src/analysisd/alerts/getloglocation.c

   1 /* @(#) $Id: ./src/analysisd/alerts/getloglocation.c, 2011/09/08 dcid Exp $
   2  */
   3
   4 /* Copyright (C) 2009 Trend Micro Inc.
   5  * All right reserved.
   6  *
   7  * This program is a free software; you can redistribute it
   8  * and/or modify it under the terms of the GNU General Public
   9  * License (version 2) as published by the FSF - Free Software
  10  * Foundation
  11  */
  12
  13
  14 /* Get the log directory/file based on the day/month/year */
  15
  16
  17 /* analysisd headers */
  18 #include "getloglocation.h"
  19
  20 int __crt_day;
  21 char __elogfile[OS_FLSIZE+1];
  22 char __alogfile[OS_FLSIZE+1];
  23 char __flogfile[OS_FLSIZE+1];
  24
  25 /* OS_InitLog */
  26 void OS_InitLog()
  27 {
  28     OS_InitFwLog();
  29
  30     __crt_day = 0;
  31
  32     /* alerts and events log file */
  33     memset(__alogfile,'\0',OS_FLSIZE +1);
  34     memset(__elogfile,'\0',OS_FLSIZE +1);
  35     memset(__flogfile,'\0',OS_FLSIZE +1);
  36
  37     _eflog = NULL;
  38     _aflog = NULL;
  39     _fflog = NULL;
  40
  41     /* Setting the umask */
  42     umask(0027);
  43 }
  44
  45
  46 /* gzips a log file
  47 int OS_CompressLog(int yesterday, char *prev_month, int prev_year)
  48
  49   -- moved to monitord.
  50 */
  51
  52
  53
  54
  55 /* OS_GetLogLocation: v0.1, 2005/04/25 */
  56 int OS_GetLogLocation(Eventinfo *lf)
  57 {
  58     /* Checking what directories to create
  59      * Checking if the year directory is there.
  60      * If not, create it. Same for the month directory.
  61      */
  62
  63     /* For the events */
  64     if(_eflog)
  65     {
  66         if(ftell(_eflog) == 0)
  67             unlink(__elogfile);
  68         fclose(_eflog);
  69         _eflog = NULL;
  70     }
  71
  72     snprintf(__elogfile,OS_FLSIZE,"%s/%d/", EVENTS, lf->year);
  73     if(IsDir(__elogfile) == -1)
  74         if(mkdir(__elogfile,0770) == -1)
  75         {
  76             ErrorExit(MKDIR_ERROR,ARGV0,__elogfile);
  77         }
  78
  79     snprintf(__elogfile,OS_FLSIZE,"%s/%d/%s", EVENTS, lf->year,lf->mon);
  80
  81     if(IsDir(__elogfile) == -1)
  82         if(mkdir(__elogfile,0770) == -1)
  83         {
  84             ErrorExit(MKDIR_ERROR,ARGV0,__elogfile);
  85         }
  86
  87
  88     /* Creating the logfile name */
  89     snprintf(__elogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log",
  90             EVENTS,
  91             lf->year,
  92             lf->mon,
  93             "archive",
  94             lf->day);
  95
  96
  97     _eflog = fopen(__elogfile,"a");
  98     if(!_eflog)
  99         ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__elogfile);
 100
 101     /* Creating a symlink */
 102     unlink(EVENTS_DAILY);
 103     link(__elogfile, EVENTS_DAILY);
 104
 105
 106     /* for the alerts logs */
 107     if(_aflog)
 108     {
 109         if(ftell(_aflog) == 0)
 110             unlink(__alogfile);
 111         fclose(_aflog);
 112         _aflog = NULL;
 113     }
 114
 115     snprintf(__alogfile,OS_FLSIZE,"%s/%d/", ALERTS, lf->year);
 116     if(IsDir(__alogfile) == -1)
 117         if(mkdir(__alogfile,0770) == -1)
 118         {
 119             ErrorExit(MKDIR_ERROR,ARGV0,__alogfile);
 120         }
 121
 122     snprintf(__alogfile,OS_FLSIZE,"%s/%d/%s", ALERTS, lf->year,lf->mon);
 123
 124     if(IsDir(__alogfile) == -1)
 125         if(mkdir(__alogfile,0770) == -1)
 126         {
 127             ErrorExit(MKDIR_ERROR,ARGV0,__alogfile);
 128         }
 129
 130
 131     /* Creating the logfile name */
 132     snprintf(__alogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log",
 133             ALERTS,
 134             lf->year,
 135             lf->mon,
 136             "alerts",
 137             lf->day);
 138
 139     _aflog = fopen(__alogfile,"a");
 140
 141     if(!_aflog)
 142         ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__alogfile);
 143
 144     /* Creating a symlink */
 145     unlink(ALERTS_DAILY);
 146     link(__alogfile, ALERTS_DAILY);
 147
 148
 149     /* For the firewall events */
 150     if(_fflog)
 151     {
 152         if(ftell(_fflog) == 0)
 153             unlink(__flogfile);
 154         fclose(_fflog);
 155         _fflog = NULL;
 156     }
 157
 158     snprintf(__flogfile,OS_FLSIZE,"%s/%d/", FWLOGS, lf->year);
 159     if(IsDir(__flogfile) == -1)
 160         if(mkdir(__flogfile,0770) == -1)
 161         {
 162             ErrorExit(MKDIR_ERROR,ARGV0,__flogfile);
 163         }
 164
 165     snprintf(__flogfile,OS_FLSIZE,"%s/%d/%s", FWLOGS, lf->year,lf->mon);
 166
 167     if(IsDir(__flogfile) == -1)
 168         if(mkdir(__flogfile,0770) == -1)
 169         {
 170             ErrorExit(MKDIR_ERROR,ARGV0,__flogfile);
 171         }
 172
 173
 174     /* Creating the logfile name */
 175     snprintf(__flogfile,OS_FLSIZE,"%s/%d/%s/ossec-%s-%02d.log",
 176             FWLOGS,
 177             lf->year,
 178             lf->mon,
 179             "firewall",
 180             lf->day);
 181
 182     _fflog = fopen(__flogfile,"a");
 183
 184     if(!_fflog)
 185         ErrorExit("%s: Error opening logfile: '%s'",ARGV0,__flogfile);
 186
 187
 188     /* Creating a symlink */
 189     unlink(FWLOGS_DAILY);
 190     link(__flogfile, FWLOGS_DAILY);
 191
 192
 193     /* Setting the new day */
 194     __crt_day = lf->day;
 195
 196     return(0);
 197 }
 198
 199 /* EOF */