Added module_logchannel implementation to agent on module_factory

pandora_agents/win32/modules/pandora_module.cc

@@ -249,6 +249,8 @@ Pandora_Module::parseModuleKindFromString (string kind) {
 		return MODULE_INVENTORY;
 	} else if (kind == module_logevent_str) {
 		return MODULE_LOGEVENT;
+	} else if (kind == module_logchannel_str) {
+		return MODULE_LOGCHANNEL;  
 	} else if (kind == module_wmiquery_str) {
 		return MODULE_WMIQUERY;               
 	} else if (kind == module_perfcounter_str) {

pandora_agents/win32/modules/pandora_module.h

@@ -86,6 +86,7 @@ namespace Pandora_Modules {
 		MODULE_FREEMEMORY_PERCENT, /**< The module checks the amount of 
 				   *   freememory in the system        */
 		MODULE_LOGEVENT,       /**< The module checks for log events */	
+		MODULE_LOGCHANNEL,     /**< The module checks for log events on channel using XML functions*/	
 		MODULE_WMIQUERY,       /**< The module runs WQL queries */		
 		MODULE_PERFCOUNTER,    /**< The module reads performance counters */
 		MODULE_TCPCHECK,       /**< The module checks whether a tcp port is open */
@@ -126,6 +127,7 @@ namespace Pandora_Modules {
 	const string module_cpuusage_str   = "module_cpuusage";
 	const string module_inventory_str  = "module_inventory";
 	const string module_logevent_str   = "module_logevent";	
+	const string module_logchannel_str   = "module_logchannel";
 	const string module_wmiquery_str   = "module_wmiquery";	
 	const string module_perfcounter_str = "module_perfcounter";
 	const string module_tcpcheck_str   = "module_tcpcheck";	

pandora_agents/win32/modules/pandora_module_factory.cc

@@ -31,6 +31,7 @@
 #include "pandora_module_cpuusage.h"
 #include "pandora_module_inventory.h"
 #include "pandora_module_logevent.h"
+#include "pandora_module_logchannel.h"
 #include "pandora_module_wmiquery.h"
 #include "pandora_module_perfcounter.h"
 #include "pandora_module_tcpcheck.h"
@@ -69,6 +70,7 @@ using namespace Pandora_Strutils;
 #define TOKEN_MIN_FF_EVENT  ("module_min_ff_event ")
 #define TOKEN_DESCRIPTION   ("module_description ")
 #define TOKEN_LOGEVENT      ("module_logevent")
+#define TOKEN_LOGCHANNEL    ("module_logchannel")
 #define TOKEN_SOURCE        ("module_source ")
 #define TOKEN_EVENTTYPE     ("module_eventtype ")
 #define TOKEN_EVENTCODE     ("module_eventcode ")
@@ -157,6 +159,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	string                 module_freedisk_percent, module_freememory_percent;
 	string                 module_dsn, module_freememory;
 	string                 module_logevent, module_source, module_eventtype, module_eventcode;
+	string                 module_logchannel;
 	string                 module_pattern, module_application, module_async;
 	string                 module_watchdog, module_start_command;
 	string                 module_wmiquery, module_wmicolumn;
@@ -195,6 +198,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	module_proc          = "";
 	module_service       = "";
 	module_logevent      = "";
+	module_logchannel    = "";
 	module_source        = "";
 	module_eventtype     = "";
 	module_eventcode     = "";
@@ -342,6 +346,9 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 		if (module_logevent == "") {
 			module_logevent = parseLine (line, TOKEN_LOGEVENT);
 		}
+		if (module_logchannel == "") {
+			module_logchannel = parseLine (line, TOKEN_LOGCHANNEL);
+		}
 		if (module_source == "") {
 			module_source = parseLine (line, TOKEN_SOURCE);
 		}
@@ -724,6 +731,13 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 					}
 				}
 
+				if (module_logchannel != "") {
+					pos_macro = module_logchannel.find(macro_name);
+					if (pos_macro != string::npos){
+						module_logchannel.replace(pos_macro, macro_name.size(), macro_value);
+					}
+				}
+
 				if (module_source != "") {
 					pos_macro = module_source.find(macro_name);
 					if (pos_macro != string::npos){
@@ -1173,6 +1187,13 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 						      module_eventcode,
 						      module_pattern,
 						      module_application);
+	}
+	else if (module_logchannel != "") {
+		module = new Pandora_Module_Logchannel (module_name,
+						      module_source,
+						      module_eventtype,
+						      module_eventcode,
+						      module_pattern);
 	} else if (module_wmiquery != "") {
 		module = new Pandora_Module_WMIQuery (module_name,
 						      module_wmiquery, module_wmicolumn);

pandora_agents/win32/modules/pandora_module_list.cc

@@ -30,6 +30,7 @@
 #include "pandora_module_cpuusage.h"
 #include "pandora_module_inventory.h"
 #include "pandora_module_logevent.h"
+#include "pandora_module_logchannel.h"
 #include "pandora_module_wmiquery.h"
 #include "pandora_module_perfcounter.h"
 #include "pandora_module_tcpcheck.h"
@@ -226,6 +227,7 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
 	Pandora_Module_Freememory *module_freememory;
 	Pandora_Module_Freememory_Percent *module_freememory_percent;
 	Pandora_Module_Logevent   *module_logevent;	
+	Pandora_Module_Logchannel *module_logchannel;	
 	Pandora_Module_WMIQuery   *module_wmiquery;	
 	Pandora_Module_Perfcounter *module_perfcounter;	
 	Pandora_Module_Tcpcheck   *module_tcpcheck;	
@@ -288,6 +290,10 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
 			module_logevent = (Pandora_Module_Logevent *) module;
 			modules->push_back (module_logevent);
 			break;
+		case MODULE_LOGCHANNEL:
+			module_logchannel = (Pandora_Module_Logchannel *) module;
+			modules->push_back (module_logchannel);
+			break;
 		case MODULE_WMIQUERY:
 			module_wmiquery = (Pandora_Module_WMIQuery *) module;
 			modules->push_back (module_wmiquery);

pandora_agents/win32/modules/pandora_module_logchannel.cc

@@ -53,7 +53,7 @@ static EvtUpdateBookmarkT EvtUpdateBookmarkF = NULL;
  * @param name Module name.
  * @param service_name Service internal name to check.
  */
-Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application)
+Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern)
 	: Pandora_Module (name) {
     int i;
 	vector<wstring> query;

pandora_agents/win32/modules/pandora_module_logchannel.h

@@ -29,16 +29,6 @@
 // Log event read buffer size
 #define	BUFFER_SIZE 1024
 
-// Length of a timestamp string YYYY-MM-DD HH:MM:SS
-#define	TIMESTAMP_LEN 19
-
-// The EventID property equals the InstanceId with the top two bits masked off.
-// See: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogentry.eventid.aspx
-//#define EVENT_ID_MASK 0x3FFFFFFF
-
-// The Windows Event Log Viewer seems to ignore the most significant 16 bits.
-#define EVENT_ID_MASK 0x0000FFFF
-
 // Types for pointers to Wevtapi.dll functions
 typedef EVT_HANDLE WINAPI (*EvtQueryT) (EVT_HANDLE Session, LPCWSTR Path, LPCWSTR Query, DWORD Flags);
 typedef WINBOOL WINAPI (*EvtNextT) (EVT_HANDLE ResultSet, DWORD EventArraySize, EVT_HANDLE* EventArray, DWORD Timeout, DWORD Flags, PDWORD Returned);
@@ -78,7 +68,7 @@ namespace Pandora_Modules {
 		LPWSTR GetMessageString(EVT_HANDLE hMetadata, EVT_HANDLE hEvent, EVT_FORMAT_MESSAGE_FLAGS FormatId);
 
 	public:
-		Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application);
+		Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern);
 		void run ();
 	};
 }