Bug #176: Reading IDMEF Messages from the Manager - Libprelude - UNITY 360

Bug #176

Reading IDMEF Messages from the Manager

Added by almost 17 years ago. Updated about 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Yoann VANDOORSELAERE

Target version:

0.9.11

Start date:

Due date:

% Done:

Resolution:

invalid

Description

Hello,

I'm writing a small sensor to print IDMEF messages to the screen but I was wondering how to go about writing the program to do so.

Here's the code I got so far

int main(int argc, char **argv) {

    int ret;

    ret = prelude_init(&argc, argv);
    if ( ret < 0 ) {
            prelude_perror(ret, "unable to initialize the prelude library");
            return -1;
    }

    prelude_client_t *client;

    ret = prelude_client_new(&client, "AcSP");
    if ( ! client ) {
            prelude_perror(ret, "Unable to create a prelude client object");
            return -1;
    }    

    ret = prelude_client_start(client);
    if ( ret < 0 ) {
           prelude_perror(ret, "Unable to start prelude client");
           return -1;
    }

    ret = prelude_client_set_flags(client, PRELUDE_CLIENT_FLAGS_ASYNC_SEND|PRELUDE_CLIENT_FLAGS_ASYNC_TIMER);
    if ( ret < 0 ) {
           fprintf(stderr, "Unable to set asynchronous send and timer.\n");
           return -1;
    }

    prelude_msg_t *pmsg;
    idmef_message_t *message;
    prelude_io_t *pio;

    do 
    {
          sleep(1);

        ret = prelude_io_new(&pio);
        if ( ret < 0 )
                return ret;

        ret = prelude_msg_new(&pmsg, 10, 32, 1, 0);
        if ( ret < 0 )
                return ret;

        ret = prelude_msg_read(&pmsg, pio);
        if ( ret < 0 )
                return ret;    

        ret = idmef_message_new(&message);
        if ( ret < 0 )
                return ret;
/*        
        ret = idmef_message_read(message, pmsg);
        if ( ret < 0 )
                return ret;
*/
        prelude_timer_wake_up();        

    } while ( ret > 0 );

    prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);    

    return 0;
}

But I'm wondering what I'm missing when reading from pio coz after the sensor registers I get a Seg Fault.

An example of how to do so would be most welcome!

Thanks in advance,

Samer

History

#1 Updated by Yoann VANDOORSELAERE almost 17 years ago

Status changed from New to Closed
Resolution set to invalid

Hi,

Please have a look to the prelude-correlator code, it does exactly what you are trying to achieve: https://trac.prelude-ids.org/browser/trunk/prelude-correlator/src/prelude-correlator.c

Using this code, and more specifically the poll_manager() function, you will be able to make your application read forwarded messages from Prelude-Manager.

Note: I'm marking this bug as invalid, since these kind of question really belong to the Prelude mailing list.

Regards,

#2 Updated by Yoann VANDOORSELAERE about 14 years ago

Project changed from PRELUDE SIEM to Libprelude
Category deleted (1)
Target version deleted (~~0.9.11~~)

Also available in: Atom PDF

Project

General

Profile

Issues

Bug #176

Reading IDMEF Messages from the Manager

History

#1 Updated by Yoann VANDOORSELAERE almost 17 years ago

#2 Updated by Yoann VANDOORSELAERE about 14 years ago