On 12/20/2011 09:07 AM, alsdks wrote: > Hello, Hello, > > > Is there a way to have reportd to not "cutt" long paths , it seems to > have a max character limitation.
I was working on this last week, I had to modify the source code for monitord, I think the file is: src/shared/report_op.c. You can test the attached patch for 2.6, I hope it works for you. > > For example output of "zcat logs/alerts/2011/Dec/*.gz | bin/ossec- > reportd -n "Month Summary" 2>" is showing like : > > Top entries for 'Filenames': > ------------------------------------------------ > /etc/utmp |17 | > /etc/opt/resmon/log/registrar.log |9 | > /etc/opt/resmon/log/registrar.log.old |6 | > /etc/security/lastlog |6 | > /opt/ossec/etc/ossec.conf |6 | > /var/ossec/etc/ossec.conf |6 | > HKEY_LOCAL_MACHINE\Security\SAM\Domains\Acco.. |6 | > HKEY_LOCAL_MACHINE\Software\Microsoft\Window.. |6 | > HKEY_LOCAL_MACHINE\Software\Microsoft\Window.. |6 | > HKEY_LOCAL_MACHINE\Software\Microsoft\Window.. |6 | > HKEY_LOCAL_MACHINE\Software\Policies\Microso.. |6 | > HKEY_LOCAL_MACHINE\Software\Policies\Microso.. |6 | > HKEY_LOCAL_MACHINE\System\CurrentControlSet\.. |6 | > HKEY_LOCAL_MACHINE\System\CurrentControlSet\.. |6 | > > > So from the report it is not possible to see what the full name is . > In this example it could be anything under HKEY_LOCAL_MACHINE\Software > \Microsoft\Window... > > > Thank you > -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: [email protected] GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
--- ossec-hids-2.6-orig/src/shared/report_op.c 2011-07-11 14:36:59.000000000 -0500
+++ ossec-hids-2.6-OK/src/shared/report_op.c 2011-12-13 14:26:10.000000000 -0600
@@ -57,12 +57,12 @@
if(!t)
{
l_print_out("Top entries for '%s':", hname);
- l_print_out("------------------------------------------------");
+ l_print_out("----------------------------------------------------------------------------------------");
}
else
{
l_print_out("Related entries for '%s':", hname);
- l_print_out("------------------------------------------------");
+ l_print_out("----------------------------------------------------------------------------------------");
}
}
@@ -392,11 +392,11 @@
/* With location we leave more space to be clearer. */
if(!print_related)
{
- if(strlen(lkey) > 46)
+ if(strlen(lkey) > 76)
{
- lkey[44] = '.';
- lkey[45] = '.';
- lkey[46] = '\0';
+ lkey[74] = '.';
+ lkey[75] = '.';
+ lkey[76] = '\0';
}
if(!dopdout)
@@ -404,7 +404,7 @@
_os_header_print(print_related, hname);
dopdout = 1;
}
- l_print_out("%-48s|%-8d|", (char *)next_node->key, st_data->currently_size);
+ l_print_out("%-78s|%-8d|", (char *)next_node->key, st_data->currently_size);
}
@@ -416,7 +416,7 @@
_os_header_print(print_related, hname);
dopdout = 1;
}
- l_print_out("%-48s|%-8d|", (char *)next_node->key, st_data->currently_size);
+ l_print_out("%-78s|%-8d|", (char *)next_node->key, st_data->currently_size);
if(print_related & REPORT_REL_LOCATION)
_os_report_print_related(REPORT_REL_LOCATION, st_data);
@@ -635,7 +635,7 @@
l_print_out("Report '%s' completed.", r_filter->report_name);
else
l_print_out("Report completed. ==");
- l_print_out("------------------------------------------------");
+ l_print_out("----------------------------------------------------------------------------------------");
l_print_out("->Processed alerts: %d", alerts_processed);
l_print_out("->Post-filtering alerts: %d", alerts_filtered);
@@ -712,7 +712,7 @@
if(r_filter->show_alerts)
{
l_print_out("Log dump:");
- l_print_out("------------------------------------------------");
+ l_print_out("----------------------------------------------------------------------------------------");
}
while(data_to_clean[i])
{
signature.asc
Description: OpenPGP digital signature
