![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8475240)
raw | patch | inline | side by side (parent: 8475240)
| author | Kris Nielander <krisnielander@gmail.com> | |
| Mon, 18 Feb 2013 22:17:42 +0000 (23:17 +0100) | ||
| committer | Kris Nielander <krisnielander@gmail.com> | |
| Mon, 18 Feb 2013 22:17:42 +0000 (23:17 +0100) |
| configure.in | patch | blob | history | |
| src/collectd.conf.in | patch | blob | history | |
| src/snort.c | patch | blob | history | |
| src/types.db | patch | blob | history |
diff --git a/configure.in b/configure.in
index 0e136d1dd4f38e4b0c99bd744ff677381c6e23dc..b07712e0b4bc1a28fbc3ea0336263d02a99710c9 100644 (file)
--- a/configure.in
+++ b/configure.in
have_linux_raid_md_u_h="no"
fi
+# For the snort module
+have_mman_h="no"
+AC_CHECK_HEADERS(sys/mman.h,
+ [have_mman_h="yes"],
+ [have_mman_h="no"],
+[
+#include <sys/stat.h>
+])
+
# For the swap module
have_linux_wireless_h="no"
if test "x$ac_system" = "xLinux"
AC_PLUGIN([sensors], [$with_libsensors], [lm_sensors statistics])
AC_PLUGIN([serial], [$plugin_serial], [serial port traffic])
AC_PLUGIN([snmp], [$with_libnetsnmp], [SNMP querying plugin])
-AC_PLUGIN([snort], [yes], [Snort perfmon plugin])
+AC_PLUGIN([snort], [$have_mman_h], [Snort perfmon plugin])
AC_PLUGIN([swap], [$plugin_swap], [Swap usage statistics])
AC_PLUGIN([syslog], [$have_syslog], [Syslog logging plugin])
AC_PLUGIN([table], [yes], [Parsing of tabular data])
diff --git a/src/collectd.conf.in b/src/collectd.conf.in
index 0ef55922fef8fc3599cd6d9a5a7eb4d572e839ff..86834db1cf04ce0a7f4f52cab78319826b1bff7e 100644 (file)
--- a/src/collectd.conf.in
+++ b/src/collectd.conf.in
#<Plugin "snort">
# <Metric "dropped">
# TypeInstance "pkt_drop_percent"
-# DataSourceType "GAUGE"
# Index 1
# </Metric>
# <Metric "mbps">
# TypeInstance "wire_mbits_per_sec.realtime"
-# DataSourceType "GAUGE"
# Index 2
# </Metric>
# <Metric "alerts">
# TypeInstance "alerts_per_second"
-# DataSourceType "GAUGE"
# Index 3
# </Metric>
# <Metric "kpps">
# TypeInstance "kpackets_wire_per_sec.realtime"
-# DataSourceType "GAUGE"
# Index 4
# </Metric>
# <Instance "eth0">
diff --git a/src/snort.c b/src/snort.c
index 4cea66ce887ca1be665c61eb7cf956244860b655..68be07f74050712499801d4e29e642f0738dfca8 100644 (file)
--- a/src/snort.c
+++ b/src/snort.c
struct metric_definition_s {
char *name;
- char *type_instance;
+ char *type;
int data_source_type;
int index;
struct metric_definition_s *next;
value_t value;
value_list_t vl = VALUE_LIST_INIT;
- DEBUG("snort plugin: plugin_instance=%s type_instance=%s value=%s",
- id->name, md->type_instance, buf);
+ DEBUG("snort plugin: plugin_instance=%s type=%s value=%s", id->name,
+ md->type, buf);
if (buf == NULL)
return (-1);
sstrncpy(vl.host, hostname_g, sizeof (vl.host));
sstrncpy(vl.plugin, "snort", sizeof(vl.plugin));
sstrncpy(vl.plugin_instance, id->name, sizeof(vl.plugin_instance));
- sstrncpy(vl.type, "snort", sizeof(vl.type));
- sstrncpy(vl.type_instance, md->type_instance, sizeof(vl.type_instance));
+ sstrncpy(vl.type, md->type, sizeof(vl.type));
vl.time = id->last;
vl.interval = id->interval;
@@ -92,14 +91,20 @@ static int snort_read_submit(instance_definition_t *id, metric_definition_t *md,
static int snort_read(user_data_t *ud){
instance_definition_t *id;
metric_definition_t *md;
- int fd;
+
int i;
+ int fd;
int count;
char **metrics;
+ char **metrics_t;
struct stat sb;
- char *p, *buf, *buf_s;
+ char *buf, *buf_t;
+
+ /* mmap, char pointers */
+ char *p_start;
+ char *p_end;
id = ud->data;
DEBUG("snort plugin: snort_read (instance = %s)", id->name);
}
if ((fstat(fd, &sb) != 0) || (!S_ISREG(sb.st_mode))){
- ERROR("snort plugin: \"%s\" is not a file.", id->path);
+ ERROR("snort plugin: `%s' is not a file.", id->path);
+ return (-1);
+ }
+
+ if (sb.st_size == 0){
+ ERROR("snort plugin: `%s' is empty.", id->path);
return (-1);
}
- p = mmap(/* addr = */ NULL, sb.st_size, PROT_READ, MAP_SHARED, fd,
+ p_start = mmap(/* addr = */ NULL, sb.st_size, PROT_READ, MAP_SHARED, fd,
/* offset = */ 0);
- if (p == MAP_FAILED){
+ if (p_start == MAP_FAILED){
ERROR("snort plugin: mmap error");
return (-1);
}
- /* Set the pointer to the last line of the file. */
- count = 0;
- for (i = sb.st_size - 2; i > 0; --i){
- if (p[i] == ',')
+ /* Set the start value count. */
+ count = 1;
+
+ /* Set the pointer to the last line of the file and count the fields.
+ (Skip the last two characters of the buffer: `\n' and `\0') */
+ for (p_end = (p_start + sb.st_size) - 2; p_end > p_start; --p_end){
+ if (*p_end == ','){
++count;
- else if (p[i] == '\n')
+ } else if (*p_end == '\n'){
+ ++p_end;
break;
+ }
+ }
+
+ if (count == 1){
+ ERROR("snort plugin: last line of `%s' does not contain enough values.", id->path);
+ return (-1);
}
- /* Move to the new line */
- i++;
-
- if (p[i] == '#'){
- ERROR("snort plugin: last line of perfmon file is a comment.");
+ if (*p_end == '#'){
+ ERROR("snort plugin: last line of `%s' is a comment.", id->path);
return (-1);
}
/* Copy the line to the buffer */
- buf_s = buf = strdup(&p[i]);
+ buf_t = buf = strdup(p_end);
/* Done with mmap and file pointer */
close(fd);
- munmap(p, sb.st_size);
+ munmap(p_start, sb.st_size);
/* Create a list of all values */
metrics = (char **)calloc(count, sizeof(char *));
- if (metrics == NULL)
+ if (metrics == NULL){
return (-1);
+ }
- for (i = 0; i < count; ++i)
- if ((p = strsep(&buf, ",")) != NULL)
- metrics[i] = p;
+ for (metrics_t = metrics; (*metrics_t = strsep(&buf_t, ",")) != NULL;)
+ if (**metrics_t != '\0')
+ if (++metrics_t >= &metrics[count])
+ break;
/* Set last time */
- id->last = TIME_T_TO_CDTIME_T(strtol(metrics[0], NULL, 0));
+ id->last = TIME_T_TO_CDTIME_T(strtol(*metrics, NULL, 0));
/* Register values */
for (i = 0; i < id->metric_list_len; ++i){
/* Free up resources */
free(metrics);
- free(buf_s);
+ free(buf);
return (0);
}
DEBUG("snort plugin: Destroying metric definition `%s'.", md->name);
sfree(md->name);
- sfree(md->type_instance);
+ sfree(md->type);
sfree(md);
}
-static int snort_config_add_metric_data_source_type(metric_definition_t *md, oconfig_item_t *ci){
- if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_STRING)){
- WARNING("snort plugin: `DataSourceType' needs exactly one string argument.");
- return (-1);
- }
-
- if (strcasecmp(ci->values[0].value.string, "GAUGE") == 0)
- md->data_source_type = DS_TYPE_GAUGE;
- else if (strcasecmp(ci->values[0].value.string, "COUNTER") == 0)
- md->data_source_type = DS_TYPE_COUNTER;
- else if (strcasecmp(ci->values[0].value.string, "DERIVE") == 0)
- md->data_source_type = DS_TYPE_DERIVE;
- else if (strcasecmp(ci->values[0].value.string, "ABSOLUTE") == 0)
- md->data_source_type = DS_TYPE_ABSOLUTE;
- else {
- WARNING("snort plugin: Unrecognized value for `DataSourceType' `%s'.", ci->values[0].value.string);
- return (-1);
- }
-
- return (0);
-}
-
static int snort_config_add_metric_index(metric_definition_t *md, oconfig_item_t *ci){
if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_NUMBER)){
WARNING("snort plugin: `Index' needs exactly one integer argument.");
@@ -225,6 +222,7 @@ static int snort_config_add_metric_index(metric_definition_t *md, oconfig_item_t
/* Parse metric */
static int snort_config_add_metric(oconfig_item_t *ci){
metric_definition_t *md;
+ const data_set_t *ds;
int status = 0;
int i;
return (-1);
}
- /* Reset the data source type to `-1', `0' is a gauge. */
- md->data_source_type = -1;
-
for (i = 0; i < ci->children_num; ++i){
oconfig_item_t *option = ci->children + i;
status = 0;
- if (strcasecmp("TypeInstance", option->key) == 0)
- status = cf_util_get_string(option, &md->type_instance);
- else if (strcasecmp("DataSourceType", option->key) == 0)
- status = snort_config_add_metric_data_source_type(md, option);
+ if (strcasecmp("Type", option->key) == 0)
+ status = cf_util_get_string(option, &md->type);
else if (strcasecmp("Index", option->key) == 0)
status = snort_config_add_metric_index(md, option);
else {
}
/* Verify all necessary options have been set. */
- if (md->type_instance == NULL){
- WARNING("snort plugin: Option `TypeInstance' must be set.");
- status = -1;
- } else if (md->data_source_type == -1){
- WARNING("snort plugin: Option `DataSourceType' must be set.");
+ if (md->type == NULL){
+ WARNING("snort plugin: Option `Type' must be set.");
status = -1;
} else if (md->index == 0){
WARNING("snort plugin: Option `Index' must be set.");
snort_metric_definition_destroy(md);
return (-1);
}
+
+ /* Retrieve the data source type from the types db. */
+ ds = plugin_get_ds(md->type);
+ if (ds == NULL){
+ WARNING("snort plugin: `Type' must be defined in `types.db'.");
+ snort_metric_definition_destroy(md);
+ return (-1);
+ } else {
+ md->data_source_type = ds->ds->type;
+ }
- DEBUG("snort plugin: md = { name = %s, type_instance = %s, data_source_type = %d, index = %d }",
- md->name, md->type_instance, md->data_source_type, md->index);
+ DEBUG("snort plugin: md = { name = %s, type = %s, data_source_type = %d, index = %d }",
+ md->name, md->type, md->data_source_type, md->index);
if (metric_head == NULL)
metric_head = md;
diff --git a/src/types.db b/src/types.db
index ffd82873b6f5d76fb350f48f0f310d6b4e6998ec..3358f5df59e82c4b1b3a55b7c74239159f804edf 100644 (file)
--- a/src/types.db
+++ b/src/types.db
signal_noise value:GAUGE:U:0
signal_power value:GAUGE:U:0
signal_quality value:GAUGE:0:U
-snort value:GAUGE:0:U
snr value:GAUGE:0:U
spam_check value:GAUGE:0:U
spam_score value:GAUGE:U:U