8718fc089c1702b47d96742e181696409f1240c1
1 /**
2 *
3 * This program is free software; you can redistribute it and/or modify it
4 * under the terms of the GNU General Public License as published by the
5 * Free Software Foundation; only version 2 of the License is applicable.
6 *
7 * This program is distributed in the hope that it will be useful, but
8 * WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License along
13 * with this program; if not, write to the Free Software Foundation, Inc.,
14 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
15 *
16 * Authors:
17 * Kris Nielander <nielander@fox-it.com>
18 *
19 * This plugin is based on the snmp plugin by Florian octo Forster.
20 *
21 **/
23 #include <fcntl.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/mman.h>
27 #include <sys/stat.h>
29 #include "collectd.h"
30 #include "common.h" /* auxiliary functions */
31 #include "plugin.h" /* plugin_register_*, plugin_dispatch_values */
33 struct metric_definition_s {
34 char *name;
35 char *type_instance;
36 int data_source_type;
37 int index;
38 struct metric_definition_s *next;
39 };
40 typedef struct metric_definition_s metric_definition_t;
42 struct instance_definition_s {
43 char *name;
44 char *interface;
45 char *path;
46 metric_definition_t **metric_list;
47 int metric_list_len;
48 cdtime_t last;
49 cdtime_t interval;
50 struct instance_definition_s *next;
51 };
52 typedef struct instance_definition_s instance_definition_t;
54 /* Private */
55 static metric_definition_t *metric_head = NULL;
57 static int snort_read_submit(instance_definition_t *id, metric_definition_t *md,
58 const char *buf){
60 /* Registration variables */
61 value_t value;
62 value_list_t vl = VALUE_LIST_INIT;
64 DEBUG("snort plugin: plugin_instance=%s type_instance=%s value=%s",
65 id->name, md->type_instance, buf);
67 if (buf == NULL)
68 return (-1);
70 /* Parse value */
71 parse_value(buf, &value, md->data_source_type);
73 /* Register */
74 vl.values_len = 1;
75 vl.values = &value;
77 sstrncpy(vl.host, hostname_g, sizeof (vl.host));
78 sstrncpy(vl.plugin, "snort", sizeof(vl.plugin));
79 sstrncpy(vl.plugin_instance, id->name, sizeof(vl.plugin_instance));
80 sstrncpy(vl.type, "snort", sizeof(vl.type));
81 sstrncpy(vl.type_instance, md->type_instance, sizeof(vl.type_instance));
83 vl.time = id->last;
84 vl.interval = id->interval;
86 DEBUG("snort plugin: -> plugin_dispatch_values (&vl);");
87 plugin_dispatch_values(&vl);
89 return (0);
90 }
92 static int snort_read(user_data_t *ud){
93 instance_definition_t *id;
94 metric_definition_t *md;
95 int fd;
96 int i;
97 int count;
99 char **metrics;
101 struct stat sb;
102 char *p, *buf, *buf_s;
104 id = ud->data;
105 DEBUG("snort plugin: snort_read (instance = %s)", id->name);
107 fd = open(id->path, O_RDONLY);
108 if (fd == -1){
109 ERROR("snort plugin: Unable to open `%s'.", id->path);
110 return (-1);
111 }
113 if ((fstat(fd, &sb) != 0) || (!S_ISREG(sb.st_mode))){
114 ERROR("snort plugin: \"%s\" is not a file.", id->path);
115 return (-1);
116 }
118 p = mmap(0, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
119 if (p == MAP_FAILED){
120 ERROR("snort plugin: mmap error");
121 return (-1);
122 }
124 /* Find the key characters and stop on EOL (might be an EOL on the last line, skip that (-2)) */
125 count = 0;
126 for (i = sb.st_size - 2; i > 0; --i){
127 if (p[i] == ',')
128 ++count;
129 else if (p[i] == '\n')
130 break;
131 }
133 /* Move to the new line */
134 i++;
136 if (p[i] == '#'){
137 ERROR("snort plugin: last line of perfmon file is a comment.");
138 return (-1);
139 }
141 /* Copy the line to the buffer */
142 buf_s = buf = strdup(&p[i]);
144 /* Done with mmap and file pointer */
145 close(fd);
146 munmap(p, sb.st_size);
148 /* Create a list of all values */
149 metrics = (char **)malloc(sizeof(char *) * count);
150 if (metrics == NULL)
151 return (-1);
153 for (i = 0; i < count; ++i)
154 if ((p = strsep(&buf, ",")) != NULL)
155 metrics[i] = p;
157 /* Set last time */
158 id->last = TIME_T_TO_CDTIME_T(strtol(metrics[0], NULL, 0));
160 /* Register values */
161 for (i = 0; i < id->metric_list_len; ++i){
162 md = id->metric_list[i];
163 snort_read_submit(id, md, metrics[md->index]);
164 }
166 /* Free up resources */
167 free(metrics);
168 free(buf_s);
169 return (0);
170 }
172 static void snort_metric_definition_destroy(void *arg){
173 metric_definition_t *md;
175 md = arg;
176 if (md == NULL)
177 return;
179 if (md->name != NULL)
180 DEBUG("snort plugin: Destroying metric definition `%s'.", md->name);
182 sfree(md->name);
183 sfree(md->type_instance);
184 sfree(md);
185 }
187 static int snort_config_add_metric_type_instance(metric_definition_t *md, oconfig_item_t *ci){
188 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
189 WARNING("snort plugin: `TypeInstance' needs exactly one string argument.");
190 return (-1);
191 }
193 sfree(md->type_instance);
194 md->type_instance = strdup(ci->values[0].value.string);
195 if (md->type_instance == NULL)
196 return (-1);
198 return (0);
199 }
201 static int snort_config_add_metric_data_source_type(metric_definition_t *md, oconfig_item_t *ci){
202 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
203 WARNING("snort plugin: `DataSourceType' needs exactly one string argument.");
204 return (-1);
205 }
207 if (strcasecmp(ci->values[0].value.string, "GAUGE") == 0)
208 md->data_source_type = DS_TYPE_GAUGE;
209 else if (strcasecmp(ci->values[0].value.string, "COUNTER") == 0)
210 md->data_source_type = DS_TYPE_COUNTER;
211 else if (strcasecmp(ci->values[0].value.string, "DERIVE") == 0)
212 md->data_source_type = DS_TYPE_DERIVE;
213 else if (strcasecmp(ci->values[0].value.string, "ABSOLUTE") == 0)
214 md->data_source_type = DS_TYPE_ABSOLUTE;
215 else {
216 WARNING("snort plugin: Unrecognized value for `DataSourceType' `%s'.", ci->values[0].value.string);
217 return (-1);
218 }
220 return (0);
221 }
223 static int snort_config_add_metric_index(metric_definition_t *md, oconfig_item_t *ci){
224 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_NUMBER)){
225 WARNING("snort plugin: `Index' needs exactly one integer argument.");
226 return (-1);
227 }
229 md->index = (int)ci->values[0].value.number;
230 if (md->index <= 0){
231 WARNING("snort plugin: `Index' must be higher than 0.");
232 return (-1);
233 }
235 return (0);
236 }
238 /* Parse metric */
239 static int snort_config_add_metric(oconfig_item_t *ci){
240 metric_definition_t *md;
241 int status = 0;
242 int i;
244 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
245 WARNING("snort plugin: The `Metric' config option needs exactly one string argument.");
246 return (-1);
247 }
249 md = (metric_definition_t *)malloc(sizeof(metric_definition_t));
250 if (md == NULL)
251 return (-1);
252 memset(md, 0, sizeof(metric_definition_t));
254 md->name = strdup(ci->values[0].value.string);
255 if (md->name == NULL){
256 free(md);
257 return (-1);
258 }
260 for (i = 0; i < ci->children_num; ++i){
261 oconfig_item_t *option = ci->children + i;
262 status = 0;
264 if (strcasecmp("TypeInstance", option->key) == 0)
265 status = snort_config_add_metric_type_instance(md, option);
266 else if (strcasecmp("DataSourceType", option->key) == 0)
267 status = snort_config_add_metric_data_source_type(md, option);
268 else if (strcasecmp("Index", option->key) == 0)
269 status = snort_config_add_metric_index(md, option);
270 else {
271 WARNING("snort plugin: Option `%s' not allowed here.", option->key);
272 status = -1;
273 }
275 if (status != 0)
276 break;
277 }
279 if (status != 0){
280 snort_metric_definition_destroy(md);
281 return (-1);
282 }
284 /* Verify all necessary options have been set. */
285 if (md->type_instance == NULL){
286 WARNING("snort plugin: Option `TypeInstance' must be set.");
287 status = -1;
288 } else if (md->data_source_type == 0){
289 WARNING("snort plugin: Option `DataSourceType' must be set.");
290 status = -1;
291 } else if (md->index == 0){
292 WARNING("snort plugin: Option `Index' must be set.");
293 status = -1;
294 }
296 if (status != 0){
297 snort_metric_definition_destroy(md);
298 return (-1);
299 }
301 DEBUG("snort plugin: md = { name = %s, type_instance = %s, data_source_type = %d, index = %d }",
302 md->name, md->type_instance, md->data_source_type, md->index);
304 if (metric_head == NULL)
305 metric_head = md;
306 else {
307 metric_definition_t *last;
308 last = metric_head;
309 while (last->next != NULL)
310 last = last->next;
311 last->next = md;
312 }
314 return (0);
315 }
317 static void snort_instance_definition_destroy(void *arg){
318 instance_definition_t *id;
320 id = arg;
321 if (id == NULL)
322 return;
324 if (id->name != NULL)
325 DEBUG("snort plugin: Destroying instance definition `%s'.", id->name);
327 sfree(id->name);
328 sfree(id->interface);
329 sfree(id->path);
330 sfree(id->metric_list);
331 sfree(id);
332 }
334 static int snort_config_add_instance_interface(instance_definition_t *id, oconfig_item_t *ci){
335 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
336 WARNING("snort plugin: The `Interface' config options needs exactly one string argument");
337 return (-1);
338 }
340 sfree(id->interface);
341 id->interface = strdup(ci->values[0].value.string);
342 if (id->interface == NULL)
343 return (-1);
345 return (0);
346 }
348 static int snort_config_add_instance_path(instance_definition_t *id, oconfig_item_t *ci){
349 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
350 WARNING("snort plugin: The `Path' config option needs exactly one string argument.");
351 return (-1);
352 }
354 sfree(id->path);
355 id->path = strdup(ci->values[0].value.string);
356 if (id->path == NULL)
357 return (-1);
359 return (0);
360 }
362 static int snort_config_add_instance_collect(instance_definition_t *id, oconfig_item_t *ci){
363 metric_definition_t *metric;
364 int i;
366 if (ci->values_num < 1){
367 WARNING("snort plugin: The `Collect' config option needs at least one argument.");
368 return (-1);
369 }
371 /* Verify string arguments */
372 for (i = 0; i < ci->values_num; ++i)
373 if (ci->values[i].type != OCONFIG_TYPE_STRING){
374 WARNING("snort plugin: All arguments to `Collect' must be strings.");
375 return (-1);
376 }
378 id->metric_list = (metric_definition_t **)malloc(sizeof(metric_definition_t *) * ci->values_num);
379 if (id->metric_list == NULL)
380 return (-1);
382 for (i = 0; i < ci->values_num; ++i){
383 for (metric = metric_head; metric != NULL; metric = metric->next)
384 if (strcasecmp(ci->values[i].value.string, metric->name) == 0)
385 break;
387 if (metric == NULL){
388 WARNING("snort plugin: `Collect' argument not found `%s'.", ci->values[i].value.string);
389 return (-1);
390 }
392 DEBUG("snort plugin: id { name=%s md->name=%s }", id->name, metric->name);
394 id->metric_list[i] = metric;
395 id->metric_list_len++;
396 }
398 return (0);
399 }
401 /* Parse instance */
402 static int snort_config_add_instance(oconfig_item_t *ci){
404 instance_definition_t* id;
405 int status = 0;
406 int i;
408 /* Registration variables */
409 char cb_name[DATA_MAX_NAME_LEN];
410 user_data_t cb_data;
411 struct timespec cb_interval;
413 if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
414 WARNING("snort plugin: The `Instance' config option needs exactly one string argument.");
415 return (-1);
416 }
418 id = (instance_definition_t *)malloc(sizeof(instance_definition_t));
419 if (id == NULL)
420 return (-1);
421 memset(id, 0, sizeof(instance_definition_t));
423 id->name = strdup(ci->values[0].value.string);
424 if (id->name == NULL){
425 free(id);
426 return (-1);
427 }
429 for (i = 0; i < ci->children_num; ++i){
430 oconfig_item_t *option = ci->children + i;
431 status = 0;
433 if (strcasecmp("Interface", option->key) == 0)
434 status = snort_config_add_instance_interface(id, option);
435 else if (strcasecmp("Path", option->key) == 0)
436 status = snort_config_add_instance_path(id, option);
437 else if (strcasecmp("Collect", option->key) == 0)
438 status = snort_config_add_instance_collect(id, option);
439 else if (strcasecmp("Interval", option->key) == 0)
440 cf_util_get_cdtime(option, &id->interval);
441 else {
442 WARNING("snort plugin: Option `%s' not allowed here.", option->key);
443 status = -1;
444 }
446 if (status != 0)
447 break;
448 }
450 if (status != 0){
451 snort_instance_definition_destroy(id);
452 return (-1);
453 }
455 /* Verify all necessary options have been set. */
456 if (id->interface == NULL){
457 WARNING("snort plugin: Option `Interface' must be set.");
458 status = -1;
459 } else if (id->path == NULL){
460 WARNING("snort plugin: Option `Path' must be set.");
461 status = -1;
462 } else if (id->metric_list == NULL){
463 WARNING("snort plugin: Option `Collect' must be set.");
464 status = -1;
465 } else if (id->interval == 0){
466 WARNING("snort plugin: Option `Interval' must be set.");
467 status = -1;
468 }
470 if (status != 0){
471 snort_instance_definition_destroy(id);
472 return (-1);
473 }
475 DEBUG("snort plugin: id = { name = %s, interface = %s, path = %s }",
476 id->name, id->interface, id->path);
478 /* Set callback data (worried about this one, it's not a pointer yet it get
479 passed on to a callback) */
480 ssnprintf (cb_name, sizeof (cb_name), "snort-%s", id->name);
481 memset(&cb_data, 0, sizeof(cb_data));
482 cb_data.data = id;
483 cb_data.free_func = snort_instance_definition_destroy;
484 CDTIME_T_TO_TIMESPEC(id->interval, &cb_interval);
485 status = plugin_register_complex_read(NULL, cb_name, snort_read, &cb_interval, &cb_data);
487 if (status != 0){
488 ERROR("snort plugin: Registering complex read function failed.");
489 snort_instance_definition_destroy(id);
490 return (-1);
491 }
493 return (0);
494 }
496 /* Parse blocks */
497 static int snort_config(oconfig_item_t *ci){
498 int i;
499 for (i = 0; i < ci->children_num; ++i){
500 oconfig_item_t *child = ci->children + i;
501 if (strcasecmp("Metric", child->key) == 0)
502 snort_config_add_metric(child);
503 else if (strcasecmp("Instance", child->key) == 0)
504 snort_config_add_instance(child);
505 else
506 WARNING("snort plugin: Ignore unknown config option `%s'.", child->key);
507 }
509 return (0);
510 } /* int snort_config */
512 static int snort_init(void){
513 return (0);
514 }
516 static int snort_shutdown(void){
517 metric_definition_t *metric_this;
518 metric_definition_t *metric_next;
520 metric_this = metric_head;
521 metric_head = NULL;
523 while (metric_this != NULL){
524 metric_next = metric_this->next;
525 snort_metric_definition_destroy(metric_this);
526 metric_this = metric_next;
527 }
529 return (0);
530 }
532 void module_register(void){
533 plugin_register_complex_config("snort", snort_config);
534 plugin_register_init("snort", snort_init);
535 plugin_register_shutdown("snort", snort_shutdown);
536 }