tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2010-11-15 Ramon Novoa <rnovoa@artica.es> 

* modules/pandora_module_logevent.cc,
	  modules/pandora_module_logevent.h: Search for event log descriptions
	  in multiple DLLs if necessary. Improved event log error detection.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3588 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2010-11-15 16:30:26 +00:00
parent 96de9ef5b8
commit 81bb7cd037
3 changed files with 49 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_agents/win32/ChangeLog
View File

@ -1,3 +1,9 @@
2010-11-15 Ramon Novoa <rnovoa@artica.es>
* modules/pandora_module_logevent.cc,
modules/pandora_module_logevent.h: Search for event log descriptions
in multiple DLLs if necessary. Improved event log error detection.
2010-11-14 Sancho Lerena <slerena@artica.es>
* bin/util/pandora_update.exe: This small binary (see the Unix

50
pandora_agents/win32/modules/pandora_module_logevent.cc
View File

@ -64,6 +64,7 @@ Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, st
this->pattern = pattern;
this->application = application;
this->log_event = NULL;
this->first_run = 1;
this->setKind (module_logevent_str);
}
@ -127,8 +128,11 @@ Pandora_Module_Logevent::openLogEvent () {
return NULL;
}
// Discard existing events
// Discard existing events the first time the module is executed
if (this->first_run == 1) {
this->getLogEvents (event_list, 1);
this->first_run = 0;
}
return this->log_event;
}
@ -200,6 +204,11 @@ Pandora_Module_Logevent::getLogEvents (list<string> &event_list, unsigned char d
// Try to read the event again
continue;
// File corrupted or cleared
} else if (last_error == ERROR_EVENTLOG_FILE_CORRUPT || last_error == ERROR_EVENTLOG_FILE_CHANGED) {
closeLogEvent ();
free ((void *) buffer);
return -1;
}
// Unknown error
else {
@ -289,6 +298,7 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
DWORD max_path, type;
LPCSTR source_name;
TCHAR **strings = NULL;
char *dll_start = NULL, *dll_end = NULL, *exe_file_path_end = NULL;
message[0] = 0;
@ -309,14 +319,6 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
strncpy(exe_file_path, exe_file, _MAX_PATH + 1);
}
// Load the DLL
module = LoadLibraryEx (exe_file_path, 0, DONT_RESOLVE_DLL_REFERENCES);
if(module == NULL) {
RegCloseKey(hk);
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
return;
}
// Get the event strings
strings = (TCHAR**)malloc (pevlr->NumStrings * sizeof(TCHAR *));
if (strings == NULL) {
@ -339,9 +341,35 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
offset += len + 1;
}
// Move to the first DLL
dll_start = (char *) exe_file_path;
dll_end = strchr (exe_file_path, ';');
if (dll_end != NULL) {
*dll_end = '\0';
}
exe_file_path_end = ((char *) exe_file_path) + _MAX_PATH * sizeof (TCHAR);
while (1) {
// Load the DLL
module = LoadLibraryEx (dll_start, 0, DONT_RESOLVE_DLL_REFERENCES);
if(module == NULL) {
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
} else {
// Get the description
if (FormatMessage (FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, module, pevlr->EventID, 0, (LPTSTR)message, BUFFER_SIZE, strings) == 0) {
message[0] = 0;
FormatMessage (FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, module, pevlr->EventID, 0, (LPTSTR)message, BUFFER_SIZE, strings);
}
// No more DLLs
if (dll_end == NULL || dll_end >= exe_file_path_end) {
break;
}
// Move to the next DLL
dll_start = dll_end + sizeof (TCHAR);
dll_end = strchr (dll_start, ';');
if (dll_end != NULL) {
*dll_end = '\0';
}
}
// Clean up

1
pandora_agents/win32/modules/pandora_module_logevent.h
View File

@ -41,6 +41,7 @@ namespace Pandora_Modules {
private:
unsigned long id;
int type;
unsigned char first_run;
string source;
string application;
string pattern;