From ec19fd9e712e8ee710ec7d29b9f1476a95913db8 Mon Sep 17 00:00:00 2001
From: jbcheng <none@none>
Date: Thu, 8 Nov 2012 18:24:55 -0800
Subject: [PATCH] [2.7-rc1-csyslogd] add md5/sha1 checksums to client syslog
 CEF output as part of msg=

---
 src/os_csyslogd/alert.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/os_csyslogd/alert.c b/src/os_csyslogd/alert.c
index acf7b91ed..f271cb593 100755
--- a/src/os_csyslogd/alert.c
+++ b/src/os_csyslogd/alert.c
@@ -171,6 +171,12 @@ int OS_Alert_SendSyslog(alert_data *al_data, SyslogConfig *syslog_config)
         field_add_string(syslog_msg, OS_SIZE_2048, " suser=%s", al_data->user );
         field_add_string(syslog_msg, OS_SIZE_2048, " dst=%s", al_data->dstip );
         field_add_truncated(syslog_msg, OS_SIZE_2048, " msg=%s", al_data->log[0], 2 );
+        if (al_data->new_md5 && al_data->new_sha1) {
+            field_add_string(syslog_msg, OS_SIZE_2048, " Previous MD5: %s", al_data->old_md5 );
+            field_add_string(syslog_msg, OS_SIZE_2048, " Current MD5: %s", al_data->new_md5 );
+            field_add_string(syslog_msg, OS_SIZE_2048, " Previous SHA1: %s", al_data->old_sha1 );
+            field_add_string(syslog_msg, OS_SIZE_2048, " Current SHA1: %s", al_data->new_sha1 );
+        }
     }
     else if(syslog_config->format == JSON_CSYSLOG)
     {