diff --git a/src/elasticsearch.c b/src/elasticsearch.c index d939657..4cbcdcd 100644 --- a/src/elasticsearch.c +++ b/src/elasticsearch.c @@ -3,68 +3,41 @@ size_t write_data(char *dbit, size_t size, size_t nmemb, void *user_data) { - char *data = (char*)user_data; - static size_t data_size = 0; - size_t n = size * nmemb; - memcpy(data + data_size, dbit, n); - data_size += n; - data[data_size] = '\0'; - return n; + // Discard curl output + return size * nmemb; } -void test_curl() { +int put_events(char* data, char* es_url) { // es_url should be a string like 'http://192.168.1.120:8298' CURL *curl; CURLcode res; - char data[50000] = ""; - curl = curl_easy_init(); - curl_easy_setopt(curl, CURLOPT_URL, "http://192.168.1.120:8298/"); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data); - curl_easy_setopt(curl, CURLOPT_TIMEOUT, 5); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, &data); - - res = curl_easy_perform(curl); - - curl_easy_cleanup(curl); - curl_global_cleanup(); - printf("%d %s", res, data); -} - - - -int put_events(char* data) { - CURL *curl; - CURLcode res; - char response[50000] = ""; + char* endpoint = "/_bulk"; + char final_url[strlen(es_url) + strlen(endpoint) + 1]; + sprintf(final_url, "%s%s", es_url, endpoint); curl = curl_easy_init(); // check this and all of these curl functions - curl_easy_setopt(curl, CURLOPT_URL, "http://192.168.1.120:8298/_bulk"); + + struct curl_slist *headers=NULL; + headers = curl_slist_append(headers, "Content-Type: application/json"); + + curl_easy_setopt(curl, CURLOPT_URL, final_url); curl_easy_setopt(curl, CURLOPT_POST, 1); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 15); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); // curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); - struct curl_slist *headers=NULL; - headers = curl_slist_append(headers, "Content-Type: application/json"); - curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); - res = curl_easy_perform(curl); - curl_slist_free_all(headers); - curl_easy_cleanup(curl); curl_global_cleanup(); if(res != CURLE_OK) { - printf("%d %s\n", res, response); + // printf("%d %s\n", res, response); + printf("CURL returned: %d\n", res); } return res == CURLE_OK ? 0 : 1; } - - - - diff --git a/src/elasticsearch.h b/src/elasticsearch.h index 3b4965d..7d921a9 100644 --- a/src/elasticsearch.h +++ b/src/elasticsearch.h @@ -1,2 +1,2 @@ void test_curl(); -int put_events(char* data); +int put_events(char* data, char* es_url); diff --git a/src/pfparser.h b/src/pfparser.h index de5d42a..ccb3762 100644 --- a/src/pfparser.h +++ b/src/pfparser.h @@ -2,7 +2,7 @@ #include -#define IFACE_LEN 8 +#define IFACE_LEN 16 typedef enum pf_hit_reason { diff --git a/src/server.c b/src/server.c index b1c2657..8590960 100644 --- a/src/server.c +++ b/src/server.c @@ -93,10 +93,14 @@ int handle_message(char* msg) { void clear_buffer() { - char* header = "{\"index\": {\"_index\": \"firewall-test\", \"_type\": \"event\"}}\n"; - int header_size = strlen(header); + char header[72]; + sprintf(header, "{\"index\": {\"_index\": \"firewall-%04d.%02d.%02d\", \"_type\": \"event\"}}\n", + cur_time.tm_year + 1900, + cur_time.tm_mon + 1, + cur_time.tm_mday); // Calculate how large the payload will be + int header_size = strlen(header); int num_messages = buff_count(); char* messages[num_messages]; int message_size = 0; @@ -115,7 +119,7 @@ void clear_buffer() { } // Send it - if(put_events(message) == 0) { + if(put_events(message, "http://192.168.1.120:8298") == 0) { printf("Pushed %d messages\n", num_messages); } else { printf("Failed to post messages!\n"); @@ -173,13 +177,12 @@ int run_server(int port) { printf("."); fflush(stdout); - if(buff_count() > BUFF_MAX) { + if(buff_count() >= BUFF_MAX) { printf("\n"); clear_buffer(); } } - printf("Clearing buffer, freeing %d entries\n", buff_count()); buff_freeall(); geo_close(); return 1;