X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=contrib%2Fiis-logs.bat;fp=contrib%2Fiis-logs.bat;h=b7f55c95925bd00456f0f41a69210ef12727550d;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b
diff --git a/contrib/iis-logs.bat b/contrib/iis-logs.bat
new file mode 100755
index 0000000..b7f55c9
--- /dev/null
+++ b/contrib/iis-logs.bat
@@ -0,0 +1,57 @@
+@echo off
+
+rem Searching for IIS logs.
+rem If we find any log in the NCSA or W3C extended format,
+rem change the config to support that. If not, let the user know.
+rem Example of log to look: nc060215.log or ex060723.log
+
+echo.
+echo Looking for IIS log files to monitor.
+echo For more information visit:
+echo http://www.ossec.net/en/manual.html#iis
+echo.
+echo.
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC1\nc??????.log (
+ echo * IIS NCSA log found. Changing config to read it.
+ echo. >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^%WinDir%\System32\LogFiles\W3SVC1\nc%%y%%m%%d.log^ >> ossec.conf
+ echo ^iis^ >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^ >> ossec.conf
+ pause
+ )
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC1\ex??????.log (
+ echo * IIS W3C extended log found. Changing config to read it.
+ echo. >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^%WinDir%\System32\LogFiles\W3SVC1\ex%%y%%m%%d.log^ >> ossec.conf
+ echo ^iis^ >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^ >> ossec.conf
+ pause
+ )
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC3\ex??????.log (
+ echo * IIS W3C extended log found. Changing config to read it.
+ echo. >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^%WinDir%\System32\LogFiles\W3SVC3\nc%%y%%m%%d.log^ >> ossec.conf
+ echo ^iis^ >> ossec.conf
+ echo ^ >> ossec.conf
+ echo ^ >> ossec.conf
+ pause
+ )
+
+IF EXIST %WinDir%\System32\LogFiles\W3SVC1 (
+ echo * IIS Log found. Look at the link above if you want to monitor it.
+ pause
+ exit )
+
+rem EOF
+