--- /dev/null
+@echo off
+
+rem Searching for IIS logs.
+rem If we find any log in the NCSA or W3C extended format,
+rem change the config to support that. If not, let the user know.
+rem Example of log to look: nc060215.log or ex060723.log
+
+echo.
+echo Looking for IIS log files to monitor.
+echo For more information visit:
+echo http://www.ossec.net/en/manual.html#iis
+echo.
+echo.
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC1\nc??????.log (
+ echo * IIS NCSA log found. Changing config to read it.
+ echo. >> ossec.conf
+ echo ^<ossec_config^> >> ossec.conf
+ echo ^<localfile^> >> ossec.conf
+ echo ^<location^>%WinDir%\System32\LogFiles\W3SVC1\nc%%y%%m%%d.log^</location^> >> ossec.conf
+ echo ^<log_format^>iis^</log_format^> >> ossec.conf
+ echo ^</localfile^> >> ossec.conf
+ echo ^</ossec_config^> >> ossec.conf
+ pause
+ )
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC1\ex??????.log (
+ echo * IIS W3C extended log found. Changing config to read it.
+ echo. >> ossec.conf
+ echo ^<ossec_config^> >> ossec.conf
+ echo ^<localfile^> >> ossec.conf
+ echo ^<location^>%WinDir%\System32\LogFiles\W3SVC1\ex%%y%%m%%d.log^</location^> >> ossec.conf
+ echo ^<log_format^>iis^</log_format^> >> ossec.conf
+ echo ^</localfile^> >> ossec.conf
+ echo ^</ossec_config^> >> ossec.conf
+ pause
+ )
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC3\ex??????.log (
+ echo * IIS W3C extended log found. Changing config to read it.
+ echo. >> ossec.conf
+ echo ^<ossec_config^> >> ossec.conf
+ echo ^<localfile^> >> ossec.conf
+ echo ^<location^>%WinDir%\System32\LogFiles\W3SVC3\nc%%y%%m%%d.log^</location^> >> ossec.conf
+ echo ^<log_format^>iis^</log_format^> >> ossec.conf
+ echo ^</localfile^> >> ossec.conf
+ echo ^</ossec_config^> >> ossec.conf
+ pause
+ )
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC1 (
+ echo * IIS Log found. Look at the link above if you want to monitor it.
+ pause
+ exit )
+
+rem EOF
+