Fixed the XPATH query to retrieve log events.
(cherry picked from commit 878e65fa30
)
This commit is contained in:
parent
781e24f984
commit
8b9601bab5
|
@ -392,16 +392,16 @@ Pandora_Module_Logevent::getLogEvents (list<string> &event_list, unsigned char d
|
||||||
event << "]";
|
event << "]";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Remove carriage returns and new lines in between the description.
|
// Remove carriage returns and new lines in between the description.
|
||||||
output = "";
|
output = "";
|
||||||
for (size_t i = 0; i < description.size(); i++) {
|
for (size_t i = 0; i < description.size(); i++) {
|
||||||
if (description[i] != '\n' && description[i] != '\r') {
|
if (description[i] != '\n' && description[i] != '\r') {
|
||||||
output += description[i];
|
output += description[i];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
output += '\n';
|
output += '\n';
|
||||||
|
|
||||||
// Print the event description
|
// Print the event description
|
||||||
event << " ";
|
event << " ";
|
||||||
event << output;
|
event << output;
|
||||||
|
@ -508,7 +508,7 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
|
||||||
exe_file_path_end = ((char *) exe_file_path) + _MAX_PATH * sizeof (TCHAR);
|
exe_file_path_end = ((char *) exe_file_path) + _MAX_PATH * sizeof (TCHAR);
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
// Load the DLL
|
// Load the DLL
|
||||||
module = LoadLibraryEx (dll_start, 0, flags);
|
module = LoadLibraryEx (dll_start, 0, flags);
|
||||||
if(module == NULL) {
|
if(module == NULL) {
|
||||||
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
|
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
|
||||||
|
@ -572,7 +572,7 @@ Pandora_Module_Logevent::getEventDescriptionXPATH (PEVENTLOGRECORD pevlr) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Build the XPATH query
|
// Build the XPATH query
|
||||||
query = "Event/System[EventID=" + inttostr(pevlr->EventID & EVENT_ID_MASK) + "]";
|
query = "Event/System[EventRecordID=" + inttostr(pevlr->RecordNumber) + "]";
|
||||||
pwsQuery = strAnsiToUnicode (query.c_str());
|
pwsQuery = strAnsiToUnicode (query.c_str());
|
||||||
pwsPath = strAnsiToUnicode (this->source.c_str());
|
pwsPath = strAnsiToUnicode (this->source.c_str());
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue