1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
10 /* Get the log directory/file based on the day/month/year */
12 #include "getloglocation.h"
15 /* Global definitions */
22 /* Global variables */
24 static char __elogfile[OS_FLSIZE + 1];
25 static char __alogfile[OS_FLSIZE + 1];
26 static char __flogfile[OS_FLSIZE + 1];
27 static char __jlogfile[OS_FLSIZE + 1];
28 static char __ejlogfile[OS_FLSIZE + 1];
36 /* Alerts and events log file */
37 memset(__alogfile, '\0', OS_FLSIZE + 1);
38 memset(__elogfile, '\0', OS_FLSIZE + 1);
39 memset(__flogfile, '\0', OS_FLSIZE + 1);
40 memset(__jlogfile, '\0', OS_FLSIZE + 1);
41 memset(__ejlogfile, '\0', OS_FLSIZE + 1);
53 int OS_GetLogLocation(const Eventinfo *lf)
55 /* Check what directories to create
56 * Check if the year directory is there
57 * If not, create it. Same for the month directory.
63 if (ftell(_eflog) == 0) {
70 snprintf(__elogfile, OS_FLSIZE, "%s/%d/", EVENTS, lf->year);
71 if (IsDir(__elogfile) == -1)
72 if (mkdir(__elogfile, 0770) == -1) {
73 ErrorExit(MKDIR_ERROR, ARGV0, __elogfile, errno, strerror(errno));
76 snprintf(__elogfile, OS_FLSIZE, "%s/%d/%s", EVENTS, lf->year, lf->mon);
78 if (IsDir(__elogfile) == -1)
79 if (mkdir(__elogfile, 0770) == -1) {
80 ErrorExit(MKDIR_ERROR, ARGV0, __elogfile, errno, strerror(errno));
83 /* Create the logfile name */
84 snprintf(__elogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
91 _eflog = fopen(__elogfile, "a");
93 ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __elogfile);
96 /* Create a symlink */
99 if (link(__elogfile, EVENTS_DAILY) == -1) {
100 ErrorExit(LINK_ERROR, ARGV0, __elogfile, EVENTS_DAILY, errno, strerror(errno));
102 /* For the events in JSON */
103 if (Config.logall_json) {
104 /* Create the json archives logfile name */
107 if (ftell(_ejflog) == 0) {
114 snprintf(__ejlogfile, OS_FLSIZE, "%s/%d/", EVENTS, lf->year);
115 if (IsDir(__ejlogfile) == -1)
116 if (mkdir(__ejlogfile, 0770) == -1) {
117 ErrorExit(MKDIR_ERROR, ARGV0, __ejlogfile, errno, strerror(errno));
120 snprintf(__ejlogfile, OS_FLSIZE, "%s/%d/%s", EVENTS, lf->year, lf->mon);
122 if (IsDir(__ejlogfile) == -1)
123 if (mkdir(__ejlogfile, 0770) == -1) {
124 ErrorExit(MKDIR_ERROR, ARGV0, __ejlogfile, errno, strerror(errno));
128 snprintf(__ejlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
135 _ejflog = fopen(__ejlogfile, "a");
138 ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __ejlogfile);
141 /* Create a symlink */
142 unlink(EVENTSJSON_DAILY);
144 if (link(__ejlogfile, EVENTSJSON_DAILY) == -1) {
145 ErrorExit(LINK_ERROR, ARGV0, __ejlogfile, EVENTSJSON_DAILY, errno, strerror(errno));
149 /* For the alerts logs */
151 if (ftell(_aflog) == 0) {
158 snprintf(__alogfile, OS_FLSIZE, "%s/%d/", ALERTS, lf->year);
159 if (IsDir(__alogfile) == -1)
160 if (mkdir(__alogfile, 0770) == -1) {
161 ErrorExit(MKDIR_ERROR, ARGV0, __alogfile, errno, strerror(errno));
164 snprintf(__alogfile, OS_FLSIZE, "%s/%d/%s", ALERTS, lf->year, lf->mon);
166 if (IsDir(__alogfile) == -1)
167 if (mkdir(__alogfile, 0770) == -1) {
168 ErrorExit(MKDIR_ERROR, ARGV0, __alogfile, errno, strerror(errno));
171 /* Create the logfile name */
172 snprintf(__alogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
179 _aflog = fopen(__alogfile, "a");
182 ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __alogfile);
185 /* Create a symlink */
186 unlink(ALERTS_DAILY);
188 if (link(__alogfile, ALERTS_DAILY) == -1) {
189 ErrorExit(LINK_ERROR, ARGV0, __alogfile, ALERTS_DAILY, errno, strerror(errno));
192 if (Config.jsonout_output) {
195 if (ftell(_jflog) == 0) {
202 snprintf(__jlogfile, OS_FLSIZE, "%s/%d/", ALERTS, lf->year);
203 if (IsDir(__jlogfile) == -1)
204 if (mkdir(__jlogfile, 0770) == -1) {
205 ErrorExit(MKDIR_ERROR, ARGV0, __jlogfile, errno, strerror(errno));
208 snprintf(__jlogfile, OS_FLSIZE, "%s/%d/%s", ALERTS, lf->year, lf->mon);
210 if (IsDir(__jlogfile) == -1)
211 if (mkdir(__jlogfile, 0770) == -1) {
212 ErrorExit(MKDIR_ERROR, ARGV0, __jlogfile, errno, strerror(errno));
217 /* Create the json logfile name */
218 snprintf(__jlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
225 _jflog = fopen(__jlogfile, "a");
228 ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __jlogfile);
231 /* Create a symlink */
232 unlink(ALERTSJSON_DAILY);
234 if (link(__jlogfile, ALERTSJSON_DAILY) == -1) {
235 ErrorExit(LINK_ERROR, ARGV0, __jlogfile, ALERTSJSON_DAILY, errno, strerror(errno));
240 /* For the firewall events */
242 if (ftell(_fflog) == 0) {
249 snprintf(__flogfile, OS_FLSIZE, "%s/%d/", FWLOGS, lf->year);
250 if (IsDir(__flogfile) == -1)
251 if (mkdir(__flogfile, 0770) == -1) {
252 ErrorExit(MKDIR_ERROR, ARGV0, __flogfile, errno, strerror(errno));
255 snprintf(__flogfile, OS_FLSIZE, "%s/%d/%s", FWLOGS, lf->year, lf->mon);
257 if (IsDir(__flogfile) == -1)
258 if (mkdir(__flogfile, 0770) == -1) {
259 ErrorExit(MKDIR_ERROR, ARGV0, __flogfile, errno, strerror(errno));
262 /* Create the logfile name */
263 snprintf(__flogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
270 _fflog = fopen(__flogfile, "a");
273 ErrorExit("%s: Error opening logfile: '%s'", ARGV0, __flogfile);
276 /* Create a symlink */
277 unlink(FWLOGS_DAILY);
279 if (link(__flogfile, FWLOGS_DAILY) == -1) {
280 ErrorExit(LINK_ERROR, ARGV0, __flogfile, FWLOGS_DAILY, errno, strerror(errno));
283 /* Setting the new day */