rule_sid, int sig_sid, int seq ) { char *saveptr=NULL; @@ -502,40 +503,40 @@ if (tmptoken1 == NULL || tmptoken2 == NULL ) { - sagan_log(0, "Warning: \"reference:\" contains a NULL value. Check sid: %s", rule_sid); + sagan_log(config, 0, "Warning: \"reference:\" contains a NULL value. Check sid: %s", rule_sid); return; } snprintf(sqltmp, sizeof(sqltmp), "SELECT ref_system_id from reference_system where ref_system_name='%s'", tmptoken1); sql=sqltmp; -sqlout = db_query( config->dbtype, sql ); +sqlout = db_query( debug, config, sql ); /* reference_system hasn't been entered into the DB. Do so now */ if ( sqlout == NULL ) { snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO reference_system (ref_system_id, ref_system_name) VALUES (DEFAULT, '%s')", tmptoken1); sql=sqltmp; - db_query( config->dbtype, sql ); + db_query( debug, config, sql ); snprintf(sqltmp, sizeof(sqltmp), "SELECT ref_system_id from reference_system where ref_system_name='%s'", tmptoken1); sql=sqltmp; - sqlout = db_query( config->dbtype, sql ); + sqlout = db_query( debug, config, sql ); } ref_system_id = atoi(sqlout); snprintf(sqltmp, sizeof(sqltmp), "SELECT ref_id from reference where ref_system_id='%d' and ref_tag='%s'", ref_system_id, tmptoken2); sql=sqltmp; -sqlout = db_query( config->dbtype, sql ); +sqlout = db_query( debug, config, sql ); if ( sqlout == NULL ) { snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO reference (ref_id, ref_system_id, ref_tag) VALUES (DEFAULT, '%d', '%s')", ref_system_id, tmptoken2); sql=sqltmp; - sqlout = db_query( config->dbtype, sql ); + sqlout = db_query( debug, config, sql ); snprintf(sqltmp, sizeof(sqltmp), "SELECT ref_id from reference where ref_system_id='%d' and ref_tag='%s'", ref_system_id, tmptoken2); sql=sqltmp; - sqlout = db_query( config->dbtype, sql ); + sqlout = db_query( debug, config, sql ); } @@ -543,12 +544,12 @@ snprintf(sqltmp, sizeof(sqltmp), "SELECT sig_id from sig_reference where sig_id='%d' and ref_id='%d'", sig_sid, ref_id); sql=sqltmp; -sqlout = db_query( config->dbtype, sql ); +sqlout = db_query( debug, config, sql ); if ( sqlout == NULL ) { snprintf(sqltmp, sizeof(sqltmp), "INSERT INTO sig_reference (sig_id, ref_seq, ref_id) VALUES ('%d', '%d', '%d')", sig_sid, seq, ref_id); sql=sqltmp; - sqlout = db_query( config->dbtype, sql ); + sqlout = db_query( debug, config, sql ); } @@ -578,16 +579,16 @@ snprintf(time, sizeof(time), "%s", Event->time); snprintf(date, sizeof(date), "%s", Event->date); -sig_sid = get_sig_sid(rulestruct[Event->found].s_msg, rulestruct[Event->found].s_rev, rulestruct[Event->found].s_sid, rulestruct[Event->found].s_classtype, rulestruct[Event->found].s_pri , config->dbtype ); +sig_sid = get_sig_sid(Event); -insert_event( config->sensor_id, Event->cid, sig_sid, config->dbtype, date, time ); -insert_hdr(config->sensor_id, Event->cid, ip_srctmp, ip_dsttmp, rulestruct[Event->found].ip_proto, Event->endian, config->dbtype, Event->dst_port, Event->src_port ); +insert_event( Event, sig_sid, date, time); +insert_hdr ( Event, ip_srctmp, ip_dsttmp ); hex_data = fasthex(message, strlen(message)); -insert_payload ( config->sensor_id, Event->cid, hex_data, config->dbtype ) ; +insert_payload( Event, hex_data ); for (i = 0; i < rulestruct[Event->found].ref_count; i++ ) { - query_reference( rulestruct[Event->found].s_reference[i], rulestruct[Event->found].s_sid, sig_sid, i ); + query_reference( Event->debug, Event->config, rulestruct[Event->found].s_reference[i], rulestruct[Event->found].s_sid, sig_sid, i ); } pthread_mutex_lock( &db_mutex ); diff -Nru sagan-0.1.9/src/output-plugins/sagan-snort.h sagan-0.2.0/src/output-plugins/sagan-snort.h --- sagan-0.1.9/src/output-plugins/sagan-snort.h 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-snort.h 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -27,26 +27,32 @@ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) -int db_connect( void ); -char *db_query ( int, char * ); -int get_sensor_id ( char *, char *, char *, int , int ); -uint64_t get_cid ( int , int ); +int db_connect( _SaganConfig * ); -void record_last_cid ( void ); +char *db_query ( _SaganDebug *, _SaganConfig *, char * ); -int get_sig_sid( char *, char *, - char *, char *, - int , int ); +//int get_sensor_id ( _SaganDebug *, char *, char *, char *, int , int ); -void insert_event (int, uint64_t, int, int, char *, char * ); +int get_sensor_id ( _SaganDebug *, _SaganConfig *); -void insert_hdr (int , uint64_t, - char *, char *, - int, int, int, int, int); +uint64_t get_cid ( _SaganDebug *, _SaganConfig * ); -void insert_payload ( int, uint64_t, char *, int ); +void record_last_cid ( _SaganDebug *, _SaganConfig * ); -void query_reference ( char *, char *, int, int ); +//int get_sig_sid( _SaganDebug *, char *, char *, +// char *, char *, +// int , int ); + +int get_sig_sid( SaganEvent *); + +void insert_event ( SaganEvent *, int, char *, char * ); + +void insert_hdr ( SaganEvent *, char *, char * ); + + +void insert_payload( SaganEvent *, char *); + +void query_reference ( _SaganDebug *, _SaganConfig *, char *, char *, int, int ); struct db_thread_args { char *ip_src; diff -Nru sagan-0.1.9/src/output-plugins/sagan-unified2.c sagan-0.2.0/src/output-plugins/sagan-unified2.c --- sagan-0.1.9/src/output-plugins/sagan-unified2.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-unified2.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -43,20 +43,22 @@ #include #include "sagan.h" + #include "sagan-unified2.h" sbool endian; + uint64_t unified_event_id; struct rule_struct *rulestruct; struct class_struct *classstruct; -struct _SaganConfig *config; + struct _SaganCounters *counters; -static void Unified2Write(uint8_t *, uint32_t); +static void Unified2Write( _SaganConfig *, uint8_t *, uint32_t); static int SafeMemcpy(void *, const void *, size_t, const void *, const void *); static int inBounds(const uint8_t *, const uint8_t *, const uint8_t *); -static void Unified2RotateFile( void ); +static void Unified2RotateFile( _SaganConfig * ); /* Future note on IPv6 - This would have been * Serial_Unified2IDSEventIPv6_legacy. @@ -74,13 +76,13 @@ /* Unified2InitFile - Initializes the file to be openned */ /*********************************************************/ -void Unified2InitFile( void ) +void Unified2InitFile( _SaganConfig *config ) { char filepath[1024]; char *fname_ptr; - if (config == NULL) sagan_log(1, "[%s, line %d] Could not init Unified2. Config data is null", __FILE__, __LINE__ ); + if (config == NULL) sagan_log(config, 1, "[%s, line %d] Could not init Unified2. Config data is null", __FILE__, __LINE__ ); config->unified2_timestamp = (uint32_t)time(NULL); @@ -88,7 +90,7 @@ { if (SaganSnprintf(filepath, sizeof(filepath), "%s.%u", config->unified2_filepath, config->unified2_timestamp) != SAGAN_SNPRINTF_SUCCESS) - sagan_log(1, "[%s, line %d] Failed to copy Unified2 file path", __FILE__, __LINE__); + sagan_log(config, 1, "[%s, line %d] Failed to copy Unified2 file path", __FILE__, __LINE__); fname_ptr = filepath; } @@ -98,7 +100,7 @@ } if ((config->unified2_stream = fopen(fname_ptr, "wb")) == NULL) - sagan_log(1, "[%s, line %d] Cannot open file %s.", __FILE__, __LINE__, fname_ptr); + sagan_log(config, 1, "[%s, line %d] Cannot open file %s.", __FILE__, __LINE__, fname_ptr); } @@ -135,16 +137,16 @@ alertdata.protocol = rulestruct[Event->found].ip_proto; // Protocol alertdata.generator_id = htonl(1); // Typically comes from gen-msg.map -alertdata.ip_source = htonl(ip2bit(Event->ip_src, endian)); -alertdata.ip_destination = htonl(ip2bit(Event->ip_dst, endian)); +alertdata.ip_source = htonl(ip2bit(Event->config, Event->ip_src)); +alertdata.ip_destination = htonl(ip2bit(Event->config, Event->ip_dst)); alertdata.sport_itype = htons(Event->src_port); alertdata.dport_icode = htons(Event->dst_port); /* Rotate if log has gotten to big */ -if ((config->unified2_current + write_len) > config->unified2_limit) - Unified2RotateFile(); +if ((Event->config->unified2_current + write_len) > Event->config->unified2_limit) + Unified2RotateFile(Event->config); hdr.length = htonl(sizeof(Serial_Unified2IDSEvent_legacy)); @@ -153,7 +155,7 @@ if (SafeMemcpy(write_pkt_buffer, &hdr, sizeof(Serial_Unified2_Header), write_pkt_buffer, write_pkt_end) != SAFEMEM_SUCCESS) { - sagan_log(0, "Failed to copy Serial_Unified2_Header\n"); + sagan_log(Event->config, 0, "Failed to copy Serial_Unified2_Header\n"); return; } @@ -161,11 +163,11 @@ &alertdata, sizeof(Serial_Unified2IDSEvent_legacy), write_pkt_buffer, write_pkt_end) != SAFEMEM_SUCCESS) { - sagan_log(0, "Failed to copy Serial_Unified2IDSEvent_legacy\n"); + sagan_log(Event->config, 0, "Failed to copy Serial_Unified2IDSEvent_legacy\n"); return; } -Unified2Write(write_pkt_buffer, write_len); +Unified2Write(Event->config, write_pkt_buffer, write_len); } @@ -309,8 +311,8 @@ ip->ip_p = rulestruct[Event->found].ip_proto; // Protocol ip->ip_sum = 0; -ip->ip_src = htonl(ip2bit(Event->ip_src, endian)); -ip->ip_dst = htonl(ip2bit(Event->ip_dst, endian)); +ip->ip_src = htonl(ip2bit(Event->config, Event->ip_src)); +ip->ip_dst = htonl(ip2bit(Event->config, Event->ip_dst)); p_iphdr = iphdr_buf + IP_HDR_LEN; len_iphdr = p_iphdr - iphdr_buf; @@ -341,7 +343,7 @@ if (SafeMemcpy(write_pkt_buffer, &hdr, sizeof(Serial_Unified2_Header), write_pkt_buffer, write_pkt_end) != SAFEMEM_SUCCESS) { - sagan_log(0, "[%s, line %d] Failed to copy Serial_Unified2_Header.", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Failed to copy Serial_Unified2_Header.", __FILE__, __LINE__); return; } @@ -349,7 +351,7 @@ &logheader, sizeof(Serial_Unified2Packet) - 4, write_pkt_buffer, write_pkt_end) != SAFEMEM_SUCCESS) { - sagan_log(0, "[%s, line %d] Failed to copy Serial_Unified2Packet.", __FILE__, __LINE__ ); + sagan_log(Event->config, 0, "[%s, line %d] Failed to copy Serial_Unified2Packet.", __FILE__, __LINE__ ); return; } @@ -377,12 +379,12 @@ packet_data, pkt_length, write_pkt_buffer, write_pkt_end) != SAFEMEM_SUCCESS) { - sagan_log(0, "[%s, line %d] Failed to copy pseudo packet data.", __FILE__, __LINE__); + sagan_log(Event->config, 0, "[%s, line %d] Failed to copy pseudo packet data.", __FILE__, __LINE__); return; } -Unified2Write(write_pkt_buffer, write_len); +Unified2Write( Event->config, write_pkt_buffer, write_len); unified_event_id++; } @@ -393,7 +395,7 @@ /* compatibility. */ /*****************************************************************************/ -void Unified2CleanExit( void ) +void Unified2CleanExit( _SaganConfig *config ) { if (config != NULL) { @@ -403,22 +405,22 @@ } } -static void Unified2RotateFile( void ) +static void Unified2RotateFile( _SaganConfig *config ) { fclose(config->unified2_stream); config->unified2_current = 0; - Unified2InitFile(); + Unified2InitFile(config); } -void *SaganAlloc(unsigned long size) +void *SaganAlloc( _SaganConfig *config, unsigned long size) { void *tmp; tmp = (void *) calloc(size, sizeof(char)); if(tmp == NULL) - sagan_log(1, "[%s, line %d] Unable to allocate memory! (%lu requested)", __FILE__, __LINE__, size); + sagan_log(config, 1, "[%s, line %d] Unable to allocate memory! (%lu requested)", __FILE__, __LINE__, size); return tmp; } @@ -498,7 +500,7 @@ return 0; } -static void Unified2Write(uint8_t *buf, uint32_t buf_len) +static void Unified2Write( _SaganConfig *config, uint8_t *buf, uint32_t buf_len) { size_t fwcount = 0; int ffstatus = 0; @@ -524,11 +526,11 @@ { if (config->unified2_nostamp) { - sagan_log(1, "[%s, line %d] Failed to write Unified2 file (%s): %s", __FILE__, __LINE__, config->unified2_filepath, strerror(error)); + sagan_log(config, 1, "[%s, line %d] Failed to write Unified2 file (%s): %s", __FILE__, __LINE__, config->unified2_filepath, strerror(error)); } else { - sagan_log(1, "[%s, line %d] Failed to write to Unified2 file. (%s.%u): %s", __FILE__, __LINE__, config->unified2_filepath, config->unified2_timestamp, strerror(error)); + sagan_log(config, 1, "[%s, line %d] Failed to write to Unified2 file. (%s.%u): %s", __FILE__, __LINE__, config->unified2_filepath, config->unified2_timestamp, strerror(error)); } while ((error == EINTR) && (max_retries != 0)) @@ -538,7 +540,7 @@ /* Supposedly an interrupt can only occur before anything * has been written. Try again */ - sagan_log(0, "[%s, line %d] Got interrupt. Retry write to Unified2.", __FILE__, __LINE__); + sagan_log(config, 0, "[%s, line %d] Got interrupt. Retry write to Unified2.", __FILE__, __LINE__); if (fwcount != 1) { @@ -546,20 +548,20 @@ if (((fwcount = fwrite(buf, (size_t)buf_len, 1, config->unified2_stream)) == 1) && ((ffstatus = fflush(config->unified2_stream)) == 0)) { - sagan_log(0, "[%s, line %d] Write to Unified2 file succeeded!", __FILE__, __LINE__); + sagan_log(config, 0, "[%s, line %d] Write to Unified2 file succeeded!", __FILE__, __LINE__); error = 0; break; } } else if ((ffstatus = fflush(config->unified2_stream)) == 0) { - sagan_log(0, "[%s, line %d] Write to Unified2 file succeeded!", __FILE__, __LINE__); + sagan_log(config, 0, "[%s, line %d] Write to Unified2 file succeeded!", __FILE__, __LINE__); error = 0; break; } error = errno; - sagan_log(1, "[%s, line %d] Retrying write to Unified2 file failed", __FILE__, __LINE__); + sagan_log(config, 1, "[%s, line %d] Retrying write to Unified2 file failed", __FILE__, __LINE__); } /* If we've reached the maximum number of interrupt retries, @@ -573,23 +575,23 @@ break; case EIO: - sagan_log(1, "[%s, line %d] Unified2 file is corrupt", __FILE__, __LINE__); + sagan_log(config, 1, "[%s, line %d] Unified2 file is corrupt", __FILE__, __LINE__); - Unified2RotateFile(); + Unified2RotateFile(config); if (config->unified2_nostamp) { - sagan_log(0, "[%s, line %d] New Unified2 file: %s", __FILE__, __LINE__, config->unified2_filepath); + sagan_log(config, 0, "[%s, line %d] New Unified2 file: %s", __FILE__, __LINE__, config->unified2_filepath); } else { - sagan_log(0, "[%s, line %d] New Unified2 file: %s.%u", __FILE__, __LINE__, config->unified2_filepath, config->unified2_timestamp); + sagan_log(config, 0, "[%s, line %d] New Unified2 file: %s.%u", __FILE__, __LINE__, config->unified2_filepath, config->unified2_timestamp); } if (((fwcount = fwrite(buf, (size_t)buf_len, 1, config->unified2_stream)) == 1) && ((ffstatus = fflush(config->unified2_stream)) == 0)) { - sagan_log(0, "[%s, line %d] Write to Unified2 file succeeded!", __FILE__, __LINE__); + sagan_log(config, 0, "[%s, line %d] Write to Unified2 file succeeded!", __FILE__, __LINE__); error = 0; break; } @@ -603,11 +605,11 @@ /* Write out error message again, then fall through and fatal */ if (config->unified2_nostamp) { - sagan_log(1, "[%s, line %d] Failed to write to Unified2 file", __FILE__, __LINE__); + sagan_log(config, 1, "[%s, line %d] Failed to write to Unified2 file", __FILE__, __LINE__); } else { - sagan_log(1, "[%s, line %d] Failed to write to Unified2 file", __FILE__, __LINE__); + sagan_log(config, 1, "[%s, line %d] Failed to write to Unified2 file", __FILE__, __LINE__); } /* Fall through */ case EAGAIN: /* We're not in non-blocking mode */ @@ -618,11 +620,11 @@ case ENOSPC: case EPIPE: default: - sagan_log(1, "[%s, line %d] Cannot write to device", __FILE__, __LINE__); + sagan_log(config, 1, "[%s, line %d] Cannot write to device", __FILE__, __LINE__); } } - if ((max_retries == 0) && (error != 0)) sagan_log(1, "[%s, line %d] Maximum number of interrupts exceeded.", __FILE__, __LINE__); + if ((max_retries == 0) && (error != 0)) sagan_log(config, 1, "[%s, line %d] Maximum number of interrupts exceeded.", __FILE__, __LINE__); } config->unified2_current += buf_len; } diff -Nru sagan-0.1.9/src/output-plugins/sagan-unified2.h sagan-0.2.0/src/output-plugins/sagan-unified2.h --- sagan-0.1.9/src/output-plugins/sagan-unified2.h 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/output-plugins/sagan-unified2.h 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -47,11 +47,11 @@ void Sagan_Unified2( SaganEvent * ); void Sagan_Unified2LogPacketAlert( SaganEvent * ); -void Unified2InitFile( void ); +void Unified2InitFile( _SaganConfig * ); int SaganSnprintf(char *buf, size_t buf_size, const char *format, ...); -void *SaganAlloc(unsigned long); +void *SaganAlloc( _SaganConfig *, unsigned long); -void Unified2CleanExit( void ); +void Unified2CleanExit( _SaganConfig * ); /* Data structure used for serialization of Unified2 Records */ typedef struct _Serial_Unified2_Header diff -Nru sagan-0.1.9/src/parsers/parse-ip.c sagan-0.2.0/src/parsers/parse-ip.c --- sagan-0.1.9/src/parsers/parse-ip.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/parsers/parse-ip.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -38,7 +38,10 @@ #include #include #include + +#include "sagan-defs.h" #include "sagan.h" + #include "version.h" diff -Nru sagan-0.1.9/src/parsers/parse-port.c sagan-0.2.0/src/parsers/parse-port.c --- sagan-0.1.9/src/parsers/parse-port.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/parsers/parse-port.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -44,13 +44,13 @@ #include #include #include + +#include "sagan-defs.h" #include "sagan.h" #include "version.h" -char sagan_port[6]; - -int parse_port_simple (char *msg) { +int parse_port_simple (_SaganConfig *config, char *msg) { char *portstring=NULL; char *saveptr1=NULL; @@ -63,7 +63,7 @@ struct sockaddr_in sa; int result; -port = atoi(sagan_port); +port = config->sagan_port; char tmpmsg[MAX_SYSLOGMSG]; snprintf(tmpmsg, sizeof(tmpmsg), "%s", msg); Binary files /tmp/T_uSE8NsMZ/sagan-0.1.9/src/sagan and /tmp/14xUUoG4K0/sagan-0.2.0/src/sagan differ diff -Nru sagan-0.1.9/src/sagan.c sagan-0.2.0/src/sagan.c --- sagan-0.1.9/src/sagan.c 2011-04-18 16:33:26.000000000 +0000 +++ sagan-0.2.0/src/sagan.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -48,6 +48,7 @@ #include #include "sagan.h" + #include "version.h" @@ -59,7 +60,6 @@ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) #include "output-plugins/sagan-snort.h" -#include "output-plugins/sagan-logzilla.h" #endif #ifdef HAVE_LIBPRELUDE @@ -74,24 +74,12 @@ #define OVECCOUNT 30 -struct _SaganConfig *config; -struct _SaganDebug *debug; struct _SaganCounters *counters; struct rule_struct *rulestruct; struct class_struct *classstruct; sbool daemonize=0; -sbool programmode=0; -sbool dochroot=0; - -char saganconf[MAXPATH]=CONFIG_FILE_PATH; -char *runas=RUNAS; - -char sagan_path[MAXPATH]; - -sbool fifoi=0; - /****************************************************************************/ /* Liblognorm Globals */ @@ -114,40 +102,36 @@ char *cstr; #endif -/* Command line options */ +/* ######################################################################## + * Start of main() thread + * ######################################################################## */ + +int main(int argc, char **argv) { const struct option long_options[] = { - { "help", no_argument, NULL, 'h' }, - { "debug", required_argument, NULL, 'd' }, - { "daemon", no_argument, NULL, 'D' }, - { "program", no_argument, NULL, 'p' }, - { "user", required_argument, NULL, 'U' }, - { "chroot", no_argument, NULL, 'c' }, - { "config", required_argument, NULL, 'f' }, - {0, 0, 0, 0} + { "help", no_argument, NULL, 'h' }, + { "debug", required_argument, NULL, 'd' }, + { "daemon", no_argument, NULL, 'D' }, + { "user", required_argument, NULL, 'U' }, + { "chroot", required_argument, NULL, 'c' }, + { "config", required_argument, NULL, 'f' }, + { "log", required_argument, NULL, 'l' }, + {0, 0, 0, 0} }; static const char *short_options = -"fUd:pDhc"; +"l:f:u:d:c:pDh"; int option_index = 0; -/* ######################################################################## */ -/* Start of main() thread! - * ######################################################################## */ - -int main(int argc, char **argv) { - /* Passing Sagan events to output plugins */ struct Sagan_Event *SaganEvent = NULL; SaganEvent = malloc(MAX_THREADS * sizeof(struct Sagan_Event)); -int endianchk; - /****************************************************************************/ -/* MySQL / PostgreSQL (snort/logzilla) local variables */ +/* MySQL / PostgreSQL (snort) local variables */ /****************************************************************************/ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) @@ -160,13 +144,6 @@ pthread_attr_init(&thread_db_attr); pthread_attr_setdetachstate(&thread_db_attr, PTHREAD_CREATE_DETACHED); -pthread_t threadlogzilla_id[MAX_THREADS]; -pthread_attr_t thread_logzilla_attr; - -pthread_attr_init(&thread_logzilla_attr); -pthread_attr_setdetachstate(&thread_logzilla_attr, PTHREAD_CREATE_DETACHED); - -endianchk = checkendian(); // Needed for Snort output #endif /****************************************************************************/ @@ -268,7 +245,6 @@ char syslog_facilitytmp[MAX_MSGSLOT][MAXFACILITY]; char *syslog_priority=NULL; -//char syslog_prioritytmp[MAXPRIORITY]; char *syslog_level=NULL; char syslog_leveltmp[MAX_MSGSLOT][MAXLEVEL]; @@ -311,12 +287,15 @@ char *level; char *tag; char tmpbuf[128]; +memset(tmpbuf,0,128); char ipbuf_src[128]; char ipbuf_dst[128]; char *syslog_msg_case; char *s_content_case; +char *runas=RUNAS; + int i; int fd=0; int b; @@ -327,12 +306,30 @@ time_t t; struct tm *now; -memset(&debug, 0, sizeof(debug)); +/* Allocate and clear memory for global structs */ + +struct _SaganDebug *debug; debug = malloc(sizeof(_SaganDebug)); +memset(debug, 0, sizeof(_SaganDebug)); + +struct _SaganConfig *config; +config = malloc(sizeof(_SaganConfig)); +memset(config, 0, sizeof(_SaganConfig)); + +struct _SaganSigArgs *sigargs; +sigargs = malloc(sizeof(_SaganSigArgs)); +memset(sigargs, 0, sizeof(_SaganSigArgs)); -memset(&counters, 0, sizeof(counters)); counters = malloc(sizeof(_SaganCounters)); +memset(counters, 0, sizeof(_SaganCounters)); + +snprintf(config->sagan_config, sizeof(config->sagan_config), "%s", CONFIG_FILE_PATH); + +/* We set the config->sagan_log_filepath to the system default. It'll be fopen'ed + shortly - 06/03/2011 - Champ Clark III */ + +snprintf(config->sagan_log_filepath, sizeof(config->sagan_log_filepath), "%s", SAGANLOG); /* Get command line arg's */ while ((c = getopt_long(argc, argv, short_options, long_options, &option_index)) != -1) { @@ -373,23 +370,25 @@ daemonize=1; break; - case 'U': + case 'u': runas=optarg; break; - case 'p': - programmode=1; - break; - case 'c': - dochroot=1; + sagan_chroot(runas,optarg); break; case 'f': - strncpy(saganconf,optarg,sizeof(saganconf) - 1); - saganconf[sizeof(saganconf)-1] = '\0'; + strncpy(config->sagan_config,optarg,sizeof(config->sagan_config) - 1); // strlcpy + config->sagan_config[sizeof(config->sagan_config)-1] = '\0'; break; + case 'l': + strncpy(config->sagan_log_filepath,optarg,sizeof(config->sagan_log_filepath) - 1); + config->sagan_log_filepath[sizeof(config->sagan_log_filepath)-1] = '\0'; + break; + + default: fprintf(stderr, "Invalid argument! See below for command line switches.\n"); sagan_usage(); @@ -398,11 +397,16 @@ } } -/* create the signal handling thread */ +/* Open the sagan.log file. Moved from sagan-config.c as it became to complex + 06/03/2011 - Champ Clark */ + +if ((config->sagan_log_stream = fopen(config->sagan_log_filepath, "a")) == NULL) { + fprintf(stderr, "[E] [%s, line %d] Cannot open %s!\n", __FILE__, __LINE__, config->sagan_log_filepath); + exit(1); + } -sig_thread_args[0].daemonize = daemonize; -load_config(); +load_config( debug, config ); /* Load/init liblognorm definitions. I tried to move this into a subroutine, * but that ended up causing segfaults on ln_normalize() or causing @@ -412,82 +416,81 @@ */ #ifdef HAVE_LIBLOGNORM -if((ctx = ln_initCtx()) == NULL) sagan_log(1, "[%s, line %d] Cannot initialize liblognorm context.", __FILE__, __LINE__); -if((eectx = ee_initCtx()) == NULL) sagan_log(1, "[%s, line %d] Cannot initialize libee context.", __FILE__, __LINE__); +if((ctx = ln_initCtx()) == NULL) sagan_log(config, 1, "[%s, line %d] Cannot initialize liblognorm context.", __FILE__, __LINE__); +if((eectx = ee_initCtx()) == NULL) sagan_log(config, 1, "[%s, line %d] Cannot initialize libee context.", __FILE__, __LINE__); ln_setEECtx(ctx, eectx); for (i=0; i < counters->liblognormtoload_count; i++) { -sagan_log(0, "Loading %s for normalization.", liblognormtoloadstruct[i].filepath); -if (stat(liblognormtoloadstruct[i].filepath, &fileinfo)) sagan_log(1, "%s was not fonnd.", liblognormtoloadstruct[i].filepath); +sagan_log(config, 0, "Loading %s for normalization.", liblognormtoloadstruct[i].filepath); +if (stat(liblognormtoloadstruct[i].filepath, &fileinfo)) sagan_log(config, 1, "%s was not fonnd.", liblognormtoloadstruct[i].filepath); ln_loadSamples(ctx, liblognormtoloadstruct[i].filepath); } #endif -sagan_log(0, "Configuration file %s loaded and %d rules loaded.", saganconf, counters->rulecount); -sagan_log(0, "Sagan version %s is firing up!", VERSION); +sagan_log(config, 0, "Configuration file %s loaded and %d rules loaded.", config->sagan_config, counters->rulecount); +sagan_log(config, 0, "Sagan version %s is firing up!", VERSION); + +/* We go ahead and assign values to SaganSigArgs (struct sig_thread_args). This + * struct is always used by the sig_handler thread, and sometimes used by the + * plog_handler (below). So we assign values now */ + +sigargs->daemonize = daemonize; +sigargs->debug = debug; +sigargs->config = config; #ifdef HAVE_LIBPCAP /* Spawn a thread to 'sniff' syslog traffic (sagan-plog.c). This redirects syslog - * traffic to the /dev/log socket */ + traffic to the /dev/log socket. This needs "root" access, so we drop priv's + after this thread is started */ if ( config->plog_flag ) { -if ( pthread_create( &pcap_thread, NULL, (void *)plog_handler, NULL)) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating libpcap handler thread.", __FILE__, __LINE__); +if ( pthread_create( &pcap_thread, NULL, (void *)plog_handler, sigargs )) { + + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error creating libpcap handler thread.", __FILE__, __LINE__); } + +sleep(1); /* Sleep to avoid race between main() and plog thread + plog thread needs "root" rights before sagan_droppriv(). + In some cases main() run sagan_droppriv() before thread + can complete - Champ Clark - 07/20/2011 */ + } #endif -droppriv(runas, config->sagan_fifo); /* Become the Sagan user */ -sagan_log(0, "---------------------------------------------------------------------------"); - -/* Create signal handler thread */ - -if (daemonize == 0) { -if ( pthread_create( &sig_thread, NULL, (void *)sig_handler, &sig_thread_args )) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating signal handler thread.", __FILE__, __LINE__); - } -} +sagan_droppriv(config, runas); /* Become the Sagan user */ +sagan_log(config, 0, "---------------------------------------------------------------------------"); /* Open sagan alert file */ if (( config->sagan_alert_stream = fopen(config->sagan_alert_filepath, "a" )) == NULL ) { -removelockfile(); -sagan_log(1, "[%s, line %d] Can't open %s!", __FILE__, __LINE__, config->sagan_alert_filepath); +removelockfile(config); +sagan_log(config, 1, "[%s, line %d] Can't open %s!", __FILE__, __LINE__, config->sagan_alert_filepath); } -if ( config->sagan_ext_flag ) sagan_log(0, "Max external threads : %d", config->max_external_threads); +if ( config->sagan_ext_flag ) sagan_log(config, 0, "Max external threads : %d", config->max_external_threads); #ifdef HAVE_LIBESMTP -if ( config->sagan_esmtp_flag ) sagan_log(0, "Max SMTP threads : %d", config->max_email_threads); +if ( config->sagan_esmtp_flag ) sagan_log(config, 0, "Max SMTP threads : %d", config->max_email_threads); #endif #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) -if ( config->logzilla_dbtype ) { -sagan_log(0, "Max Logzilla threads : %d", config->max_logzilla_threads); -logzilla_db_connect(); -} -#endif - -#if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) - -sig_thread_args[0].daemonize = daemonize; if ( config->dbtype ) { -sagan_log(0, "Max database threads : %d", config->maxdb_threads); +sagan_log(config, 0, "Max database threads : %d", config->maxdb_threads); + +db_connect(config); -db_connect(); -get_sensor_id( config->sagan_hostname, config->sagan_interface, config->sagan_filter, config->sagan_detail, config->dbtype); -sagan_log(0, "Sensor ID : %d", config->sensor_id); -cid = get_cid( config->sensor_id, config->dbtype ); +get_sensor_id( debug, config ); +sagan_log(config, 0, "Sensor ID : %d", config->sensor_id); +cid = get_cid( debug, config ); cid++; counters->sigcid=cid; -sagan_log(0, "Next CID : %" PRIu64 "", cid); +sagan_log(config, 0, "Next CID : %" PRIu64 "", cid); } #endif @@ -496,11 +499,11 @@ if ( config->sagan_prelude_flag ) { -sagan_log(0, "Prelude profile: %s", config->sagan_prelude_profile); -sagan_log(0, "Max Prelude threads: %d", config->max_prelude_threads); -sagan_log(0, ""); /* libprelude dumps some information. This is to make it pretty */ +sagan_log(config, 0, "Prelude profile: %s", config->sagan_prelude_profile); +sagan_log(config, 0, "Max Prelude threads: %d", config->max_prelude_threads); +sagan_log(config, 0, ""); /* libprelude dumps some information. This is to make it pretty */ -PreludeInit(); +PreludeInit(config); } #endif @@ -509,59 +512,32 @@ if ( config->sagan_unified2_flag ) { -sagan_log(0, ""); -sagan_log(0, "Unified2 file: %s", config->unified2_filepath); -sagan_log(0, "Unified2 limit: %dM", config->unified2_limit / 1024 / 1024 ); -Unified2InitFile( ); +sagan_log(config, 0, ""); +sagan_log(config, 0, "Unified2 file: %s", config->unified2_filepath); +sagan_log(config, 0, "Unified2 limit: %dM", config->unified2_limit / 1024 / 1024 ); +Unified2InitFile( config ); } #endif -sagan_log(0, ""); - -if ( fifoi == 0 ) { - if ( programmode == 0 ) - { - sagan_log(0, "No FIFO option found, assuming syslog-ng 'program' mode."); - programmode = 1; - } - } else { - sagan_log(0, "Opening syslog FIFO (%s)", config->sagan_fifo); - fd = open(config->sagan_fifo, O_RDONLY); - } +sagan_log(config, 0, ""); - -sagan_log(0, ""); -sagan_log(0, " ,-._,-. -*> Sagan! <*-"); -sagan_log(0, " \\/)\"(\\/ Version %s", VERSION); -sagan_log(0, " (_o_) By Champ Clark III & The Softwink Team: http://www.softwink.com"); -sagan_log(0, " / \\/) Copyright (C) 2009-2011 Softwink, Inc., et al."); -sagan_log(0, " (|| ||) Using PCRE version: %s", pcre_version()); -sagan_log(0, " oo-oo Sagan is processing events....."); -sagan_log(0, ""); +sagan_log(config, 0, ""); +sagan_log(config, 0, " ,-._,-. -*> Sagan! <*-"); +sagan_log(config, 0, " \\/)\"(\\/ Version %s", VERSION); +sagan_log(config, 0, " (_o_) Champ Clark III & The Quadrant InfoSec Team [quadrantsec.com]"); +sagan_log(config, 0, " / \\/) Copyright (C) 2009-2011 Quadrant Information Security, et al."); +sagan_log(config, 0, " (|| ||) Using PCRE version: %s", pcre_version()); +sagan_log(config, 0, " oo-oo Sagan is processing events....."); +sagan_log(config, 0, ""); /* Become a daemon if requested */ if ( daemonize ) { - -/* Unblock signals so the daemon can catch them */ - -sigfillset(&signal_set); - -pthread_sigmask(SIG_UNBLOCK, &signal_set, NULL ); - -signal (SIGHUP, &sig_handler_daemon ); -signal (SIGINT, &sig_handler_daemon ); -signal (SIGQUIT, &sig_handler_daemon ); -signal (SIGTERM, &sig_handler_daemon ); -signal (SIGABRT, &sig_handler_daemon ); -signal (SIGSEGV, &sig_handler_daemon ); -signal (SIGUSR1, &sig_handler_daemon ); - -sagan_log(0, "Becoming a daemon!"); +sagan_log(config, 0, "Becoming a daemon!"); pid_t pid = 0; setsid(); @@ -569,44 +545,58 @@ if (pid == 0) {} else { exit(0); } } -/* We don't want the key_handler() if we're in program/daemon mode! */ +/* Create the signal handlers thread _after_ the fork() so it can properly + * handly signals - Champ Clark III - 06/13/2011 */ + +if ( pthread_create( &sig_thread, NULL, (void *)sig_handler, sigargs )) { + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error creating signal handler thread.", __FILE__, __LINE__); + } + + +/* We don't want the key_handler() if we're in daemon mode! */ -if (!daemonize && !programmode) { +if (!daemonize) { -if (pthread_create( &key_thread, NULL, (void *)key_handler, NULL )) { ; - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating key_handler thread.", __FILE__, __LINE__); +if (pthread_create( &key_thread, NULL, (void *)key_handler, config )) { ; + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error creating key_handler thread.", __FILE__, __LINE__); } } +/* We do this after forking so init scripts can complete */ /* Check lock file _after_ thread. If you don't it'll retreive the wrong pid * and incorrectly believe there is a stale lock file if --daemon */ -checklockfile(); +checklockfile(config); -while(1) { +sagan_log(config, 0, "Attempting to open syslog FIFO (%s).", config->sagan_fifo); - if ( fifoi == 1 ) { +if ( fd == 0 ) fd = open(config->sagan_fifo, O_RDONLY); + +sagan_log(config, 0, "Successfully opened FIFO (%s).", config->sagan_fifo); + +while(1) { if(fd < 0) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error opening in FIFO! %s (Errno: %d)", __FILE__, __LINE__, config->sagan_fifo, errno); - } + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error opening in FIFO! %s (Errno: %d)", __FILE__, __LINE__, config->sagan_fifo, errno); + } i = read(fd, &c, 1); - if(i < 0) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error reading FIFO! %s (Errno: %d)", __FILE__, __LINE__, config->sagan_fifo, errno); + if(i < 0) { + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error reading FIFO! %s (Errno: %d)", __FILE__, __LINE__, config->sagan_fifo, errno); } /* Error on reading (FIFO writer left) and we have no * previous error state. */ if (i == 0 && fifoerr == 0 ) { - sagan_log(0, "FIFO closed (writer exited). Will start processing when writer resumes."); + sagan_log(config, 0, "FIFO closed (writer exited). Will start processing when writer resumes."); fifoerr=1; } @@ -614,7 +604,7 @@ * then the write is back online. */ if ( fifoerr == 1 && i == 1 ) { - sagan_log(0,"FIFO writer detected, resuming..."); + sagan_log(config, 0,"FIFO writer detected, resuming..."); fifoerr=0; /* Rest error state */ } @@ -626,15 +616,7 @@ snprintf(syslogtmp, sizeof(syslogtmp), "%c", c); strncat(syslogstring, syslogtmp, 1); - } else { - - - if (!fgets(syslogstring, sizeof(syslogstring), stdin)) { - sagan_log(0, "Dropped input in 'program' mode!"); - } - } - - if ( c == '\n' || c == '\r' || fifoi == 0 ) + if ( c == '\n' || c == '\r' ) { counters->sagantotal++; @@ -653,66 +635,67 @@ if (syslog_host == NULL ) { syslog_host = "SAGAN: HOST ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'host'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'host'"); } syslog_facility=strtok_r(NULL, "|", &tok); if ( syslog_facility == NULL ) { syslog_facility = "SAGAN: FACILITY ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'facility'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'facility'"); } syslog_priority=strtok_r(NULL, "|", &tok); if ( syslog_priority == NULL ) { syslog_priority = "SAGAN: PRIORITY ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'priority'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'priority'"); } syslog_level=strtok_r(NULL, "|", &tok); if ( syslog_level == NULL ) { syslog_level = "SAGAN: LEVEL ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'priority'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'priority'"); } syslog_tag=strtok_r(NULL, "|", &tok); if ( syslog_tag == NULL ) { syslog_tag = "SAGAN: TAG ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'tag'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'tag'"); } syslog_date=strtok_r(NULL, "|", &tok); if ( syslog_date == NULL ) { syslog_date = "SAGAN: DATE ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'date'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'date'"); } syslog_time=strtok_r(NULL, "|", &tok); if ( syslog_time == NULL ) { syslog_time = "SAGAN: TIME ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'time'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'time'"); } syslog_program=strtok_r(NULL, "|", &tok); if ( syslog_program == NULL ) { syslog_program = "SAGAN: PROGRAM ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'program'"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'program'"); } else { syslog_msg=syslog_program + strlen(syslog_program) + 1; } if ( syslog_msg == NULL ) { syslog_msg = "SAGAN: MESSAGE ERROR"; - if ( !fifoerr ) sagan_log(0, "Sagan received a malformed 'message'\n"); + if ( !fifoerr ) sagan_log(config, 0, "Sagan received a malformed 'message'\n"); } -if (debug->debugsyslog) sagan_log(0, "%s|%s|%s|%s|%s|%s|%s|%s|%s", syslog_host, syslog_facility, syslog_priority, syslog_level, syslog_tag, syslog_date, syslog_time, syslog_program, syslog_msg); + /* Strip any \n or \r from the syslog_msg */ -/* If in "program" mode, we need the \r \n's */ + syslog_msg[strcspn ( syslog_msg, "\n" )] = '\0'; + syslog_msg[strcspn ( syslog_msg, "\r" )] = '\0'; + + +if (debug->debugsyslog) sagan_log(config, 0, "%s|%s|%s|%s|%s|%s|%s|%s|%s", syslog_host, syslog_facility, syslog_priority, syslog_level, syslog_tag, syslog_date, syslog_time, syslog_program, syslog_msg); -if ( programmode == 0 ) { - syslog_msg[strcspn ( syslog_msg, "\n" )] = '\0'; - } /* Search for matches */ @@ -791,11 +774,11 @@ s_content_case=rulestruct[b].s_content[z]; toupperc(syslog_msg_case); toupperc(s_content_case); - if (strstr(syslog_msg_case, s_content_case )) pcrematch++; // rc=1; + if (strstr(syslog_msg_case, s_content_case )) pcrematch++; } else { /* If case sensitive */ - if (strstr(syslog_msg, rulestruct[b].s_content[z] )) pcrematch++; // rc=1; + if (strstr(syslog_msg, rulestruct[b].s_content[z] )) pcrematch++; } } } @@ -845,7 +828,7 @@ ee_fmtEventToRFC5424(lnevent, &str); cstr = es_str2cstr(str, NULL); - if ( debug->debugnormalize ) sagan_log(0, "Normalize output: %s", cstr); + if ( debug->debugnormalize ) sagan_log(config, 0, "Normalize output: %s", cstr); propName = es_newStrFromBuf("src-ip", 6); if((field = ee_getEventField(lnevent, propName)) != NULL) { @@ -888,14 +871,14 @@ propName = es_newStrFromBuf("src-host", 8); if((field = ee_getEventField(lnevent, propName)) != NULL) { str = ee_getFieldValueAsStr(field, 0); - snprintf(ipbuf_src, sizeof(ipbuf_src), "%s", dns_lookup(es_str2cstr(str, NULL))); + snprintf(ipbuf_src, sizeof(ipbuf_src), "%s", dns_lookup(config, es_str2cstr(str, NULL))); ip_src=ipbuf_src; } propName = es_newStrFromBuf("dst-host", 8); if((field = ee_getEventField(lnevent, propName)) != NULL) { str = ee_getFieldValueAsStr(field, 0); - snprintf(ipbuf_dst, sizeof(ipbuf_dst), "%s", dns_lookup(es_str2cstr(str, NULL))); + snprintf(ipbuf_dst, sizeof(ipbuf_dst), "%s", dns_lookup(config, es_str2cstr(str, NULL))); ip_dst=ipbuf_dst; } @@ -928,7 +911,7 @@ } if ( rulestruct[b].s_find_port == 1 ) { - src_port = parse_port_simple(syslog_msg); + src_port = parse_port_simple(config, syslog_msg); } else { src_port = config->sagan_port; } @@ -992,7 +975,7 @@ if ( rulestruct[b].threshold_count < threshbysrc[i].count ) { thresh_log_flag = 1; - sagan_log(0, "Threshold SID %s by source IP address. [%s]", threshbysrc[i].sid, ip_src); + sagan_log(config, 0, "Threshold SID %s by source IP address. [%s]", threshbysrc[i].sid, ip_src); counters->threshold_total++; } @@ -1032,7 +1015,7 @@ if ( rulestruct[b].threshold_count < threshbydst[i].count ) { thresh_log_flag = 1; - sagan_log(0, "Threshold SID %s by source IP address. [%s]", threshbysrc[i].sid, ip_dst); + sagan_log(config, 0, "Threshold SID %s by source IP address. [%s]", threshbysrc[i].sid, ip_dst); counters->threshold_total++; } } @@ -1092,7 +1075,6 @@ SaganEvent[threadid].found = b; SaganEvent[threadid].program = syslog_programtmp[msgslot]; SaganEvent[threadid].message = sysmsg[msgslot]; -SaganEvent[threadid].endian = endianchk; SaganEvent[threadid].time = syslog_timetmp[msgslot]; SaganEvent[threadid].date = syslog_datetmp[msgslot]; SaganEvent[threadid].f_msg = s_msgtmp[msgslot]; @@ -1102,6 +1084,9 @@ SaganEvent[threadid].host = syslog_hosttmp[msgslot]; SaganEvent[threadid].event_time_sec = time(NULL); +SaganEvent[threadid].debug = debug; +SaganEvent[threadid].config = config; + } @@ -1137,13 +1122,13 @@ if ( counters->threadpreludec > counters->threadmaxpreludec ) counters->threadmaxpreludec=counters->threadpreludec; if ( pthread_create ( &threadprelude_id[threadid], &thread_prelude_attr, (void *)sagan_prelude, &SaganEvent[threadid] ) ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating Prelude thread", __FILE__, __LINE__); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error creating Prelude thread", __FILE__, __LINE__); } } else { counters->sagandrop++; counters->saganpreludedrop++; - sagan_log(0, "Prelude thread call handler: Out of threads\n"); + sagan_log(config, 0, "Prelude thread call handler: Out of threads\n"); } } #endif @@ -1174,14 +1159,14 @@ if ( counters->threademailc > counters->threadmaxemailc ) counters->threadmaxemailc=counters->threademailc; if ( pthread_create( &threademail_id[threadid], &thread_email_attr, (void *)sagan_esmtp_thread, &SaganEvent[threadid] ) ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating SMTP thread", __FILE__, __LINE__); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error creating SMTP thread", __FILE__, __LINE__); } } else { counters->sagandrop++; counters->saganesmtpdrop++; - sagan_log(0, "SMTP thread call handler: Out of threads\n"); + sagan_log(config, 0, "SMTP thread call handler: Out of threads\n"); } } } @@ -1201,51 +1186,26 @@ if ( counters->threadextc > counters->threadmaxextc ) counters->threadmaxextc=counters->threadextc; if ( pthread_create( &threadext_id[threadid], &thread_ext_attr, (void *)sagan_ext_thread, &SaganEvent[threadid] ) ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating external call thread", __FILE__, __LINE__); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error creating external call thread", __FILE__, __LINE__); } } else { counters->saganexternaldrop++; counters->sagandrop++; - sagan_log(0, "External thread call handler: Out of threads\n"); + sagan_log(config, 0, "External thread call handler: Out of threads\n"); } } /****************************************************************************/ -/* Logzilla, alert only, thread call */ -/****************************************************************************/ - -#if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) - -if ( config->logzilla_dbtype != 0 && thresh_log_flag == 0 ) { - - if ( counters->threadlogzillac < config->max_logzilla_threads) { - - counters->threadlogzillac++; - - if ( counters->threadlogzillac > counters->threadmaxlogzillac ) counters->threadmaxlogzillac=counters->threadlogzillac; - - if ( pthread_create( &threadlogzilla_id[threadid], &thread_logzilla_attr, (void *)sagan_logzilla_thread, &SaganEvent[threadid]) ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating database thread.", __FILE__, __LINE__); - } - } else { - counters->saganlogzilladrop++; - counters->sagandrop++; - sagan_log(0, "Logzilla thread handler: Out of threads"); - } -} - -#endif - -/****************************************************************************/ /* Snort database thread call */ /****************************************************************************/ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) +config->endian = checkendian(); // Needed for Snort output + if ( config->dbtype != 0 && thresh_log_flag == 0 ) { counters->threaddbc++; @@ -1260,13 +1220,13 @@ SaganEvent[threadid].cid = cid; if ( pthread_create( &threaddb_id[threadid], &thread_db_attr, (void *)sagan_db_thread, &SaganEvent[threadid]) ) { - removelockfile(); - sagan_log(1, "[%s, line %d] Error creating database thread.", __FILE__, __LINE__); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] Error creating database thread.", __FILE__, __LINE__); } } else { counters->sagansnortdrop++; counters->sagandrop++; - sagan_log(0, "Snort database thread handler: Out of threads"); + sagan_log(config, 0, "Snort database thread handler: Out of threads"); } } #endif @@ -1284,6 +1244,7 @@ } } /* End of while(1) */ + } /* End of main */ diff -Nru sagan-0.1.9/src/sagan-classifications.c sagan-0.2.0/src/sagan-classifications.c --- sagan-0.1.9/src/sagan-classifications.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-classifications.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -45,16 +45,15 @@ #include #include "version.h" + #include "sagan.h" -struct _SaganDebug *debug; struct _SaganCounters *counters; struct class_struct *classstruct; -char ruleset[MAXPATH]; +void load_classifications( _SaganDebug *debug, _SaganConfig *config, const char *ruleset ) { -void load_classifications( void ) { FILE *classfile; @@ -66,10 +65,10 @@ char tmpbuf2[5]; int linecount=0; -sagan_log(0, "Loading classifications.conf file. [%s]", ruleset); +sagan_log(config, 0, "Loading classifications.conf file. [%s]", ruleset); if (( classfile = fopen(ruleset, "r" )) == NULL ) { - sagan_log(1, "[%s, line %d] Cannot open rule file (%s)", __FILE__, __LINE__, ruleset); + sagan_log(config, 1, "[%s, line %d] Cannot open rule file (%s)", __FILE__, __LINE__, ruleset); } while(fgets(classbuf, sizeof(classbuf), classfile) != NULL) { @@ -100,35 +99,15 @@ tmpbuf2[strlen(tmpbuf2)-1] = '\0'; classstruct[counters->classcount].s_priority=atoi(tmpbuf2); - if ( classstruct[counters->classcount].s_priority == 0 ) sagan_log(1, "[%s, line %d] Classification error at line number %d in %s", __FILE__, __LINE__, linecount, ruleset); + if ( classstruct[counters->classcount].s_priority == 0 ) sagan_log(config, 1, "[%s, line %d] Classification error at line number %d in %s", __FILE__, __LINE__, linecount, ruleset); - if (debug->debugload) sagan_log(0, "[D-%d] Classification: %s|%s|%d", counters->classcount, classstruct[counters->classcount].s_shortname, classstruct[counters->classcount].s_desc, classstruct[counters->classcount].s_priority); + if (debug->debugload) sagan_log(config, 0, "[D-%d] Classification: %s|%s|%d", counters->classcount, classstruct[counters->classcount].s_shortname, classstruct[counters->classcount].s_desc, classstruct[counters->classcount].s_priority); counters->classcount++; } fclose(classfile); -sagan_log(0, "%d classifications loaded", counters->classcount); - -} - -char *classlookup( char *classtype ) { - -int i; -char *ret; +sagan_log(config, 0, "%d classifications loaded", counters->classcount); -for ( i=0; i < counters->classcount; i++ ) { - -if ( !strcmp( classstruct[i].s_shortname, classtype ) ) { - ret=classstruct[i].s_desc; - return(ret); - } } - -sagan_log(0, "Hmmm.. Classification not found for a classification loaded?!?"); -ret="Classification not found!"; -return(ret); - -} - diff -Nru sagan-0.1.9/src/sagan-config.c sagan-0.2.0/src/sagan-config.c --- sagan-0.1.9/src/sagan-config.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-config.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -52,6 +52,7 @@ #endif #include "version.h" + #include "sagan.h" #ifdef HAVE_LIBDNET @@ -64,40 +65,17 @@ int liblognorm_count; #endif -sbool programmode; - struct rule_struct *rulestruct; -struct _SaganConfig *config; struct _SaganCounters *counters; -int i,check; - -sbool fifoi; +void load_config( _SaganDebug *debug, _SaganConfig *config ) { -char saganconf[MAXPATH]; -FILE *sagancfg; +FILE *sagancfg; -char *rulesetptr; -char ruleset[MAXPATH]; char normfile[MAXPATH]; -char *replace_str(char *str, char *orig, char *rep) -{ - static char buffer[4096]; - char *p; - if(!(p = strstr(str, orig))) return str; - strlcpy(buffer, str, p-str); - buffer[p-str] = '\0'; - sprintf(buffer+(p-str), "%s%s", rep, p+strlen(orig)); - rulesetptr=p+strlen(orig); - return buffer; -} - -void load_config( void ) { - -struct sockaddr_in ipv4; -uint32_t ip; - +char *filename; +char ruleset[MAXPATH]; char tmpbuf[CONFBUF]; char tmpstring[CONFBUF]; @@ -108,15 +86,11 @@ char *tok=NULL; -int i; - -memset(&config, 0, sizeof(config)); -config = malloc(sizeof(_SaganConfig)); +int i,check; /* Set some system defaults */ snprintf(config->sagan_alert_filepath, sizeof(config->sagan_alert_filepath), "%s", ALERTLOG); -snprintf(config->sagan_log_filepath, sizeof(config->sagan_log_filepath), "%s", SAGANLOG); snprintf(config->sagan_lockfile, sizeof(config->sagan_lockfile), "%s", LOCKFILE); snprintf(config->sagan_log_path, sizeof(config->sagan_log_path), "%s", SAGANLOGPATH); @@ -124,7 +98,6 @@ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) config->maxdb_threads=MAX_DB_THREADS; -config->max_logzilla_threads=MAX_LOGZILLA_THREADS; #endif #ifdef HAVE_LIBESMTP @@ -143,8 +116,10 @@ /* Gather information for the master configuration file */ -if ((sagancfg = fopen(saganconf, "r")) == NULL) { - sagan_log(1, "[%s, line %d] Cannot open configuration file (%s)", __FILE__, __LINE__, saganconf); + +if ((sagancfg = fopen(config->sagan_config, "r")) == NULL) { + fprintf(stderr, "[%s, line %d] Cannot open configuration file (%s)\n", __FILE__, __LINE__, config->sagan_config); + exit(1); } while(fgets(tmpbuf, sizeof(tmpbuf), sagancfg) != NULL) { @@ -156,7 +131,7 @@ sagan_option = strtok_r(tmpbuf, " ", &tok); if (!strcmp(remrt(sagan_option), "disable_dns_warnings")) { - sagan_log(0, "Supressing DNS warnings"); + sagan_log(config, 0, "Supressing DNS warnings"); config->disable_dns_warnings = 1; } @@ -235,11 +210,6 @@ config->maxdb_threads = atol(sagan_var); } - if (!strcmp(sagan_option, "max_logzilla_threads")) { - sagan_var = strtok_r(NULL, " ", &tok); - config->max_logzilla_threads = atol(sagan_var); - } - if (!strcmp(sagan_option, "sagan_proto")) { sagan_var = strtok_r(NULL, " ", &tok); config->sagan_proto = atoi(sagan_var); @@ -285,7 +255,7 @@ snprintf(tmpstring, sizeof(tmpstring), "%s", strtok_r(NULL, ",", &tok)); remspaces(tmpstring); tmpstring[strlen(tmpstring)-1] = '\0'; - strlcpy(normfile, replace_str(tmpstring, "$RULE_PATH", config->sagan_rule_path), sizeof(normfile)); + strlcpy(normfile, sagan_replace_str(tmpstring, "$RULE_PATH", config->sagan_rule_path), sizeof(normfile)); snprintf(liblognormstruct[liblognorm_count].filepath, sizeof(liblognormstruct[liblognorm_count].filepath), "%s", normfile); liblognorm_count++; @@ -298,13 +268,12 @@ if (!strcmp(sagan_var, "external:")) { snprintf(config->sagan_extern, sizeof(config->sagan_extern), "%s", strtok_r(NULL, " ", &tok)); - if (strstr(strtok_r(NULL, " ", &tok), "parsable")) config->sagan_exttype=1; + if (strstr(strtok_r(NULL, " ", &tok), "parsable")) config->sagan_exttype=1; config->sagan_ext_flag=1; } #ifdef HAVE_LIBDNET - if (!strcmp(sagan_var, "unified2:")) { config->sagan_unified2_flag = 1; @@ -381,53 +350,6 @@ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) - if (!strcmp(sagan_var, "logzilla:")) { - sagan_var = strtok_r(NULL, ",", &tok); - remspaces(sagan_var); - - sagan_var = strtok_r(NULL, ",", &tok); - remspaces(sagan_var); - - if (!strcmp(sagan_var, "mysql")) config->logzilla_dbtype = 1; - if (!strcmp(sagan_var, "postgresql")) config->logzilla_dbtype = 2; - - sagan_var = strtok_r(NULL, ",", &tok); - - - remrt(sagan_var); - - strlcpy(tmpbuf, sagan_var, sizeof(tmpbuf)); - ptmp = strtok_r(tmpbuf, "=", &tok); - - while (ptmp != NULL) { - remspaces(ptmp); - - if (!strcmp(ptmp, "user")) { - ptmp = strtok_r(NULL, " ", &tok); - snprintf(config->logzilla_user, sizeof(config->logzilla_user), "%s", ptmp); - } - - if (!strcmp(ptmp, "password")) { - ptmp = strtok_r(NULL, " ", &tok); - snprintf(config->logzilla_password, sizeof(config->logzilla_password), "%s", ptmp); - } - - if (!strcmp(ptmp, "dbname")) { - ptmp = strtok_r(NULL, " ", &tok); - snprintf(config->logzilla_dbname, sizeof(config->logzilla_dbname), "%s", ptmp); - } - - if (!strcmp(ptmp, "host")) { - ptmp = strtok_r(NULL, " ", &tok); - snprintf(config->logzilla_dbhost, sizeof(config->logzilla_dbhost), "%s", ptmp); - } - - ptmp = strtok_r(NULL, "=", &tok); - } - - - } - /* output type (database, etc) */ if (!strcmp(sagan_var, "database:")) { @@ -493,12 +415,7 @@ if (!strcmp(sagan_var, "FIFO" )) { snprintf(config->sagan_fifo, sizeof(config->sagan_fifo), "%s", strtok_r(NULL, " ", &tok)); config->sagan_fifo[strlen(config->sagan_fifo)-1] = '\0'; - if ( programmode != 1 ) { // --program over rides configuration option. - fifoi = 1; - } else { - fifoi = 0; } - } if (!strcmp(sagan_var, "RULE_PATH" )) { snprintf(config->sagan_rule_path, sizeof(config->sagan_rule_path), "%s", strtok_r(NULL, " ", &tok)); @@ -510,65 +427,56 @@ config->sagan_lockfile[strlen(config->sagan_lockfile)-1] = '\0'; } - if (!strcmp(sagan_var, "SAGANLOG" )) { - snprintf(config->sagan_log_filepath, sizeof(config->sagan_log_filepath), "%s", strtok_r(NULL, " ", &tok)); - config->sagan_log_filepath[strlen(config->sagan_log_filepath)-1] = '\0'; - } - if (!strcmp(sagan_var, "ALERTLOG" )) { snprintf(config->sagan_alert_filepath, sizeof(config->sagan_alert_filepath), "%s", strtok_r(NULL, " ", &tok)); config->sagan_alert_filepath[strlen(config->sagan_alert_filepath)-1] = '\0'; } - + if (!strcmp(sagan_var, "SAGANLOGPATH" )) { - snprintf(config->sagan_log_path, sizeof(config->sagan_log_path), "%s", strtok_r(NULL, " ", &tok)); - config->sagan_log_path[strlen(config->sagan_log_path)-1] = '\0'; + snprintf(config->sagan_log_path, sizeof(config->sagan_log_path), "%s", strtok_r(NULL, " ", &tok)); + config->sagan_log_path[strlen(config->sagan_log_path)-1] = '\0'; } - } - -/* We open the sagan.log file here. This keeps us from having to "re-open" the load - * file over and over - Champ Clark III 04/07/2011 */ - -if ((config->sagan_log_stream = fopen(config->sagan_log_filepath, "a")) == NULL) { - fprintf(stderr, "[E] [%s, line %d] Cannot open %s!\n", __FILE__, __LINE__, config->sagan_log_filepath); - exit(1); - } - - /* "include */ +/* "include */ if (!strcmp(sagan_option, "include" )) { snprintf(tmpstring, sizeof(tmpstring), "%s", strtok_r(NULL, " ", &tok)); tmpstring[strlen(tmpstring)-1] = '\0'; + + strlcpy(ruleset, sagan_replace_str(tmpstring, "$RULE_PATH", config->sagan_rule_path), sizeof(ruleset)); - strlcpy(ruleset, replace_str(tmpstring, "$RULE_PATH", config->sagan_rule_path), sizeof(ruleset)); + filename=sagan_getfilename(ruleset); /* Get the file name to figure out "what" we're loading */ - if (!strcmp(rulesetptr, "/classification.config") || !strcmp(rulesetptr, "classification.config" )) + if (!strcmp(filename, "classification.config")) { - load_classifications(); + load_classifications(debug, config, ruleset); } - if (!strcmp(rulesetptr, "/reference.config") || !strcmp(rulesetptr, "reference.config" )) + if (!strcmp(filename, "reference.config")) { - load_reference(); + load_reference(debug, config, ruleset); } - if (strcmp(rulesetptr, "/reference.config") && strcmp(rulesetptr, "reference.config" ) && - strcmp(rulesetptr, "/classification.config") && strcmp(rulesetptr, "classification.config" )) { - load_rules(); + + /* It's not a classifcations file or reference, so it must be a ruleset */ + + if (strcmp(filename, "reference.config") && strcmp(filename, "classification.config")) { + + load_rules(debug, config, ruleset); } } } +fclose(sagancfg); /* Check rules for duplicate sid. We can't have that! */ for (i = 0; i < counters->rulecount; i++) { for ( check = i+1; check < counters->rulecount; check ++) { if (!strcmp (rulestruct[check].s_sid, rulestruct[i].s_sid )) - sagan_log(1, "[%s, line %d] Detected duplicate signature id [sid] number %s. Please correct this.", __FILE__, __LINE__, rulestruct[check].s_sid, rulestruct[i].s_sid); + sagan_log(config, 1, "[%s, line %d] Detected duplicate signature id [sid] number %s. Please correct this.", __FILE__, __LINE__, rulestruct[check].s_sid, rulestruct[i].s_sid); } } @@ -576,13 +484,13 @@ #ifdef HAVE_LIBESMTP -if (config->sagan_esmtp_flag && !strcmp(config->sagan_esmtp_server, "")) sagan_log(1, "[%s, line %d] Configuration SMTP 'smtpserver' field is missing! |%s|", __FILE__, __LINE__, config->sagan_esmtp_server); -if (config->sagan_esmtp_flag && !strcmp(config->sagan_esmtp_from, "" )) sagan_log(1, "[%s, line %d] Configuration SMTP 'from' field is missing!", __FILE__, __LINE__); +if (config->sagan_esmtp_flag && !strcmp(config->sagan_esmtp_server, "")) sagan_log(config, 1, "[%s, line %d] Configuration SMTP 'smtpserver' field is missing! |%s|", __FILE__, __LINE__, config->sagan_esmtp_server); +if (config->sagan_esmtp_flag && !strcmp(config->sagan_esmtp_from, "" )) sagan_log(config, 1, "[%s, line %d] Configuration SMTP 'from' field is missing!", __FILE__, __LINE__); #endif -if (!strcmp(config->sagan_host, "" )) sagan_log(1, "The 'sagan_host' option was not found and is required."); -if ( config->sagan_port == 0 ) sagan_log(1, "The 'sagan_port' option was not set and is required."); +if (!strcmp(config->sagan_fifo, "")) sagan_log(config, 1, "No FIFO option found which is required! Aborting!"); +if (!strcmp(config->sagan_host, "" )) sagan_log(config, 1, "The 'sagan_host' option was not found and is required."); +if ( config->sagan_port == 0 ) sagan_log(config, 1, "The 'sagan_port' option was not set and is required."); } - diff -Nru sagan-0.1.9/src/sagan-defs.h sagan-0.2.0/src/sagan-defs.h --- sagan-0.1.9/src/sagan-defs.h 1970-01-01 00:00:00.000000000 +0000 +++ sagan-0.2.0/src/sagan-defs.h 2011-08-21 16:53:30.000000000 +0000 @@ -0,0 +1,90 @@ +/* $Id$ */ +/* +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III +** +** This program is free software; you can redistribute it and/or modify +** it under the terms of the GNU General Public License Version 2 as +** published by the Free Software Foundation. You may not use, modify or +** distribute this program under any other version of the GNU General +** Public License. +** +** This program is distributed in the hope that it will be useful, +** but WITHOUT ANY WARRANTY; without even the implied warranty of +** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +** GNU General Public License for more details. +** +** You should have received a copy of the GNU General Public License +** along with this program; if not, write to the Free Software +** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +*/ + +/* sagan.h + * + * Sagan prototypes and definitions. + * + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" /* From autoconf */ +#endif + +/* Various buffers used during configurations loading */ + +#define CLASSBUF 1024 +#define RULEBUF 5128 +#define CONFBUF 1024 + +#define MAXPATH 255 /* Max path for files/directories */ +#define MAXHOST 32 /* Max host length */ +#define MAXPROGRAM 32 /* Max syslog 'program' length */ +#define MAXDATE 25 /* Max syslog 'date' length */ +#define MAXTIME 10 /* Max syslog 'time length */ +#define MAXFACILITY 25 /* Max syslog 'facility' length */ +#define MAXPRIORITY 20 /* Max syslog 'priority' length */ +#define MAXTAG 32 /* Max syslog 'tag' length */ +#define MAXLEVEL 15 /* Max syslog 'level' length */ + +/* Used for the syslog "msgslot" array. This can be increased, but + * anything > || == 30 causes SEGFAULTs under FreeBSD + * Champ Clark - 02/28/2010 + */ + +#define MAX_MSGSLOT 25 /* Slots for syslog message passing */ + +#define MAX_THREADS 4096 /* Max system threads */ +#define MAX_SYSLOGMSG 63556 /* Max length of a syslog message */ + +#define MAX_PCRE 5 /* Max PCRE within a rule */ +#define MAX_CONTENT 5 /* Max 'content' within a rule */ +#define MAX_REFERENCE 10 /* Max references within a rule */ + +#define MAXUSER 32 +#define MAXPASS 64 + +#define BUFLEN 8192 /* For libesmtp */ +#define MAXIP 16 /* Max IP length. Change to 64 for future IPv6 support */ + +#define LOCKFILE "/var/run/sagan/sagan.pid" +#define SAGANLOG "/var/log/sagan/sagan.log" +#define ALERTLOG "/var/log/sagan/alert" +#define SAGANLOGPATH "/var/log/sagan" + +#define RUNAS "sagan" + +/* defaults if the user doesn't define */ + +#define MAX_EXT_THREADS 50 + +#if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) +#define MAX_DB_THREADS 50 +#endif + +#ifdef HAVE_LIBESMTP +#define MAX_EMAIL_THREADS 50 +#endif + +#ifdef HAVE_LIBPRELUDE +#define MAX_PRELUDE_THREADS 50 +#endif + diff -Nru sagan-0.1.9/src/sagan.h sagan-0.2.0/src/sagan.h --- sagan-0.1.9/src/sagan.h 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan.h 2011-08-21 16:53:30.000000000 +0000 @@ -1,7 +1,7 @@ /* $Id$ */ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -32,71 +32,11 @@ #include #include #include - -/* Various buffers used during configurations loading */ - -#define CLASSBUF 1024 -#define RULEBUF 5128 -#define CONFBUF 1024 - -#define MAXPATH 255 /* Max path for files/directories */ -#define MAXHOST 32 /* Max host length */ -#define MAXPROGRAM 32 /* Max syslog 'program' length */ -#define MAXDATE 25 /* Max syslog 'date' length */ -#define MAXTIME 10 /* Max syslog 'time length */ -#define MAXFACILITY 25 /* Max syslog 'facility' length */ -#define MAXPRIORITY 20 /* Max syslog 'priority' length */ -#define MAXTAG 32 /* Max syslog 'tag' length */ -#define MAXLEVEL 15 /* Max syslog 'level' length */ - -/* Used for the syslog "msgslot" array. This can be increased, but - * anything > || == 30 causes SEGFAULTs under FreeBSD - * Champ Clark - 02/28/2010 - */ - -#define MAX_MSGSLOT 25 /* Slots for syslog message passing */ - -#define MAX_THREADS 4096 /* Max system threads */ -#define MAX_SYSLOGMSG 63556 /* Max length of a syslog message */ - -#define MAX_PCRE 5 /* Max PCRE within a rule */ -#define MAX_CONTENT 5 /* Max 'content' within a rule */ -#define MAX_REFERENCE 10 /* Max references within a rule */ - -#define MAXUSER 32 -#define MAXPASS 64 - -#define BUFLEN 8192 /* For libesmtp */ -#define MAXIP 16 /* Max IP length. Change to 64 for future IPv6 support */ - -#define LOCKFILE "/var/run/sagan/sagan.pid" -#define SAGANLOG "/var/log/sagan/sagan.log" -#define ALERTLOG "/var/log/sagan/alert" -#define SAGANLOGPATH "/var/log/sagan" - -#define RUNAS "sagan" +#include "sagan-defs.h" typedef char sbool; /* From rsyslog. 'bool' causes compatiablity problems on OSX. "(small bool) I intentionally use char, to keep it slim so that many fit into the CPU cache!". */ - -/* defaults if the user doesn't define */ - -#define MAX_EXT_THREADS 50 - -#if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) -#define MAX_LOGZILLA_THREADS 50 -#define MAX_DB_THREADS 50 -#endif - -#ifdef HAVE_LIBESMTP -#define MAX_EMAIL_THREADS 50 -#endif - -#ifdef HAVE_LIBPRELUDE -#define MAX_PRELUDE_THREADS 50 -#endif - #ifndef HAVE_STRLCPY int strlcpy(char *, const char *, size_t ); #endif @@ -105,43 +45,25 @@ int strlcat(char *, const char *, size_t ); #endif -/* Parsers */ - -char *parse_ip_simple( char * ); -int parse_port_simple( char * ); - -void sig_handler( int ); -void sig_handler_daemon( int ); -void key_handler( int ); -void plog_handler( void ); - - -char *dns_lookup(char *); int isnumeric (char *); char *toupperc(char* const ); -void sagan_statistics( void ); void sagan_error(const char *, ...); -void sagan_log( int, const char *, ... ); char *gettimestamp( void ); void sagan_error( const char *, ... ); char *findipinmsg ( char * ); void closesagan( int ); int checkendian( void ); void sagan_usage( void ); -void load_config( void ); void load_normalize( void ); -void removelockfile ( void ); -void checklockfile ( void ); -void droppriv( const char * , const char *); +void sagan_chroot( const char *, const char * ); char *remrt(char *); char *remspaces(char *); char *remquotes(char *); -void load_classifications( void ); -void load_reference ( void ); -void load_rules ( void ); char *betweenquotes( char * ); char *reflookup( int, int ); double CalcPct(uint64_t, uint64_t); +char *sagan_replace_str(char *, char *, char *); +char *sagan_getfilename(char *); char *referencelookup( int ); @@ -166,12 +88,9 @@ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) uint64_t sigcid; /* For passing CID with signal */ uint64_t threadmaxdbc; - uint64_t threadmaxlogzillac; - int threadlogzillac; int threaddbc; uint64_t sagansnortdrop; - uint64_t saganlogzilladrop; #endif #ifdef HAVE_LIBESMTP @@ -223,6 +142,7 @@ /* Non-dependent var's */ + char sagan_config[MAXPATH]; /* Master Sagan configuration file */ char sagan_alert_filepath[MAXPATH]; char sagan_interface[50]; FILE *sagan_alert_stream; @@ -242,6 +162,8 @@ int daemonize; int sagan_proto; + sbool endian; + /* libesmtp/SMTP support */ @@ -284,21 +206,15 @@ sbool sagan_unified2_flag; #endif -/* MySQL/PostgreSQL support for Snort/Logzilla */ +/* MySQL/PostgreSQL support for Snort DB */ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) int dbtype; - int logzilla_dbtype; int sagan_detail; int sensor_id; uint64_t maxdb_threads; - uint64_t max_logzilla_threads; char sagan_hostname[MAXHOST]; char sagan_filter[50]; - char logzilla_user[MAXUSER]; - char logzilla_password[MAXPASS]; - char logzilla_dbname[50]; - char logzilla_dbhost[50]; char dbuser[MAXUSER]; char dbpassword[MAXPASS]; char dbname[50]; @@ -307,6 +223,12 @@ }; + +/* Parsers */ + +char *parse_ip_simple( char * ); +int parse_port_simple(_SaganConfig *, char * ); + /* Reference structure */ typedef struct ref_struct ref_struct; struct ref_struct { @@ -368,6 +290,10 @@ typedef struct Sagan_Event { + + _SaganDebug *debug; + _SaganConfig *config; + char *ip_src; char *ip_dst; int dst_port; @@ -384,7 +310,6 @@ char *f_msg; - /* message information */ char *time; @@ -425,8 +350,7 @@ }; /****************************************************************************/ -/* MySQL & PostgreSQL support. Including support for Snort database and */ -/* Logzilla. */ +/* MySQL & PostgreSQL support. Support for Snort databases */ /****************************************************************************/ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) @@ -435,11 +359,9 @@ #define MAXSQL 4096 #define MYSQL_PORT 3306 -char *sql_escape(const char *, int ); -void *logzilla_insert_thread ( void *); -void sagan_logzilla_thread(SaganEvent *); +char *sql_escape(_SaganConfig *, const char *, int ); void sagan_db_thread( SaganEvent * ); -int ip2bit( char *, int ); +int ip2bit( _SaganConfig *, char * ); char *fasthex(char *, int); #endif @@ -481,37 +403,36 @@ /* 'Signal' thread options */ /****************************************************************************/ -struct sig_thread_args { +typedef struct _SaganSigArgs _SaganSigArgs; + struct _SaganSigArgs { int daemonize; uint64_t cid; - } sig_thread_args[1]; + _SaganDebug *debug; + _SaganConfig *config; + }; -struct sig_args { - int daemonize; - uint64_t cid; - } sig_args[1]; -void sagan_alert( SaganEvent * ); -void sagan_ext_thread( SaganEvent * ); -/* -#ifdef HAVE_LIBPRELUDE -void sagan_prelude( SaganEvent * ); -#endif -*/ +/****************************************************************************/ +/* The functions below depend on structs above */ +/****************************************************************************/ -/* -#ifdef HAVE_LIBDNET -typedef struct _Unified2Config -{ - char *base_filename; - char filepath[1024]; - uint32_t timestamp; - FILE *stream; - unsigned int limit; - unsigned int current; - int nostamp; - int base_proto; -} Unified2Config; +#ifdef HAVE_LIBPCAP +void plog_handler( _SaganSigArgs * ); #endif -*/ + +void sagan_alert( SaganEvent * ); +void sagan_ext_thread( SaganEvent * ); + +void load_config( _SaganDebug *, _SaganConfig * ); +void sig_handler( _SaganSigArgs * ); +void load_classifications( _SaganDebug *, _SaganConfig *, const char * ); +void load_reference ( _SaganDebug *, _SaganConfig *, const char * ); +void load_rules ( _SaganDebug *, _SaganConfig *, const char * ); +void sagan_log( _SaganConfig *, int, const char *, ... ); +void removelockfile ( _SaganConfig * ); +void checklockfile ( _SaganConfig * ); +void sagan_statistics( _SaganConfig * ); +void key_handler( _SaganConfig * ); +void sagan_droppriv( _SaganConfig *, const char *); +char *dns_lookup( _SaganConfig *, char *); diff -Nru sagan-0.1.9/src/sagan-key.c sagan-0.2.0/src/sagan-key.c --- sagan-0.1.9/src/sagan-key.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-key.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -35,17 +35,19 @@ #include #include "version.h" + #include "sagan.h" -void key_handler(int sigargs ) +void key_handler( _SaganConfig *config ) { while(1) { + int key; key=getchar(); if ( key != 0 ) { - sagan_statistics(); + sagan_statistics(config); } } diff -Nru sagan-0.1.9/src/sagan-lockfile.c sagan-0.2.0/src/sagan-lockfile.c --- sagan-0.1.9/src/sagan-lockfile.c 2011-04-18 16:44:53.000000000 +0000 +++ sagan-0.2.0/src/sagan-lockfile.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -40,14 +40,14 @@ #include #include "sagan.h" + #include "version.h" -struct _SaganConfig *config; /* Was using liblockfile but decided for portability reasons, it was a * bad idea */ -void checklockfile (void) { +void checklockfile ( _SaganConfig *config ) { char buf[10]; FILE *lck; @@ -60,24 +60,24 @@ /* Lock file is present, open for read */ if (( lck = fopen(config->sagan_lockfile, "r" )) == NULL ) { - sagan_log(1, "[%s, line %d] Lock file (%s) is present but can't be read", __FILE__, __LINE__, config->sagan_lockfile); + sagan_log(config, 1, "[%s, line %d] Lock file (%s) is present but can't be read", __FILE__, __LINE__, config->sagan_lockfile); } else { - if (!fgets(buf, sizeof(buf), lck)) sagan_log(1, "[%s, line %d] Lock file (%s) is open for reading, but can't read contents.", __FILE__, __LINE__, config->sagan_lockfile); + if (!fgets(buf, sizeof(buf), lck)) sagan_log(config, 1, "[%s, line %d] Lock file (%s) is open for reading, but can't read contents.", __FILE__, __LINE__, config->sagan_lockfile); fclose(lck); pid = atoi(buf); - if ( pid == 0 ) sagan_log(1, "[%s, line %d] Lock file read but pid value is zero. Aborting.....", __FILE__, __LINE__); + if ( pid == 0 ) sagan_log(config, 1, "[%s, line %d] Lock file read but pid value is zero. Aborting.....", __FILE__, __LINE__); /* Check to see if process is running. We use kill with 0 signal * to determine this. We check this return value. Signal 0 * won't affect running processes */ if ( kill(pid, 0) != -1 ) { - sagan_log(1, "[%s, line %d] It appears that Sagan is already running (pid: %d).", __FILE__, __LINE__, pid); + sagan_log(config, 1, "[%s, line %d] It appears that Sagan is already running (pid: %d).", __FILE__, __LINE__, pid); } else { - sagan_log(0, "[%s, line %d] Lock file is present, but Sagan isn't at pid %d (Removing stale %s file)", __FILE__, __LINE__, pid, config->sagan_lockfile); + sagan_log(config, 0, "[%s, line %d] Lock file is present, but Sagan isn't at pid %d (Removing stale %s file)", __FILE__, __LINE__, pid, config->sagan_lockfile); if (unlink(config->sagan_lockfile)) { - sagan_log(1, "Unable to delete %s. ", config->sagan_lockfile); + sagan_log(config, 1, "Unable to delete %s. ", config->sagan_lockfile); } } } @@ -87,7 +87,7 @@ /* No lock file present, so create it */ if (( lck = fopen(config->sagan_lockfile, "w" )) == NULL ) { - sagan_log(1, "[%s, line %d] Cannot create lock file (%s)", __FILE__, __LINE__, config->sagan_lockfile); + sagan_log(config, 1, "[%s, line %d] Cannot create lock file (%s)", __FILE__, __LINE__, config->sagan_lockfile); } else { fprintf(lck, "%d", getpid() ); fflush(lck); fclose(lck); @@ -95,11 +95,11 @@ } } -void removelockfile ( void ) { +void removelockfile ( _SaganConfig *config ) { struct stat lckcheck; if ((stat(config->sagan_lockfile, &lckcheck) == 0) && unlink(config->sagan_lockfile) != 0 ) { - sagan_log(1, "[%s, line %d] Cannot remove lock file (%s)\n", __FILE__, __LINE__, config->sagan_lockfile); + sagan_log(config, 1, "[%s, line %d] Cannot remove lock file (%s)\n", __FILE__, __LINE__, config->sagan_lockfile); } } diff -Nru sagan-0.1.9/src/sagan-plog.c sagan-0.2.0/src/sagan-plog.c --- sagan-0.1.9/src/sagan-plog.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-plog.c 2011-08-21 16:53:30.000000000 +0000 @@ -51,9 +51,6 @@ #include "sagan.h" -struct _SaganConfig *config; -struct _SaganDebug *debug; - struct my_udphdr { u_int16_t uh_sport; /* source port */ u_int16_t uh_dport; /* destination port */ @@ -61,12 +58,12 @@ u_int16_t uh_sum; /* udp checksum */ }; -static void logpkt(u_char *,const struct pcap_pkthdr *,const u_char *); -static int wiredevlog(); -static int outf; +static void logpkt(u_char *,const struct pcap_pkthdr *,const u_char *); +static int wiredevlog( _SaganConfig *); +static int outf; -void plog_handler( void ) +void plog_handler(_SaganSigArgs *args ) { pcap_t *bp; @@ -75,46 +72,45 @@ char eb[PCAP_ERRBUF_SIZE]; char filterstr[128]; - iface = config->plog_interface; + iface = args->config->plog_interface; - sagan_log(0, ""); - sagan_log(0, "Initalizing Sagan syslog sniffer thread (PLOG)"); - sagan_log(0, "Interface: %s", iface); - sagan_log(0, "UDP port to monitor: %d", config->plog_port); - sagan_log(0, "Log device: %s", config->plog_logdev); - sagan_log(0, ""); + sagan_log(args->config, 0, ""); + sagan_log(args->config, 0, "Initalizing Sagan syslog sniffer thread (PLOG)"); + sagan_log(args->config, 0, "Interface: %s", iface); + sagan_log(args->config, 0, "UDP port to monitor: %d", args->config->plog_port); + sagan_log(args->config, 0, "Log device: %s", args->config->plog_logdev); + sagan_log(args->config, 0, ""); if(iface == (char *)0) { - if((iface = pcap_lookupdev(eb)) == (char *)0) { - fprintf(stderr,"cannot get device: %s\n",eb); - exit(1); - } + if((iface = pcap_lookupdev(eb)) == (char *)0) + sagan_log(args->config, 1, "[%s, line %d] Cannot get device: %s", __FILE__, __LINE__, eb); } bp = pcap_open_live(iface,4096,0,0,eb); if(bp == (pcap_t *)0) - sagan_log(1, "[%s, line %d] Cannot open interface %s: %s", __FILE__, __LINE__, iface, eb); + sagan_log(args->config, 1, "[%s, line %d] Cannot open interface %s: %s", __FILE__, __LINE__, iface, eb); /* compile and install our filter */ /* Port is configurable via int config->plog_port */ - snprintf(filterstr, sizeof(filterstr), "udp port %d", config->plog_port); + snprintf(filterstr, sizeof(filterstr), "udp port %d", args->config->plog_port); if(pcap_compile(bp,&filtr,filterstr,1,0)) - sagan_log(1, "[%s, line %d] Cannot compile filter: %s", __FILE__, __LINE__, eb); + sagan_log(args->config, 1, "[%s, line %d] Cannot compile filter: %s", __FILE__, __LINE__, eb); if(pcap_setfilter(bp,&filtr)) - sagan_log(1, "[%s, line %d] Cannot install filter in %s: %s", __FILE__, __LINE__, iface, eb); + sagan_log(args->config, 1, "[%s, line %d] Cannot install filter in %s: %s", __FILE__, __LINE__, iface, eb); /* wireup /dev/log; we can't use openlog() because these are going to be raw inputs */ - if(wiredevlog()) { - removelockfile(); - sagan_log(1, "[%s, line %d] Cannot open %s (Syslog not using SOCK_DGRAM?)", __FILE__, __LINE__, config->plog_logdev); + if(wiredevlog(args->config)) { + removelockfile(args->config); + sagan_log(args->config, 1, "[%s, line %d] Cannot open %s (Syslog not using SOCK_DGRAM?)", __FILE__, __LINE__, args->config->plog_logdev); } /* endless loop */ - (void)pcap_loop(bp,-1,logpkt,(char *)0); + (void)pcap_loop(bp,-1,logpkt, (u_char*)args); + pcap_close(bp); exit(0); } @@ -122,7 +118,7 @@ /* take a raw packet and write it to /dev/log... we are evil! */ static void -logpkt(u_char *jnk,const struct pcap_pkthdr *p,const u_char *pkt) +logpkt(u_char *pass_args,const struct pcap_pkthdr *p,const u_char *pkt) { struct ether_header *eh; struct ip *ih; @@ -131,6 +127,8 @@ int len; char *l; + _SaganSigArgs *args = (_SaganSigArgs *) pass_args; + /* crack the ethernet header */ eh = (struct ether_header *)pkt; if(ntohs(eh->ether_type) != ETHERTYPE_IP) @@ -165,8 +163,10 @@ /* our log message ought to be just past the UDP header now... */ l = (char *)u + sizeof(struct udphdr); len = ntohs(u->uh_ulen) - sizeof(struct udphdr); - if(debug->debugplog) { - int x; + + if(args->debug->debugplog) { + + int x; /* I can't use sagan_log() here, so we dump to strerr. * have the check the tty (isatty()) before dumping or @@ -174,27 +174,29 @@ * - Champ Clark III Jan 7th 2011 */ + for(x = 0; x < len; x++) { - if(isprint(l[x]) && (isatty(1)) ) + if(isprint(l[x]) && (isatty(1)) ) fprintf(stderr,"%c",(int)(l[x])); else fprintf(stderr,"[0x%x]",(int)(l[x])); } if (isatty(1)) fprintf(stderr,"\n"); - } + } + /* send it! */ if(send(outf,l,len,0) < 0) - sagan_log(1, "[%s, line %d] Send error", __FILE__, __LINE__); + sagan_log(args->config, 1, "[%s, line %d] Send error", __FILE__, __LINE__); return; bad: - sagan_log(0, "[%s, line %d] Malformed packet received.", __FILE__, __LINE__); + sagan_log(args->config, 0, "[%s, line %d] Malformed packet received.", __FILE__, __LINE__); } static int -wiredevlog() +wiredevlog( _SaganConfig *config ) { struct sockaddr s; diff -Nru sagan-0.1.9/src/sagan-references.c sagan-0.2.0/src/sagan-references.c --- sagan-0.1.9/src/sagan-references.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-references.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -44,17 +44,15 @@ #include #include "version.h" + #include "sagan.h" -struct _SaganDebug *debug; struct _SaganCounters *counters; -struct ref_struct *refstruct; -struct rule_struct *rulestruct; - -char ruleset[1024]; +extern struct ref_struct *refstruct; +extern struct rule_struct *rulestruct; -void load_reference( void ) { +void load_reference( _SaganDebug *debug, _SaganConfig *config, const char *ruleset ) { FILE *reffile; @@ -65,10 +63,10 @@ char *laststring=NULL; -sagan_log(0, "Loading references.conf file. [%s]" , ruleset); +sagan_log(config, 0, "Loading references.conf file. [%s]" , ruleset); if (( reffile = fopen(ruleset, "r" )) == NULL ) { - sagan_log(1, "[%s, line %d] Cannot open rule file (%s)", __FILE__, __LINE__, ruleset); + sagan_log(config, 1, "[%s, line %d] Cannot open rule file (%s)", __FILE__, __LINE__, ruleset); } while(fgets(refbuf, 1024, reffile) != NULL) { @@ -92,13 +90,13 @@ snprintf(refstruct[counters->refcount].s_refurl, sizeof(refstruct[counters->refcount].s_refurl), "%s", laststring); refstruct[counters->refcount].s_refurl[strlen(refstruct[counters->refcount].s_refurl)-1] = '\0'; - if (debug->debugload) sagan_log(0, "[D-%d] Reference: %s|%s", counters->refcount, refstruct[counters->refcount].s_refid, refstruct[counters->refcount].s_refurl); + if (debug->debugload) sagan_log(config, 0, "[D-%d] Reference: %s|%s", counters->refcount, refstruct[counters->refcount].s_refid, refstruct[counters->refcount].s_refurl); counters->refcount++; } fclose(reffile); -sagan_log(0, "%d references loaded.", counters->refcount); +sagan_log(config, 0, "%d references loaded.", counters->refcount); } diff -Nru sagan-0.1.9/src/sagan-rules.c sagan-0.2.0/src/sagan-rules.c --- sagan-0.1.9/src/sagan-rules.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-rules.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -43,10 +43,9 @@ #include #include "version.h" + #include "sagan.h" -struct _SaganConfig *config; -struct _SaganDebug *debug; struct _SaganCounters *counters; #ifdef HAVE_LIBLOGNORM @@ -55,13 +54,10 @@ int liblognorm_count; #endif -char ruleset[MAXPATH]; -char saganconf[MAXPATH]; - struct rule_struct *rulestruct; struct class_struct *classstruct; -void load_rules( void ) { +void load_rules( _SaganDebug *debug, _SaganConfig *config, const char *ruleset ) { const char *error; int erroffset; @@ -84,7 +80,13 @@ char *thresh_tmp; char netstr[RULEBUF]; + +/* line added by drforbin array should be initialized */ +memset(netstr, 0, RULEBUF); char rulestr[RULEBUF]; +/* line added by drforbin array should be initialized */ + +memset(rulestr, 0, RULEBUF); char rulebuf[RULEBUF]; char pcrerule[RULEBUF]; char tmp2[512]; @@ -114,10 +116,10 @@ #endif if (( rulesfile = fopen(ruleset, "r" )) == NULL ) { - sagan_log(1, "[%s, line %d] Cannot open rule file (%s)", __FILE__, __LINE__, ruleset); + sagan_log(config, 1, "[%s, line %d] Cannot open rule file (%s)", __FILE__, __LINE__, ruleset); } -sagan_log(0, "Loading %s rule file", ruleset); +sagan_log(config, 0, "Loading %s rule file", ruleset); while (fgets(rulebuf, sizeof(rulebuf), rulesfile) != NULL ) { @@ -242,13 +244,13 @@ if (!strcmp(rulesplit, "rev" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"rev\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"rev\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_rev, sizeof(rulestruct[counters->rulecount].s_rev), "%s", remspaces(arg)); } if (!strcmp(rulesplit, "classtype" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"classtype\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"classtype\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_classtype, sizeof(rulestruct[counters->rulecount].s_classtype), "%s", remspaces(arg)); for(i=0; i < counters->classcount; i++) { @@ -260,13 +262,13 @@ if (!strcmp(rulesplit, "program" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"program\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"program\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_program, sizeof(rulestruct[counters->rulecount].s_program), "%s", remspaces(arg)); } if (!strcmp(rulesplit, "reference" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"reference\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"reference\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_reference[ref_count], sizeof(rulestruct[counters->rulecount].s_reference[ref_count]), "%s", remspaces(arg)); rulestruct[counters->rulecount].ref_count=ref_count; ref_count++; @@ -274,32 +276,32 @@ if (!strcmp(rulesplit, "sid" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"sid\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"sid\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_sid, sizeof(rulestruct[counters->rulecount].s_sid), "%s", remspaces(arg)); } if (!strcmp(rulesplit, "tag" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"tag\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"tag\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_tag, sizeof(rulestruct[counters->rulecount].s_tag), "%s", remspaces(arg)); } if (!strcmp(rulesplit, "facility" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"facility\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"facility\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_facility, sizeof(rulestruct[counters->rulecount].s_facility), "%s", remspaces(arg)); } if (!strcmp(rulesplit, "level" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"level\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"level\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_level, sizeof(rulestruct[counters->rulecount].s_level), "%s", remspaces(arg)); } if (!strcmp(rulesplit, "pri" )) { arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"priority\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"priority\" appears to be incomplete"); remspaces(arg); rulestruct[counters->rulecount].s_pri = atoi(arg); } @@ -308,8 +310,8 @@ if (!strcmp(rulesplit, "email" )) { arg = strtok_r(NULL, " ", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"email\" appears to be incomplete"); - if (!strcmp(config->sagan_esmtp_server, "" )) sagan_log(1, "[%s, line %d] Line %d of %s has the \"email:\" option, but no SMTP server is specified in the %s", __FILE__, __LINE__, linecount, ruleset, saganconf); + if (arg == NULL ) sagan_log(config, 1, "The \"email\" appears to be incomplete"); + if (!strcmp(config->sagan_esmtp_server, "" )) sagan_log(config, 1, "[%s, line %d] Line %d of %s has the \"email:\" option, but no SMTP server is specified in the %s", __FILE__, __LINE__, linecount, ruleset, config->sagan_config); snprintf(rulestruct[counters->rulecount].email, sizeof(rulestruct[counters->rulecount].email), "%s", remspaces(arg)); rulestruct[counters->rulecount].email_flag=1; config->sagan_esmtp_flag=1; @@ -321,7 +323,7 @@ if (!strcmp(rulesplit, "normalize" )) { rulestruct[counters->rulecount].normalize = 1; arg = strtok_r(NULL, ":", &saveptrrule2); - if (arg == NULL ) sagan_log(1, "The \"normalize\" appears to be incomplete"); + if (arg == NULL ) sagan_log(config, 1, "The \"normalize\" appears to be incomplete"); remspaces(arg); /* Search for a normalize rule that fits the rule set's spec */ @@ -354,15 +356,15 @@ if (!strcmp(rulesplit, "msg" )) { arg = strtok_r(NULL, ";", &saveptrrule2); strlcpy(tmp2, betweenquotes(arg), sizeof(tmp2)); - if (tmp2 == NULL ) sagan_log(1, "The \"msg\" appears to be incomplete"); + if (tmp2 == NULL ) sagan_log(config, 1, "The \"msg\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_msg, sizeof(rulestruct[counters->rulecount].s_msg), "%s", tmp2); } if (!strcmp(rulesplit, "content" )) { - if ( content_count > MAX_CONTENT ) sagan_log(1, "There is to many \"content\" types in the rule"); + if ( content_count > MAX_CONTENT ) sagan_log(config, 1, "There is to many \"content\" types in the rule"); arg = strtok_r(NULL, ";", &saveptrrule2); strlcpy(tmp2, betweenquotes(arg), sizeof(tmp2)); - if (tmp2 == NULL ) sagan_log(1, "The \"content\" appears to be incomplete"); + if (tmp2 == NULL ) sagan_log(config, 1, "The \"content\" appears to be incomplete"); snprintf(rulestruct[counters->rulecount].s_content[content_count], sizeof(rulestruct[counters->rulecount].s_content[content_count]), "%s", tmp2); content_count++; rulestruct[counters->rulecount].content_count=content_count; @@ -372,10 +374,10 @@ /* PCRE needs a little extra "work" */ if (!strcmp(rulesplit, "pcre" )) { - if ( pcre_count > MAX_PCRE ) sagan_log(1, "There is to many \"pcre\" types in the rule"); + if ( pcre_count > MAX_PCRE ) sagan_log(config, 1, "There is to many \"pcre\" types in the rule"); arg = strtok_r(NULL, ";", &saveptrrule2); strlcpy(tmp2, betweenquotes(arg), sizeof(tmp2)); - if (tmp2 == NULL ) sagan_log(1, "The \"pcre\" appears to be incomplete"); + if (tmp2 == NULL ) sagan_log(config, 1, "The \"pcre\" appears to be incomplete"); pcreflag=0; strlcpy(pcrerule, "", sizeof(pcrerule)); @@ -430,7 +432,7 @@ } } - if ( pcreflag == 0 ) sagan_log(1, "[%s, line %d] Missing last '/' in pcre: %s at line %d", __FILE__, __LINE__, ruleset, linecount); + if ( pcreflag == 0 ) sagan_log(config, 1, "[%s, line %d] Missing last '/' in pcre: %s at line %d", __FILE__, __LINE__, ruleset, linecount); /* We store the compiled/study results. This saves use some CPU tmpe during searching - Champ Clark III - 02/01/2011 */ @@ -438,8 +440,8 @@ rulestruct[counters->rulecount].pcre_extra[pcre_count] = pcre_study( rulestruct[counters->rulecount].re_pcre[pcre_count], pcreoptions, &error); if ( rulestruct[counters->rulecount].re_pcre[pcre_count] == NULL ) { - removelockfile(); - sagan_log(1, "[%s, line %d] PCRE failure at %d: %s", __FILE__, __LINE__, erroffset, error); + removelockfile(config); + sagan_log(config, 1, "[%s, line %d] PCRE failure at %d: %s", __FILE__, __LINE__, erroffset, error); } pcre_count++; @@ -488,25 +490,25 @@ if ( debug->debugload ) { -sagan_log(0, "---[Rule %s]------------------------------------------------------\n", rulestruct[counters->rulecount].s_sid); +sagan_log(config, 0, "---[Rule %s]------------------------------------------------------\n", rulestruct[counters->rulecount].s_sid); -sagan_log(0, "= sid: %s", rulestruct[counters->rulecount].s_sid); -sagan_log(0, "= rev: %s", rulestruct[counters->rulecount].s_rev); -sagan_log(0, "= msg: %s", rulestruct[counters->rulecount].s_msg); -sagan_log(0, "= pri: %d", rulestruct[counters->rulecount].s_pri); -sagan_log(0, "= classtype: %s", rulestruct[counters->rulecount].s_classtype); -sagan_log(0, "= drop: %d", rulestruct[counters->rulecount].drop); - -if ( rulestruct[counters->rulecount].s_nocase != 0 ) sagan_log(0, "= nocase"); -if ( rulestruct[counters->rulecount].s_find_ip != 0 ) sagan_log(0, "= parse_ip"); -if ( rulestruct[counters->rulecount].s_find_port != 0 ) sagan_log(0, "= parse_port"); +sagan_log(config, 0, "= sid: %s", rulestruct[counters->rulecount].s_sid); +sagan_log(config, 0, "= rev: %s", rulestruct[counters->rulecount].s_rev); +sagan_log(config, 0, "= msg: %s", rulestruct[counters->rulecount].s_msg); +sagan_log(config, 0, "= pri: %d", rulestruct[counters->rulecount].s_pri); +sagan_log(config, 0, "= classtype: %s", rulestruct[counters->rulecount].s_classtype); +sagan_log(config, 0, "= drop: %d", rulestruct[counters->rulecount].drop); + +if ( rulestruct[counters->rulecount].s_nocase != 0 ) sagan_log(config, 0, "= nocase"); +if ( rulestruct[counters->rulecount].s_find_ip != 0 ) sagan_log(config, 0, "= parse_ip"); +if ( rulestruct[counters->rulecount].s_find_port != 0 ) sagan_log(config, 0, "= parse_port"); for (i=0; irulecount].s_content[i]); + sagan_log(config, 0, "= [%d] content: %s", i, rulestruct[counters->rulecount].s_content[i]); } for (i=0; irulecount].s_reference[i]); + sagan_log(config, 0, "= [%d] reference: %s", i, rulestruct[counters->rulecount].s_reference[i]); } } diff -Nru sagan-0.1.9/src/sagan-signal.c sagan-0.2.0/src/sagan-signal.c --- sagan-0.1.9/src/sagan-signal.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-signal.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -35,6 +35,7 @@ #include #include "version.h" + #include "sagan.h" #ifdef HAVE_LIBLOGNORM @@ -47,7 +48,6 @@ #ifdef HAVE_LIBPRELUDE #include -char sagan_prelude_profile[255]; sbool sagan_prelude_flag; prelude_client_t *preludeclient; #endif @@ -59,32 +59,18 @@ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) #include "output-plugins/sagan-snort.h" -#include "output-plugins/sagan-logzilla.h" #endif -struct _SaganConfig *config; struct _SaganCounters *counters; struct rule_struct *rulestruct; struct class_struct *classstruct; struct ref_struct *refstruct; - -char sagan_extern[255]; -char sagan_esmtp_server[255]; -int logzilla_log; - -sbool daemonize; - -uint64_t sagantotal; -uint64_t saganfound; -uint64_t sagandrop; -uint64_t threshold_total; - pthread_mutex_t sig_mutex = PTHREAD_MUTEX_INITIALIZER; -void sig_handler(int sigargs ) { +void sig_handler( _SaganSigArgs *args ) { sigset_t signal_set; int sig; @@ -104,11 +90,13 @@ case SIGSEGV: case SIGABRT: - sagan_log(0, "\n\n[Received signal %d. Sagan version %s shutting down]-------\n", sig, VERSION); - sagan_statistics(); + printf("%d <-\n", args[0].daemonize); + + sagan_log(args->config, 0, "\n\n[Received signal %d. Sagan version %s shutting down]-------\n", sig, VERSION); + sagan_statistics(args->config); #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) - if ( config->dbtype != 0 ) record_last_cid(); + if ( args->config->dbtype != 0 ) record_last_cid(args->debug, args->config); #endif #ifdef HAVE_LIBPRELUDE @@ -125,34 +113,33 @@ #endif #ifdef HAVE_LIBDNET -if ( sagan_unified2_flag ) Unified2CleanExit(); +if ( sagan_unified2_flag ) Unified2CleanExit(args->config); #endif - fflush(config->sagan_alert_stream); - fclose(config->sagan_alert_stream); /* Close Sagan alert file */ + fflush(args->config->sagan_alert_stream); + fclose(args->config->sagan_alert_stream); /* Close Sagan alert file */ - fflush(config->sagan_log_stream); /* Close the sagan.log */ - fclose(config->sagan_log_stream); + fflush(args->config->sagan_log_stream); /* Close the sagan.log */ + fclose(args->config->sagan_log_stream); - removelockfile(); + removelockfile(args->config); exit(0); break; case SIGHUP: pthread_mutex_lock(&sig_mutex); - sagan_log(0, "[Reloading Sagan version %s.]-------", VERSION); + sagan_log(args->config, 0, "[Reloading Sagan version %s.]-------", VERSION); /* Reset counters */ counters->refcount=0; counters->classcount=0; counters->rulecount=0; counters->ruletotal=0; /* Re-load everything */ - free(config); - load_config(); + load_config(args->debug, args->config); pthread_mutex_unlock(&sig_mutex); - sagan_log(0, "Configuration reloaded."); + sagan_log(args->config, 0, "Configuration reloaded."); break; /* Signals to ignore */ @@ -161,96 +148,12 @@ break; case SIGUSR1: - sagan_statistics(); + sagan_statistics(args->config); break; default: - sagan_log(0, "[Received signal %d. Sagan doesn't know how to deal with]", sig); + sagan_log(args->config, 0, "[Received signal %d. Sagan doesn't know how to deal with]", sig); } } } - -/****************************************************************************/ -/* sig_handler_daemon, for handling signals when the --daemon flag is used */ -/* We don't spawn a sig_handler() thread in the event --daemon is used. */ -/* Signals must be handled differently. This is really redundant code and */ -/* I don't like it, but oh well. */ -/****************************************************************************/ - -void sig_handler_daemon( int sig ) { - -switch( sig ) - { - case SIGQUIT: - case SIGINT: - case SIGTERM: - case SIGSEGV: - case SIGABRT: - - sagan_log(0, "\n\n[Received signal %d. Sagan version %s shutting down]-------\n", sig, VERSION); - sagan_statistics(); - -#if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) - if ( config->dbtype != 0 ) record_last_cid(); -#endif - -#ifdef HAVE_LIBPRELUDE - -/* This comment is from the Snort source code. "Sensor reporting to Prelude - shall never go offline, which is why we use the - PRELUDE_CLIENT_EXIT_STATUS_FAILURE. */ - -if ( sagan_prelude_flag != 0 ) { -prelude_client_destroy(preludeclient, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); -prelude_deinit(); -} - -#endif - -#ifdef HAVE_LIBDNET -if ( sagan_unified2_flag ) Unified2CleanExit(); -#endif - - - fflush(config->sagan_alert_stream); - fclose(config->sagan_alert_stream); /* Close Sagan alert file */ - - fflush(config->sagan_log_stream); /* Close the sagan.log */ - fclose(config->sagan_log_stream); - - removelockfile(); - exit(0); - break; - - - case SIGHUP: - pthread_mutex_lock(&sig_mutex); - sagan_log(0, "[Reloading Sagan version %s.]-------", VERSION); - - /* Reset counters */ - counters->refcount=0; counters->classcount=0; counters->rulecount=0; counters->ruletotal=0; - - /* Re-load everything */ - - free(config); - load_config(); - - pthread_mutex_unlock(&sig_mutex); - - sagan_log(0, "Configuration reloaded."); - break; - - case 17: /* Child process has exited. */ - case 28: /* Terminal 'resize'/alarm. */ - break; - - case SIGUSR1: - sagan_statistics(); - break; - - default: - sagan_log(0, "[Received signal %d. Sagan doesn't know how to deal with]", sig); - } - -} diff -Nru sagan-0.1.9/src/sagan-stats.c sagan-0.2.0/src/sagan-stats.c --- sagan-0.1.9/src/sagan-stats.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-stats.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -36,55 +36,50 @@ #include "sagan.h" -struct _SaganConfig *config; struct _SaganCounters *counters; -void sagan_statistics() { +void sagan_statistics( _SaganConfig *config ) { sbool flag=0; if ((isatty(1))) { - sagan_log(0, "--------------------------------------------------------------------------"); - sagan_log(0, "Total number of events processed: %" PRIu64 "", counters->sagantotal); - sagan_log(0, "Total number of events thresholded: %" PRIu64 " (%.3f%%)", counters->threshold_total, CalcPct( counters->threshold_total, counters->sagantotal) ); - sagan_log(0, "Total number of signatures matched: %" PRIu64 " (%.3f%%)", counters->saganfound, CalcPct( counters->saganfound, counters->sagantotal ) ); - sagan_log(0, "Total events dropped: %" PRIu64 " (%.3f%%)", counters->sagandrop, CalcPct(counters->sagandrop, counters->sagantotal) ); - sagan_log(0, "--------------------------------------------------------------------------"); + sagan_log(config, 0, "--------------------------------------------------------------------------"); + sagan_log(config, 0, "Total number of events processed: %" PRIu64 "", counters->sagantotal); + sagan_log(config, 0, "Total number of events thresholded: %" PRIu64 " (%.3f%%)", counters->threshold_total, CalcPct( counters->threshold_total, counters->sagantotal) ); + sagan_log(config, 0, "Total number of signatures matched: %" PRIu64 " (%.3f%%)", counters->saganfound, CalcPct( counters->saganfound, counters->sagantotal ) ); + sagan_log(config, 0, "Total events dropped: %" PRIu64 " (%.3f%%)", counters->sagandrop, CalcPct(counters->sagandrop, counters->sagantotal) ); + sagan_log(config, 0, "--------------------------------------------------------------------------"); if ( config->sagan_ext_flag ) { - sagan_log(0, "Max external threads: %" PRIu64 " of %" PRIu64 " (%.3f%%) | External events dropped: %" PRIu64 "", counters->threadmaxextc, config->max_external_threads, CalcPct( counters->threadmaxextc, config->max_external_threads), counters->saganexternaldrop); + sagan_log(config, 0, "Max external threads: %" PRIu64 " of %" PRIu64 " (%.3f%%) | External events dropped: %" PRIu64 "", counters->threadmaxextc, config->max_external_threads, CalcPct( counters->threadmaxextc, config->max_external_threads), counters->saganexternaldrop); flag=1; } #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) if ( config->dbtype ) { - sagan_log(0, "Max Snort database threads: %" PRIu64 " of %" PRIu64 " (%.3f%%) | Snort DB drops: %" PRIu64 "", counters->threadmaxdbc, config->maxdb_threads, CalcPct( counters->threadmaxdbc, config->maxdb_threads), counters->sagansnortdrop); + sagan_log(config, 0, "Max Snort database threads: %" PRIu64 " of %" PRIu64 " (%.3f%%) | Snort DB drops: %" PRIu64 "", counters->threadmaxdbc, config->maxdb_threads, CalcPct( counters->threadmaxdbc, config->maxdb_threads), counters->sagansnortdrop); flag=1; } - if ( config->logzilla_dbtype ) { - sagan_log(0, "Max Logzilla threads: %" PRIu64 " of %" PRIu64 " (%.3f%%) | Logzilla events dropped: %" PRIu64 "", counters->threadmaxlogzillac, config->max_logzilla_threads, CalcPct( counters->threadmaxlogzillac, config->max_logzilla_threads), counters->saganlogzilladrop); - flag=1; - } #endif #ifdef HAVE_LIBESMTP if ( config->sagan_esmtp_flag ) { - sagan_log(0, "Max SMTP threads reached: %" PRIu64 " of %" PRIu64 " (%.3f%%) | SMTP events dropped: %" PRIu64 "", counters->threadmaxemailc, config->max_email_threads, CalcPct( counters->threadmaxemailc, config->max_email_threads), counters->saganesmtpdrop); + sagan_log(config, 0, "Max SMTP threads reached: %" PRIu64 " of %" PRIu64 " (%.3f%%) | SMTP events dropped: %" PRIu64 "", counters->threadmaxemailc, config->max_email_threads, CalcPct( counters->threadmaxemailc, config->max_email_threads), counters->saganesmtpdrop); flag=1; } #endif #ifdef HAVE_LIBPRELUDE if ( config->sagan_prelude_flag ) { - sagan_log(0, "Max Prelude threads reached: %" PRIu64 " of %" PRIu64 " (%.3f%%) | Prelude events dropped: %" PRIu64 "", counters->threadmaxpreludec, config->max_prelude_threads, CalcPct( counters->threadmaxpreludec, config->max_prelude_threads), counters->saganpreludedrop); + sagan_log(config, 0, "Max Prelude threads reached: %" PRIu64 " of %" PRIu64 " (%.3f%%) | Prelude events dropped: %" PRIu64 "", counters->threadmaxpreludec, config->max_prelude_threads, CalcPct( counters->threadmaxpreludec, config->max_prelude_threads), counters->saganpreludedrop); flag=1; } #endif -if ( flag == 1) sagan_log(0, "--------------------------------------------------------------------------"); +if ( flag == 1) sagan_log(config, 0, "--------------------------------------------------------------------------"); } } diff -Nru sagan-0.1.9/src/sagan-usage.c sagan-0.2.0/src/sagan-usage.c --- sagan-0.1.9/src/sagan-usage.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-usage.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -32,14 +32,14 @@ #include #include "sagan.h" -#include "version.h" +#include "version.h" void sagan_usage(void) { fprintf(stderr, "\n--[Sagan version %s | Help/usage screen]--------------------------------\n\n", VERSION); fprintf(stderr, "-h, --help\t\tHelp (this screen).\n"); -fprintf(stderr, "-d, --debug [type]\tTypes: syslog,load"); +fprintf(stderr, "-d, --debug [type]\tTypes: syslog, load"); #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) fprintf(stderr, ", sql"); @@ -60,10 +60,10 @@ fprintf(stderr, ".\n"); fprintf(stderr, "-D, --daemon\t\tMake process a daemon (fork to the background).\n"); -fprintf(stderr, "-U, --user\t\tRun as user (defaults to 'sagan').\n"); -fprintf(stderr, "-c, --chroot\t\tChroot to username 'sagan's home.\n"); -fprintf(stderr, "-f, --config\t\tSagan configuration file to load.\n"); -fprintf(stderr, "-p, --program\t\tRun Sagan in syslog-ng's 'program' mode.\n\n"); +fprintf(stderr, "-u, --user [username]\tRun as user (defaults to 'sagan').\n"); +fprintf(stderr, "-c, --chroot [dir]\tChroot Sagan to specified directory.\n"); +fprintf(stderr, "-f, --config [file]\tSagan configuration file to load.\n"); +fprintf(stderr, "-l, --log [file]\tsagan.log location [default: %s].\n\n", SAGANLOG ); #ifdef HAVE_LIBPQ fprintf(stderr, "* PostgreSQL support is included\n"); diff -Nru sagan-0.1.9/src/sagan-util.c sagan-0.2.0/src/sagan-util.c --- sagan-0.1.9/src/sagan-util.c 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/src/sagan-util.c 2011-08-21 16:53:30.000000000 +0000 @@ -1,6 +1,6 @@ /* -** Copyright (C) 2009-2011 Softwink, Inc. -** Copyright (C) 2009-2011 Champ Clark III +** Copyright (C) 2009-2011 Quadrant Information Security +** Copyright (C) 2009-2011 Champ Clark III ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License Version 2 as @@ -30,7 +30,7 @@ #ifdef HAVE_LIBMYSQLCLIENT_R #include -MYSQL *mysql, *mysql_logzilla; +MYSQL *mysql; #endif #include @@ -49,60 +49,66 @@ #include #include #include +#include + #include "sagan.h" + #include "version.h" -struct _SaganConfig *config; +sbool daemonize; + +/***************************************************************************** + * This force Sagan to chroot. * + * * + * Note: printf/fprints are used, because we actually chroot before the log * + * it initalized * + *****************************************************************************/ -char sagan_path[MAXPATH]; +void sagan_chroot(const char *username, const char *chrootdir ) { -sbool daemonize; -sbool programmode; -sbool dochroot; +struct passwd *pw = NULL; + +pw = getpwnam(username); +printf("[*] Chroot to %s\n", chrootdir); + +if (chroot(chrootdir) != 0 || chdir ("/") != 0) { + fprintf(stderr, "[E] Could not chroot to '%s'.\n", chrootdir); + exit(1); /* sagan.log isn't open yet */ + } +} /************************************************ * Drop priv's so we aren't running as "root". * ************************************************/ -void droppriv(const char *username, const char *fifo) +void sagan_droppriv(_SaganConfig *config, const char *username) { + struct stat fifocheck; struct passwd *pw = NULL; int ret; pw = getpwnam(username); - - if (pw) { - - if (pw->pw_dir) snprintf(sagan_path, sizeof(sagan_path), "%s", pw->pw_dir); - - if ( dochroot == 1) { - if (pw->pw_dir) { - if (chroot(pw->pw_dir) != 0 || chdir ("/") != 0) { - sagan_log(1, "Could not chroot/chdir to '%.64s'.", pw->pw_dir); - } - } - } - /* Some syslog daemons re-open the FIFO as 'root'. We reset that here */ + if (!pw) sagan_log(config, 1, "Couldn't locate user '%s'. Aborting...", username); + + if ( getuid() == 0 ) { + sagan_log(config, 0, "Dropping privileges [UID: %lu GID: %lu]", (unsigned long)pw->pw_uid, (unsigned long)pw->pw_gid); + ret = chown(config->sagan_fifo, (unsigned long)pw->pw_uid,(unsigned long)pw->pw_gid); - ret = chown(config->sagan_fifo, (unsigned long)pw->pw_uid,(unsigned long)pw->pw_gid); - if ( ret < 0 ) sagan_log(1, "[%s, line %d] Cannot change ownership of %s to username %s", __FILE__, __LINE__, config->sagan_fifo, username); + if (stat(config->sagan_fifo, &fifocheck) != 0 ) sagan_log(config, 1, "Cannot open %s FIFO!", config->sagan_fifo); - ret = chown(config->sagan_log_filepath, (unsigned long)pw->pw_uid,(unsigned long)pw->pw_gid); - if ( ret < 0 ) sagan_log(1, "[%s, line %d] Cannot change ownership of %s to username %s", __FILE__, __LINE__, config->sagan_log_filepath, username); + if ( ret < 0 ) sagan_log(config, 1, "[%s, line %d] Cannot change ownership of %s to username %s", __FILE__, __LINE__, config->sagan_fifo, username); if (initgroups(pw->pw_name, pw->pw_gid) != 0 || setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { - sagan_log(1, "[%s, line %d] Could not change to '%.32s' uid=%lu gid=%lu.", __FILE__, __LINE__, (unsigned long)pw->pw_uid, (unsigned long)pw->pw_gid, pw->pw_dir); - } - } - else { - sagan_log(1, "[%s, line %d] User \"%.32s\" cannot be found.", __FILE__, __LINE__, username); - } - - sagan_log(0, "Dropping privileges [UID: %lu GID: %lu]", (unsigned long)pw->pw_uid, (unsigned long)pw->pw_gid); + sagan_log(config, 1, "[%s, line %d] Could not change to '%.32s' uid=%lu gid=%lu.", __FILE__, __LINE__, (unsigned long)pw->pw_uid, (unsigned long)pw->pw_gid, pw->pw_dir); + } + + } else { + sagan_log(config, 0, "Not dropping privileges. Already running as a non-privileged user"); + } } /***************************************************************/ @@ -147,7 +153,6 @@ while( *s2 == '\n' )s2++; return s; } - /* Removes spaces from certain rule fields, etc */ @@ -169,14 +174,13 @@ } -void sagan_log (int type, const char *format,... ) { +void sagan_log (_SaganConfig *config , int type, const char *format,... ) { char buf[1024]; va_list ap; va_start(ap, format); char *chr="*"; char curtime[64]; - char tmplog[64]; time_t t; struct tm *now; t = time(NULL); @@ -189,7 +193,7 @@ fprintf(config->sagan_log_stream, "[%s] [%s] - %s\n", chr, curtime, buf); fflush(config->sagan_log_stream); - if ( programmode == 0 && daemonize == 0) printf("[%s] %s\n", chr, buf); + if ( daemonize == 0) printf("[%s] %s\n", chr, buf); if ( type == 1 ) exit(1); } @@ -209,7 +213,7 @@ * snort supports DB IPv6. */ -int ip2bit (char *ipaddr, int endian) { +int ip2bit ( _SaganConfig *config, char *ipaddr ) { struct sockaddr_in ipv4; uint32_t ip; @@ -218,10 +222,10 @@ /* Champ Clark III - 01/18/2011 */ if (!inet_pton(AF_INET, ipaddr, &ipv4.sin_addr)) { -sagan_log(0, "Warning: inet_pton() error, but continuing..."); +sagan_log(config, 0, "Warning: inet_pton() error, but continuing..."); } -if ( endian == 0 ) { +if ( config->endian == 0 ) { ip = htonl(ipv4.sin_addr.s_addr); } else { ip = ipv4.sin_addr.s_addr; @@ -242,7 +246,7 @@ /* Escape SQL. This was taken from Prelude. */ #if defined(HAVE_LIBMYSQLCLIENT_R) || defined(HAVE_LIBPQ) -char *sql_escape(const char *string, int from ) +char *sql_escape(_SaganConfig *config, const char *string, int from ) { size_t len; char *escaped=NULL; @@ -264,7 +268,7 @@ escaped = malloc(len * 2 + 3); if (! escaped) { - sagan_log(1, "[%s, line %d] Memory exhausted.", __FILE__, __LINE__ ); + sagan_log(config, 1, "[%s, line %d] Memory exhausted.", __FILE__, __LINE__ ); return NULL; } @@ -284,20 +288,6 @@ escaped[len + 2] = '\0'; } -/* Logzilla */ - -if ( from == 1 ) { -#ifdef HAVE_LIBMYSQLCLIENT_R -#if MYSQL_VERSION_ID >= 32200 - len = mysql_real_escape_string(mysql_logzilla, escaped + 1, string, len); -#else - len = mysql_escape_string(escaped + 1, string, len); -#endif -#endif - escaped[len + 1] = '\''; - escaped[len + 2] = '\0'; -} - /* Temp. copy value, and free(escaped) to prevent mem. leak */ snprintf(tmpescaped, sizeof(tmpescaped), "%s", escaped); @@ -316,7 +306,12 @@ sbool flag=0; int i; char tmp1[2]; -char tmp2[512]=""; + +/* quick and dirty fix added by drforbin....this function really should be reworked +fix added to make tmp2 presistent (non-automatic) so once the function returns it is presistent */ + +static char tmp2[512]; +memset(tmp2,0,sizeof(tmp2)); char *ret; for ( i=0; idisable_dns_warnings == 0 ) { - sagan_log(0, "--------------------------------------------------------------------------"); - sagan_log(0, "Sagan DNS lookup need for %s.", host); - sagan_log(0, "This can affect performance. Please see:" ); - sagan_log(0, "https://wiki.softwink.com/bin/view/Main/SaganDNS"); - sagan_log(0, "--------------------------------------------------------------------------"); + sagan_log(config, 0, "--------------------------------------------------------------------------"); + sagan_log(config, 0, "Sagan DNS lookup need for %s.", host); + sagan_log(config, 0, "This can affect performance. Please see:" ); + sagan_log(config, 0, "https://wiki.quadrantsec.com/bin/view/Main/SaganDNS"); + sagan_log(config, 0, "--------------------------------------------------------------------------"); } memset(&hints, 0, sizeof hints); @@ -379,7 +374,7 @@ hints.ai_socktype = SOCK_STREAM; if ((status = getaddrinfo(host, NULL, &hints, &res)) != 0) { - sagan_log(0, "getaddrinfo: %s", gai_strerror(status)); + sagan_log(config, 0, "getaddrinfo: %s", gai_strerror(status)); return NULL; } @@ -395,3 +390,41 @@ ret=ipstr; return ret; } + + +/* String replacement function. Used for things like $RULE_PATH */ + +char *sagan_replace_str(char *str, char *orig, char *rep) +{ + + static char buffer[4096]; + char *p; + + if(!(p = strstr(str, orig))) return str; + + strlcpy(buffer, str, p-str); + buffer[p-str] = '\0'; + sprintf(buffer+(p-str), "%s%s", rep, p+strlen(orig)); + return(buffer); +} + + +/* Get the filename from a path */ + +char *sagan_getfilename(char *file) { + + char *pfile; + pfile = file + strlen(file); + for (; pfile > file; pfile--) + { + if ((*pfile == '\\') || (*pfile == '/')) /* *nix/Windows */ + { + pfile++; + break; + } + } + +return(pfile); + +} + diff -Nru sagan-0.1.9/src/version.h sagan-0.2.0/src/version.h --- sagan-0.1.9/src/version.h 2011-04-18 18:32:00.000000000 +0000 +++ sagan-0.2.0/src/version.h 2011-08-21 16:56:20.000000000 +0000 @@ -1 +1 @@ -#define VERSION "0.1.9" +#define VERSION "0.2.0" diff -Nru sagan-0.1.9/TODO sagan-0.2.0/TODO --- sagan-0.1.9/TODO 2011-04-18 16:26:17.000000000 +0000 +++ sagan-0.2.0/TODO 2011-08-21 16:53:30.000000000 +0000 @@ -1,4 +1,4 @@ For the latest TODO list, see: -https://wiki.softwink.com/bin/view/Main/SaganTODO +https://wiki.quadrantsec.com/bin/view/Main/SaganTODO