tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2009-05-25 Ramon Novoa <rnovoa@artica.es> 

* windows/pandora_wmi.cc, windows/pandora_wmi.h: Added functions for the
          new modules. Removed old logevent functions.

        * pandora_windows_service.h, pandora_windows_service.cc: Added support
          for data file buffering and startup delay.

        * modules/pandora_module_logevent.cc, modules/pandora_module_logevent.h:
          Rewritten to retrieve event log data using the PDH interface instead
          of WMI (was too slow).

        * modules/pandora_module_tcpcheck.cc, modules/pandora_module_tcpcheck.h,
          modules/pandora_module_regexp.cc, modules/pandora_module_regexp.h,
          modules/pandora_module_perfcounter.cc,
          modules/pandora_module_perfcounter.h,
          modules/pandora_module_freedisk_percent.cc,
          modules/pandora_module_freedisk_percent.h,
          modules/pandora_module_freememory_percent.cc,
          modules/pandora_module_freememory_percent.h: Added to repository.
          New modules, see http://openideas.info/wiki/.

        * modules/pandora_module.h, modules/pandora_module.cc,
          modules/pandora_module_factory.cc, modules/pandora_module_list.cc:
          Added support for the new modules.

        * bin/pandora_agent.conf: Included configuration examples for the new
          modules.

        * PandoraAgent.dev: Updated to compile the new modules.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1707 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2009-05-25 17:50:27 +00:00
parent b143bf8d28
commit bc5437b952
23 changed files with 1576 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pandora_agents/win32/ChangeLog
View File

@ -1,3 +1,34 @@
2009-05-25 Ramon Novoa <rnovoa@artica.es>
* windows/pandora_wmi.cc, windows/pandora_wmi.h: Added functions for the
new modules. Removed old logevent functions.
* pandora_windows_service.h, pandora_windows_service.cc: Added support
for data file buffering and startup delay.
* modules/pandora_module_logevent.cc, modules/pandora_module_logevent.h:
Rewritten to retrieve event log data using the PDH interface instead
of WMI (was too slow).
* modules/pandora_module_tcpcheck.cc, modules/pandora_module_tcpcheck.h,
modules/pandora_module_regexp.cc, modules/pandora_module_regexp.h,
modules/pandora_module_perfcounter.cc,
modules/pandora_module_perfcounter.h,
modules/pandora_module_freedisk_percent.cc,
modules/pandora_module_freedisk_percent.h,
modules/pandora_module_freememory_percent.cc,
modules/pandora_module_freememory_percent.h: Added to repository.
New modules, see http://openideas.info/wiki/.
* modules/pandora_module.h, modules/pandora_module.cc,
modules/pandora_module_factory.cc, modules/pandora_module_list.cc:
Added support for the new modules.
* bin/pandora_agent.conf: Included configuration examples for the new
modules.
* PandoraAgent.dev: Updated to compile the new modules.
2009-04-13 Esteban Sanchez <estebans@artica.es> 2009-04-13 Esteban Sanchez <estebans@artica.es>
* modules/pandora_module_odbc.cc: Fixed log message when no username * modules/pandora_module_odbc.cc: Fixed log message when no username

108
pandora_agents/win32/PandoraAgent.dev
View File

@ -1,7 +1,7 @@
[Project] [Project]
FileName=PandoraAgent.dev FileName=PandoraAgent.dev
Name=PandoraAgent Name=PandoraAgent
UnitCount=81 UnitCount=91
Type=1 Type=1
Ver=1 Ver=1
ObjFiles= ObjFiles=
@ -10,9 +10,9 @@ Libs=
PrivateResource= PrivateResource=
ResourceIncludes= ResourceIncludes=
MakeIncludes= MakeIncludes=
Compiler= Compiler=_@@_
CppCompiler= CppCompiler=_@@_
Linker=-lole32_@@_-loleaut32_@@_-luuid_@@_-lpsapi_@@_-lwsock32_@@_-lz_@@_-liphlpapi_@@_-lnetapi32_@@_-lws2_32_@@_-lcrypto_@@_-lodbc++_@@_-lgdi32_@@_-lcurldll_@@_ Linker=-lole32_@@_-loleaut32_@@_-luuid_@@_-lpsapi_@@_-lwsock32_@@_-lz_@@_-liphlpapi_@@_-lnetapi32_@@_-lws2_32_@@_-lcrypto_@@_-lodbc++_@@_-lgdi32_@@_-lcurldll_@@_C:\Dev-Cpp\lib\libboost_regex-mgw-mt-s-1_33_1.lib_@@_
IsCpp=1 IsCpp=1
Icon= Icon=
ExeOutput= ExeOutput=
@ -857,3 +857,103 @@ Priority=1000
OverrideBuildCmd=0 OverrideBuildCmd=0
BuildCmd= BuildCmd=
[Unit82]
FileName=modules\pandora_module_freedisk_percent.h
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit83]
FileName=modules\pandora_module_freedisk_percent.cc
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit84]
FileName=modules\pandora_module_freememory_percent.h
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit85]
FileName=modules\pandora_module_freememory_percent.cc
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit86]
FileName=modules\pandora_module_perfcounter.h
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit87]
FileName=modules\pandora_module_perfcounter.cc
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit88]
FileName=modules\pandora_module_tcpcheck.h
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit89]
FileName=modules\pandora_module_tcpcheck.cc
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit90]
FileName=modules\pandora_module_regexp.h
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=
[Unit91]
FileName=modules\pandora_module_regexp.cc
CompileCpp=1
Folder=Modules
Compile=1
Link=1
Priority=1000
OverrideBuildCmd=0
BuildCmd=

28
pandora_agents/win32/bin/pandora_agent.conf
View File

@ -1,6 +1,6 @@
# Base config file for Pandora FMS Windows Agent # Base config file for Pandora FMS Windows Agent
# (c) 2006-2008 Artica Soluciones Tecnologicas # (c) 2006-2008 Artica Soluciones Tecnologicas
# Version 2.0 # Version 3.0
# This program is Free Software, you can redistribute it and/or modify it # This program is Free Software, you can redistribute it and/or modify it
# under the terms of the GNU General Public Licence as published by the Free Software # under the terms of the GNU General Public Licence as published by the Free Software
@ -19,6 +19,8 @@
server_ip $ServerIP$ server_ip $ServerIP$
server_path $ServerPath$ server_path $ServerPath$
temporal "$AgentTemp$" temporal "$AgentTemp$"
#temporal_min_size 1024
#startup_delay 5
# Agent uses your hostname automatically, if you need to change agent name # Agent uses your hostname automatically, if you need to change agent name
# use directive agent_name # use directive agent_name
@ -268,3 +270,27 @@ module_end
#process_firefox_start firefox #process_firefox_start firefox
#process_firefox_stop killall firefox #process_firefox_stop killall firefox
#service_messenger 1 #service_messenger 1
# Example of a remote TCP check
#module_begin
#module_name tcpcheck
#module_type generic_data
#module_tcpcheck www.artica.es
#module_port 80
#module_timeout 5
#module_end
# Example of regexp matching
#module_begin
#module_name regexp
#module_type generic_data_string
#module_regexp C:\WINDOWS\my.log
#module_pattern ^(a*).*\1$
#module_end
# Example of performance counter data retrieval
#module_begin
#module_name perfcounter
#module_type generic_data_string
#module_perfcounter \Memory\Pages/sec
#module_end

10
pandora_agents/win32/modules/pandora_module.cc
View File

@ -119,8 +119,12 @@ Pandora_Module::parseModuleKindFromString (string kind) {
return MODULE_SERVICE; return MODULE_SERVICE;
} else if (kind == module_freedisk_str) { } else if (kind == module_freedisk_str) {
return MODULE_FREEDISK; return MODULE_FREEDISK;
} else if (kind == module_freedisk_percent_str) {
return MODULE_FREEDISK_PERCENT;
} else if (kind == module_freememory_str) { } else if (kind == module_freememory_str) {
return MODULE_FREEMEMORY; return MODULE_FREEMEMORY;
} else if (kind == module_freememory_percent_str) {
return MODULE_FREEMEMORY_PERCENT;
} else if (kind == module_cpuusage_str) { } else if (kind == module_cpuusage_str) {
return MODULE_CPUUSAGE; return MODULE_CPUUSAGE;
} else if (kind == module_odbc_str) { } else if (kind == module_odbc_str) {
@ -129,6 +133,12 @@ Pandora_Module::parseModuleKindFromString (string kind) {
return MODULE_LOGEVENT; return MODULE_LOGEVENT;
} else if (kind == module_wmiquery_str) { } else if (kind == module_wmiquery_str) {
return MODULE_WMIQUERY; return MODULE_WMIQUERY;
} else if (kind == module_perfcounter_str) {
return MODULE_PERFCOUNTER;
} else if (kind == module_tcpcheck_str) {
return MODULE_TCPCHECK;
} else if (kind == module_regexp_str) {
return MODULE_REGEXP;
} else { } else {
return MODULE_0; return MODULE_0;
} }

15
pandora_agents/win32/modules/pandora_module.h
View File

@ -72,23 +72,34 @@ namespace Pandora_Modules {
MODULE_SERVICE, /**< The module checks for a running MODULE_SERVICE, /**< The module checks for a running
* service */ * service */
MODULE_FREEDISK, /**< The module checks the free */ MODULE_FREEDISK, /**< The module checks the free */
MODULE_FREEDISK_PERCENT, /**< The module checks the free */
MODULE_CPUUSAGE, /**< The module checks the CPU usage */ MODULE_CPUUSAGE, /**< The module checks the CPU usage */
MODULE_FREEMEMORY, /**< The module checks the amount of MODULE_FREEMEMORY, /**< The module checks the percentage of
* freememory in the system */
MODULE_FREEMEMORY_PERCENT, /**< The module checks the amount of
* freememory in the system */ * freememory in the system */
MODULE_ODBC, /**< The module performs a SQL query via ODBC */ MODULE_ODBC, /**< The module performs a SQL query via ODBC */
MODULE_LOGEVENT, /**< The module checks for log events */ MODULE_LOGEVENT, /**< The module checks for log events */
MODULE_WMIQUERY /**< The module runs WQL queries */ MODULE_WMIQUERY, /**< The module runs WQL queries */
MODULE_PERFCOUNTER, /**< The module reads performance counters */
MODULE_TCPCHECK, /**< The module checks whether a tcp port is open */
MODULE_REGEXP /**< The module searches a file for matches of a regular expression */
} Module_Kind; } Module_Kind;
const string module_exec_str = "module_exec"; const string module_exec_str = "module_exec";
const string module_proc_str = "module_proc"; const string module_proc_str = "module_proc";
const string module_service_str = "module_service"; const string module_service_str = "module_service";
const string module_freedisk_str = "module_freedisk"; const string module_freedisk_str = "module_freedisk";
const string module_freedisk_percent_str = "module_freedisk_percent";
const string module_freememory_str = "module_freememory"; const string module_freememory_str = "module_freememory";
const string module_freememory_percent_str = "module_freememory_percent";
const string module_cpuusage_str = "module_cpuusage"; const string module_cpuusage_str = "module_cpuusage";
const string module_odbc_str = "module_odbc"; const string module_odbc_str = "module_odbc";
const string module_logevent_str = "module_logevent"; const string module_logevent_str = "module_logevent";
const string module_wmiquery_str = "module_wmiquery"; const string module_wmiquery_str = "module_wmiquery";
const string module_perfcounter_str = "module_perfcounter";
const string module_tcpcheck_str = "module_tcpcheck";
const string module_regexp_str = "module_regexp";
/** /**
* Pandora module super-class exception. * Pandora module super-class exception.

66
pandora_agents/win32/modules/pandora_module_factory.cc
View File

@ -24,11 +24,16 @@
#include "pandora_module_proc.h" #include "pandora_module_proc.h"
#include "pandora_module_service.h" #include "pandora_module_service.h"
#include "pandora_module_freedisk.h" #include "pandora_module_freedisk.h"
#include "pandora_module_freedisk_percent.h"
#include "pandora_module_freememory.h" #include "pandora_module_freememory.h"
#include "pandora_module_freememory_percent.h"
#include "pandora_module_cpuusage.h" #include "pandora_module_cpuusage.h"
#include "pandora_module_odbc.h" #include "pandora_module_odbc.h"
#include "pandora_module_logevent.h" #include "pandora_module_logevent.h"
#include "pandora_module_wmiquery.h" #include "pandora_module_wmiquery.h"
#include "pandora_module_perfcounter.h"
#include "pandora_module_tcpcheck.h"
#include "pandora_module_regexp.h"
#include "../pandora_strutils.h" #include "../pandora_strutils.h"
#include <list> #include <list>
@ -43,7 +48,9 @@ using namespace Pandora_Strutils;
#define TOKEN_PROC ("module_proc ") #define TOKEN_PROC ("module_proc ")
#define TOKEN_SERVICE ("module_service ") #define TOKEN_SERVICE ("module_service ")
#define TOKEN_FREEDISK ("module_freedisk ") #define TOKEN_FREEDISK ("module_freedisk ")
#define TOKEN_FREEDISK_PERCENT ("module_freepercentdisk ")
#define TOKEN_FREEMEMORY ("module_freememory") #define TOKEN_FREEMEMORY ("module_freememory")
#define TOKEN_FREEMEMORY_PERCENT ("module_freepercentmemory")
#define TOKEN_CPUUSAGE ("module_cpuusage ") #define TOKEN_CPUUSAGE ("module_cpuusage ")
#define TOKEN_ODBC ("module_odbc ") #define TOKEN_ODBC ("module_odbc ")
#define TOKEN_MAX ("module_max ") #define TOKEN_MAX ("module_max ")
@ -55,6 +62,7 @@ using namespace Pandora_Strutils;
#define TOKEN_EVENTTYPE ("module_eventtype ") #define TOKEN_EVENTTYPE ("module_eventtype ")
#define TOKEN_EVENTCODE ("module_eventcode ") #define TOKEN_EVENTCODE ("module_eventcode ")
#define TOKEN_PATTERN ("module_pattern ") #define TOKEN_PATTERN ("module_pattern ")
#define TOKEN_APPLICATION ("module_application ")
#define TOKEN_ASYNC ("module_async") #define TOKEN_ASYNC ("module_async")
#define TOKEN_WATCHDOG ("module_watchdog ") #define TOKEN_WATCHDOG ("module_watchdog ")
#define TOKEN_START_COMMAND ("module_start_command ") #define TOKEN_START_COMMAND ("module_start_command ")
@ -63,6 +71,11 @@ using namespace Pandora_Strutils;
#define TOKEN_RETRIES ("module_retries ") #define TOKEN_RETRIES ("module_retries ")
#define TOKEN_STARTDELAY ("module_startdelay ") #define TOKEN_STARTDELAY ("module_startdelay ")
#define TOKEN_RETRYDELAY ("module_retrydelay ") #define TOKEN_RETRYDELAY ("module_retrydelay ")
#define TOKEN_PERFCOUNTER ("module_perfcounter ")
#define TOKEN_TCPCHECK ("module_tcpcheck ")
#define TOKEN_PORT ("module_port ")
#define TOKEN_TIMEOUT ("module_timeout ")
#define TOKEN_REGEXP ("module_regexp ")
string string
parseLine (string line, string token) { parseLine (string line, string token) {
@ -96,12 +109,15 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
string module_min, module_max, module_description; string module_min, module_max, module_description;
string module_interval, module_proc, module_service; string module_interval, module_proc, module_service;
string module_freedisk, module_cpuusage, module_odbc; string module_freedisk, module_cpuusage, module_odbc;
string module_freedisk_percent, module_freememory_percent;
string module_odbc_query, module_dsn, module_freememory; string module_odbc_query, module_dsn, module_freememory;
string module_logevent, module_source, module_eventtype, module_eventcode; string module_logevent, module_source, module_eventtype, module_eventcode;
string module_pattern, module_async; string module_pattern, module_application, module_async;
string module_watchdog, module_start_command; string module_watchdog, module_start_command;
string module_wmiquery, module_wmicolumn; string module_wmiquery, module_wmicolumn;
string module_retries, module_startdelay, module_retrydelay; string module_retries, module_startdelay, module_retrydelay;
string module_perfcounter, module_tcpcheck;
string module_port, module_timeout, module_regexp;
Pandora_Module *module; Pandora_Module *module;
bool numeric; bool numeric;
Module_Type type; Module_Type type;
@ -122,6 +138,7 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
module_eventtype = ""; module_eventtype = "";
module_eventcode = ""; module_eventcode = "";
module_pattern = ""; module_pattern = "";
module_application = "";
module_async = ""; module_async = "";
module_watchdog = ""; module_watchdog = "";
module_start_command = ""; module_start_command = "";
@ -130,6 +147,11 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
module_retries = ""; module_retries = "";
module_startdelay = ""; module_startdelay = "";
module_retrydelay = ""; module_retrydelay = "";
module_perfcounter = "";
module_tcpcheck = "";
module_port = "";
module_timeout = "";
module_regexp = "";
stringtok (tokens, definition, "\n"); stringtok (tokens, definition, "\n");
@ -161,9 +183,15 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
if (module_freedisk == "") { if (module_freedisk == "") {
module_freedisk = parseLine (line, TOKEN_FREEDISK); module_freedisk = parseLine (line, TOKEN_FREEDISK);
} }
if (module_freedisk_percent == "") {
module_freedisk_percent = parseLine (line, TOKEN_FREEDISK_PERCENT);
}
if (module_freememory == "") { if (module_freememory == "") {
module_freememory = parseLine (line, TOKEN_FREEMEMORY); module_freememory = parseLine (line, TOKEN_FREEMEMORY);
} }
if (module_freememory_percent == "") {
module_freememory_percent = parseLine (line, TOKEN_FREEMEMORY_PERCENT);
}
if (module_cpuusage == "") { if (module_cpuusage == "") {
module_cpuusage = parseLine (line, TOKEN_CPUUSAGE); module_cpuusage = parseLine (line, TOKEN_CPUUSAGE);
} }
@ -197,6 +225,9 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
if (module_pattern == "") { if (module_pattern == "") {
module_pattern = parseLine (line, TOKEN_PATTERN); module_pattern = parseLine (line, TOKEN_PATTERN);
} }
if (module_application == "") {
module_application = parseLine (line, TOKEN_APPLICATION);
}
if (module_async == "") { if (module_async == "") {
module_async = parseLine (line, TOKEN_ASYNC); module_async = parseLine (line, TOKEN_ASYNC);
} }
@ -221,6 +252,21 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
if (module_retrydelay == "") { if (module_retrydelay == "") {
module_retrydelay = parseLine (line, TOKEN_RETRYDELAY); module_retrydelay = parseLine (line, TOKEN_RETRYDELAY);
} }
if (module_perfcounter == "") {
module_perfcounter = parseLine (line, TOKEN_PERFCOUNTER);
}
if (module_tcpcheck == "") {
module_tcpcheck = parseLine (line, TOKEN_TCPCHECK);
}
if (module_port == "") {
module_port = parseLine (line, TOKEN_PORT);
}
if (module_timeout == "") {
module_timeout = parseLine (line, TOKEN_TIMEOUT);
}
if (module_regexp == "") {
module_regexp = parseLine (line, TOKEN_REGEXP);
}
iter++; iter++;
} }
@ -267,17 +313,20 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
} else if (module_freedisk != "") { } else if (module_freedisk != "") {
module = new Pandora_Module_Freedisk (module_name, module = new Pandora_Module_Freedisk (module_name,
module_freedisk); module_freedisk);
} else if (module_freedisk_percent != "") {
module = new Pandora_Module_Freedisk_Percent (module_name,
module_freedisk_percent);
} else if (module_freememory != "") { } else if (module_freememory != "") {
module = new Pandora_Module_Freememory (module_name); module = new Pandora_Module_Freememory (module_name);
} else if (module_freememory_percent != "") {
module = new Pandora_Module_Freememory_Percent (module_name);
} else if (module_cpuusage != "") { } else if (module_cpuusage != "") {
int cpu_id; int cpu_id;
try { try {
cpu_id = strtoint (module_cpuusage); cpu_id = strtoint (module_cpuusage);
} catch (Invalid_Conversion e) { } catch (Invalid_Conversion e) {
pandoraLog ("Invalid CPU id '%s' on module_cpuusage %s", cpu_id = -1;
module_name.c_str ());
return NULL;
} }
module = new Pandora_Module_Cpuusage (module_name, module = new Pandora_Module_Cpuusage (module_name,
@ -292,10 +341,17 @@ Pandora_Module_Factory::getModuleFromDefinition (string definition) {
module_source, module_source,
module_eventtype, module_eventtype,
module_eventcode, module_eventcode,
module_pattern); module_pattern,
module_application);
} else if (module_wmiquery != "") { } else if (module_wmiquery != "") {
module = new Pandora_Module_WMIQuery (module_name, module = new Pandora_Module_WMIQuery (module_name,
module_wmiquery, module_wmicolumn); module_wmiquery, module_wmicolumn);
} else if (module_perfcounter != "") {
module = new Pandora_Module_Perfcounter (module_name, module_perfcounter);
} else if (module_tcpcheck != "") {
module = new Pandora_Module_Tcpcheck (module_name, module_tcpcheck, module_port, module_timeout);
} else if (module_regexp != "") {
module = new Pandora_Module_Regexp (module_name, module_regexp, module_pattern);
} else { } else {
return NULL; return NULL;
} }

66
pandora_agents/win32/modules/pandora_module_freedisk_percent.cc Executable file
View File

@ -0,0 +1,66 @@
/* Pandora freedisk module. These modules check the free space in a
logical drive.
Copyright (C) 2006 Artica ST.
Written by Esteban Sanchez.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include "pandora_module_freedisk_percent.h"
#include "../windows/pandora_wmi.h"
#include "../pandora_strutils.h"
#include <algorithm>
#include <cctype>
using namespace Pandora;
using namespace Pandora_Modules;
using namespace Pandora_Strutils;
/**
* Creates a Pandora_Module_Freedisk object.
*
* @param name Module name.
* @param disk_id Logical drive id to be monitorized. Usually it's "C:"
*/
Pandora_Module_Freedisk_Percent::Pandora_Module_Freedisk_Percent (string name, string disk_id)
: Pandora_Module (name) {
this->disk_id = disk_id;
transform (disk_id.begin (), disk_id.end (),
this->disk_id.begin (), (int (*) (int)) toupper);
this->setKind (module_freedisk_percent_str);
}
void
Pandora_Module_Freedisk_Percent::run () {
long res;
try {
Pandora_Module::run ();
} catch (Interval_Not_Fulfilled e) {
return;
}
try {
res = Pandora_Wmi::getDiskFreeSpacePercent (this->disk_id);
this->setOutput (longtostr (res));
} catch (Pandora_Wmi::Pandora_Wmi_Exception e) {
this->has_output = false;
}
}

42
pandora_agents/win32/modules/pandora_module_freedisk_percent.h Executable file
View File

@ -0,0 +1,42 @@
/* Pandora freedisk module. These modules check the free space in a
logical drive.
Copyright (C) 2006 Artica ST.
Written by Esteban Sanchez.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PANDORA_MODULE_FREEDISK_PERCENT_H__
#define __PANDORA_MODULE_FREEDISK_PERCENT_H__
#include "pandora_module.h"
namespace Pandora_Modules {
/**
* Module to retrieve the free space available in a logical volume
* disk.
*/
class Pandora_Module_Freedisk_Percent : public Pandora_Module {
private:
string disk_id;
public:
Pandora_Module_Freedisk_Percent (string name, string disk_id);
void run ();
};
}
#endif

61
pandora_agents/win32/modules/pandora_module_freememory_percent.cc Executable file
View File

@ -0,0 +1,61 @@
/* Pandora freememory module. These modules check if a freememory is running in the
system.
Copyright (C) 2006 Artica ST.
Written by Esteban Sanchez.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include "pandora_module_freememory_percent.h"
#include "../windows/pandora_wmi.h"
#include "../pandora_strutils.h"
using namespace Pandora;
using namespace Pandora_Modules;
using namespace Pandora_Strutils;
/**
* Creates a Pandora_Module_Freememory object.
*
* @param name Module name.
*/
Pandora_Module_Freememory_Percent::Pandora_Module_Freememory_Percent (string name)
: Pandora_Module (name) {
this->setKind (module_freememory_percent_str);
}
void
Pandora_Module_Freememory_Percent::run () {
long res;
try {
Pandora_Module::run ();
} catch (Interval_Not_Fulfilled e) {
return;
}
try {
res = Pandora_Wmi::getFreememoryPercent ();
this->setOutput (longtostr (res));
} catch (Pandora_Wmi::Pandora_Wmi_Exception e) {
this->has_output = false;
}
}

38
pandora_agents/win32/modules/pandora_module_freememory_percent.h Executable file
View File

@ -0,0 +1,38 @@
/* Pandora free memory module. These modules get amount of free memory.
Copyright (C) 2006 Artica ST.
Written by Esteban Sanchez.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PANDORA_MODULE_FREEMEMORY_PERCENT_H__
#define __PANDORA_MODULE_FREEMEMORY_PERCENT_H__
#include "pandora_module.h"
namespace Pandora_Modules {
/**
* Module to retrieve the free memory amount of the system.
*/
class Pandora_Module_Freememory_Percent : public Pandora_Module {
public:
Pandora_Module_Freememory_Percent (string name);
void run ();
};
}
#endif

34
pandora_agents/win32/modules/pandora_module_list.cc
View File

@ -24,11 +24,16 @@
#include "pandora_module_proc.h" #include "pandora_module_proc.h"
#include "pandora_module_service.h" #include "pandora_module_service.h"
#include "pandora_module_freedisk.h" #include "pandora_module_freedisk.h"
#include "pandora_module_freedisk_percent.h"
#include "pandora_module_freememory.h" #include "pandora_module_freememory.h"
#include "pandora_module_freememory_percent.h"
#include "pandora_module_cpuusage.h" #include "pandora_module_cpuusage.h"
#include "pandora_module_odbc.h" #include "pandora_module_odbc.h"
#include "pandora_module_logevent.h" #include "pandora_module_logevent.h"
#include "pandora_module_wmiquery.h" #include "pandora_module_wmiquery.h"
#include "pandora_module_perfcounter.h"
#include "pandora_module_tcpcheck.h"
#include "pandora_module_regexp.h"
#include <fstream> #include <fstream>
using namespace std; using namespace std;
@ -132,12 +137,17 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
Pandora_Module_Proc *module_proc; Pandora_Module_Proc *module_proc;
Pandora_Module_Service *module_service; Pandora_Module_Service *module_service;
Pandora_Module_Freedisk *module_freedisk; Pandora_Module_Freedisk *module_freedisk;
Pandora_Module_Freedisk_Percent *module_freedisk_percent;
Pandora_Module_Cpuusage *module_cpuusage; Pandora_Module_Cpuusage *module_cpuusage;
Pandora_Module_Freememory *module_freememory; Pandora_Module_Freememory *module_freememory;
Pandora_Module_Freememory_Percent *module_freememory_percent;
Pandora_Module_Odbc *module_odbc; Pandora_Module_Odbc *module_odbc;
Pandora_Module_Logevent *module_logevent; Pandora_Module_Logevent *module_logevent;
Pandora_Module_WMIQuery *module_wmiquery; Pandora_Module_WMIQuery *module_wmiquery;
Pandora_Module_Perfcounter *module_perfcounter;
Pandora_Module_Tcpcheck *module_tcpcheck;
Pandora_Module_Regexp *module_regexp;
module = Pandora_Module_Factory::getModuleFromDefinition (definition); module = Pandora_Module_Factory::getModuleFromDefinition (definition);
if (module != NULL) { if (module != NULL) {
@ -163,11 +173,21 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
module_freedisk = (Pandora_Module_Freedisk *) module; module_freedisk = (Pandora_Module_Freedisk *) module;
modules->push_back (module_freedisk); modules->push_back (module_freedisk);
break;
case MODULE_FREEDISK_PERCENT:
module_freedisk_percent = (Pandora_Module_Freedisk_Percent *) module;
modules->push_back (module_freedisk_percent);
break; break;
case MODULE_FREEMEMORY: case MODULE_FREEMEMORY:
module_freememory = (Pandora_Module_Freememory *) module; module_freememory = (Pandora_Module_Freememory *) module;
modules->push_back (module_freememory); modules->push_back (module_freememory);
break;
case MODULE_FREEMEMORY_PERCENT:
module_freememory_percent = (Pandora_Module_Freememory_Percent *) module;
modules->push_back (module_freememory_percent);
break; break;
case MODULE_CPUUSAGE: case MODULE_CPUUSAGE:
module_cpuusage = (Pandora_Module_Cpuusage *) module; module_cpuusage = (Pandora_Module_Cpuusage *) module;
@ -186,6 +206,18 @@ Pandora_Modules::Pandora_Module_List::parseModuleDefinition (string definition)
module_wmiquery = (Pandora_Module_WMIQuery *) module; module_wmiquery = (Pandora_Module_WMIQuery *) module;
modules->push_back (module_wmiquery); modules->push_back (module_wmiquery);
break; break;
case MODULE_PERFCOUNTER:
module_perfcounter = (Pandora_Module_Perfcounter *) module;
modules->push_back (module_perfcounter);
break;
case MODULE_TCPCHECK:
module_tcpcheck = (Pandora_Module_Tcpcheck *) module;
modules->push_back (module_tcpcheck);
break;
case MODULE_REGEXP:
module_regexp = (Pandora_Module_Regexp *) module;
modules->push_back (module_regexp);
break;
default: default:
break; break;
} }

328
pandora_agents/win32/modules/pandora_module_logevent.cc
View File

@ -19,6 +19,8 @@
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/ */
#include <time.h>
#include "pandora_module_logevent.h" #include "pandora_module_logevent.h"
#include "../windows/pandora_wmi.h" #include "../windows/pandora_wmi.h"
#include "../pandora_windows_service.h" #include "../pandora_windows_service.h"
@ -32,44 +34,58 @@ using namespace Pandora_Modules;
* @param name Module name. * @param name Module name.
* @param service_name Service internal name to check. * @param service_name Service internal name to check.
*/ */
Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, string type, string code, string pattern) Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, string type, string id, string pattern, string application)
: Pandora_Module (name) { : Pandora_Module (name) {
int i;
string upper_type = type;
// Convert the type string to uppercase
for (i = 0; i < type.length(); i++) {
upper_type[i] = toupper(type[i]);
}
// Set the type filter
if (upper_type.compare("ERROR") == 0) {
this->type = EVENTLOG_ERROR_TYPE;
} else if (upper_type.compare("WARNING") == 0) {
this->type = EVENTLOG_WARNING_TYPE;
} else if (upper_type.compare("INFORMATION") == 0) {
this->type = EVENTLOG_INFORMATION_TYPE;
} else if (upper_type.compare("AUDIT SUCCESS") == 0) {
this->type = EVENTLOG_AUDIT_SUCCESS;
} else if (upper_type.compare("AUDIT FAILURE") == 0) {
this->type = EVENTLOG_AUDIT_FAILURE;
} else {
this->type = -1;
}
this->id = atoi (id.c_str ());
this->source = source; this->source = source;
this->type = type;
this->code = code;
this->pattern = pattern; this->pattern = pattern;
this->application = application;
this->log_event = NULL;
this->setKind (module_logevent_str); this->setKind (module_logevent_str);
} }
void void
Pandora_Module_Logevent::run () { Pandora_Module_Logevent::run () {
int interval, module_interval;
string value; string value;
list<string> event_list; list<string> event_list;
list<string>::iterator event; list<string>::iterator event;
Pandora_Agent_Conf::Pandora_Agent_Conf *conf;
SYSTEMTIME system_time; SYSTEMTIME system_time;
conf = Pandora_Agent_Conf::getInstance ();
// Get execution interval
value = conf->getValue ("interval");
interval = atoi(value.c_str ());
module_interval = this->getInterval ();
if (module_interval > 0) {
interval *= module_interval;
}
// Run // Run
try { try {
Pandora_Module::run (); Pandora_Module::run ();
} catch (Interval_Not_Fulfilled e) { } catch (Interval_Not_Fulfilled e) {
return; return;
} }
Pandora_Wmi::getEventList (this->source, this->type, this->code, this->pattern, interval, event_list); // Open log event
this->openLogEvent();
// Read events
this->getLogEvents (event_list);
// No data // No data
if (event_list.size () < 1) { if (event_list.size () < 1) {
@ -78,16 +94,278 @@ Pandora_Module_Logevent::run () {
} }
for (event = event_list.begin (); event != event_list.end(); ++event) { for (event = event_list.begin (); event != event_list.end(); ++event) {
// No WMI timestamp?
if (event->size () < 26) { // No timestamp? Should not happen
this->setOutput (*event); if (event->size () < TIMESTAMP_LEN) {
continue; continue;
} }
// Get the timestamp timestampToSystemtime (event->substr (0, TIMESTAMP_LEN), &system_time);
Pandora_Wmi::convertWMIDate (event->substr (0, 26), &system_time);
// Store the data // Store the data
this->setOutput (event->substr (26), &system_time); this->setOutput (event->substr (TIMESTAMP_LEN), &system_time);
} }
} }
/**
* Opens a handle to the module event log.
*
* @return A handle to the event log.
*/
HANDLE
Pandora_Module_Logevent::openLogEvent () {
// Check whether the event log is already open
if (this->log_event != NULL) {
return NULL;
}
// Open the event log
this->log_event = OpenEventLog (NULL, this->source.c_str ());
if (this->log_event == NULL) {
pandoraLog ("Could not open event log file '%s'", this->source.c_str ());
return NULL;
}
// Discard existing events
this->discardLogEvents ();
return this->log_event;
}
/**
* Closes the current event log.
*/
void
Pandora_Module_Logevent::closeLogEvent () {
if (this->log_event == NULL) {
return;
}
// Close the event log
CloseEventLog (this->log_event);
this->log_event = NULL;
}
/**
* Discards existing log events.
*/
void
Pandora_Module_Logevent::discardLogEvents () {
int rc;
BYTE bBuffer[BUFFER_SIZE];
DWORD read, needed;
DWORD oldest_event, newest_event, num_events;
EVENTLOGRECORD *pevlr;
if (this->log_event == NULL) {
return;
}
// Get the offset of the newest event
GetOldestEventLogRecord (this->log_event, &oldest_event);
GetNumberOfEventLogRecords (this->log_event, &num_events);
newest_event = oldest_event + num_events;
// Initialize the event record buffer
pevlr = (EVENTLOGRECORD *)&bBuffer;
// Read the newest event, subsequent calls to ReadEventLog will read from here
rc = ReadEventLog(this->log_event, EVENTLOG_FORWARDS_READ | EVENTLOG_SEEK_READ,
newest_event, pevlr, BUFFER_SIZE, &read, &needed);
// Something went wrong
if (rc != 0) {
pandoraLog ("ReadEventLog error %d", GetLastError ());
}
}
/**
* Reads available events from the event log.
*/
int
Pandora_Module_Logevent::getLogEvents (list<string> &event_list) {
char description[BUFFER_SIZE], timestamp[TIMESTAMP_LEN + 1];
struct tm *time_info = NULL;
time_t epoch;
string event;
BYTE buffer[BUFFER_SIZE];
DWORD read, needed;
EVENTLOGRECORD *pevlr = NULL;
LPCTSTR source_name;
if (this->log_event == NULL) {
return -1;
}
// Initialize the event record buffer
pevlr = (EVENTLOGRECORD *) &buffer;
// Read events
while (ReadEventLog(this->log_event, EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0, pevlr, BUFFER_SIZE, &read, &needed)) {
while (read > 0) {
// Retrieve the event description
getEventDescription (pevlr, description);
// Filter the event
if (filterEvent (pevlr, description) == 0) {
// Generate a timestamp for the event
epoch = pevlr->TimeGenerated;
time_info = localtime (&epoch);
strftime (timestamp, TIMESTAMP_LEN + 1, "%Y-%m-%d %H:%M:%S", time_info);
// Add the event to the list
event = timestamp;
event.append (description);
event_list.push_back (event);
}
// Move to the next event
read -= pevlr->Length;
pevlr = (EVENTLOGRECORD *) ((LPBYTE) pevlr + pevlr->Length);
}
pevlr = (EVENTLOGRECORD *) &buffer;
}
return 0;
}
/**
* Converts a timestamp in the format "%Y-%m-%d %H:%M:%S"
* to SYSTEMTIME format.
*
* @param wmi_date Timestamp.
* @param system_time Output SYSTEMTIME variable.
*/
void
Pandora_Module_Logevent::timestampToSystemtime (string timestamp, SYSTEMTIME *system_time) {
system_time->wYear = atoi (timestamp.substr (0, 4).c_str());
system_time->wMonth = atoi (timestamp.substr (5, 2).c_str());
system_time->wDay = atoi (timestamp.substr (8, 2).c_str());
system_time->wHour = atoi (timestamp.substr (11, 2).c_str());
system_time->wMinute = atoi (timestamp.substr (14, 2).c_str());
system_time->wSecond = atoi (timestamp.substr (17, 2).c_str());
}
/**
* Retrieves the description of the given event.
*
* @param event Event log record.
* @param message Buffer to store the description (at least _MAX_PATH + 1).
* @return 0 if the description could be retrieved, -1 otherwise.
*/
void
Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *message) {
int i, j, len, offset;
LPBYTE data = 0;
HMODULE module = 0;
TCHAR exe_file[_MAX_PATH + 1], exe_file_path[_MAX_PATH + 1];
HKEY hk = (HKEY)0;
TCHAR key_name[_MAX_PATH + 1];
DWORD max_path, type;
LPCSTR source_name;
TCHAR **strings = NULL;
message[0] = 0;
// Read the source name
source_name = (LPCTSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD));
// Read the key that points to the message file
wsprintf (key_name, "SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s", this->source.c_str (), source_name);
if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, key_name, 0L, KEY_READ, &hk) != NOERROR) {
return;
}
max_path = _MAX_PATH + 1;
if (RegQueryValueEx (hk, "EventMessageFile", 0, &type, (LPBYTE)exe_file, &max_path) != NOERROR) {
RegCloseKey(hk);
return;
}
if (ExpandEnvironmentStrings (exe_file, exe_file_path, _MAX_PATH + 1) == 0) {
strncpy(exe_file_path, exe_file, _MAX_PATH + 1);
}
// Load the DLL
module = LoadLibraryEx (exe_file_path, 0, DONT_RESOLVE_DLL_REFERENCES);
if(module == NULL) {
RegCloseKey(hk);
return;
}
// Get the event strings
strings = (TCHAR**)malloc (pevlr->NumStrings * sizeof(TCHAR *));
if (strings == NULL) {
RegCloseKey(hk);
return;
}
offset = pevlr->StringOffset;
for (i = 0; i < pevlr->NumStrings; i++) {
len = strlen ((TCHAR *)pevlr + offset);
strings[i] = (TCHAR *) malloc ((len + 1) * sizeof(TCHAR));
if (strings[i] == NULL) {
for (j = 0; j < i; j++) {
if (strings[j] != NULL) {
free ((void *)strings[j]);
}
}
}
strcpy(strings[i], (TCHAR *)pevlr + offset);
offset += len + 1;
}
// Get the description
if (FormatMessage (FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, module, pevlr->EventID, 0, (LPTSTR)message, BUFFER_SIZE, strings) == 0) {
message[0] = 0;
}
// Clean up
for (i = 0; i < pevlr->NumStrings; i++) {
if (strings[i] != NULL) {
free ((void *)strings[i]);
}
}
free ((void *)strings);
FreeLibrary(module);
RegCloseKey(hk);
}
/**
* Filters the given event according to the module parameters.
*
* @param event Event log record.
* @param event Event description.22
* @return Returns 0 if the event matches the filters, -1 otherwise.
*/
int
Pandora_Module_Logevent::filterEvent (PEVENTLOGRECORD pevlr, string description) {
LPCSTR source_name;
// Event ID filter
if (this->id > 0 && this->id != pevlr->EventID) {
return -1;
}
// Type filter
if (this->type != -1 && this->type != pevlr->EventType) {
return -1;
}
// Application filter
source_name = (LPCTSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD));
if (! this->application.empty () && this->application.compare (source_name) != 0) {
return -1;
}
// Pattern filter
if (! this->pattern.empty () && description.find(this->pattern) == string::npos) {
return -1;
}
return 0;
}

24
pandora_agents/win32/modules/pandora_module_logevent.h
View File

@ -24,6 +24,12 @@
#include "pandora_module.h" #include "pandora_module.h"
// Log event read buffer size
#define BUFFER_SIZE 1024
// Length of a timestamp string YYYY-MM-DD HH:MM:SS
#define TIMESTAMP_LEN 19
namespace Pandora_Modules { namespace Pandora_Modules {
/** /**
@ -33,12 +39,24 @@ namespace Pandora_Modules {
class Pandora_Module_Logevent : public Pandora_Module { class Pandora_Module_Logevent : public Pandora_Module {
private: private:
int id;
int type;
string source; string source;
string type; string application;
string code;
string pattern; string pattern;
HANDLE log_event;
HANDLE messages_dll;
HANDLE openLogEvent ();
void closeLogEvent ();
void discardLogEvents ();
int getLogEvents (list<string> &event_list);
void timestampToSystemtime (string timestamp, SYSTEMTIME *system_time);
void getEventDescription (PEVENTLOGRECORD pevlr, char *message);
int filterEvent (PEVENTLOGRECORD pevlr, string description);
public: public:
Pandora_Module_Logevent (string name, string source, string type, string code, string pattern); Pandora_Module_Logevent (string name, string source, string type, string id, string pattern, string application);
void run (); void run ();
}; };
} }

158
pandora_agents/win32/modules/pandora_module_perfcounter.cc Executable file
View File

@ -0,0 +1,158 @@
/* Pandora perfcounter module. This module retrieves information from
performance counters.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <iostream>
#include <sstream>
#include <string>
#include "pandora_module_perfcounter.h"
using namespace Pandora;
using namespace Pandora_Modules;
// Pointers to pdh.dll functions
static HINSTANCE PDH = NULL;
static PdhOpenQueryT PdhOpenQuery = NULL;
static PdhAddCounterT PdhAddCounter = NULL;
static PdhCollectQueryDataT PdhCollectQueryData = NULL;
static PdhGetRawCounterValueT PdhGetRawCounterValue = NULL;
static PdhCloseQueryT PdhCloseQuery = NULL;
/**
* Creates a Pandora_Module_Perfcounter object.
*
* @param name Module name.
* @param service_name Service internal name to check.
*/
Pandora_Module_Perfcounter::Pandora_Module_Perfcounter (string name, string source)
: Pandora_Module (name) {
this->source = source;
this->setKind (module_perfcounter_str);
// Load pdh.dll and some functions
if (PDH == NULL) {
PDH = LoadLibrary("pdh.dll");
if (PDH == NULL) {
pandoraLog ("Error loading library pdh.dll");
return;
}
PdhOpenQuery = (PdhOpenQueryT) GetProcAddress (PDH, "PdhOpenQueryA");
if (PdhOpenQuery == NULL) {
pandoraLog ("Error loading function PdhOpenQueryA");
FreeLibrary (PDH);
PDH = NULL;
return;
}
PdhAddCounter = (PdhAddCounterT) GetProcAddress (PDH, "PdhAddCounterA");
if (PdhAddCounter == NULL) {
pandoraLog ("Error loading function PdhAddCounterA");
FreeLibrary (PDH);
PDH = NULL;
return;
}
PdhCollectQueryData = (PdhCollectQueryDataT) GetProcAddress (PDH, "PdhCollectQueryData");
if (PdhCollectQueryData == NULL) {
pandoraLog ("Error loading function PdhCollectQueryData");
FreeLibrary (PDH);
PDH = NULL;
return;
}
PdhGetRawCounterValue = (PdhGetRawCounterValueT) GetProcAddress (PDH, "PdhGetRawCounterValue");
if (PdhGetRawCounterValue == NULL) {
pandoraLog ("Error loading function PdhGetRawCounterValue");
FreeLibrary (PDH);
PDH = NULL;
return;
}
PdhCloseQuery = (PdhCloseQueryT) GetProcAddress (PDH, "PdhCloseQuery");
if (PdhCloseQuery == NULL) {
pandoraLog ("Error loading function PdhCloseQuery");
FreeLibrary (PDH);
PDH = NULL;
return;
}
}
}
/**
* Pandora_Module_Perfcounter destructor.
*/
Pandora_Module_Perfcounter::~Pandora_Module_Perfcounter () {
FreeLibrary (PDH);
}
void
Pandora_Module_Perfcounter::run () {
WCHAR source [MAX_PATH];
HQUERY query;
PDH_STATUS status;
HCOUNTER counter;
PDH_RAW_COUNTER value;
ostringstream string_value;
// Run
try {
Pandora_Module::run ();
} catch (Interval_Not_Fulfilled e) {
return;
}
if(PDH == NULL) {
pandoraLog ("pdh.dll not found.");
return;
}
// Open a query object
status = PdhOpenQuery (NULL, 0, &query);
if (status != ERROR_SUCCESS) {
pandoraLog ("PdhOpenQuery failed with error %d", status);
return;
}
// Add the counter that will provide the data
status = PdhAddCounter (query, this->source.c_str (), 0, &counter);
if (status != ERROR_SUCCESS) {
pandoraLog ("PdhAddCounter failed with error %d", status);
return;
}
// Collect the data
status = PdhCollectQueryData (query);
if (status != ERROR_SUCCESS) {
// No data
return;
}
// Retrieve the counter value
status = PdhGetRawCounterValue(counter, NULL, &value);
// Close the query object
PdhCloseQuery (query);
string_value << value.FirstValue;
this->setOutput (string_value.str ());
}

65
pandora_agents/win32/modules/pandora_module_perfcounter.h Executable file
View File

@ -0,0 +1,65 @@
/* Pandora perfcounter module. This module retrieves information from
performance counters.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PANDORA_MODULE_PERFCOUNTER_H__
#define __PANDORA_MODULE_PERFCOUNTER_H__
#include "pandora_module.h"
#define BUFFER_SIZE 1024
// Some definitions to use pdh.dll
typedef LONG PDH_STATUS;
typedef HANDLE HCOUNTER;
typedef HANDLE HQUERY;
typedef struct _PDH_RAW_COUNTER {
DWORD CStatus;
FILETIME TimeStamp;
LONGLONG FirstValue;
LONGLONG SecondValue;
DWORD MultiCount;
} PDH_RAW_COUNTER, *PPDH_RAW_COUNTER;
#define PDH_FUNCTION PDH_STATUS __stdcall
typedef PDH_FUNCTION (*PdhOpenQueryT) (IN LPCSTR szDataSource, IN DWORD_PTR dwUserData, IN HQUERY *phQuery);
typedef PDH_FUNCTION (*PdhAddCounterT) (IN HQUERY hQuery, IN LPCSTR szFullCounterPath, IN DWORD_PTR dwUserData, IN HCOUNTER *phCounter);
typedef PDH_FUNCTION (*PdhCollectQueryDataT) (IN HQUERY hQuery);
typedef PDH_FUNCTION (*PdhGetRawCounterValueT) (IN HCOUNTER, IN LPDWORD lpdwType, IN PPDH_RAW_COUNTER pValue);
typedef PDH_FUNCTION (*PdhCloseQueryT) (IN HQUERY hQuery);
namespace Pandora_Modules {
/**
* This module retrieves information from performance counters.
*/
class Pandora_Module_Perfcounter : public Pandora_Module {
private:
string source;
public:
Pandora_Module_Perfcounter (string name, string source);
virtual ~Pandora_Module_Perfcounter ();
void run ();
};
}
#endif

136
pandora_agents/win32/modules/pandora_module_regexp.cc Executable file
View File

@ -0,0 +1,136 @@
/* Pandora regexp module. This module searches a file for matches of
a regular expression.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <iostream>
#include <sstream>
#include <string>
#include "pandora_module_regexp.h"
#include "../pandora_windows_service.h"
using namespace Pandora;
using namespace Pandora_Modules;
/**
* Creates a Pandora_Module_Regexp object.
*
* @param name Module name.
* @param source File to search.
* @param pattern Regular expression to match.
*/
Pandora_Module_Regexp::Pandora_Module_Regexp (string name, string source, string pattern)
: Pandora_Module (name) {
this->source = source;
// Compile the regular expression
if (regcomp (&this->regexp, pattern.c_str (), 0) != 0) {
pandoraLog ("Invalid regular expression %s", pattern.c_str ());
}
// Open the file and skip to the end
this->file.open (source.c_str ());
if (this->file.is_open ()) {
this->file.seekg (0, ios_base::end);
} else {
pandoraLog ("Error opening file %s", source.c_str ());
}
this->setKind (module_regexp_str);
}
/**
* Pandora_Module_Regexp destructor.
*/
Pandora_Module_Regexp::~Pandora_Module_Regexp () {
this->file.close();
}
void
Pandora_Module_Regexp::run () {
int count;
string line;
ostringstream output;
Module_Type type;
type = this->getTypeInt ();
// Run
try {
Pandora_Module::run ();
} catch (Interval_Not_Fulfilled e) {
return;
}
// Check if the file could be opened
if (! file.is_open () || ! file.good ()) {
this->restart ();
return;
}
// Read new lines
count = 0;
while (! file.eof ()) {
getline (file, line);
// Discard empty lines
if (line.empty ()) {
continue;
}
// Try to match the line with the regexp
if (regexec (&this->regexp, line.c_str (), 0, NULL, 0) == 0) {
if (type == TYPE_GENERIC_DATA_STRING || type == TYPE_ASYNC_STRING) {
this->setOutput (line);
}
count++;
}
}
// Set output according to the module type
if (type == TYPE_GENERIC_DATA_STRING || type == TYPE_ASYNC_STRING) {
// Already set
}
else if (type == TYPE_GENERIC_PROC || type == TYPE_ASYNC_PROC) {
this->setOutput (count > 0 ? "1" : "0");
} else {
output << count;
this->setOutput (output.str ());
}
// Clear the EOF flag
file.clear ();
}
/**
* Closes, re-opens and seeks to the end of the current file.
*/
void
Pandora_Module_Regexp::restart () {
this->file.close ();
this->file.open (this->source.c_str ());
if (this->file.is_open ()) {
this->file.seekg (0, ios_base::end);
return;
}
pandoraLog ("Error opening file %s", this->source.c_str ());
}

52
pandora_agents/win32/modules/pandora_module_regexp.h Executable file
View File

@ -0,0 +1,52 @@
/* Pandora regexp module. This module searches a file for matches of
a regular expression.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PANDORA_MODULE_REGEXP_H__
#define __PANDORA_MODULE_REGEXP_H__
#include <iostream>
#include <fstream>
#include <string>
#include "pandora_module.h"
#include "boost/regex.h"
namespace Pandora_Modules {
/**
* This module searches a file for matches of a regular expression.
*/
class Pandora_Module_Regexp : public Pandora_Module {
private:
string source;
ifstream file;
regex_t regexp;
void restart ();
public:
Pandora_Module_Regexp (string name, string source, string pattern);
virtual ~Pandora_Module_Regexp ();
void run ();
};
}
#endif

131
pandora_agents/win32/modules/pandora_module_tcpcheck.cc Executable file
View File

@ -0,0 +1,131 @@
/* Pandora tcpcheck module. This module checks whether a tcp port is open.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <winsock.h>
#include "pandora_module_tcpcheck.h"
using namespace Pandora;
using namespace Pandora_Modules;
/**
* Creates a Pandora_Module_Tcpcheck object.
*
* @param name Module name.
* @param address Target address.
* @param port Target port.
* @param timeout Connection timeout.
*/
Pandora_Module_Tcpcheck::Pandora_Module_Tcpcheck (string name, string address, string port, string timeout)
: Pandora_Module (name) {
int rc;
WSADATA wsa_data;
// Initialize Winsock
WSAStartup (MAKEWORD(2,2), &wsa_data);
this->address = address;
this->port = atoi (port.c_str ());
this->timeout = atoi (timeout.c_str ());
// Set a default timeout
if (this->timeout < 1) {
this->timeout = DEFAULT_TIMEOUT;
}
this->setKind (module_tcpcheck_str);
}
/**
* Pandora_Module_Tcpcheck destructor.
*/
Pandora_Module_Tcpcheck::~Pandora_Module_Tcpcheck () {
WSACleanup ();
}
void
Pandora_Module_Tcpcheck::run () {
int rc, sock, port;
unsigned long mode = 1;
struct sockaddr_in server;
struct hostent *host = NULL;
fd_set socket_set;
timeval timer;
// Run
try {
Pandora_Module::run ();
} catch (Interval_Not_Fulfilled e) {
return;
}
if (this->address.empty ()) {
return;
}
// Create the TCP socket
sock = socket (PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sock == SOCKET_ERROR) {
pandoraLog ("Error %d creating socket", WSAGetLastError ());
return;
}
memset(&server, 0, sizeof(server));
server.sin_family = AF_INET;
server.sin_port = htons(this->port);
server.sin_addr.s_addr = inet_addr(this->address.c_str ());
if (server.sin_addr.s_addr == -1) {
// Try to resolve the address
host = gethostbyname(this->address.c_str ());
if (host == NULL) {
pandoraLog ("Could not resolve address for %s", this->address.c_str ());
return;
}
memcpy(&server.sin_addr, host->h_addr_list[0], host->h_length);
}
// Use non-blocking sockets to implement a timeout
ioctlsocket (sock, FIONBIO, &mode);
// Connection request
rc = connect(sock, (struct sockaddr *) &server, sizeof(server));
if (rc == SOCKET_ERROR) {
rc = WSAGetLastError ();
if (rc != WSAEWOULDBLOCK) {
pandoraLog ("connect error %d", rc);
return;
}
}
// Determine the completion of the connection request by checking to see if
// the socket is writeable
socket_set.fd_array[0] = sock;
socket_set.fd_count = 1;
timer.tv_sec = this->timeout;
rc = select(0, NULL, &socket_set, NULL, &timer);
if (rc == 0) {
this->setOutput ("0");
return;
}
this->setOutput ("1");
}

47
pandora_agents/win32/modules/pandora_module_tcpcheck.h Executable file
View File

@ -0,0 +1,47 @@
/* Pandora tcpcheck module. This module checks whether a tcp port is open.
Copyright (C) 2008 Artica ST.
Written by Ramon Novoa.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PANDORA_MODULE_TCPCHECK_H__
#define __PANDORA_MODULE_TCPCHECK_H__
#include "pandora_module.h"
#define DEFAULT_TIMEOUT 3
namespace Pandora_Modules {
/**
* This module checks whether a tcp port is open.
*/
class Pandora_Module_Tcpcheck : public Pandora_Module {
private:
string address;
int port;
int timeout;
public:
Pandora_Module_Tcpcheck (string name, string address, string port, string timeout);
virtual ~Pandora_Module_Tcpcheck ();
void run ();
};
}
#endif

66
pandora_agents/win32/pandora_windows_service.cc
View File

@ -683,6 +683,12 @@ Pandora_Windows_Service::sendXml (Pandora_Module_List *modules) {
string encoding; string encoding;
bool saved; bool saved;
static HANDLE mutex = 0; static HANDLE mutex = 0;
ULARGE_INTEGER free_bytes;
double min_free_bytes = 0;
Pandora_Agent_Conf *conf = NULL;
conf = this->getConf ();
min_free_bytes = 1024 * atoi (conf->getValue ("temporal_min_size").c_str ());
if (mutex == 0) { if (mutex == 0) {
mutex = CreateMutex (NULL, FALSE, NULL); mutex = CreateMutex (NULL, FALSE, NULL);
@ -749,24 +755,76 @@ Pandora_Windows_Service::sendXml (Pandora_Module_List *modules) {
/* Only send if debug is not activated */ /* Only send if debug is not activated */
if (getPandoraDebug () == false) { if (getPandoraDebug () == false) {
this->copyDataFile (tmp_filename); rc = this->copyDataFile (tmp_filename);
Pandora_File::removeFile (tmp_filepath);
/* Delete the file if successfully copied or not enough space available */
if (rc == 0 || (GetDiskFreeSpaceEx (tmp_filepath.c_str (), &free_bytes, NULL, NULL) != 0
&& free_bytes.QuadPart < min_free_bytes)) {
Pandora_File::removeFile (tmp_filepath);
}
/* Send any buffered data files */
this->sendBufferedXml (conf->getValue ("temporal"));
} }
ReleaseMutex (mutex); ReleaseMutex (mutex);
} }
void
Pandora_Windows_Service::sendBufferedXml (string path) {
string base_path = path, file_path;
WIN32_FIND_DATA file_data;
HANDLE find;
if (base_path[base_path.length () - 1] != '\\') {
base_path += "\\";
}
file_path = base_path + "*.data";
/* Search for buffered data files */
find = FindFirstFile(file_path.c_str (), &file_data);
if (find == INVALID_HANDLE_VALUE) {
return;
}
/* Send data files as long as there are no errors */
if (this->copyDataFile (file_data.cFileName) != 0) {
FindClose(find);
return;
}
Pandora_File::removeFile (base_path + file_data.cFileName);
while (FindNextFile(find, &file_data) != 0) {
if (this->copyDataFile (file_data.cFileName) != 0) {
FindClose(find);
return;
}
Pandora_File::removeFile (base_path + file_data.cFileName);
}
FindClose(find);
}
void void
Pandora_Windows_Service::pandora_run () { Pandora_Windows_Service::pandora_run () {
Pandora_Agent_Conf *conf = NULL; Pandora_Agent_Conf *conf = NULL;
string server_addr; string server_addr;
int startup_delay = 0;
pandoraDebug ("Run begin"); pandoraDebug ("Run begin");
conf = this->getConf ();
/* Sleep if a startup delay was specified */
startup_delay = atoi (conf->getValue ("startup_delay").c_str ());
if (startup_delay > 0) {
pandoraLog ("Delaying startup %d seconds", startup_delay);
Sleep (startup_delay);
}
/* Check for configuration changes */ /* Check for configuration changes */
this->checkConfig (); this->checkConfig ();
conf = this->getConf ();
server_addr = conf->getValue ("server_ip"); server_addr = conf->getValue ("server_ip");
execution_number++; execution_number++;

1
pandora_agents/win32/pandora_windows_service.h
View File

@ -84,6 +84,7 @@ namespace Pandora {
void start (); void start ();
int sendXml (Pandora_Module_List *modules); int sendXml (Pandora_Module_List *modules);
void sendBufferedXml (string path);
Pandora_Agent_Conf *getConf (); Pandora_Agent_Conf *getConf ();
}; };
} }

250
pandora_agents/win32/windows/pandora_wmi.cc
View File

@ -179,6 +179,56 @@ Pandora_Wmi::getDiskFreeSpace (string disk_id) {
throw Pandora_Wmi_Exception (); throw Pandora_Wmi_Exception ();
} }
/**
* Get the free space in a logical disk drive.
*
* @param disk_id Disk drive letter (C: for example).
*
* @return Free space percentage.
*
* @exception Pandora_Wmi_Exception Throwd if an error occured when reading
* from WMI database.
*/
unsigned long
Pandora_Wmi::getDiskFreeSpacePercent (string disk_id) {
CDhInitialize init;
CDispPtr wmi_svc, quickfixes;
unsigned long free_space = 0, size = 0;
unsigned long total_free_space = 0, total_size = 0;
string query, free_str, size_str;
query = "SELECT Size, FreeSpace FROM Win32_LogicalDisk WHERE DeviceID = \"" + disk_id + "\"";
try {
dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc));
dhCheck (dhGetValue (L"%o", &quickfixes, wmi_svc,
L".ExecQuery(%T)",
query.c_str ()));
FOR_EACH (quickfix, quickfixes, NULL) {
dhGetValue (L"%s", &free_str, quickfix,
L".FreeSpace");
dhGetValue (L"%s", &size_str, quickfix,
L".Size");
free_space = Pandora_Strutils::strtoulong (free_str);
size = Pandora_Strutils::strtoulong (size_str);
total_free_space += free_space;
total_size += size;
} NEXT_THROW (quickfix);
if (total_size == 0) {
return 0;
}
return total_free_space * 100 / total_size;
} catch (string errstr) {
pandoraLog ("getDiskFreeSpace error. %s", errstr.c_str ());
}
throw Pandora_Wmi_Exception ();
}
/** /**
* Get the CPU usage percentage in the last minutes. * Get the CPU usage percentage in the last minutes.
* *
@ -194,24 +244,40 @@ Pandora_Wmi::getCpuUsagePercentage (int cpu_id) {
CDhInitialize init; CDhInitialize init;
CDispPtr wmi_svc, quickfixes; CDispPtr wmi_svc, quickfixes;
string query; string query;
long load_percentage; long load_percentage, total_load;
int total_cpus;
std::ostringstream stm; std::ostringstream stm;
stm << cpu_id; // Select all CPUs
query = "SELECT * FROM Win32_Processor WHERE DeviceID = \"CPU" + stm.str () + "\""; if (cpu_id < 0) {
query = "SELECT * FROM Win32_Processor";
// Select a single CPUs
} else {
stm << cpu_id;
query = "SELECT * FROM Win32_Processor WHERE DeviceID = \"CPU" + stm.str () + "\"";
}
try { try {
dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc)); dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc));
dhCheck (dhGetValue (L"%o", &quickfixes, wmi_svc, dhCheck (dhGetValue (L"%o", &quickfixes, wmi_svc,
L".ExecQuery(%T)", L".ExecQuery(%T)",
query.c_str ())); query.c_str ()));
total_cpus = 0;
total_load = 0;
FOR_EACH (quickfix, quickfixes, NULL) { FOR_EACH (quickfix, quickfixes, NULL) {
dhGetValue (L"%d", &load_percentage, quickfix, dhGetValue (L"%d", &load_percentage, quickfix,
L".LoadPercentage"); L".LoadPercentage");
return load_percentage; total_cpus++;
total_load += load_percentage;
} NEXT_THROW (quickfix); } NEXT_THROW (quickfix);
if (total_cpus == 0) {
return 0;
}
return total_load / total_cpus;
} catch (string errstr) { } catch (string errstr) {
pandoraLog ("getCpuUsagePercentage error. %s", errstr.c_str ()); pandoraLog ("getCpuUsagePercentage error. %s", errstr.c_str ());
} }
@ -251,6 +317,45 @@ Pandora_Wmi::getFreememory () {
throw Pandora_Wmi_Exception (); throw Pandora_Wmi_Exception ();
} }
/**
* Get the percentage of free memory in the system
*
* @return The percentage of free memory.
* @exception Pandora_Wmi_Exception Throwd if an error occured when reading
* from WMI database.
*/
long
Pandora_Wmi::getFreememoryPercent () {
CDhInitialize init;
CDispPtr wmi_svc, quickfixes;
long free_memory, total_memory;
try {
dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc));
dhCheck (dhGetValue (L"%o", &quickfixes, wmi_svc,
L".ExecQuery(%S)",
L"SELECT FreePhysicalMemory, TotalVisibleMemorySize FROM Win32_OperatingSystem "));
FOR_EACH (quickfix, quickfixes, NULL) {
dhGetValue (L"%d", &free_memory, quickfix,
L".FreePhysicalMemory");
dhGetValue (L"%d", &total_memory, quickfix,
L".TotalVisibleMemorySize");
if (total_memory == 0) {
return 0;
}
return free_memory * 100 / total_memory;
} NEXT_THROW (quickfix);
} catch (string errstr) {
pandoraLog ("getFreememory error. %s", errstr.c_str ());
}
throw Pandora_Wmi_Exception ();
}
/** /**
* Get the name of the operating system. * Get the name of the operating system.
* *
@ -383,139 +488,6 @@ Pandora_Wmi::getSystemName () {
return ret; return ret;
} }
/**
* Get a list of events that match a given pattern.
*
* @return The list of events.
*/
void
Pandora_Wmi::getEventList (string source, string type, string code,
string pattern, int interval,
list<string> &event_list) {
CDhInitialize init;
CDispPtr wmi_svc, quickfixes;
char *value = NULL;
WCHAR *unicode_value;
string event, limit, message, query, timestamp;
char *encode;
limit = getTimestampLimit (interval);
if (limit.empty()) {
pandoraDebug ("Pandora_Wmi::getEventList: getTimestampLimit error");
return;
}
// Build the WQL query
query = "SELECT * FROM Win32_NTLogEvent WHERE TimeWritten >= '" + limit + "'";
if (! source.empty()) {
query += " AND Logfile = '" + source + "'";
}
if (! type.empty()) {
query += " AND Type = '" + type + "'";
}
if (! code.empty()) {
query += " AND EventCode = '" + code + "'";
}
try {
dhCheck (dhGetObject (getWmiStr (L"."), NULL, &wmi_svc));
dhCheck (dhGetValue (L"%o", &quickfixes, wmi_svc,
L".ExecQuery(%s)",
query.c_str()));
FOR_EACH (quickfix, quickfixes, NULL) {
// Timestamp
dhGetValue (L"%s", &value, quickfix,
L".TimeWritten");
timestamp = value;
dhFreeString (value);
// Message
dhGetValue (L"%S", &unicode_value, quickfix,
L".Message");
value = Pandora_Strutils::strUnicodeToAnsi (unicode_value);
message = Pandora_Strutils::trim (value);
dhFreeString (value);
// LIKE is not always available, we have to filter ourselves
if (pattern.empty () || (message.find (pattern) != string::npos)) {
event = timestamp + " " + message;
event_list.push_back(event);
}
} NEXT_THROW (quickfix);
} catch (string errstr) {
pandoraDebug ("Pandora_Wmi::getEventList: error: %s", errstr.c_str ());
}
}
/**
* Returns the limit date (WMI format) for event searches.
*
* @return The timestamp in WMI format.
*/
string
Pandora_Wmi::getTimestampLimit (int interval) {
char limit_str[26], diff_sign;
time_t limit_time, limit_time_utc, limit_diff;
struct tm *limit_tm = NULL, *limit_tm_utc = NULL;
// Get current time
limit_time = time(0);
if (limit_time == (time_t)-1) {
return "";
}
// Get UTC time
limit_tm_utc = gmtime (&limit_time);
limit_time_utc = mktime (limit_tm_utc);
// Calculate the difference in minutes
limit_diff = limit_time - limit_time_utc;
if (limit_diff >= 0) {
diff_sign = '+';
}
else {
diff_sign = '-';
}
limit_diff = abs(limit_diff);
limit_diff /= 60;
// Substract the agent interval
limit_time -= interval;
limit_tm = localtime (&limit_time);
if (limit_tm == NULL) {
return "";
}
// WMI date format: yyyymmddHHMMSS.xxxxxx+UUU
snprintf (limit_str, 26, "%.4d%.2d%.2d%.2d%.2d%.2d.000000%c%.3d",
limit_tm->tm_year + 1900, limit_tm->tm_mon + 1,
limit_tm->tm_mday, limit_tm->tm_hour,
limit_tm->tm_min, limit_tm->tm_sec, diff_sign, limit_diff);
limit_str[25] = '\0';
return string (limit_str);
}
/**
* Converts a date in WMI format to SYSTEMTIME format.
*
* @param wmi_date Date in WMI format
* @param system_time Output system time variable
*/
void
Pandora_Wmi::convertWMIDate (string wmi_date, SYSTEMTIME *system_time)
{
system_time->wYear = atoi (wmi_date.substr (0, 4).c_str());
system_time->wMonth = atoi (wmi_date.substr (4, 2).c_str());
system_time->wDay = atoi (wmi_date.substr (6, 2).c_str());
system_time->wHour = atoi (wmi_date.substr (8, 2).c_str());
system_time->wMinute = atoi (wmi_date.substr (10, 2).c_str());
system_time->wSecond = atoi (wmi_date.substr (12, 2).c_str());
}
/** /**
* Runs a program in a new process. * Runs a program in a new process.
* *

15
pandora_agents/win32/windows/pandora_wmi.h
View File

@ -41,23 +41,14 @@ namespace Pandora_Wmi {
int isProcessRunning (string process_name); int isProcessRunning (string process_name);
int isServiceRunning (string service_name); int isServiceRunning (string service_name);
unsigned long getDiskFreeSpace (string disk_id); unsigned long getDiskFreeSpace (string disk_id);
unsigned long getDiskFreeSpacePercent (string disk_id);
int getCpuUsagePercentage (int cpu_id); int getCpuUsagePercentage (int cpu_id);
long getFreememory (); long getFreememory ();
long getFreememoryPercent ();
string getOSName (); string getOSName ();
string getOSVersion (); string getOSVersion ();
string getOSBuild (); string getOSBuild ();
string getSystemName (); string getSystemName ();
void getEventList (string source,
string type,
string code,
string pattern,
int interval,
list<string> &event_list);
string getTimestampLimit (int interval);
void convertWMIDate (string wmi_date,
SYSTEMTIME *system_time);
bool runProgram (string command, DWORD flags = 0); bool runProgram (string command, DWORD flags = 0);
bool startService (string service_name); bool startService (string service_name);
bool stopService (string service_name); bool stopService (string service_name);