diff --git a/pandora_agents/win32/modules/pandora_module_logchannel.cc b/pandora_agents/win32/modules/pandora_module_logchannel.cc index 2c7c056565..4ec72df63c 100755 --- a/pandora_agents/win32/modules/pandora_module_logchannel.cc +++ b/pandora_agents/win32/modules/pandora_module_logchannel.cc @@ -67,16 +67,16 @@ Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source // Set the type filter int type_number = -1; - if (upper_type.compare("ERROR") == 0) { - type_number = EVENTLOG_ERROR_TYPE; + if (upper_type.compare("CRITICAL") == 0) { + type_number = WINEVENT_LEVEL_CRITICAL; + } else if (upper_type.compare("ERROR") == 0) { + type_number = WINEVENT_LEVEL_ERROR; } else if (upper_type.compare("WARNING") == 0) { - type_number = EVENTLOG_WARNING_TYPE; - } else if (upper_type.compare("INFORMATION") == 0) { - type_number = EVENTLOG_INFORMATION_TYPE; - } else if (upper_type.compare("AUDIT SUCCESS") == 0) { - type_number = EVENTLOG_AUDIT_SUCCESS; - } else if (upper_type.compare("AUDIT FAILURE") == 0) { - type_number = EVENTLOG_AUDIT_FAILURE; + type_number = WINEVENT_LEVEL_WARNING; + } else if (upper_type.compare("INFO") == 0) { + type_number = WINEVENT_LEVEL_INFO; + } else if (upper_type.compare("VERBOSE") == 0) { + type_number = WINEVENT_LEVEL_VERBOSE; } // Append type to log query if (type_number != -1) { diff --git a/pandora_agents/win32/modules/pandora_module_logchannel.h b/pandora_agents/win32/modules/pandora_module_logchannel.h index 14617037c6..19cde78b93 100755 --- a/pandora_agents/win32/modules/pandora_module_logchannel.h +++ b/pandora_agents/win32/modules/pandora_module_logchannel.h @@ -29,6 +29,13 @@ // Log event read buffer size #define BUFFER_SIZE 1024 +// WINEVENT consts +#define WINEVENT_LEVEL_CRITICAL 1 +#define WINEVENT_LEVEL_ERROR 2 +#define WINEVENT_LEVEL_WARNING 3 +#define WINEVENT_LEVEL_INFO 4 +#define WINEVENT_LEVEL_VERBOSE 5 + // Types for pointers to Wevtapi.dll functions typedef EVT_HANDLE WINAPI (*EvtQueryT) (EVT_HANDLE Session, LPCWSTR Path, LPCWSTR Query, DWORD Flags); typedef WINBOOL WINAPI (*EvtNextT) (EVT_HANDLE ResultSet, DWORD EventArraySize, EVT_HANDLE* EventArray, DWORD Timeout, DWORD Flags, PDWORD Returned);