diff --git a/pandora_agents/win32/modules/pandora_module_factory.cc b/pandora_agents/win32/modules/pandora_module_factory.cc index a4d9553c20..4c84910ac5 100644 --- a/pandora_agents/win32/modules/pandora_module_factory.cc +++ b/pandora_agents/win32/modules/pandora_module_factory.cc @@ -1214,7 +1214,8 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) { module_source, module_eventtype, module_eventcode, - module_pattern); + module_pattern, + module_application); } else if (module_wmiquery != "") { module = new Pandora_Module_WMIQuery (module_name, module_wmiquery, module_wmicolumn); diff --git a/pandora_agents/win32/modules/pandora_module_logchannel.cc b/pandora_agents/win32/modules/pandora_module_logchannel.cc index 4ec72df63c..3c1c4666dd 100755 --- a/pandora_agents/win32/modules/pandora_module_logchannel.cc +++ b/pandora_agents/win32/modules/pandora_module_logchannel.cc @@ -53,7 +53,7 @@ static EvtUpdateBookmarkT EvtUpdateBookmarkF = NULL; * @param name Module name. * @param service_name Service internal name to check. */ -Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern) +Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application) : Pandora_Module (name) { int i; vector query; @@ -93,6 +93,13 @@ Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source query.push_back(ss.str()); } + // Set the application + if (application != "") { + wstringstream ss; + ss << L"*[System/Provider[@Name='" << application.c_str() << L"']]"; + query.push_back(ss.str()); + } + // Fill the filter if (query.size() == 0) { this->filter = L"*"; @@ -579,4 +586,4 @@ Pandora_Module_Logchannel::GetMessageString(EVT_HANDLE hMetadata, EVT_HANDLE hEv } return pBuffer; -} \ No newline at end of file +} diff --git a/pandora_agents/win32/modules/pandora_module_logchannel.h b/pandora_agents/win32/modules/pandora_module_logchannel.h index 19cde78b93..c008c0aac1 100755 --- a/pandora_agents/win32/modules/pandora_module_logchannel.h +++ b/pandora_agents/win32/modules/pandora_module_logchannel.h @@ -75,7 +75,7 @@ namespace Pandora_Modules { LPWSTR GetMessageString(EVT_HANDLE hMetadata, EVT_HANDLE hEvent, EVT_FORMAT_MESSAGE_FLAGS FormatId); public: - Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern); + Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application); void run (); }; }