tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2013-06-14 Ramon Novoa <rnovoa@artica.es> 

* modules/pandora_module_logevent.h,
	  modules/pandora_module_logevent.cc: Merged from 4.0 branch. Improved
	  the reading of log event descriptions.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8330 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Ramon Novoa 2013-06-14 10:58:24 +00:00
parent 5add503841
commit 62488ffead
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_agents/win32/ChangeLog
View File

@ -1,3 +1,9 @@
2013-06-14 Ramon Novoa <rnovoa@artica.es>
* modules/pandora_module_logevent.h,
modules/pandora_module_logevent.cc: Merged from 4.0 branch. Improved
the reading of log event descriptions.
2013-04-17 Ramon Novoa <rnovoa@artica.es> 2013-04-17 Ramon Novoa <rnovoa@artica.es>
* windows/pandora_wmi.cc: Fixed a bug when concatenating multiple ip * windows/pandora_wmi.cc: Fixed a bug when concatenating multiple ip

14
pandora_agents/win32/modules/pandora_module_logevent.cc
View File

@ -245,10 +245,14 @@ Pandora_Module_Logevent::getLogEvents (list<string> &event_list, unsigned char d
// Process read events // Process read events
while (read > 0) { while (read > 0) {
// Retrieve the event description // Retrieve the event description (LOAD_LIBRARY_AS_IMAGE_RESOURCE | LOAD_LIBRARY_AS_DATAFILE)
getEventDescription (pevlr, description); getEventDescription (pevlr, description, 0x20 | 0x02);
if (description[0] == '\0') { if (description[0] == '\0') {
strcpy (description, "N/A"); // Retrieve the event description (DONT_RESOLVE_DLL_REFERENCES)
getEventDescription (pevlr, description, DONT_RESOLVE_DLL_REFERENCES);
if (description[0] == '\0') {
strcpy (description, "N/A");
}
} }
// Filter the event // Filter the event
@ -349,7 +353,7 @@ Pandora_Module_Logevent::timestampToSystemtime (string timestamp, SYSTEMTIME *sy
* @return 0 if the description could be retrieved, -1 otherwise. * @return 0 if the description could be retrieved, -1 otherwise.
*/ */
void void
Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *message) { Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *message, DWORD flags) {
int i, j, len, offset; int i, j, len, offset;
LPBYTE data = 0; LPBYTE data = 0;
HMODULE module = 0; HMODULE module = 0;
@ -412,7 +416,7 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
while (1) { while (1) {
// Load the DLL // Load the DLL
module = LoadLibraryEx (dll_start, 0, 0x20 | 2); module = LoadLibraryEx (dll_start, 0, flags);
if(module == NULL) { if(module == NULL) {
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path); pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
} else { } else {

2
pandora_agents/win32/modules/pandora_module_logevent.h
View File

@ -54,7 +54,7 @@ namespace Pandora_Modules {
void closeLogEvent (); void closeLogEvent ();
int getLogEvents (list<string> &event_list, unsigned char discard); int getLogEvents (list<string> &event_list, unsigned char discard);
void timestampToSystemtime (string timestamp, SYSTEMTIME *system_time); void timestampToSystemtime (string timestamp, SYSTEMTIME *system_time);
void getEventDescription (PEVENTLOGRECORD pevlr, char *message); void getEventDescription (PEVENTLOGRECORD pevlr, char *message, DWORD flags);
int filterEvent (PEVENTLOGRECORD pevlr, string description); int filterEvent (PEVENTLOGRECORD pevlr, string description);
public: public: