src/analysisd/alerts/getloglocation.c

   1 /* @(#) $Id$ */
   2
   3 /* Copyright (C) 2009 Trend Micro Inc.
   4  * All right reserved.
   5  *
   6  * This program is a free software; you can redistribute it
   7  * and/or modify it under the terms of the GNU General Public
   8  * License (version 2) as published by the FSF - Free Software
   9  * Foundation
  10  */
  11
  12
  13 /* Get the log directory/file based on the day/month/year */
  14
  15
  16 /* analysisd headers */
  17 #include "getloglocation.h"
  18
  19 int __crt_day;
  20 char __elogfile[OS_FLSIZE+1];
  21 char __alogfile[OS_FLSIZE+1];
  22 char __flogfile[OS_FLSIZE+1];
  23
  24 /* OS_InitLog */
  25 void OS_InitLog()
  26 {
  27     OS_InitFwLog();
  28
  29     __crt_day = 0;
  30
  31     /* alerts and events log file */
  32     memset(__alogfile,'\0',OS_FLSIZE +1);
  33     memset(__elogfile,'\0',OS_FLSIZE +1);
  34     memset(__flogfile,'\0',OS_FLSIZE +1);
  35
  36     _eflog = NULL;
  37     _aflog = NULL;
  38     _fflog = NULL;
  39
  40     /* Setting the umask */
  41     umask(0027);
  42 }
  43
  44
  45 /* gzips a log file
  46 int OS_CompressLog(int yesterday, char *prev_month, int prev_year)
  47
  48   -- moved to monitord.
  49 */
  50
  51
  52
  53
  54 /* OS_GetLogLocation: v0.1, 2005/04/25 */
  55 int OS_GetLogLocation(Eventinfo *lf)
  56 {
  57     /* Checking what directories to create
  58      * Checking if the year directory is there.
  59      * If not, create it. Same for the month directory.
  60      */
  61
  62     /* For the events */
  63     if(_eflog)
  64     {
  65         if(ftell(_eflog) == 0)
  66             unlink(__elogfile);
  67         fclose(_eflog);
  68         _eflog = NULL;
  69     }
  70
  71     snprintf(__elogfile,OS_FLSIZE,"%s/%d/", EVENTS, lf->year);
  72     if(IsDir(__elogfile) == -1)
  73         if(mkdir(__elogfile,0770) == -1)
  74         {
  75             ErrorExit(MKDIR_ERROR,ARGV0,__elogfile);
  76         }
  77
  78     snprintf(__elogfile,OS_FLSIZE,"%s/%d/%s", EVENTS, lf->year,lf->mon);
  79
  80     if(IsDir(__elogfile) == -1)
  81         if(mkdir(__elogfile,0770) == -1)
  82         {
  83             ErrorExit(MKDIR_ERROR,ARGV0,__elogfile);
  84         }
  85
  86
  87     /* Creating the logfile name */
  88     snprintf(__elogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log",
  89             EVENTS,
  90             lf->year,
  91             lf->mon,
  92             "archive",
  93             lf->day);
  94
  95
  96     _eflog = fopen(__elogfile,"a");
  97     if(!_eflog)
  98         ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__elogfile);
  99
 100     /* Creating a symlink */
 101     unlink(EVENTS_DAILY);
 102     link(__elogfile, EVENTS_DAILY);
 103
 104
 105     /* for the alerts logs */
 106     if(_aflog)
 107     {
 108         if(ftell(_aflog) == 0)
 109             unlink(__alogfile);
 110         fclose(_aflog);
 111         _aflog = NULL;
 112     }
 113
 114     snprintf(__alogfile,OS_FLSIZE,"%s/%d/", ALERTS, lf->year);
 115     if(IsDir(__alogfile) == -1)
 116         if(mkdir(__alogfile,0770) == -1)
 117         {
 118             ErrorExit(MKDIR_ERROR,ARGV0,__alogfile);
 119         }
 120
 121     snprintf(__alogfile,OS_FLSIZE,"%s/%d/%s", ALERTS, lf->year,lf->mon);
 122
 123     if(IsDir(__alogfile) == -1)
 124         if(mkdir(__alogfile,0770) == -1)
 125         {
 126             ErrorExit(MKDIR_ERROR,ARGV0,__alogfile);
 127         }
 128
 129
 130     /* Creating the logfile name */
 131     snprintf(__alogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log",
 132             ALERTS,
 133             lf->year,
 134             lf->mon,
 135             "alerts",
 136             lf->day);
 137
 138     _aflog = fopen(__alogfile,"a");
 139
 140     if(!_aflog)
 141         ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__alogfile);
 142
 143     /* Creating a symlink */
 144     unlink(ALERTS_DAILY);
 145     link(__alogfile, ALERTS_DAILY);
 146
 147
 148     /* For the firewall events */
 149     if(_fflog)
 150     {
 151         if(ftell(_fflog) == 0)
 152             unlink(__flogfile);
 153         fclose(_fflog);
 154         _fflog = NULL;
 155     }
 156
 157     snprintf(__flogfile,OS_FLSIZE,"%s/%d/", FWLOGS, lf->year);
 158     if(IsDir(__flogfile) == -1)
 159         if(mkdir(__flogfile,0770) == -1)
 160         {
 161             ErrorExit(MKDIR_ERROR,ARGV0,__flogfile);
 162         }
 163
 164     snprintf(__flogfile,OS_FLSIZE,"%s/%d/%s", FWLOGS, lf->year,lf->mon);
 165
 166     if(IsDir(__flogfile) == -1)
 167         if(mkdir(__flogfile,0770) == -1)
 168         {
 169             ErrorExit(MKDIR_ERROR,ARGV0,__flogfile);
 170         }
 171
 172
 173     /* Creating the logfile name */
 174     snprintf(__flogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log",
 175             FWLOGS,
 176             lf->year,
 177             lf->mon,
 178             "firewall",
 179             lf->day);
 180
 181     _fflog = fopen(__flogfile,"a");
 182
 183     if(!_fflog)
 184         ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__flogfile);
 185
 186
 187     /* Creating a symlink */
 188     unlink(FWLOGS_DAILY);
 189     link(__flogfile, FWLOGS_DAILY);
 190
 191
 192     /* Setting the new day */
 193     __crt_day = lf->day;
 194
 195     return(0);
 196 }
 197
 198 /* EOF */