1 /* Copyright (C) 2009 Trend Micro Inc.
2 * All right reserved.
3 *
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
7 * Foundation
8 */
9
10 #include "shared.h"
11 #include "monitord.h"
12
13 static const char *(months[]) = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
14 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
15 };
16
17
manage_files(int cday,int cmon,int cyear)18 void manage_files(int cday, int cmon, int cyear)
19 {
20 time_t tm_old;
21 struct tm *pp_old;
22
23 #ifndef SOLARIS
24 struct tm p_old;
25 #endif
26
27 char elogfile[OS_FLSIZE + 1];
28 char elogfile_old[OS_FLSIZE + 1];
29
30 char alogfile[OS_FLSIZE + 1];
31 char alogfile_old[OS_FLSIZE + 1];
32
33 char ajlogfile[OS_FLSIZE + 1];
34 char ajlogfile_old[OS_FLSIZE + 1];
35
36 char flogfile[OS_FLSIZE + 1];
37 char flogfile_old[OS_FLSIZE + 1];
38
39 char ejlogfile[OS_FLSIZE + 1];
40 char ejlogfile_old[OS_FLSIZE + 1];
41
42 /* Get time from the day before (for log signing) */
43 tm_old = time(NULL);
44 tm_old -= 93500;
45 #ifndef SOLARIS
46 pp_old = localtime_r(&tm_old, &p_old);
47 #else
48 pp_old = localtime(&tm_old);
49 #endif
50
51 memset(elogfile, '\0', OS_FLSIZE + 1);
52 memset(elogfile_old, '\0', OS_FLSIZE + 1);
53 memset(alogfile, '\0', OS_FLSIZE + 1);
54 memset(alogfile_old, '\0', OS_FLSIZE + 1);
55 memset(ajlogfile, '\0', OS_FLSIZE + 1);
56 memset(ajlogfile_old, '\0', OS_FLSIZE + 1);
57 memset(flogfile, '\0', OS_FLSIZE + 1);
58 memset(flogfile_old, '\0', OS_FLSIZE + 1);
59 memset(ejlogfile, '\0', OS_FLSIZE + 1);
60 memset(ejlogfile_old, '\0', OS_FLSIZE + 1);
61 /* When the day changes, we wait up to day_wait before compressing the file */
62 sleep(mond.day_wait);
63
64 /* Event logfile */
65 snprintf(elogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
66 EVENTS,
67 cyear,
68 months[cmon],
69 "archive",
70 cday);
71 /* Event log file old */
72 snprintf(elogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
73 EVENTS,
74 pp_old->tm_year + 1900,
75 months[pp_old->tm_mon],
76 "archive",
77 pp_old->tm_mday);
78 OS_SignLog(elogfile, elogfile_old, 0);
79 OS_CompressLog(elogfile);
80
81 /* JSON Event logfile */
82 snprintf(ejlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
83 EVENTS,
84 cyear,
85 months[cmon],
86 "archive",
87 cday);
88 /* JSON Event log file old */
89 snprintf(ejlogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
90 EVENTS,
91 pp_old->tm_year + 1900,
92 months[pp_old->tm_mon],
93 "archive",
94 pp_old->tm_mday);
95
96 int exists_json_events = 0;
97 FILE *fopnetestjsonevents;
98
99 if ((fopnetestjsonevents = fopen(ejlogfile, "r"))) {
100 exists_json_events = 1;
101 fclose(fopnetestjsonevents);
102 }
103
104 if ((fopnetestjsonevents = fopen(ejlogfile_old, "r"))) {
105 exists_json_events = 1;
106 fclose(fopnetestjsonevents);
107 }
108
109 if (exists_json_events) {
110 /* Only if there is a file to operate on. */
111 OS_SignLog(ejlogfile, ejlogfile_old, 0);
112 OS_CompressLog(ejlogfile);
113 }
114
115
116 /* alert logfile */
117 snprintf(alogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
118 ALERTS,
119 cyear,
120 months[cmon],
121 "alerts",
122 cday);
123 /* alert logfile old */
124 snprintf(alogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
125 ALERTS,
126 pp_old->tm_year + 1900,
127 months[pp_old->tm_mon],
128 "alerts",
129 pp_old->tm_mday);
130 OS_SignLog(alogfile, alogfile_old, 1);
131 OS_CompressLog(alogfile);
132
133 /* alert logfile */
134 snprintf(ajlogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
135 ALERTS,
136 cyear,
137 months[cmon],
138 "alerts",
139 cday);
140 /* alert logfile old */
141 snprintf(ajlogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.json",
142 ALERTS,
143 pp_old->tm_year + 1900,
144 months[pp_old->tm_mon],
145 "alerts",
146 pp_old->tm_mday);
147
148 int exists = 0;
149 FILE *fopnetest;
150
151 if ((fopnetest = fopen(ajlogfile, "r"))) {
152 exists = 1;
153 fclose(fopnetest);
154 }
155
156 if ((fopnetest = fopen(ajlogfile_old, "r"))) {
157 exists = 1;
158 fclose(fopnetest);
159 }
160
161 if (exists) {
162 /* Only if there is a file to operate on. */
163 OS_SignLog(ajlogfile, ajlogfile_old, 1);
164 OS_CompressLog(ajlogfile);
165 }
166
167 /* firewall events */
168 snprintf(flogfile, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
169 FWLOGS,
170 cyear,
171 months[cmon],
172 "firewall",
173 cday);
174 /* firewall events old */
175 snprintf(flogfile_old, OS_FLSIZE, "%s/%d/%s/ossec-%s-%02d.log",
176 FWLOGS,
177 pp_old->tm_year + 1900,
178 months[pp_old->tm_mon],
179 "firewall",
180 pp_old->tm_mday);
181 OS_SignLog(flogfile, flogfile_old, 0);
182 OS_CompressLog(flogfile);
183
184 return;
185 }
186
187