X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fmonitord%2Fmanage_files.c;h=92f0fe762003e053397f295c34eedfb6073e04a1;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=2c1d4925309d0496e64bfe1762b9b31138b6169c;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git

diff --git a/src/monitord/manage_files.c b/src/monitord/manage_files.c
old mode 100755
new mode 100644
index 2c1d492..92f0fe7
--- a/src/monitord/manage_files.c
+++ b/src/monitord/manage_files.c
@@ -1,122 +1,186 @@
-/* @(#) $Id: manage_files.c,v 1.10 2009/06/24 17:06:27 dcid Exp $ */
-
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
  *
  * This program is a free software; you can redistribute it
  * and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software 
+ * License (version 2) as published by the FSF - Free Software
  * Foundation
  */
 
-
 #include "shared.h"
 #include "monitord.h"
 
-char *(months[])={"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug",
-                  "Sep","Oct","Nov","Dec"};
+static const char *(months[]) = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                                 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+                                };
 
 
-/* OS_GetLogLocation: v0.1, 2005/04/25 */
 void manage_files(int cday, int cmon, int cyear)
 {
     time_t tm_old;
-
     struct tm *pp_old;
 
-    #ifndef SOLARIS
+#ifndef SOLARIS
     struct tm p_old;
-    #endif
-            
-    char elogfile[OS_FLSIZE +1];
-    char elogfile_old[OS_FLSIZE +1];
-    
-    char alogfile[OS_FLSIZE +1];
-    char alogfile_old[OS_FLSIZE +1];
-    
-    char flogfile[OS_FLSIZE +1];
-    char flogfile_old[OS_FLSIZE +1];
+#endif
 
+    char elogfile[OS_FLSIZE + 1];
+    char elogfile_old[OS_FLSIZE + 1];
 
-    /* Getting time from the day before (for log signing) */
+    char alogfile[OS_FLSIZE + 1];
+    char alogfile_old[OS_FLSIZE + 1];
+
+    char ajlogfile[OS_FLSIZE + 1];
+    char ajlogfile_old[OS_FLSIZE + 1];
+
+    char flogfile[OS_FLSIZE + 1];
+    char flogfile_old[OS_FLSIZE + 1];
+    
+    char ejlogfile[OS_FLSIZE + 1];
+    char ejlogfile_old[OS_FLSIZE + 1];
+
+    /* Get time from the day before (for log signing) */
     tm_old = time(NULL);
     tm_old -= 93500;
-    #ifndef SOLARIS
+#ifndef SOLARIS
     pp_old = localtime_r(&tm_old, &p_old);
-    #else
+#else
     pp_old = localtime(&tm_old);
-    #endif
-    
-
-    memset(elogfile, '\0', OS_FLSIZE +1);
-    memset(elogfile_old, '\0', OS_FLSIZE +1);
-    memset(alogfile, '\0', OS_FLSIZE +1);
-    memset(alogfile_old, '\0', OS_FLSIZE +1);
-    memset(flogfile, '\0', OS_FLSIZE +1);
-    memset(flogfile_old, '\0', OS_FLSIZE +1);
-
-
-    /* When the day changes, we wait up to day_wait
-     * before compressing the file.
-     */
+#endif
+
+    memset(elogfile, '\0', OS_FLSIZE + 1);
+    memset(elogfile_old, '\0', OS_FLSIZE + 1);
+    memset(alogfile, '\0', OS_FLSIZE + 1);
+    memset(alogfile_old, '\0', OS_FLSIZE + 1);
+    memset(ajlogfile, '\0', OS_FLSIZE + 1);
+    memset(ajlogfile_old, '\0', OS_FLSIZE + 1);
+    memset(flogfile, '\0', OS_FLSIZE + 1);
+    memset(flogfile_old, '\0', OS_FLSIZE + 1);
+    memset(ejlogfile, '\0', OS_FLSIZE + 1);
+    memset(ejlogfile_old, '\0', OS_FLSIZE + 1);
+    /* When the day changes, we wait up to day_wait before compressing the file */
     sleep(mond.day_wait);
-    
 
     /* Event logfile */
     snprintf(elogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
-            EVENTS,
-            cyear,
-            months[cmon],
-            "archive",
-            cday);
+             EVENTS,
+             cyear,
+             months[cmon],
+             "archive",
+             cday);
     /* Event log file old */
     snprintf(elogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
-            EVENTS,
-            pp_old->tm_year+1900,
-            months[pp_old->tm_mon],
-            "archive",
-            pp_old->tm_mday);
-
+             EVENTS,
+             pp_old->tm_year + 1900,
+             months[pp_old->tm_mon],
+             "archive",
+             pp_old->tm_mday);
     OS_SignLog(elogfile, elogfile_old, 0);
     OS_CompressLog(elogfile);
 
-
+    /* JSON Event logfile */
+    snprintf(ejlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
+             EVENTS,
+             cyear,
+             months[cmon],
+             "archive",
+             cday);
+    /* JSON  Event log file old */
+    snprintf(ejlogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
+             EVENTS,
+             pp_old->tm_year + 1900,
+             months[pp_old->tm_mon],
+             "archive",
+             pp_old->tm_mday);
+             
+    int exists_json_events = 0;
+    FILE *fopnetestjsonevents;
+
+    if ((fopnetestjsonevents = fopen(ejlogfile, "r"))) {
+        exists_json_events = 1;
+        fclose(fopnetestjsonevents);
+    }
+
+    if ((fopnetestjsonevents = fopen(ejlogfile_old, "r"))) {
+        exists_json_events = 1;
+        fclose(fopnetestjsonevents);
+    }
+
+    if (exists_json_events) {
+        /* Only if there is a file to operate on. */
+        OS_SignLog(ejlogfile, ejlogfile_old, 0);
+        OS_CompressLog(ejlogfile);
+    }
+    
+    
     /* alert logfile  */
     snprintf(alogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
-            ALERTS,
-            cyear,
-            months[cmon],
-            "alerts",
-            cday);
-    /* alert logfile old  */ 
+             ALERTS,
+             cyear,
+             months[cmon],
+             "alerts",
+             cday);
+    /* alert logfile old  */
     snprintf(alogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
-            ALERTS,
-            pp_old->tm_year+1900,
-            months[pp_old->tm_mon],
-            "alerts",
-            pp_old->tm_mday);
+             ALERTS,
+             pp_old->tm_year + 1900,
+             months[pp_old->tm_mon],
+             "alerts",
+             pp_old->tm_mday);
     OS_SignLog(alogfile, alogfile_old, 1);
     OS_CompressLog(alogfile);
 
+    /* alert logfile  */
+    snprintf(ajlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
+             ALERTS,
+             cyear,
+             months[cmon],
+             "alerts",
+             cday);
+    /* alert logfile old  */
+    snprintf(ajlogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
+             ALERTS,
+             pp_old->tm_year + 1900,
+             months[pp_old->tm_mon],
+             "alerts",
+             pp_old->tm_mday);
+
+    int exists = 0;
+    FILE *fopnetest;
+
+    if ((fopnetest = fopen(ajlogfile, "r"))) {
+        exists = 1;
+        fclose(fopnetest);
+    }
+
+    if ((fopnetest = fopen(ajlogfile_old, "r"))) {
+        exists = 1;
+        fclose(fopnetest);
+    }
+
+    if (exists) {
+        /* Only if there is a file to operate on. */
+        OS_SignLog(ajlogfile, ajlogfile_old, 1);
+        OS_CompressLog(ajlogfile);
+    }
 
     /* firewall events */
     snprintf(flogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
-            FWLOGS,
-            cyear,
-            months[cmon],
-            "firewall",
-            cday);
+             FWLOGS,
+             cyear,
+             months[cmon],
+             "firewall",
+             cday);
     /* firewall events old */
     snprintf(flogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
-            FWLOGS,
-            pp_old->tm_year+1900,
-            months[pp_old->tm_mon],
-            "firewall",
-            pp_old->tm_mday);
+             FWLOGS,
+             pp_old->tm_year + 1900,
+             months[pp_old->tm_mon],
+             "firewall",
+             pp_old->tm_mday);
     OS_SignLog(flogfile, flogfile_old, 0);
     OS_CompressLog(flogfile);
 
     return;
 }
 
-/* EOF */