Added module_logchannel implementation to agent on module_factory
This commit is contained in:
fermin831
parent
7e4363b87a
commit
854adac713
|
|
@ -248,7 +248,9 @@ Pandora_Module::parseModuleKindFromString (string kind) {
|
||||||
} else if (kind == module_inventory_str) {
|
} else if (kind == module_inventory_str) {
|
||||||
return MODULE_INVENTORY;
|
return MODULE_INVENTORY;
|
||||||
} else if (kind == module_logevent_str) {
|
} else if (kind == module_logevent_str) {
|
||||||
return MODULE_LOGEVENT;
|
return MODULE_LOGEVENT;
|
||||||
|
} else if (kind == module_logchannel_str) {
|
||||||
|
return MODULE_LOGCHANNEL;
|
||||||
} else if (kind == module_wmiquery_str) {
|
} else if (kind == module_wmiquery_str) {
|
||||||
return MODULE_WMIQUERY;
|
return MODULE_WMIQUERY;
|
||||||
} else if (kind == module_perfcounter_str) {
|
} else if (kind == module_perfcounter_str) {
|
||||||
|
|
|
||||||
|
|
@ -86,6 +86,7 @@ namespace Pandora_Modules {
|
||||||
MODULE_FREEMEMORY_PERCENT, /**< The module checks the amount of
|
MODULE_FREEMEMORY_PERCENT, /**< The module checks the amount of
|
||||||
* freememory in the system */
|
* freememory in the system */
|
||||||
MODULE_LOGEVENT, /**< The module checks for log events */
|
MODULE_LOGEVENT, /**< The module checks for log events */
|
||||||
|
MODULE_LOGCHANNEL, /**< The module checks for log events on channel using XML functions*/
|
||||||
MODULE_WMIQUERY, /**< The module runs WQL queries */
|
MODULE_WMIQUERY, /**< The module runs WQL queries */
|
||||||
MODULE_PERFCOUNTER, /**< The module reads performance counters */
|
MODULE_PERFCOUNTER, /**< The module reads performance counters */
|
||||||
MODULE_TCPCHECK, /**< The module checks whether a tcp port is open */
|
MODULE_TCPCHECK, /**< The module checks whether a tcp port is open */
|
||||||
|
|
@ -126,6 +127,7 @@ namespace Pandora_Modules {
|
||||||
const string module_cpuusage_str = "module_cpuusage";
|
const string module_cpuusage_str = "module_cpuusage";
|
||||||
const string module_inventory_str = "module_inventory";
|
const string module_inventory_str = "module_inventory";
|
||||||
const string module_logevent_str = "module_logevent";
|
const string module_logevent_str = "module_logevent";
|
||||||
|
const string module_logchannel_str = "module_logchannel";
|
||||||
const string module_wmiquery_str = "module_wmiquery";
|
const string module_wmiquery_str = "module_wmiquery";
|
||||||
const string module_perfcounter_str = "module_perfcounter";
|
const string module_perfcounter_str = "module_perfcounter";
|
||||||
const string module_tcpcheck_str = "module_tcpcheck";
|
const string module_tcpcheck_str = "module_tcpcheck";
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@
|
||||||
#include "pandora_module_cpuusage.h"
|
#include "pandora_module_cpuusage.h"
|
||||||
#include "pandora_module_inventory.h"
|
#include "pandora_module_inventory.h"
|
||||||
#include "pandora_module_logevent.h"
|
#include "pandora_module_logevent.h"
|
||||||
|
#include "pandora_module_logchannel.h"
|
||||||
#include "pandora_module_wmiquery.h"
|
#include "pandora_module_wmiquery.h"
|
||||||
#include "pandora_module_perfcounter.h"
|
#include "pandora_module_perfcounter.h"
|
||||||
#include "pandora_module_tcpcheck.h"
|
#include "pandora_module_tcpcheck.h"
|
||||||
|
|
@ -69,6 +70,7 @@ using namespace Pandora_Strutils;
|
||||||
#define TOKEN_MIN_FF_EVENT ("module_min_ff_event ")
|
#define TOKEN_MIN_FF_EVENT ("module_min_ff_event ")
|
||||||
#define TOKEN_DESCRIPTION ("module_description ")
|
#define TOKEN_DESCRIPTION ("module_description ")
|
||||||
#define TOKEN_LOGEVENT ("module_logevent")
|
#define TOKEN_LOGEVENT ("module_logevent")
|
||||||
|
#define TOKEN_LOGCHANNEL ("module_logchannel")
|
||||||
#define TOKEN_SOURCE ("module_source ")
|
#define TOKEN_SOURCE ("module_source ")
|
||||||
#define TOKEN_EVENTTYPE ("module_eventtype ")
|
#define TOKEN_EVENTTYPE ("module_eventtype ")
|
||||||
#define TOKEN_EVENTCODE ("module_eventcode ")
|
#define TOKEN_EVENTCODE ("module_eventcode ")
|
||||||
|
|
@ -157,6 +159,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
|
||||||
string module_freedisk_percent, module_freememory_percent;
|
string module_freedisk_percent, module_freememory_percent;
|
||||||
string module_dsn, module_freememory;
|
string module_dsn, module_freememory;
|
||||||
string module_logevent, module_source, module_eventtype, module_eventcode;
|
string module_logevent, module_source, module_eventtype, module_eventcode;
|
||||||
|
string module_logchannel;
|
||||||
string module_pattern, module_application, module_async;
|
string module_pattern, module_application, module_async;
|
||||||
string module_watchdog, module_start_command;
|
string module_watchdog, module_start_command;
|
||||||
string module_wmiquery, module_wmicolumn;
|
string module_wmiquery, module_wmicolumn;
|
||||||
|
|
@ -195,6 +198,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
|
||||||
module_proc = "";
|
module_proc = "";
|
||||||
module_service = "";
|
module_service = "";
|
||||||
module_logevent = "";
|
module_logevent = "";
|
||||||
|
module_logchannel = "";
|
||||||
module_source = "";
|
module_source = "";
|
||||||
module_eventtype = "";
|
module_eventtype = "";
|
||||||
module_eventcode = "";
|
module_eventcode = "";
|
||||||
|
|
@ -342,6 +346,9 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
|
||||||
if (module_logevent == "") {
|
if (module_logevent == "") {
|
||||||
module_logevent = parseLine (line, TOKEN_LOGEVENT);
|
module_logevent = parseLine (line, TOKEN_LOGEVENT);
|
||||||
}
|
}
|
||||||
|
if (module_logchannel == "") {
|
||||||
|
module_logchannel = parseLine (line, TOKEN_LOGCHANNEL);
|
||||||
|
}
|
||||||
if (module_source == "") {
|
if (module_source == "") {
|
||||||
module_source = parseLine (line, TOKEN_SOURCE);
|
module_source = parseLine (line, TOKEN_SOURCE);
|
||||||
}
|
}
|
||||||
|
|
@ -724,6 +731,13 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (module_logchannel != "") {
|
||||||
|
pos_macro = module_logchannel.find(macro_name);
|
||||||
|
if (pos_macro != string::npos){
|
||||||
|
module_logchannel.replace(pos_macro, macro_name.size(), macro_value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (module_source != "") {
|
if (module_source != "") {
|
||||||
pos_macro = module_source.find(macro_name);
|
pos_macro = module_source.find(macro_name);
|
||||||
if (pos_macro != string::npos){
|
if (pos_macro != string::npos){
|
||||||
|
|
@ -1173,6 +1187,13 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
|
||||||
module_eventcode,
|
module_eventcode,
|
||||||
module_pattern,
|
module_pattern,
|
||||||
module_application);
|
module_application);
|
||||||
|
}
|
||||||
|
else if (module_logchannel != "") {
|
||||||
|
module = new Pandora_Module_Logchannel (module_name,
|
||||||
|
module_source,
|
||||||
|
module_eventtype,
|
||||||
|
module_eventcode,
|
||||||
|
module_pattern);
|
||||||
} else if (module_wmiquery != "") {
|
} else if (module_wmiquery != "") {
|
||||||
module = new Pandora_Module_WMIQuery (module_name,
|
module = new Pandora_Module_WMIQuery (module_name,
|
||||||
module_wmiquery, module_wmicolumn);
|
module_wmiquery, module_wmicolumn);
|
||||||
|
|
|
||||||
|
|
@ -30,12 +30,13 @@
|
||||||
#include "pandora_module_cpuusage.h"
|
#include "pandora_module_cpuusage.h"
|
||||||
#include "pandora_module_inventory.h"
|
#include "pandora_module_inventory.h"
|
||||||
#include "pandora_module_logevent.h"
|
#include "pandora_module_logevent.h"
|
||||||
|
#include "pandora_module_logchannel.h"
|
||||||
#include "pandora_module_wmiquery.h"
|
#include "pandora_module_wmiquery.h"
|
||||||
#include "pandora_module_perfcounter.h"
|
#include "pandora_module_perfcounter.h"
|
||||||
#include "pandora_module_tcpcheck.h"
|
#include "pandora_module_tcpcheck.h"
|
||||||
#include "pandora_module_regexp.h"
|
#include "pandora_module_regexp.h"
|
||||||
#include "pandora_module_plugin.h"
|
#include "pandora_module_plugin.h"
|
||||||
#include "pandora_module_ping.h"
|
#include "pandora_module_ping.h"
|
||||||
#include "pandora_module_snmpget.h"
|
#include "pandora_module_snmpget.h"
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
|
|
||||||
|
|
@ -226,12 +227,13 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
|
||||||
Pandora_Module_Freememory *module_freememory;
|
Pandora_Module_Freememory *module_freememory;
|
||||||
Pandora_Module_Freememory_Percent *module_freememory_percent;
|
Pandora_Module_Freememory_Percent *module_freememory_percent;
|
||||||
Pandora_Module_Logevent *module_logevent;
|
Pandora_Module_Logevent *module_logevent;
|
||||||
|
Pandora_Module_Logchannel *module_logchannel;
|
||||||
Pandora_Module_WMIQuery *module_wmiquery;
|
Pandora_Module_WMIQuery *module_wmiquery;
|
||||||
Pandora_Module_Perfcounter *module_perfcounter;
|
Pandora_Module_Perfcounter *module_perfcounter;
|
||||||
Pandora_Module_Tcpcheck *module_tcpcheck;
|
Pandora_Module_Tcpcheck *module_tcpcheck;
|
||||||
Pandora_Module_Regexp *module_regexp;
|
Pandora_Module_Regexp *module_regexp;
|
||||||
Pandora_Module_Plugin *module_plugin;
|
Pandora_Module_Plugin *module_plugin;
|
||||||
Pandora_Module_Ping *module_ping;
|
Pandora_Module_Ping *module_ping;
|
||||||
Pandora_Module_SNMPGet *module_snmpget;
|
Pandora_Module_SNMPGet *module_snmpget;
|
||||||
|
|
||||||
module = Pandora_Module_Factory::getModuleFromDefinition (definition);
|
module = Pandora_Module_Factory::getModuleFromDefinition (definition);
|
||||||
|
|
@ -288,6 +290,10 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
|
||||||
module_logevent = (Pandora_Module_Logevent *) module;
|
module_logevent = (Pandora_Module_Logevent *) module;
|
||||||
modules->push_back (module_logevent);
|
modules->push_back (module_logevent);
|
||||||
break;
|
break;
|
||||||
|
case MODULE_LOGCHANNEL:
|
||||||
|
module_logchannel = (Pandora_Module_Logchannel *) module;
|
||||||
|
modules->push_back (module_logchannel);
|
||||||
|
break;
|
||||||
case MODULE_WMIQUERY:
|
case MODULE_WMIQUERY:
|
||||||
module_wmiquery = (Pandora_Module_WMIQuery *) module;
|
module_wmiquery = (Pandora_Module_WMIQuery *) module;
|
||||||
modules->push_back (module_wmiquery);
|
modules->push_back (module_wmiquery);
|
||||||
|
|
@ -315,7 +321,7 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
|
||||||
case MODULE_SNMPGET:
|
case MODULE_SNMPGET:
|
||||||
module_snmpget = (Pandora_Module_SNMPGet *) module;
|
module_snmpget = (Pandora_Module_SNMPGet *) module;
|
||||||
modules->push_back (module_snmpget);
|
modules->push_back (module_snmpget);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ static EvtUpdateBookmarkT EvtUpdateBookmarkF = NULL;
|
||||||
* @param name Module name.
|
* @param name Module name.
|
||||||
* @param service_name Service internal name to check.
|
* @param service_name Service internal name to check.
|
||||||
*/
|
*/
|
||||||
Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application)
|
Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern)
|
||||||
: Pandora_Module (name) {
|
: Pandora_Module (name) {
|
||||||
int i;
|
int i;
|
||||||
vector<wstring> query;
|
vector<wstring> query;
|
||||||
|
|
|
||||||
|
|
@ -29,16 +29,6 @@
|
||||||
// Log event read buffer size
|
// Log event read buffer size
|
||||||
#define BUFFER_SIZE 1024
|
#define BUFFER_SIZE 1024
|
||||||
|
|
||||||
// Length of a timestamp string YYYY-MM-DD HH:MM:SS
|
|
||||||
#define TIMESTAMP_LEN 19
|
|
||||||
|
|
||||||
// The EventID property equals the InstanceId with the top two bits masked off.
|
|
||||||
// See: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogentry.eventid.aspx
|
|
||||||
//#define EVENT_ID_MASK 0x3FFFFFFF
|
|
||||||
|
|
||||||
// The Windows Event Log Viewer seems to ignore the most significant 16 bits.
|
|
||||||
#define EVENT_ID_MASK 0x0000FFFF
|
|
||||||
|
|
||||||
// Types for pointers to Wevtapi.dll functions
|
// Types for pointers to Wevtapi.dll functions
|
||||||
typedef EVT_HANDLE WINAPI (*EvtQueryT) (EVT_HANDLE Session, LPCWSTR Path, LPCWSTR Query, DWORD Flags);
|
typedef EVT_HANDLE WINAPI (*EvtQueryT) (EVT_HANDLE Session, LPCWSTR Path, LPCWSTR Query, DWORD Flags);
|
||||||
typedef WINBOOL WINAPI (*EvtNextT) (EVT_HANDLE ResultSet, DWORD EventArraySize, EVT_HANDLE* EventArray, DWORD Timeout, DWORD Flags, PDWORD Returned);
|
typedef WINBOOL WINAPI (*EvtNextT) (EVT_HANDLE ResultSet, DWORD EventArraySize, EVT_HANDLE* EventArray, DWORD Timeout, DWORD Flags, PDWORD Returned);
|
||||||
|
|
@ -78,7 +68,7 @@ namespace Pandora_Modules {
|
||||||
LPWSTR GetMessageString(EVT_HANDLE hMetadata, EVT_HANDLE hEvent, EVT_FORMAT_MESSAGE_FLAGS FormatId);
|
LPWSTR GetMessageString(EVT_HANDLE hMetadata, EVT_HANDLE hEvent, EVT_FORMAT_MESSAGE_FLAGS FormatId);
|
||||||
|
|
||||||
public:
|
public:
|
||||||
Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application);
|
Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern);
|
||||||
void run ();
|
void run ();
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue