3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
17 #include <sys/types.h>
21 #include "os_regex/os_regex.h"
24 #define OSSECCONF "ossec.conf"
25 #define OS_MAXSTR 1024
31 int direxist(char *dir)
45 int fileexist(char *file)
50 fp = fopen(file, "r");
58 int dogrep(char *file, char *str)
60 char line[OS_MAXSTR +1];
64 fp = fopen(file, "r");
69 memset(line, '\0', OS_MAXSTR +1);
71 /* Reading file and looking for str */
72 while(fgets(line, OS_MAXSTR, fp) != NULL)
74 if(OS_Match(str, line))
86 /* Getting Windows directory */
87 static void get_win_dir(char *file, int f_size)
89 ExpandEnvironmentStrings("%WINDIR%", file, f_size);
93 strncpy(file, "C:\\WINDOWS", f_size);
99 int config_dir(char *name, char *dir, char *vfile)
108 if(dogrep(OSSECCONF, vfile))
110 printf("%s: Log file already configured: '%s'.\n",
115 printf("%s: IIS directory found, but no valid log.\n", name);
116 printf("%s: You may have it configured in a format different\n"
117 " than W3C Extended or you just don't have today's\n"
118 " log available.\n", name);
119 printf("%s: http://www.ossec.net/en/manual.html#iis\n\n", name);
122 /* Add iis config config */
123 fp = fopen(OSSECCONF, "a");
126 printf("%s: Unable to edit configuration file.\n", name);
132 "<!-- IIS log file -->\r\n"
135 " <location>%s</location>\r\n"
136 " <log_format>iis</log_format>\r\n"
138 "</ossec_config>\r\n\r\n", vfile);
140 printf("%s: Action completed.\n", name);
151 /* Check if the iis file is present in the config */
152 int config_iis(char *name, char *file, char *vfile)
163 if(dogrep(OSSECCONF, vfile))
165 printf("%s: Log file already configured: '%s'.\n",
170 printf("%s: Adding IIS log file to be monitored: '%s'.\n", name,vfile);
173 /* Add iis config config */
174 fp = fopen(OSSECCONF, "a");
177 printf("%s: Unable to edit configuration file.\n", name);
183 "<!-- IIS log file -->\r\n"
186 " <location>%s</location>\r\n"
187 " <log_format>iis</log_format>\r\n"
189 "</ossec_config>\r\n\r\n", vfile);
191 printf("%s: Action completed.\n", name);
198 /* Setup windows after install */
199 int main(int argc, char **argv)
211 if(chdir(argv[1]) != 0)
213 printf("%s: Invalid directory: '%s'.\n", argv[0], argv[1]);
218 /* Checking if ossec was installed already */
219 if(!fileexist(OSSECCONF))
221 printf("%s: Unable to find ossec config: '%s'", argv[0], OSSECCONF);
225 /* Getting todays day */
231 printf("%s: Looking for IIS log files to monitor.\r\n",
233 printf("%s: For more information: http://www.ossec.net/en/win.html\r\n",
238 /* Getting windows directory */
239 get_win_dir(win_dir, sizeof(win_dir) -1);
242 /* Looking for IIS log files */
245 char lfile[OS_MAXSTR +1];
246 char vfile[OS_MAXSTR +1];
250 /* Searching for NCSA */
253 "%s\\System32\\LogFiles\\W3SVC%d\\nc%02d%02d%02d.log",
254 win_dir,i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
257 "%s\\System32\\LogFiles\\W3SVC%d\\nc%%y%%m%%d.log",
261 config_iis(argv[0], lfile, vfile);
264 /* Searching for W3C extended */
267 "%s\\System32\\LogFiles\\W3SVC%d\\ex%02d%02d%02d.log",
268 win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
272 "%s\\System32\\LogFiles\\W3SVC%d\\ex%%y%%m%%d.log",
276 if(config_iis(argv[0], lfile, vfile) == 0)
280 "%s\\System32\\LogFiles\\W3SVC%d", win_dir, i);
281 config_dir(argv[0], lfile, vfile);
285 /* Searching for FTP Extended format */
288 "%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%02d%02d%02d.log",
289 win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
293 "%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%%y%%m%%d.log",
295 if(config_iis(argv[0], lfile, vfile) == 0)
299 "%s\\System32\\LogFiles\\MSFTPSVC%d", win_dir, i);
300 config_dir(argv[0], lfile, vfile);
304 /* Searching for IIS SMTP logs */
307 "%s\\System32\\LogFiles\\SMTPSVC%d\\ex%02d%02d%02d.log",
308 win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
312 "%s\\System32\\LogFiles\\SMTPSVC%d\\ex%%y%%m%%d.log",
314 if(config_iis(argv[0], lfile, vfile) == 0)
318 "%s\\System32\\LogFiles\\SMTPSVC%d",win_dir, i);
319 config_dir(argv[0], lfile, vfile);
325 printf("%s: No IIS log added. Look at the link above for more "
326 "information.\r\n", argv[0]);