-
Notifications
You must be signed in to change notification settings - Fork 73
/
monitor.c
102 lines (87 loc) · 1.97 KB
/
monitor.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/*
* File: monitor.c
* Author: DoI
*
* Monitors a log file and looks for a specific string
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <pcre.h>
#include <string.h>
#include <sys/types.h>
#include <sys/inotify.h>
#include <errno.h>
#include <unistd.h>
#include "monitor.h"
#include "util.h"
#include "fuzzotron.h"
// Currently does not implement file re-open when the file being monitored is overwritten...
int monitor(char * file, char * regex){
char * buff = NULL;
pcre *re;
size_t len = 0;
int check;
re = compile_regex(regex);
FILE *fh = fopen(file, "r");
if(fh == NULL){
printf("[!] Error opening file %s: %s!\n", file, strerror(errno));
printf("[!] Falling back to crash-detection only\n");
return -1;
}
fseek(fh, 0, SEEK_END);
for(;;){
ssize_t w;
while((w = getline(&buff, &len, fh)) > 0){
check = parse_line(buff, re);
if(check == 0){
printf("[!] REGEX matched! Exiting.\n");
stop = 1;
goto end;
}
}
// Once EOF is set, getline will constantly return EOF.
// Call clearerr() to remove the feof flag and read more
// data as it's appended.
clearerr(fh);
usleep(10000);
}
end:
free(buff);
fclose(fh);
return 0;
}
int parse_line(char* line, pcre *regex){
int ovector[30];
int match = pcre_exec(
regex,
NULL,
line,
(int)strlen(line),
0,
0,
ovector,
30
);
if(match < 0){
return -1;
}
return 0;
}
pcre * compile_regex(char* regex){
pcre *re;
int erroroffset;
const char *error;
re = pcre_compile(
regex,
0,
&error,
&erroroffset,
NULL
);
if(re == NULL){
// Compilation failed!
fatal("[!] PCRE compile failed at offset %d error: %s\n", erroroffset, error);
}
return re;
}