src/monitord/manage_files.c

   1 /* Copyright (C) 2009 Trend Micro Inc.
   2  * All right reserved.
   3  *
   4  * This program is a free software; you can redistribute it
   5  * and/or modify it under the terms of the GNU General Public
   6  * License (version 2) as published by the FSF - Free Software
   7  * Foundation
   8  */
   9
  10 #include "shared.h"
  11 #include "monitord.h"
  12
  13 static const char *(months[]) = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
  14                                  "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
  15                                 };
  16
  17
  18 void manage_files(int cday, int cmon, int cyear)
  19 {
  20     time_t tm_old;
  21     struct tm *pp_old;
  22
  23 #ifndef SOLARIS
  24     struct tm p_old;
  25 #endif
  26
  27     char elogfile[OS_FLSIZE + 1];
  28     char elogfile_old[OS_FLSIZE + 1];
  29
  30     char alogfile[OS_FLSIZE + 1];
  31     char alogfile_old[OS_FLSIZE + 1];
  32
  33     char ajlogfile[OS_FLSIZE + 1];
  34     char ajlogfile_old[OS_FLSIZE + 1];
  35
  36     char flogfile[OS_FLSIZE + 1];
  37     char flogfile_old[OS_FLSIZE + 1];
  38
  39     char ejlogfile[OS_FLSIZE + 1];
  40     char ejlogfile_old[OS_FLSIZE + 1];
  41
  42     /* Get time from the day before (for log signing) */
  43     tm_old = time(NULL);
  44     tm_old -= 93500;
  45 #ifndef SOLARIS
  46     pp_old = localtime_r(&tm_old, &p_old);
  47 #else
  48     pp_old = localtime(&tm_old);
  49 #endif
  50
  51     memset(elogfile, '\0', OS_FLSIZE + 1);
  52     memset(elogfile_old, '\0', OS_FLSIZE + 1);
  53     memset(alogfile, '\0', OS_FLSIZE + 1);
  54     memset(alogfile_old, '\0', OS_FLSIZE + 1);
  55     memset(ajlogfile, '\0', OS_FLSIZE + 1);
  56     memset(ajlogfile_old, '\0', OS_FLSIZE + 1);
  57     memset(flogfile, '\0', OS_FLSIZE + 1);
  58     memset(flogfile_old, '\0', OS_FLSIZE + 1);
  59     memset(ejlogfile, '\0', OS_FLSIZE + 1);
  60     memset(ejlogfile_old, '\0', OS_FLSIZE + 1);
  61     /* When the day changes, we wait up to day_wait before compressing the file */
  62     sleep(mond.day_wait);
  63
  64     /* Event logfile */
  65     snprintf(elogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
  66              EVENTS,
  67              cyear,
  68              months[cmon],
  69              "archive",
  70              cday);
  71     /* Event log file old */
  72     snprintf(elogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
  73              EVENTS,
  74              pp_old->tm_year + 1900,
  75              months[pp_old->tm_mon],
  76              "archive",
  77              pp_old->tm_mday);
  78     OS_SignLog(elogfile, elogfile_old, 0);
  79     OS_CompressLog(elogfile);
  80
  81     /* JSON Event logfile */
  82     snprintf(ejlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
  83              EVENTS,
  84              cyear,
  85              months[cmon],
  86              "archive",
  87              cday);
  88     /* JSON  Event log file old */
  89     snprintf(ejlogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
  90              EVENTS,
  91              pp_old->tm_year + 1900,
  92              months[pp_old->tm_mon],
  93              "archive",
  94              pp_old->tm_mday);
  95
  96     int exists_json_events = 0;
  97     FILE *fopnetestjsonevents;
  98
  99     if ((fopnetestjsonevents = fopen(ejlogfile, "r"))) {
 100         exists_json_events = 1;
 101         fclose(fopnetestjsonevents);
 102     }
 103
 104     if ((fopnetestjsonevents = fopen(ejlogfile_old, "r"))) {
 105         exists_json_events = 1;
 106         fclose(fopnetestjsonevents);
 107     }
 108
 109     if (exists_json_events) {
 110         /* Only if there is a file to operate on. */
 111         OS_SignLog(ejlogfile, ejlogfile_old, 0);
 112         OS_CompressLog(ejlogfile);
 113     }
 114
 115
 116     /* alert logfile  */
 117     snprintf(alogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
 118              ALERTS,
 119              cyear,
 120              months[cmon],
 121              "alerts",
 122              cday);
 123     /* alert logfile old  */
 124     snprintf(alogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
 125              ALERTS,
 126              pp_old->tm_year + 1900,
 127              months[pp_old->tm_mon],
 128              "alerts",
 129              pp_old->tm_mday);
 130     OS_SignLog(alogfile, alogfile_old, 1);
 131     OS_CompressLog(alogfile);
 132
 133     /* alert logfile  */
 134     snprintf(ajlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
 135              ALERTS,
 136              cyear,
 137              months[cmon],
 138              "alerts",
 139              cday);
 140     /* alert logfile old  */
 141     snprintf(ajlogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
 142              ALERTS,
 143              pp_old->tm_year + 1900,
 144              months[pp_old->tm_mon],
 145              "alerts",
 146              pp_old->tm_mday);
 147
 148     int exists = 0;
 149     FILE *fopnetest;
 150
 151     if ((fopnetest = fopen(ajlogfile, "r"))) {
 152         exists = 1;
 153         fclose(fopnetest);
 154     }
 155
 156     if ((fopnetest = fopen(ajlogfile_old, "r"))) {
 157         exists = 1;
 158         fclose(fopnetest);
 159     }
 160
 161     if (exists) {
 162         /* Only if there is a file to operate on. */
 163         OS_SignLog(ajlogfile, ajlogfile_old, 1);
 164         OS_CompressLog(ajlogfile);
 165     }
 166
 167     /* firewall events */
 168     snprintf(flogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
 169              FWLOGS,
 170              cyear,
 171              months[cmon],
 172              "firewall",
 173              cday);
 174     /* firewall events old */
 175     snprintf(flogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
 176              FWLOGS,
 177              pp_old->tm_year + 1900,
 178              months[pp_old->tm_mon],
 179              "firewall",
 180              pp_old->tm_mday);
 181     OS_SignLog(flogfile, flogfile_old, 0);
 182     OS_CompressLog(flogfile);
 183
 184     return;
 185 }
 186