1 /* @(#) $Id: ./src/win32/setup-iis.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
18 #include <sys/types.h>
22 #include "os_regex/os_regex.h"
25 #define OSSECCONF "ossec.conf"
26 #define OS_MAXSTR 1024
32 int direxist(char *dir)
46 int fileexist(char *file)
51 fp = fopen(file, "r");
59 int dogrep(char *file, char *str)
61 char line[OS_MAXSTR +1];
65 fp = fopen(file, "r");
70 memset(line, '\0', OS_MAXSTR +1);
72 /* Reading file and looking for str */
73 while(fgets(line, OS_MAXSTR, fp) != NULL)
75 if(OS_Match(str, line))
87 /* Getting Windows directory */
88 static void get_win_dir(char *file, int f_size)
90 ExpandEnvironmentStrings("%WINDIR%", file, f_size);
94 strncpy(file, "C:\\WINDOWS", f_size);
100 int config_dir(char *name, char *dir, char *vfile)
109 if(dogrep(OSSECCONF, vfile))
111 printf("%s: Log file already configured: '%s'.\n",
116 printf("%s: IIS directory found, but no valid log.\n", name);
117 printf("%s: You may have it configured in a format different\n"
118 " than W3C Extended or you just don't have today's\n"
119 " log available.\n", name);
120 printf("%s: http://www.ossec.net/en/manual.html#iis\n\n", name);
123 /* Add iis config config */
124 fp = fopen(OSSECCONF, "a");
127 printf("%s: Unable to edit configuration file.\n", name);
133 "<!-- IIS log file -->\r\n"
136 " <location>%s</location>\r\n"
137 " <log_format>iis</log_format>\r\n"
139 "</ossec_config>\r\n\r\n", vfile);
141 printf("%s: Action completed.\n", name);
152 /* Check if the iis file is present in the config */
153 int config_iis(char *name, char *file, char *vfile)
164 if(dogrep(OSSECCONF, vfile))
166 printf("%s: Log file already configured: '%s'.\n",
171 printf("%s: Adding IIS log file to be monitored: '%s'.\n", name,vfile);
174 /* Add iis config config */
175 fp = fopen(OSSECCONF, "a");
178 printf("%s: Unable to edit configuration file.\n", name);
184 "<!-- IIS log file -->\r\n"
187 " <location>%s</location>\r\n"
188 " <log_format>iis</log_format>\r\n"
190 "</ossec_config>\r\n\r\n", vfile);
192 printf("%s: Action completed.\n", name);
199 /* Setup windows after install */
200 int main(int argc, char **argv)
212 if(chdir(argv[1]) != 0)
214 printf("%s: Invalid directory: '%s'.\n", argv[0], argv[1]);
219 /* Checking if ossec was installed already */
220 if(!fileexist(OSSECCONF))
222 printf("%s: Unable to find ossec config: '%s'", argv[0], OSSECCONF);
226 /* Getting todays day */
232 printf("%s: Looking for IIS log files to monitor.\r\n",
234 printf("%s: For more information: http://www.ossec.net/en/win.html\r\n",
239 /* Getting windows directory */
240 get_win_dir(win_dir, sizeof(win_dir) -1);
243 /* Looking for IIS log files */
246 char lfile[OS_MAXSTR +1];
247 char vfile[OS_MAXSTR +1];
251 /* Searching for NCSA */
254 "%s\\System32\\LogFiles\\W3SVC%d\\nc%02d%02d%02d.log",
255 win_dir,i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
258 "%s\\System32\\LogFiles\\W3SVC%d\\nc%%y%%m%%d.log",
262 config_iis(argv[0], lfile, vfile);
265 /* Searching for W3C extended */
268 "%s\\System32\\LogFiles\\W3SVC%d\\ex%02d%02d%02d.log",
269 win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
273 "%s\\System32\\LogFiles\\W3SVC%d\\ex%%y%%m%%d.log",
277 if(config_iis(argv[0], lfile, vfile) == 0)
281 "%s\\System32\\LogFiles\\W3SVC%d", win_dir, i);
282 config_dir(argv[0], lfile, vfile);
286 /* Searching for FTP Extended format */
289 "%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%02d%02d%02d.log",
290 win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
294 "%s\\System32\\LogFiles\\MSFTPSVC%d\\ex%%y%%m%%d.log",
296 if(config_iis(argv[0], lfile, vfile) == 0)
300 "%s\\System32\\LogFiles\\MSFTPSVC%d", win_dir, i);
301 config_dir(argv[0], lfile, vfile);
305 /* Searching for IIS SMTP logs */
308 "%s\\System32\\LogFiles\\SMTPSVC%d\\ex%02d%02d%02d.log",
309 win_dir, i, (p->tm_year+1900)-2000, p->tm_mon+1, p->tm_mday);
313 "%s\\System32\\LogFiles\\SMTPSVC%d\\ex%%y%%m%%d.log",
315 if(config_iis(argv[0], lfile, vfile) == 0)
319 "%s\\System32\\LogFiles\\SMTPSVC%d",win_dir, i);
320 config_dir(argv[0], lfile, vfile);
326 printf("%s: No IIS log added. Look at the link above for more "
327 "information.\r\n", argv[0]);