1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/*
* Copyright (C) 2009-10 Luca Deri <deri@ntop.org>
*
* http://www.ntop.org/
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include "ntop.h"
/* ************************************************* */
static char* flag2string(int eventValue) {
static char buf[64];
switch(eventValue) {
case FLAG_THE_DOMAIN_HAS_BEEN_COMPUTED : return("THE_DOMAIN_HAS_BEEN_COMPUTED");
case FLAG_PRIVATE_IP_ADDRESS : return("PRIVATE_IP_ADDRESS");
case FLAG_SUBNET_LOCALHOST : return("SUBNET_LOCALHOST");
case FLAG_BROADCAST_HOST : return("BROADCAST_HOST");
case FLAG_MULTICAST_HOST : return("MULTICAST_HOST");
case FLAG_GATEWAY_HOST : return("GATEWAY_HOST");
case FLAG_NAME_SERVER_HOST : return("NAME_SERVER_HOST");
case FLAG_SUBNET_PSEUDO_LOCALHOST : return("SUBNET_PSEUDO_LOCALHOST");
case FLAG_HOST_TYPE_SERVER : return("HOST_TYPE_SERVER");
case FLAG_HOST_TYPE_WORKSTATION : return("HOST_TYPE_WORKSTATION");
case FLAG_HOST_TYPE_PRINTER : return("HOST_TYPE_PRINTER");
case FLAG_HOST_TYPE_SVC_SMTP : return("HOST_TYPE_SVC_SMTP");
case FLAG_HOST_TYPE_SVC_POP : return("HOST_TYPE_SVC_POP");
case FLAG_HOST_TYPE_SVC_IMAP : return("HOST_TYPE_SVC_IMAP");
case FLAG_HOST_TYPE_SVC_DIRECTORY : return("HOST_TYPE_SVC_DIRECTORY");
case FLAG_HOST_TYPE_SVC_FTP : return("HOST_TYPE_SVC_FTP");
case FLAG_HOST_TYPE_SVC_HTTP : return("HOST_TYPE_SVC_HTTP");
case FLAG_HOST_TYPE_SVC_WINS : return("HOST_TYPE_SVC_WINS");
case FLAG_HOST_TYPE_SVC_BRIDGE : return("HOST_TYPE_SVC_BRIDGE");
case FLAG_HOST_TYPE_SVC_DHCP_CLIENT : return("HOST_TYPE_SVC_DHCP_CLIENT");
case FLAG_HOST_TYPE_SVC_DHCP_SERVER : return("HOST_TYPE_SVC_DHCP_SERVER");
case FLAG_HOST_TYPE_MASTER_BROWSER : return("HOST_TYPE_MASTER_BROWSER");
case FLAG_HOST_TYPE_MULTIHOMED : return("HOST_TYPE_MULTIHOMED");
case FLAG_HOST_TYPE_SVC_NTP_SERVER : return("HOST_TYPE_SVC_NTP_SERVER");
case FLAG_HOST_TYPE_MULTIVLANED : return("HOST_TYPE_MULTIVLANED");
case FLAG_HOST_TYPE_SVC_VOIP_CLIENT : return("HOST_TYPE_SVC_VOIP_CLIENT");
case FLAG_HOST_TYPE_SVC_VOIP_GATEWAY : return("HOST_TYPE_SVC_VOIP_GATEWAY");
case FLAG_HOST_WRONG_NETMASK : return("HOST_WRONG_NETMASK");
case FLAG_HOST_DUPLICATED_MAC : return("HOST_DUPLICATED_MAC");
default:
snprintf(buf, sizeof(buf), "%d", eventValue);
return(buf);
}
}
/* ************************************************* */
void notifyEvent(EventType evt, HostTraffic *el, IPSession *session, int eventValue) {
char *event = NULL, *info = "";
FILE *fd;
if((el == NULL)
|| (!(myGlobals.event_mask && evt))
|| (myGlobals.event_log == NULL)
|| (myGlobals.event_log[0] == '\0')
)
return;
switch(evt) {
case hostCreation:
event = "Host created";
break;
case hostDeletion:
event = "Host deleted";
break;
case sessionCreation:
event = "IP session created";
break;
case sessionDeletion:
event = "IP session deleted";
break;
case hostFlagged:
event = "Host flagged";
info = flag2string(eventValue);
break;
case hostUnflagged:
event = "Host un-flagged";
info = flag2string(eventValue);
break;
}
if((fd = fopen(myGlobals.event_log, "a")) != NULL) {
time_t theTime = time(NULL);
struct tm t;
char bufTime[LEN_TIMEFORMAT_BUFFER];
memset(bufTime, 0, sizeof(bufTime));
strftime(bufTime, sizeof(bufTime),
CONST_LOCALE_TIMESPEC, localtime_r(&theTime, &t));
fprintf(fd, "%s [event: %s][target: %s/%s/%s]\n",
bufTime, event,
el->ethAddressString,
el->hostNumIpAddress,
info);
fclose(fd);
} else
traceEvent(CONST_TRACE_WARNING, "Unable to write into log event [%s]",
myGlobals.event_log);
}
/* ************************************************* */
void init_events(void) {
char buf[64], *key;
key = EVENTS_MASK;
if(fetchPrefsValue(key, buf, sizeof(buf)) != -1) {
myGlobals.event_mask = atoi(buf);
} else {
myGlobals.event_mask = 0;
storePrefsValue(key, "0");
}
key = EVENTS_LOG;
if(fetchPrefsValue(key, buf, sizeof(buf)) != -1) {
myGlobals.event_log = strdup(buf);
} else {
myGlobals.event_log = NULL;
storePrefsValue(key, "");
}
traceEvent(CONST_TRACE_INFO, "Initialized events [mask: %d][path: %s]",
myGlobals.event_mask, myGlobals.event_log ? myGlobals.event_log : "<none>");
}
|
