From 9fc8cb45b645ff5684a9b43f20229e0c8a10ce33 Mon Sep 17 00:00:00 2001
From: ramonn <noreply@pandorafms.org>
Date: Mon, 1 Dec 2008 17:49:16 +0000
Subject: [PATCH] 2008-12-01  Ramon Novoa  <rnovoa@artica.es>

	* windows/pandora_wmi.cc,
          windows/pandora_wmi.h,
          modules/pandora_module_logevent.cc,
          modules/pandora_module_logevent.h,
          modules/pandora_module_factory.cc: Added event code filtering
          support to logevent module.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1271 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_agents/win32/ChangeLog                          | 9 +++++++++
 pandora_agents/win32/modules/pandora_module_factory.cc  | 8 +++++++-
 pandora_agents/win32/modules/pandora_module_logevent.cc | 5 +++--
 pandora_agents/win32/modules/pandora_module_logevent.h  | 3 ++-
 pandora_agents/win32/windows/pandora_wmi.cc             | 7 +++++--
 pandora_agents/win32/windows/pandora_wmi.h              | 2 +-
 6 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/pandora_agents/win32/ChangeLog b/pandora_agents/win32/ChangeLog
index 0d3415496f..29edbd8409 100644
--- a/pandora_agents/win32/ChangeLog
+++ b/pandora_agents/win32/ChangeLog
@@ -1,3 +1,12 @@
+2008-12-01  Ramon Novoa  <rnovoa@artica.es>
+
+	* windows/pandora_wmi.cc,
+	  windows/pandora_wmi.h,
+	  modules/pandora_module_logevent.cc,
+	  modules/pandora_module_logevent.h,
+	  modules/pandora_module_factory.cc: Added event code filtering
+	  support to logevent module.
+
 2008-12-01  Esteban Sanchez  <estebans@artica.es>
 
 	* pandora_windows_service.cc: Removed debug output. Release mutex on
diff --git a/pandora_agents/win32/modules/pandora_module_factory.cc b/pandora_agents/win32/modules/pandora_module_factory.cc
index 004bef94cd..66f2fdb157 100644
--- a/pandora_agents/win32/modules/pandora_module_factory.cc
+++ b/pandora_agents/win32/modules/pandora_module_factory.cc
@@ -52,6 +52,7 @@ using namespace Pandora_Strutils;
 #define TOKEN_LOGEVENT    ("module_logevent")
 #define TOKEN_SOURCE      ("module_source ")
 #define TOKEN_EVENTTYPE   ("module_eventtype ")
+#define TOKEN_EVENTCODE   ("module_eventcode ")
 #define TOKEN_PATTERN     ("module_pattern ")
 #define TOKEN_ASYNC       ("module_async")
 
@@ -88,7 +89,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	string                 module_interval, module_proc, module_service;
 	string                 module_freedisk, module_cpuusage, module_odbc;
 	string                 module_odbc_query, module_dsn, module_freememory;
-	string                 module_logevent, module_source, module_eventtype;
+	string                 module_logevent, module_source, module_eventtype, module_eventcode;
 	string                 module_pattern, module_async;
 	Pandora_Module        *module;
 	bool                   numeric;
@@ -109,6 +110,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 	module_logevent    = "";
 	module_source      = "";
 	module_eventtype   = "";
+	module_eventcode   = "";
 	module_pattern     = "";
 
 	stringtok (tokens, definition, "\n");
@@ -171,6 +173,9 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 		if (module_eventtype == "") {
 			module_eventtype = parseLine (line, TOKEN_EVENTTYPE);
 		}
+		if (module_eventcode == "") {
+			module_eventcode = parseLine (line, TOKEN_EVENTCODE);
+		}
 		if (module_pattern == "") {
 			module_pattern = parseLine (line, TOKEN_PATTERN);
 		}
@@ -218,6 +223,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 		module = new Pandora_Module_Logevent (module_name,
 				  module_source,
 				  module_eventtype,
+				  module_eventcode,
 				  module_pattern);
 	} else {
 		return NULL;
diff --git a/pandora_agents/win32/modules/pandora_module_logevent.cc b/pandora_agents/win32/modules/pandora_module_logevent.cc
index 78a88b7aba..73977db2e2 100755
--- a/pandora_agents/win32/modules/pandora_module_logevent.cc
+++ b/pandora_agents/win32/modules/pandora_module_logevent.cc
@@ -32,11 +32,12 @@ using namespace Pandora_Modules;
  * @param name Module name.
  * @param service_name Service internal name to check.
  */
-Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, string type, string pattern)
+Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, string type, string code, string pattern)
 	: Pandora_Module (name) {
 
 	this->source = source;
 	this->type = type;
+	this->code = code;
 	this->pattern = pattern;
 	this->setKind (module_logevent_str);
 }
@@ -68,7 +69,7 @@ Pandora_Module_Logevent::run () {
 		return;
 	}
 	
-	Pandora_Wmi::getEventList (this->source, this->type, this->pattern, interval, event_list);
+	Pandora_Wmi::getEventList (this->source, this->type, this->code, this->pattern, interval, event_list);
 	
 	// No data
 	if (event_list.size () < 1) {
diff --git a/pandora_agents/win32/modules/pandora_module_logevent.h b/pandora_agents/win32/modules/pandora_module_logevent.h
index 70cafcea25..9b2ce5c2e4 100755
--- a/pandora_agents/win32/modules/pandora_module_logevent.h
+++ b/pandora_agents/win32/modules/pandora_module_logevent.h
@@ -35,9 +35,10 @@ namespace Pandora_Modules {
 	private:
 		string source;
 		string type;
+		string code;
 		string pattern;
 	public:
-		Pandora_Module_Logevent (string name, string source, string type, string pattern);
+		Pandora_Module_Logevent (string name, string source, string type, string code, string pattern);
 		void run ();
 	};
 }
diff --git a/pandora_agents/win32/windows/pandora_wmi.cc b/pandora_agents/win32/windows/pandora_wmi.cc
index e60c9411cd..def83d087f 100644
--- a/pandora_agents/win32/windows/pandora_wmi.cc
+++ b/pandora_agents/win32/windows/pandora_wmi.cc
@@ -388,7 +388,7 @@ Pandora_Wmi::getSystemName () {
  * @return The list of events.
  */
 void
-Pandora_Wmi::getEventList (string source, string type, string pattern, int interval, list<string> &event_list) {
+Pandora_Wmi::getEventList (string source, string type, string code, string pattern, int interval, list<string> &event_list) {
 	CDhInitialize init;
 	CDispPtr      wmi_svc, quickfixes;
 	char         *value = NULL;
@@ -410,7 +410,10 @@ Pandora_Wmi::getEventList (string source, string type, string pattern, int inter
 	if (! type.empty()) {
 		query += " AND Type = '" + type + "'";
 	}
-	
+	if (! code.empty()) {
+		query += " AND EventCode = '" + code + "'";
+	}
+
 	try {
 		dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc));
 		dhCheck (dhGetValue (L"%o", &quickfixes, wmi_svc,
diff --git a/pandora_agents/win32/windows/pandora_wmi.h b/pandora_agents/win32/windows/pandora_wmi.h
index bb36be156e..612fc64088 100644
--- a/pandora_agents/win32/windows/pandora_wmi.h
+++ b/pandora_agents/win32/windows/pandora_wmi.h
@@ -47,7 +47,7 @@ namespace Pandora_Wmi {
 	string        getOSVersion          ();
 	string        getOSBuild            ();
 	string        getSystemName         ();
-	void          getEventList              (string source, string type, string pattern, int interval, list<string> &event_list);
+	void          getEventList              (string source, string type, string code, string pattern, int interval, list<string> &event_list);
 	string        getTimestampLimit         (int interval);
 	void          convertWMIDate            (string wmi_date, SYSTEMTIME *system_time);
 };