tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2013-06-14 Ramon Novoa <rnovoa@artica.es> 

* modules/pandora_module_logevent.h,
	  modules/pandora_module_logevent.cc: Merged from 4.0 branch. Improved
	  the reading of log event descriptions.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8330 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Ramon Novoa 2013-06-14 10:58:24 +00:00
parent 5add503841
commit 62488ffead
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_agents/win32/ChangeLog
View File

@ -1,3 +1,9 @@
2013-06-14 Ramon Novoa <rnovoa@artica.es>
* modules/pandora_module_logevent.h,
modules/pandora_module_logevent.cc: Merged from 4.0 branch. Improved
the reading of log event descriptions.
2013-04-17 Ramon Novoa <rnovoa@artica.es>
* windows/pandora_wmi.cc: Fixed a bug when concatenating multiple ip

14
pandora_agents/win32/modules/pandora_module_logevent.cc
View File

@ -245,10 +245,14 @@ Pandora_Module_Logevent::getLogEvents (list<string> &event_list, unsigned char d
// Process read events
while (read > 0) {
// Retrieve the event description
getEventDescription (pevlr, description);
// Retrieve the event description (LOAD_LIBRARY_AS_IMAGE_RESOURCE | LOAD_LIBRARY_AS_DATAFILE)
getEventDescription (pevlr, description, 0x20 | 0x02);
if (description[0] == '\0') {
strcpy (description, "N/A");
// Retrieve the event description (DONT_RESOLVE_DLL_REFERENCES)
getEventDescription (pevlr, description, DONT_RESOLVE_DLL_REFERENCES);
if (description[0] == '\0') {
strcpy (description, "N/A");
}
}
// Filter the event
@ -349,7 +353,7 @@ Pandora_Module_Logevent::timestampToSystemtime (string timestamp, SYSTEMTIME *sy
* @return 0 if the description could be retrieved, -1 otherwise.
*/
void
Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *message) {
Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *message, DWORD flags) {
int i, j, len, offset;
LPBYTE data = 0;
HMODULE module = 0;
@ -412,7 +416,7 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
while (1) {
// Load the DLL
module = LoadLibraryEx (dll_start, 0, 0x20 | 2);
module = LoadLibraryEx (dll_start, 0, flags);
if(module == NULL) {
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
} else {

2
pandora_agents/win32/modules/pandora_module_logevent.h
View File

@ -54,7 +54,7 @@ namespace Pandora_Modules {
void closeLogEvent ();
int getLogEvents (list<string> &event_list, unsigned char discard);
void timestampToSystemtime (string timestamp, SYSTEMTIME *system_time);
void getEventDescription (PEVENTLOGRECORD pevlr, char *message);
void getEventDescription (PEVENTLOGRECORD pevlr, char *message, DWORD flags);
int filterEvent (PEVENTLOGRECORD pevlr, string description);
public: