From 1c1c0200a58acd771a94162acc0ca1f167f2b599 Mon Sep 17 00:00:00 2001 From: Ramon Novoa Date: Thu, 19 Jun 2008 15:55:44 +0000 Subject: [PATCH] 2008-06-19 Ramon Novoa * win32/windows/pandora_wmi.cc, win32/windows/pandora_wmi.h, win32/modules/pandora_module.h, win32/modules/pandora_module_logevent.cc, win32/modules/pandora_data.cc, win32/modules/pandora_data.h, win32/modules/pandora_module.cc: Data timestamps are taken from the log file itself. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@888 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_agents/ChangeLog | 9 +++ pandora_agents/win32/modules/pandora_data.cc | 18 ++++++ pandora_agents/win32/modules/pandora_data.h | 1 + .../win32/modules/pandora_module.cc | 18 ++++++ pandora_agents/win32/modules/pandora_module.h | 2 + .../win32/modules/pandora_module_logevent.cc | 15 ++++- pandora_agents/win32/windows/pandora_wmi.cc | 62 +++++++++++-------- pandora_agents/win32/windows/pandora_wmi.h | 3 +- 8 files changed, 99 insertions(+), 29 deletions(-) diff --git a/pandora_agents/ChangeLog b/pandora_agents/ChangeLog index dbf5323302..96383c60ef 100644 --- a/pandora_agents/ChangeLog +++ b/pandora_agents/ChangeLog @@ -1,3 +1,12 @@ +2008-06-19 Ramon Novoa + + * win32/windows/pandora_wmi.cc, win32/windows/pandora_wmi.h, + win32/modules/pandora_module.h, + win32/modules/pandora_module_logevent.cc, + win32/modules/pandora_data.cc, win32/modules/pandora_data.h, + win32/modules/pandora_module.cc: Data timestamps are taken from + the log file itself. + 2008-06-18 Ramon Novoa * win32/modules/pandora_module_logevent.cc: Fixed execution interval. diff --git a/pandora_agents/win32/modules/pandora_data.cc b/pandora_agents/win32/modules/pandora_data.cc index df22d55fcc..26aa2ef473 100644 --- a/pandora_agents/win32/modules/pandora_data.cc +++ b/pandora_agents/win32/modules/pandora_data.cc @@ -35,6 +35,24 @@ Pandora_Data::Pandora_Data (string value) { GetSystemTime (&(this->timestamp)); } +/** + * Pandora_Data constructor. + * + * Set all attributes + * + * @param value Data value. + * @param system_time Timestamp. + */ +Pandora_Data::Pandora_Data (string value, SYSTEMTIME *system_time) { + this->value = value; + this->timestamp.wYear = system_time->wYear; + this->timestamp.wMonth = system_time->wMonth; + this->timestamp.wDay = system_time->wDay; + this->timestamp.wHour = system_time->wHour; + this->timestamp.wMinute = system_time->wMinute; + this->timestamp.wSecond = system_time->wSecond; +} + /** * Pandora_Data default constructor * diff --git a/pandora_agents/win32/modules/pandora_data.h b/pandora_agents/win32/modules/pandora_data.h index 153f62e46b..c03477a379 100644 --- a/pandora_agents/win32/modules/pandora_data.h +++ b/pandora_agents/win32/modules/pandora_data.h @@ -38,6 +38,7 @@ namespace Pandora { public: Pandora_Data (); Pandora_Data (string value); + Pandora_Data (string value, SYSTEMTIME *system_time); ~Pandora_Data (); string getValue () const; diff --git a/pandora_agents/win32/modules/pandora_module.cc b/pandora_agents/win32/modules/pandora_module.cc index b7b19cc93f..ee43cbf70a 100644 --- a/pandora_agents/win32/modules/pandora_module.cc +++ b/pandora_agents/win32/modules/pandora_module.cc @@ -243,6 +243,24 @@ Pandora_Module::setOutput (string output) { this->data_list->push_back (data); } +/** + * Set the output of the module. + * + * If the function is called more than once before calling getXML, the + * output will be accumulated and added to a tag. + * + * @param output Output to add. + * @param system_time Timestamp. + */ +void +Pandora_Module::setOutput (string output, SYSTEMTIME *system_time) { + Pandora_Data *data; + + if (this->data_list == NULL) + this->data_list = new list (); + data = new Pandora_Data (output, system_time); + this->data_list->push_back (data); +} /** * Run the module and generates the output. diff --git a/pandora_agents/win32/modules/pandora_module.h b/pandora_agents/win32/modules/pandora_module.h index 560551704c..2ab36ce82e 100644 --- a/pandora_agents/win32/modules/pandora_module.h +++ b/pandora_agents/win32/modules/pandora_module.h @@ -153,6 +153,8 @@ namespace Pandora_Modules { virtual void run (); virtual void setOutput (string output); + virtual void setOutput (string output, SYSTEMTIME *system_time); + string getName () const; string getDescription () const; diff --git a/pandora_agents/win32/modules/pandora_module_logevent.cc b/pandora_agents/win32/modules/pandora_module_logevent.cc index 725665908a..2160fb2419 100755 --- a/pandora_agents/win32/modules/pandora_module_logevent.cc +++ b/pandora_agents/win32/modules/pandora_module_logevent.cc @@ -48,6 +48,7 @@ Pandora_Module_Logevent::run () { list event_list; list::iterator event; Pandora_Agent_Conf::Pandora_Agent_Conf *conf; + SYSTEMTIME system_time; conf = Pandora_Agent_Conf::getInstance (); @@ -67,7 +68,7 @@ Pandora_Module_Logevent::run () { return; } - Pandora_Wmi::getEventList (this->source, this->type, this->pattern, this->getInterval (), event_list); + Pandora_Wmi::getEventList (this->source, this->type, this->pattern, interval, event_list); // No data if (event_list.size () < 1) { @@ -76,6 +77,16 @@ Pandora_Module_Logevent::run () { } for(event = event_list.begin (); event != event_list.end(); ++event) { - this->setOutput (*event); + // No WMI timestamp? + if (event->size () < 26) { + this->setOutput (*event); + continue; + } + + // Get the timestamp + Pandora_Wmi::convertWMIDate(event->substr (0, 26), &system_time); + + // Store the data + this->setOutput (event->substr (26), &system_time); } } diff --git a/pandora_agents/win32/windows/pandora_wmi.cc b/pandora_agents/win32/windows/pandora_wmi.cc index 4abf349a58..e1c7a62f39 100644 --- a/pandora_agents/win32/windows/pandora_wmi.cc +++ b/pandora_agents/win32/windows/pandora_wmi.cc @@ -430,7 +430,7 @@ Pandora_Wmi::getEventList (string source, string type, string pattern, int inter // LIKE is not always available, we have to filter ourselves if (pattern.empty() || (message.find(pattern) != string::npos)) { - event = convertWMIDate(timestamp) + " " + message; + event = timestamp + " " + message; event_list.push_back(event); } @@ -449,9 +449,9 @@ Pandora_Wmi::getEventList (string source, string type, string pattern, int inter */ string Pandora_Wmi::getTimestampLimit (int interval) { - char limit_str[26]; - time_t limit_time; - struct tm *limit_tm = NULL; + char limit_str[26], diff_sign; + time_t limit_time, limit_time_utc, limit_diff; + struct tm *limit_tm = NULL, *limit_tm_utc = NULL; // Get current time limit_time = time(0); @@ -459,39 +459,49 @@ Pandora_Wmi::getTimestampLimit (int interval) { return ""; } - // Substract the agent interval - limit_time -= interval; + // Get UTC time + limit_tm_utc = gmtime (&limit_time); + limit_time_utc = mktime (limit_tm_utc); - limit_tm = localtime (&limit_time); + // Calculate the difference in minutes + limit_diff = limit_time - limit_time_utc; + if (limit_diff >= 0) { + diff_sign = '+'; + } + else { + diff_sign = '-'; + } + limit_diff = abs(limit_diff); + limit_diff /= 60; + + // Substract the agent interval + limit_time_utc -= interval; + + limit_tm = localtime (&limit_time_utc); if (limit_tm == NULL) { return ""; } - + // WMI date format: yyyymmddHHMMSS.xxxxxx+UUU - snprintf (limit_str, 26, "%.4d%.2d%.2d%.2d%.2d%.2d.000000+000", + snprintf (limit_str, 26, "%.4d%.2d%.2d%.2d%.2d%.2d.000000%c%.3d", limit_tm->tm_year + 1900, limit_tm->tm_mon + 1, limit_tm->tm_mday, limit_tm->tm_hour, - limit_tm->tm_min, limit_tm->tm_sec); + limit_tm->tm_min, limit_tm->tm_sec, diff_sign, limit_diff); + limit_str[25] = '\0'; return string (limit_str); } /* - * Converts a date in WMI format to 'dd-mm-YYYY HH:MM:SS' - * - * @return The date in the new format. + * Converts a date in WMI format to SYSTEMTIME format. */ -string -Pandora_Wmi::convertWMIDate (string wmi_date) { - string year, month, day, hour, minute, second; - - year = wmi_date.substr (0, 4); - month = wmi_date.substr (4, 2); - day = wmi_date.substr (6, 2); - hour = wmi_date.substr (8, 2); - minute = wmi_date.substr (10, 2); - second = wmi_date.substr (12, 2); - - return string (year + "-" + month + "-" + day + " " + - hour + ":" + minute + ":" + second); +void +Pandora_Wmi::convertWMIDate (string wmi_date, SYSTEMTIME *system_time) { + + system_time->wYear = atoi(wmi_date.substr (0, 4).c_str()); + system_time->wMonth = atoi(wmi_date.substr (4, 2).c_str()); + system_time->wDay = atoi(wmi_date.substr (6, 2).c_str()); + system_time->wHour = atoi(wmi_date.substr (8, 2).c_str()); + system_time->wMinute = atoi(wmi_date.substr (10, 2).c_str()); + system_time->wSecond = atoi(wmi_date.substr (12, 2).c_str()); } diff --git a/pandora_agents/win32/windows/pandora_wmi.h b/pandora_agents/win32/windows/pandora_wmi.h index ae8c0cb45b..252824da77 100644 --- a/pandora_agents/win32/windows/pandora_wmi.h +++ b/pandora_agents/win32/windows/pandora_wmi.h @@ -49,7 +49,8 @@ namespace Pandora_Wmi { string getSystemName (); void getEventList (string source, string type, string pattern, int interval, list &event_list); string getTimestampLimit (int interval); - string convertWMIDate (string wmi_date); + void convertWMIDate (string wmi_date, SYSTEMTIME *system_time); + };