1
0
forked from extern/alertik
alertik/events.c

114 lines
2.6 KiB
C
Raw Normal View History

2024-05-31 03:28:28 +02:00
/*
* Alertik: a tiny 'syslog' server & notification tool for Mikrotik routers.
* This is free and unencumbered software released into the public domain.
*/
#include <stdio.h>
#include <string.h>
#include "events.h"
#include "alertik.h"
void handle_wifi_login_attempts(struct log_event *ev);
/* Handlers. */
struct ev_handler handlers[NUM_EVENTS] = {
/* Failed login attempts. */
{
.str = "unicast key exchange timeout",
.hnd = handle_wifi_login_attempts,
.evnt_type = EVNT_SUBSTR
},
/* Add new handlers here. */
};
/**
* @brief Given an event, checks if it belongs to one of the
* registered events and then, handle it.
*
* @param ev Event to be processed.
*
* @return Returns the amount of matches, 0 if none (not handled).
*/
int process_static_event(struct log_event *ev)
{
int i;
int handled;
for (i = 0, handled = 0; i < NUM_EVENTS; i++) {
if (strstr(ev->msg, handlers[i].str)) {
handlers[i].hnd(ev);
handled += 1;
}
}
return handled;
}
2024-05-31 03:28:28 +02:00
///////////////////////////// FAILED LOGIN ATTEMPTS ///////////////////////////
static int
parse_login_attempt_msg(const char *msg, char *wifi_iface, char *mac_addr)
{
size_t len = strlen(msg);
size_t tmp = 0;
size_t at = 0;
/* Find '@' and the last ' '. */
for (at = 0; at < len && msg[at] != '@'; at++) {
if (msg[at] == ' ')
tmp = at;
}
if (at == len || !tmp) {
log_msg("unable to parse additional data, ignoring...\n");
return -1;
}
memcpy(mac_addr, msg + tmp + 1, MIN(at - tmp - 1, 32));
/*
* Find network name.
* Assuming that the interface name does not have ':'...
*/
for (tmp = at + 1; tmp < len && msg[tmp] != ':'; tmp++);
if (tmp == len) {
log_msg("unable to find interface name!, ignoring..\n");
return -1;
}
memcpy(wifi_iface, msg + at + 1, MIN(tmp - at - 1, 32));
return (0);
}
void handle_wifi_login_attempts(struct log_event *ev)
{
char time_str[32] = {0};
char mac_addr[32] = {0};
char wifi_iface[32] = {0};
char notification_message[2048] = {0};
log_msg("> Login attempt detected!\n");
if (parse_login_attempt_msg(ev->msg, wifi_iface, mac_addr) < 0)
return;
/* Send our notification. */
snprintf(
notification_message,
sizeof notification_message - 1,
2024-07-16 03:16:27 +02:00
"There is someone trying to connect "
2024-05-31 03:28:28 +02:00
"to your WiFi: %s, with the mac-address: %s, at:%s",
wifi_iface,
mac_addr,
get_formatted_time(ev->timestamp, time_str)
);
log_msg("> Retrieved info, MAC: (%s), Interface: (%s)\n", mac_addr, wifi_iface);
if (send_telegram_notification(notification_message) < 0) {
log_msg("unable to send the notification!\n");
return;
}
}
////////////////////////////// YOUR HANDLER HERE //////////////////////////////