2008-12-01 Ramon Novoa <rnovoa@artica.es>

* windows/pandora_wmi.cc, windows/pandora_wmi.h, modules/pandora_module_logevent.cc, modules/pandora_module_logevent.h, modules/pandora_module_factory.cc: Added event code filtering support to logevent module. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1271 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2008-12-01 17:49:16 +00:00 · 2008-12-01 17:49:16 +00:00 · 65ab67b296
parent 0059aad758
commit 65ab67b296
6 changed files with 27 additions and 7 deletions
--- a/pandora_agents/win32/ChangeLog
+++ b/pandora_agents/win32/ChangeLog
@ -1,3 +1,12 @@
+2008-12-01  Ramon Novoa  <rnovoa@artica.es>
+
+	* windows/pandora_wmi.cc,
+	  windows/pandora_wmi.h,
+	  modules/pandora_module_logevent.cc,
+	  modules/pandora_module_logevent.h,
+	  modules/pandora_module_factory.cc: Added event code filtering
+	  support to logevent module.
+
 2008-12-01  Esteban Sanchez  <estebans@artica.es>

 	* pandora_windows_service.cc: Removed debug output. Release mutex on
--- a/pandora_agents/win32/modules/pandora_module_factory.cc
+++ b/pandora_agents/win32/modules/pandora_module_factory.cc
@ -52,6 +52,7 @@ using namespace Pandora_Strutils;
 #define TOKEN_LOGEVENT    ("module_logevent")
 #define TOKEN_SOURCE      ("module_source ")
 #define TOKEN_EVENTTYPE   ("module_eventtype ")
+#define TOKEN_EVENTCODE   ("module_eventcode ")
 #define TOKEN_PATTERN     ("module_pattern ")
 #define TOKEN_ASYNC       ("module_async")

@ -88,7 +89,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	string                 module_interval, module_proc, module_service;
 	string                 module_freedisk, module_cpuusage, module_odbc;
 	string                 module_odbc_query, module_dsn, module_freememory;
-	string                 module_logevent, module_source, module_eventtype;
+	string                 module_logevent, module_source, module_eventtype, module_eventcode;
 	string                 module_pattern, module_async;
 	Pandora_Module        *module;
 	bool                   numeric;
@ -109,6 +110,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	module_logevent    = "";
 	module_source      = "";
 	module_eventtype   = "";
+	module_eventcode   = "";
 	module_pattern     = "";

 	stringtok (tokens, definition, "\n");
@ -171,6 +173,9 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 		if (module_eventtype == "") {
 			module_eventtype = parseLine (line, TOKEN_EVENTTYPE);
 		}
+		if (module_eventcode == "") {
+			module_eventcode = parseLine (line, TOKEN_EVENTCODE);
+		}
 		if (module_pattern == "") {
 			module_pattern = parseLine (line, TOKEN_PATTERN);
 		}
@ -218,6 +223,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 		module = new Pandora_Module_Logevent (module_name,
 				  module_source,
 				  module_eventtype,
+				  module_eventcode,
 				  module_pattern);
 	} else {
 		return NULL;
--- a/pandora_agents/win32/modules/pandora_module_logevent.cc
+++ b/pandora_agents/win32/modules/pandora_module_logevent.cc
@ -32,11 +32,12 @@ using namespace Pandora_Modules;
 * @param name Module name.
 * @param service_name Service internal name to check.
 */
-Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, string type, string pattern)
+Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, string type, string code, string pattern)
 	: Pandora_Module (name) {

 	this->source = source;
 	this->type = type;
+	this->code = code;
 	this->pattern = pattern;
 	this->setKind (module_logevent_str);
 }
@ -68,7 +69,7 @@ Pandora_Module_Logevent::run () {
 		return;
 	}
 	
-	Pandora_Wmi::getEventList (this->source, this->type, this->pattern, interval, event_list);
+	Pandora_Wmi::getEventList (this->source, this->type, this->code, this->pattern, interval, event_list);
 	
 	// No data
 	if (event_list.size () < 1) {
--- a/pandora_agents/win32/modules/pandora_module_logevent.h
+++ b/pandora_agents/win32/modules/pandora_module_logevent.h
@ -35,9 +35,10 @@ namespace Pandora_Modules {
 	private:
 		string source;
 		string type;
+		string code;
 		string pattern;
 	public:
-		Pandora_Module_Logevent (string name, string source, string type, string pattern);
+		Pandora_Module_Logevent (string name, string source, string type, string code, string pattern);
 		void run ();
 	};
 }
--- a/pandora_agents/win32/windows/pandora_wmi.cc
+++ b/pandora_agents/win32/windows/pandora_wmi.cc
@ -388,7 +388,7 @@ Pandora_Wmi::getSystemName () {
 * @return The list of events.
 */
 void
-Pandora_Wmi::getEventList (string source, string type, string pattern, int interval, list<string> &event_list) {
+Pandora_Wmi::getEventList (string source, string type, string code, string pattern, int interval, list<string> &event_list) {
 	CDhInitialize init;
 	CDispPtr      wmi_svc, quickfixes;
 	char         *value = NULL;
@ -410,6 +410,9 @@ Pandora_Wmi::getEventList (string source, string type, string pattern, int inter
 	if (! type.empty()) {
 		query += " AND Type = '" + type + "'";
 	}
+	if (! code.empty()) {
+		query += " AND EventCode = '" + code + "'";
+	}

 	try {
 		dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc));
--- a/pandora_agents/win32/windows/pandora_wmi.h
+++ b/pandora_agents/win32/windows/pandora_wmi.h
@ -47,7 +47,7 @@ namespace Pandora_Wmi {
 	string        getOSVersion          ();
 	string        getOSBuild            ();
 	string        getSystemName         ();
-	void          getEventList              (string source, string type, string pattern, int interval, list<string> &event_list);
+	void          getEventList              (string source, string type, string code, string pattern, int interval, list<string> &event_list);
 	string        getTimestampLimit         (int interval);
 	void          convertWMIDate            (string wmi_date, SYSTEMTIME *system_time);
 };