From 878e65fa3078ffe26fec5375eec4c21347ebec37 Mon Sep 17 00:00:00 2001 From: Ramon Novoa Date: Mon, 20 Apr 2015 12:39:58 +0200 Subject: [PATCH] Fixed the XPATH query to retrieve log events. --- .../win32/modules/pandora_module_logevent.cc | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/pandora_agents/win32/modules/pandora_module_logevent.cc b/pandora_agents/win32/modules/pandora_module_logevent.cc index 0bdfa21379..5a2926b202 100755 --- a/pandora_agents/win32/modules/pandora_module_logevent.cc +++ b/pandora_agents/win32/modules/pandora_module_logevent.cc @@ -392,16 +392,16 @@ Pandora_Module_Logevent::getLogEvents (list &event_list, unsigned char d event << "]"; } - - // Remove carriage returns and new lines in between the description. - output = ""; - for (size_t i = 0; i < description.size(); i++) { - if (description[i] != '\n' && description[i] != '\r') { - output += description[i]; - } - } - output += '\n'; - + + // Remove carriage returns and new lines in between the description. + output = ""; + for (size_t i = 0; i < description.size(); i++) { + if (description[i] != '\n' && description[i] != '\r') { + output += description[i]; + } + } + output += '\n'; + // Print the event description event << " "; event << output; @@ -508,7 +508,7 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa exe_file_path_end = ((char *) exe_file_path) + _MAX_PATH * sizeof (TCHAR); while (1) { - // Load the DLL + // Load the DLL module = LoadLibraryEx (dll_start, 0, flags); if(module == NULL) { pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path); @@ -572,7 +572,7 @@ Pandora_Module_Logevent::getEventDescriptionXPATH (PEVENTLOGRECORD pevlr) { } // Build the XPATH query - query = "Event/System[EventID=" + inttostr(pevlr->EventID & EVENT_ID_MASK) + "]"; + query = "Event/System[EventRecordID=" + inttostr(pevlr->RecordNumber) + "]"; pwsQuery = strAnsiToUnicode (query.c_str()); pwsPath = strAnsiToUnicode (this->source.c_str());