1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
14 #include <sys/types.h>
19 #include "os_regex/os_regex.h"
22 #define OSSECCONF "ossec.conf"
23 #define OS_MAXSTR 1024
28 int direxist(char *dir)
42 int fileexist(char *file)
47 fp = fopen(file, "r");
56 int dogrep(char *file, char *str)
58 char line[OS_MAXSTR + 1];
62 fp = fopen(file, "r");
68 memset(line, '\0', OS_MAXSTR + 1);
70 /* Read file and look for str */
71 while (fgets(line, OS_MAXSTR, fp) != NULL) {
72 if (OS_Match(str, line)) {
82 /* Get Windows directory */
83 static void get_win_dir(char *file, int f_size)
85 ExpandEnvironmentStrings("%WINDIR%", file, f_size);
87 if (!direxist(file)) {
88 strncpy(file, "C:\\WINDOWS", f_size);
92 int config_dir(char *name, char *dir, char *vfile)
100 if (dogrep(OSSECCONF, vfile)) {
101 printf("%s: Log file already configured: '%s'.\n",
106 printf("%s: IIS directory found, but no valid log.\n", name);
107 printf("%s: You may have it configured in a format different\n"
108 " than W3C Extended or you just don't have today's\n"
109 " log available.\n", name);
110 printf("%s: http://www.ossec.net/en/manual.html#iis\n\n", name);
113 fp = fopen(OSSECCONF, "a");
115 printf("%s: Unable to edit configuration file.\n", name);
121 "<!-- IIS log file -->\r\n"
124 " <location>%s</location>\r\n"
125 " <log_format>iis</log_format>\r\n"
127 "</ossec_config>\r\n\r\n", vfile);
129 printf("%s: Action completed.\n", name);
137 /* Check if the IIS file is present in the config */
138 int config_iis(char *name, char *file, char *vfile)
142 if (!fileexist(file)) {
148 if (dogrep(OSSECCONF, vfile)) {
149 printf("%s: Log file already configured: '%s'.\n",
154 printf("%s: Adding IIS log file to be monitored: '%s'.\n", name, vfile);
156 /* Add iis config config */
157 fp = fopen(OSSECCONF, "a");
159 printf("%s: Unable to edit configuration file.\n", name);
165 "<!-- IIS log file -->\r\n"
168 " <location>%s</location>\r\n"
169 " <log_format>iis</log_format>\r\n"
171 "</ossec_config>\r\n\r\n", vfile);
173 printf("%s: Action completed.\n", name);
179 /* Setup Windows after install */
180 int main(int argc, char **argv)
188 if (chdir(argv[1]) != 0) {
189 printf("%s: Invalid directory: '%s'.\n", argv[0], argv[1]);
194 /* Check if ossec was installed already */
195 if (!fileexist(OSSECCONF)) {
196 printf("%s: Unable to find ossec config: '%s'", argv[0], OSSECCONF);
200 /* Get today's day */
206 printf("%s: Looking for IIS log files to monitor.\r\n",
208 printf("%s: For more information: http://www.ossec.net/en/win.html\r\n",
212 /* Get Window directory */
213 get_win_dir(win_dir, sizeof(win_dir) - 1);
215 /* Look for IIS log files */
217 char lfile[OS_MAXSTR + 1];
218 char vfile[OS_MAXSTR + 1];
222 /* Search for NCSA */
225 "%s\\System32\\LogFiles\\W3SVC%d\\nc%02d%02d%02d.log",
226 win_dir, i, (p->tm_year + 1900) - 2000, p->tm_mon + 1, p->tm_mday);
229 "%s\\System32\\LogFiles\\W3SVC%d\\nc%%y%%m%%d.log",
233 config_iis(argv[0], lfile, vfile);
235 /* Search for W3C extended */
238 "%s\\System32\\LogFiles\\W3SVC%d\\ex%02d%02d%02d.log",
239 win_dir, i, (p->tm_year + 1900) - 2000, p->tm_mon + 1, p->tm_mday);
243 "%s\\System32\\LogFiles\\W3SVC%d\\ex%%y%%m%%d.log",
247 if (config_iis(argv[0], lfile, vfile) == 0) {
250 "%s\\System32\\LogFiles\\W3SVC%d", win_dir, i);
251 config_dir(argv[0], lfile, vfile);
254 /* Search for FTP Extended format */
257 "%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%02d%02d%02d.log",
258 win_dir, i, (p->tm_year + 1900) - 2000, p->tm_mon + 1, p->tm_mday);
262 "%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%%y%%m%%d.log",
264 if (config_iis(argv[0], lfile, vfile) == 0) {
267 "%s\\System32\\LogFiles\\MSFTPSVC%d", win_dir, i);
268 config_dir(argv[0], lfile, vfile);
271 /* Search for IIS SMTP logs */
274 "%s\\System32\\LogFiles\\SMTPSVC%d\\ex%02d%02d%02d.log",
275 win_dir, i, (p->tm_year + 1900) - 2000, p->tm_mon + 1, p->tm_mday);
279 "%s\\System32\\LogFiles\\SMTPSVC%d\\ex%%y%%m%%d.log",
281 if (config_iis(argv[0], lfile, vfile) == 0) {
284 "%s\\System32\\LogFiles\\SMTPSVC%d", win_dir, i);
285 config_dir(argv[0], lfile, vfile);
290 printf("%s: No IIS log added. Look at the link above for more "
291 "information.\r\n", argv[0]);