3 rem Searching for IIS logs.
4 rem If we find any log in the NCSA or W3C extended format,
5 rem change the config to support that. If not, let the user know.
6 rem Example of log to look: nc060215.log or ex060723.log
9 echo Looking for IIS log files to monitor.
10 echo For more information visit:
11 echo http://www.ossec.net/en/manual.html#iis
15 IF EXIST %WinDir%\System32\LogFiles\W3SVC1\nc??????.log (
16 echo * IIS NCSA log found. Changing config to read it.
18 echo ^<ossec_config^> >> ossec.conf
19 echo ^<localfile^> >> ossec.conf
20 echo ^<location^>%WinDir%\System32\LogFiles\W3SVC1\nc%%y%%m%%d.log^</location^> >> ossec.conf
21 echo ^<log_format^>iis^</log_format^> >> ossec.conf
22 echo ^</localfile^> >> ossec.conf
23 echo ^</ossec_config^> >> ossec.conf
27 IF EXIST %WinDir%\System32\LogFiles\W3SVC1\ex??????.log (
28 echo * IIS W3C extended log found. Changing config to read it.
30 echo ^<ossec_config^> >> ossec.conf
31 echo ^<localfile^> >> ossec.conf
32 echo ^<location^>%WinDir%\System32\LogFiles\W3SVC1\ex%%y%%m%%d.log^</location^> >> ossec.conf
33 echo ^<log_format^>iis^</log_format^> >> ossec.conf
34 echo ^</localfile^> >> ossec.conf
35 echo ^</ossec_config^> >> ossec.conf
39 IF EXIST %WinDir%\System32\LogFiles\W3SVC3\ex??????.log (
40 echo * IIS W3C extended log found. Changing config to read it.
42 echo ^<ossec_config^> >> ossec.conf
43 echo ^<localfile^> >> ossec.conf
44 echo ^<location^>%WinDir%\System32\LogFiles\W3SVC3\nc%%y%%m%%d.log^</location^> >> ossec.conf
45 echo ^<log_format^>iis^</log_format^> >> ossec.conf
46 echo ^</localfile^> >> ossec.conf
47 echo ^</ossec_config^> >> ossec.conf
51 IF EXIST %WinDir%\System32\LogFiles\W3SVC1 (
52 echo * IIS Log found. Look at the link above if you want to monitor it.