From b8a3d46f3847bff56f0d7813bed655ee19156d5c Mon Sep 17 00:00:00 2001
From: Ramon Novoa <rnovoa@artica.es>
Date: Tue, 3 Sep 2019 12:56:51 +0200
Subject: [PATCH] Add module_application to module_logchannel.

Ref. pandora_enterprise#3659
---
 .../win32/modules/pandora_module_factory.cc           |  3 ++-
 .../win32/modules/pandora_module_logchannel.cc        | 11 +++++++++--
 .../win32/modules/pandora_module_logchannel.h         |  2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/pandora_agents/win32/modules/pandora_module_factory.cc b/pandora_agents/win32/modules/pandora_module_factory.cc
index a4d9553c20..4c84910ac5 100644
--- a/pandora_agents/win32/modules/pandora_module_factory.cc
+++ b/pandora_agents/win32/modules/pandora_module_factory.cc
@@ -1214,7 +1214,8 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
 						      module_source,
 						      module_eventtype,
 						      module_eventcode,
-						      module_pattern);
+						      module_pattern,
+						      module_application);
 	} else if (module_wmiquery != "") {
 		module = new Pandora_Module_WMIQuery (module_name,
 						      module_wmiquery, module_wmicolumn);
diff --git a/pandora_agents/win32/modules/pandora_module_logchannel.cc b/pandora_agents/win32/modules/pandora_module_logchannel.cc
index 4ec72df63c..3c1c4666dd 100755
--- a/pandora_agents/win32/modules/pandora_module_logchannel.cc
+++ b/pandora_agents/win32/modules/pandora_module_logchannel.cc
@@ -53,7 +53,7 @@ static EvtUpdateBookmarkT EvtUpdateBookmarkF = NULL;
  * @param name Module name.
  * @param service_name Service internal name to check.
  */
-Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern)
+Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application)
 	: Pandora_Module (name) {
     int i;
 	vector<wstring> query;
@@ -93,6 +93,13 @@ Pandora_Module_Logchannel::Pandora_Module_Logchannel (string name, string source
 		query.push_back(ss.str());
 	}
 
+	// Set the application
+	if (application != "") {
+		wstringstream ss;
+		ss << L"*[System/Provider[@Name='" << application.c_str() << L"']]";
+		query.push_back(ss.str());
+	}
+
 	// Fill the filter
 	if (query.size() == 0) {
 		this->filter = L"*";
@@ -579,4 +586,4 @@ Pandora_Module_Logchannel::GetMessageString(EVT_HANDLE hMetadata, EVT_HANDLE hEv
 	}
 
 	return pBuffer;
-}
\ No newline at end of file
+}
diff --git a/pandora_agents/win32/modules/pandora_module_logchannel.h b/pandora_agents/win32/modules/pandora_module_logchannel.h
index 19cde78b93..c008c0aac1 100755
--- a/pandora_agents/win32/modules/pandora_module_logchannel.h
+++ b/pandora_agents/win32/modules/pandora_module_logchannel.h
@@ -75,7 +75,7 @@ namespace Pandora_Modules {
 		LPWSTR GetMessageString(EVT_HANDLE hMetadata, EVT_HANDLE hEvent, EVT_FORMAT_MESSAGE_FLAGS FormatId);
 
 	public:
-		Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern);
+		Pandora_Module_Logchannel (string name, string source, string type, string id, string pattern, string application);
 		void run ();
 	};
 }