tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 00:04:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

2008-06-13 Ramon Novoa <rnovoa@artica.es>

Browse Source 
* win32/PandoraAgent.dev: Updated.
        * win32/windows/pandora_wmi.cc, win32/windows/pandora_wmi.h,
          win32/pandora_windows_service.cc, win32/modules/pandora_module.h,
          win32/modules/pandora_module_logevent.cc,
          win32/modules/pandora_module_logevent.h,
          win32/modules/pandora_module_factory.cc,
          win32/modules/pandora_module_list.cc,
          win32/modules/pandora_module.c: Added a new module that checks for
          log events using WMI queries.
        * bin/pandora_agent.conf: Added encoding option and a Logevent module
          declaration example.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@857 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2008-06-13 10:32:47 +00:00
parent fb97cf5b86
commit 7282c1eae4
12 changed files with 335 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pandora_agents/ChangeLog
View File

@ -1,3 +1,17 @@
2008-06-13 Ramon Novoa <rnovoa@artica.es>
* win32/PandoraAgent.dev: Updated.
* win32/windows/pandora_wmi.cc, win32/windows/pandora_wmi.h,
win32/pandora_windows_service.cc, win32/modules/pandora_module.h,
win32/modules/pandora_module_logevent.cc,
win32/modules/pandora_module_logevent.h,
win32/modules/pandora_module_factory.cc,
win32/modules/pandora_module_list.cc,
win32/modules/pandora_module.c: Added a new module that checks for
log events using WMI queries.
* bin/pandora_agent.conf: Added encoding option and a Logevent module
declaration example.
2008-06-11 Ramon Novoa <rnovoa@artica.es> 2008-06-11 Ramon Novoa <rnovoa@artica.es>
* win32/pandora_strutils.cc, win32/pandora_strutils.h, * win32/pandora_strutils.cc, win32/pandora_strutils.h,

22
pandora_agents/win32/PandoraAgent.dev
View File

@ -1,7 +1,7 @@
[Project] [Project]
FileName=PandoraAgent.dev FileName=PandoraAgent.dev
Name=PandoraAgent Name=PandoraAgent
UnitCount=75 UnitCount=77
Type=1 Type=1
Ver=1 Ver=1
ObjFiles= ObjFiles=
@ -797,3 +797,23 @@ Priority=1000
OverrideBuildCmd=0 OverrideBuildCmd=0
BuildCmd= BuildCmd=
[Unit76]
FileName=modules\pandora_module_logevent.cc
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit77]
FileName=modules\pandora_module_logevent.h
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=

11
pandora_agents/win32/bin/pandora_agent.conf
View File

@ -47,6 +47,9 @@ odbc_ExampleDSN_password Password1234
# If set to 1 allows the agent to be configured via the web console. # If set to 1 allows the agent to be configured via the web console.
# remote_config 0 # remote_config 0
# Set XML encoding (ISO-8859-1 by default).
# encoding ISO-8859-1
# Module Definition # Module Definition
# ================= # =================
@ -193,3 +196,11 @@ module_end
#module_cpuusage 1 #module_cpuusage 1
#module_description CPU#1 usage #module_description CPU#1 usage
#module_end #module_end
# Log events
module_begin
module_name Logevents
module_type generic_data_string
module_logevent
module_description Log Events
module_end

17
pandora_agents/win32/modules/pandora_module.cc
View File

@ -118,6 +118,9 @@ Pandora_Module::parseModuleKindFromString (string kind) {
return MODULE_CPUUSAGE; return MODULE_CPUUSAGE;
} else if (kind == module_odbc_str) { } else if (kind == module_odbc_str) {
return MODULE_ODBC; return MODULE_ODBC;
} else if (kind == module_logevent_str) {
return MODULE_LOGEVENT;
} else { } else {
return MODULE_0; return MODULE_0;
} }
@ -219,7 +222,7 @@ Pandora_Module::getDataOutput (Pandora_Data *data) {
} }
} }
return data->getValue (); return trim(data->getValue ());
} }
/** /**
@ -320,7 +323,7 @@ Pandora_Module::getXml () {
if (this->data_list && this->data_list->size () > 1) { if (this->data_list && this->data_list->size () > 1) {
list<Pandora_Data *>::iterator iter; list<Pandora_Data *>::iterator iter;
data_list_element = new TiXmlElement ("data_list"); data_list_element = new TiXmlElement ("datalist");
iter = this->data_list->begin (); iter = this->data_list->begin ();
for (iter = this->data_list->begin (); for (iter = this->data_list->begin ();
@ -429,6 +432,16 @@ Pandora_Module::setInterval (int interval) {
this->module_interval = interval; this->module_interval = interval;
} }
/**
* Get the execution interval.
*
* @return The execution interval.
*/
int
Pandora_Module::getInterval () {
return this->module_interval;
}
/** /**
* Set the module description. * Set the module description.
* *

5
pandora_agents/win32/modules/pandora_module.h
View File

@ -69,7 +69,8 @@ namespace Pandora_Modules {
MODULE_CPUUSAGE, /**< The module checks the CPU usage */ MODULE_CPUUSAGE, /**< The module checks the CPU usage */
MODULE_FREEMEMORY, /**< The module checks the amount of MODULE_FREEMEMORY, /**< The module checks the amount of
* freememory in the system */ * freememory in the system */
MODULE_ODBC /**< The module performs a SQL query via ODBC */ MODULE_ODBC, /**< The module performs a SQL query via ODBC */
MODULE_LOGEVENT /**< The module checks for log events */
} Module_Kind; } Module_Kind;
const string module_exec_str = "module_exec"; const string module_exec_str = "module_exec";
@ -79,6 +80,7 @@ namespace Pandora_Modules {
const string module_freememory_str = "module_freememory"; const string module_freememory_str = "module_freememory";
const string module_cpuusage_str = "module_cpuusage"; const string module_cpuusage_str = "module_cpuusage";
const string module_odbc_str = "module_odbc"; const string module_odbc_str = "module_odbc";
const string module_logevent_str = "module_logevent";
/** /**
* Pandora module super-class exception. * Pandora module super-class exception.
@ -144,6 +146,7 @@ namespace Pandora_Modules {
parseModuleKindFromString (string kind); parseModuleKindFromString (string kind);
void setInterval (int interval); void setInterval (int interval);
int getInterval ();
TiXmlElement *getXml (); TiXmlElement *getXml ();

28
pandora_agents/win32/modules/pandora_module_factory.cc
View File

@ -27,6 +27,7 @@
#include "pandora_module_freememory.h" #include "pandora_module_freememory.h"
#include "pandora_module_cpuusage.h" #include "pandora_module_cpuusage.h"
#include "pandora_module_odbc.h" #include "pandora_module_odbc.h"
#include "pandora_module_logevent.h"
#include "../pandora_strutils.h" #include "../pandora_strutils.h"
#include <list> #include <list>
@ -48,6 +49,10 @@ using namespace Pandora_Strutils;
#define TOKEN_MIN ("module_min ") #define TOKEN_MIN ("module_min ")
#define TOKEN_DESCRIPTION ("module_description ") #define TOKEN_DESCRIPTION ("module_description ")
#define TOKEN_ODBC_QUERY ("module_odbc_query ") #define TOKEN_ODBC_QUERY ("module_odbc_query ")
#define TOKEN_LOGEVENT ("module_logevent")
#define TOKEN_SOURCE ("module_source ")
#define TOKEN_EVENTTYPE ("module_eventtype ")
#define TOKEN_PATTERN ("module_pattern ")
string string
parseLine (string line, string token) { parseLine (string line, string token) {
@ -82,6 +87,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
string module_interval, module_proc, module_service; string module_interval, module_proc, module_service;
string module_freedisk, module_cpuusage, module_odbc; string module_freedisk, module_cpuusage, module_odbc;
string module_odbc_query, module_dsn, module_freememory; string module_odbc_query, module_dsn, module_freememory;
string module_logevent, module_source, module_eventtype, module_pattern;
Pandora_Module *module; Pandora_Module *module;
bool numeric; bool numeric;
Module_Type type; Module_Type type;
@ -97,6 +103,11 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
module_service = ""; module_service = "";
module_odbc = ""; module_odbc = "";
module_odbc_query = ""; module_odbc_query = "";
module_odbc = "";
module_logevent = "";
module_source = "";
module_eventtype = "";
module_pattern = "";
stringtok (tokens, definition, "\n"); stringtok (tokens, definition, "\n");
@ -149,6 +160,18 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
if (module_odbc_query == "") { if (module_odbc_query == "") {
module_odbc_query = parseLine (line, TOKEN_ODBC_QUERY); module_odbc_query = parseLine (line, TOKEN_ODBC_QUERY);
} }
if (module_logevent == "") {
module_logevent = parseLine (line, TOKEN_LOGEVENT);
}
if (module_source == "") {
module_source = parseLine (line, TOKEN_SOURCE);
}
if (module_eventtype == "") {
module_eventtype = parseLine (line, TOKEN_EVENTTYPE);
}
if (module_pattern == "") {
module_pattern = parseLine (line, TOKEN_PATTERN);
}
iter++; iter++;
} }
@ -186,6 +209,11 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
module = new Pandora_Module_Odbc (module_name, module = new Pandora_Module_Odbc (module_name,
module_odbc, module_odbc,
module_odbc_query); module_odbc_query);
} else if (module_logevent != "") {
module = new Pandora_Module_Logevent (module_name,
module_source,
module_eventtype,
module_pattern);
} else { } else {
return NULL; return NULL;
} }

6
pandora_agents/win32/modules/pandora_module_list.cc
View File

@ -27,6 +27,7 @@
#include "pandora_module_freememory.h" #include "pandora_module_freememory.h"
#include "pandora_module_cpuusage.h" #include "pandora_module_cpuusage.h"
#include "pandora_module_odbc.h" #include "pandora_module_odbc.h"
#include "pandora_module_logevent.h"
#include <fstream> #include <fstream>
using namespace std; using namespace std;
@ -115,6 +116,7 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
Pandora_Module_Cpuusage *module_cpuusage; Pandora_Module_Cpuusage *module_cpuusage;
Pandora_Module_Freememory *module_freememory; Pandora_Module_Freememory *module_freememory;
Pandora_Module_Odbc *module_odbc; Pandora_Module_Odbc *module_odbc;
Pandora_Module_Logevent *module_logevent;
module = Pandora_Module_Factory::getModuleFromDefinition (definition); module = Pandora_Module_Factory::getModuleFromDefinition (definition);
@ -156,6 +158,10 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
module_odbc = (Pandora_Module_Odbc *) module; module_odbc = (Pandora_Module_Odbc *) module;
modules->push_back (module_odbc); modules->push_back (module_odbc);
break; break;
case MODULE_LOGEVENT:
module_logevent = (Pandora_Module_Logevent *) module;
modules->push_back (module_logevent);
break;
default: default:
break; break;
} }

59
pandora_agents/win32/modules/pandora_module_logevent.cc Executable file
View File

@ -0,0 +1,59 @@
/* Pandora logevent module. This module checks for log events that match a given
pattern.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include "pandora_module_logevent.h"
#include "../windows/pandora_wmi.h"
using namespace Pandora;
using namespace Pandora_Modules;
/**
* Creates a Pandora_Module_Logevent object.
*
* @param name Module name.
* @param service_name Service internal name to check.
*/
Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, string type, string pattern)
: Pandora_Module (name) {
this->source = source;
this->type = type;
this->pattern = pattern;
this->setKind (module_logevent_str);
}
void
Pandora_Module_Logevent::run () {
list<string> event_list;
list<string>::iterator event;
try {
Pandora_Module::run ();
} catch (Interval_Not_Fulfilled e) {
return;
}
Pandora_Wmi::getEventList (this->source, this->type, this->pattern, this->getInterval (), event_list);
for(event = event_list.begin (); event != event_list.end(); ++event) {
this->setOutput (*event);
}
}

45
pandora_agents/win32/modules/pandora_module_logevent.h Executable file
View File

@ -0,0 +1,45 @@
/* Pandora logevent module. This module checks for log events that match a given
pattern.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PANDORA_MODULE_LOGEVENT_H__
#define __PANDORA_MODULE_LOGEVENT_H__
#include "pandora_module.h"
namespace Pandora_Modules {
/**
* This module checks for log events that match a given
* pattern. Events can be filtered by source and type.
*/
class Pandora_Module_Logevent : public Pandora_Module {
private:
string source;
string type;
string pattern;
public:
Pandora_Module_Logevent (string name, string source, string type, string pattern);
void run ();
};
}
#endif

15
pandora_agents/win32/pandora_windows_service.cc
View File

@ -236,7 +236,7 @@ Pandora_Windows_Service::copyTentacleDataFile (string host,
/* tentacle_client.exe error */ /* tentacle_client.exe error */
default: default:
pandoraLog ("Tentacle client was unable to copy %s", pandoraDebug ("Tentacle client was unable to copy %s",
filename.c_str ()); filename.c_str ());
throw Pandora_Exception (); throw Pandora_Exception ();
} }
@ -432,7 +432,7 @@ Pandora_Windows_Service::recvTentacleDataFile (string host,
/* tentacle_client.exe error */ /* tentacle_client.exe error */
default: default:
pandoraLog ("Tentacle client was unable to receive file %s", pandoraDebug ("Tentacle client was unable to receive file %s",
filename.c_str ()); filename.c_str ());
throw Pandora_Exception (); throw Pandora_Exception ();
} }
@ -601,17 +601,19 @@ Pandora_Windows_Service::checkConfig () {
void void
Pandora_Windows_Service::pandora_run () { Pandora_Windows_Service::pandora_run () {
TiXmlDeclaration *decl;
TiXmlDocument *doc; TiXmlDocument *doc;
TiXmlElement *local_xml, *agent; TiXmlElement *local_xml, *agent;
string xml_filename, random_integer; string xml_filename, random_integer;
string tmp_filename, tmp_filepath; string tmp_filename, tmp_filepath;
string encoding;
bool saved; bool saved;
pandoraDebug ("Run begin"); pandoraDebug ("Run begin");
/* Check for configuration changes */ /* Check for configuration changes */
this->checkConfig (); this->checkConfig ();
execution_number++; execution_number++;
if (this->modules != NULL) { if (this->modules != NULL) {
@ -668,8 +670,15 @@ Pandora_Windows_Service::pandora_run () {
tmp_filepath = xml_filename + tmp_filename; tmp_filepath = xml_filename + tmp_filename;
/* Copy the XML to temporal file */ /* Copy the XML to temporal file */
encoding = conf->getValue ("encoding");
if (encoding == "") {
encoding = "ISO-8859-1";
}
pandoraDebug ("Copying XML on %s", tmp_filepath.c_str ()); pandoraDebug ("Copying XML on %s", tmp_filepath.c_str ());
decl = new TiXmlDeclaration( "1.0", encoding.c_str(), "" );
doc = new TiXmlDocument (tmp_filepath); doc = new TiXmlDocument (tmp_filepath);
doc->InsertEndChild (*decl);
doc->InsertEndChild (*agent); doc->InsertEndChild (*agent);
saved = doc->SaveFile(); saved = doc->SaveFile();
delete doc; delete doc;

115
pandora_agents/win32/windows/pandora_wmi.cc
View File

@ -25,6 +25,7 @@
#include <algorithm> #include <algorithm>
#include <cctype> #include <cctype>
#include <sstream> #include <sstream>
#include <ctime>
using namespace std; using namespace std;
using namespace Pandora_Wmi; using namespace Pandora_Wmi;
@ -380,3 +381,117 @@ Pandora_Wmi::getSystemName () {
return ret; return ret;
} }
/**
* Get a list of events that match a given pattern.
*
* @return The list of events.
*/
void
Pandora_Wmi::getEventList (string source, string type, string pattern, int interval, list<string> &event_list) {
CDhInitialize init;
CDispPtr wmi_svc, quickfixes;
char *value = NULL;
string event, limit, message, query, timestamp;
limit = getTimestampLimit(interval);
if (limit.empty()) {
pandoraDebug ("Pandora_Wmi::getEventList: getTimestampLimit error");
return;
}
// Build the WQL query
query = "SELECT * FROM Win32_NTLogEvent WHERE TimeWritten >= '" + limit + "'";
if (! source.empty()) {
query += " AND Logfile = '" + source + "'";
}
if (! type.empty()) {
query += " AND Type = '" + type + "'";
}
try {
dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc));
dhCheck (dhGetValue (L"%o", &quickfixes, wmi_svc,
L".ExecQuery(%s)",
query.c_str()));
FOR_EACH (quickfix, quickfixes, NULL) {
// Timestamp
dhGetValue (L"%s", &value, quickfix,
L".TimeWritten");
timestamp = value;
dhFreeString (value);
// Message
dhGetValue (L"%s", &value, quickfix,
L".Message");
message = value;
dhFreeString (value);
// LIKE is not always available, we have to filter ourselves
if (pattern.empty() || (message.find(pattern) != string::npos)) {
event = convertWMIDate(timestamp) + " " + message;
event_list.push_back(event);
}
} NEXT_THROW (quickfix);
} catch (string errstr) {
pandoraDebug ("Pandora_Wmi::getEventList: error: %s", errstr.c_str ());
}
return;
}
/**
* Returns the limit date (WMI format) for event searches.
*
* @return The timestamp in WMI format.
*/
string
Pandora_Wmi::getTimestampLimit (int interval) {
char limit_str[26];
time_t limit_time;
struct tm *limit_tm = NULL;
// Get current time
limit_time = time(0);
if (limit_time == (time_t)-1) {
return "";
}
// Substract the agent interval
limit_time -= interval;
limit_tm = localtime (&limit_time);
if (limit_tm == NULL) {
return "";
}
// WMI date format: yyyymmddHHMMSS.xxxxxx+UUU
snprintf (limit_str, 26, "%.4d%.2d%.2d%.2d%.2d%.2d.000000+000",
limit_tm->tm_year + 1900, limit_tm->tm_mon + 1,
limit_tm->tm_mday, limit_tm->tm_hour,
limit_tm->tm_min, limit_tm->tm_sec);
return string (limit_str);
}
/*
* Converts a date in WMI format to 'dd-mm-YYYY HH:MM:SS'
*
* @return The date in the new format.
*/
string
Pandora_Wmi::convertWMIDate (string wmi_date) {
string year, month, day, hour, minute, second;
year = wmi_date.substr (0, 4);
month = wmi_date.substr (4, 2);
day = wmi_date.substr (6, 2);
hour = wmi_date.substr (8, 2);
minute = wmi_date.substr (10, 2);
second = wmi_date.substr (12, 2);
return string (year + "-" + month + "-" + day + " " +
hour + ":" + minute + ":" + second);
}

5
pandora_agents/win32/windows/pandora_wmi.h
View File

@ -47,6 +47,11 @@ namespace Pandora_Wmi {
string getOSVersion (); string getOSVersion ();
string getOSBuild (); string getOSBuild ();
string getSystemName (); string getSystemName ();
void getEventList (string source, string type, string pattern, int interval, list<string> &event_list);
string getTimestampLimit (int interval);
string convertWMIDate (string wmi_date);
}; };
#endif #endif