Changeset 36c340d in nscp for modules/CheckEventLog
- Timestamp:
- 02/25/05 21:47:45 (8 years ago)
- Branches:
- master, 0.4.0, 0.4.1, 0.4.2, stable
- Children:
- 8223547
- Parents:
- a1e1922
- Location:
- modules/CheckEventLog
- Files:
-
- 4 edited
-
CheckEventLog.cpp (modified) (16 diffs)
-
CheckEventLog.def (modified) (1 diff)
-
CheckEventLog.vcproj (modified) (3 diffs)
-
stdafx.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
modules/CheckEventLog/CheckEventLog.cpp
ra0528c4 r36c340d 29 29 30 30 std::string CheckEventLog::getModuleName() { 31 return " NSClient compatibility Module.";31 return "Event log Checker."; 32 32 } 33 33 NSCModuleWrapper::module_version CheckEventLog::getModuleVersion() { … … 104 104 DWORD eventType_; 105 105 std::string eventSource_; 106 boost::regex eventSourceRegExp_; 106 107 bool notSetValue_; 107 108 DWORD writtenBeforeDelta_ ; … … 109 110 DWORD generatedBeforeDelta_; 110 111 DWORD generatedAfterDelta_; 112 boost::regex regexp_; 111 113 112 114 searchQueryItem(bool notSetValue) … … 115 117 generatedBeforeDelta_(0), generatedAfterDelta_(0) 116 118 {} 119 searchQueryItem& operator=(const searchQueryItem &other) { 120 eventType_ = other.eventType_; 121 eventSource_ = other.eventSource_; 122 notSetValue_ = other.notSetValue_; 123 writtenBeforeDelta_ = other.writtenBeforeDelta_; 124 writtenAfterDelta_ = other.writtenAfterDelta_; 125 generatedBeforeDelta_ = other.generatedBeforeDelta_; 126 generatedAfterDelta_ = other.generatedAfterDelta_; 127 try { 128 regexp_ = other.regexp_; 129 } catch (const boost::bad_expression e) { 130 throw (std::string)"Invalid syntax in regular expression:" + other.toString(); 131 } 132 try { 133 eventSourceRegExp_ = other.eventSourceRegExp_; 134 } catch (const boost::bad_expression e) { 135 throw (std::string)"Invalid syntax in event source regular expression:" + other.toString(); 136 } 137 return *this; 138 } 117 139 118 140 inline bool matchDateWritten(DWORD now, DWORD written) const { … … 150 172 } 151 173 inline bool matchSource(std::string eventSource) const { 152 if ( eventSource_.empty())174 if ((eventSource_.empty())&&eventSourceRegExp_.empty()) 153 175 return notSetValue_; 154 return eventSource_ == eventSource; 176 else if (eventSource_.empty()) 177 return boost::regex_match(eventSource, eventSourceRegExp_); 178 else if (eventSourceRegExp_.empty()) 179 return eventSource_ == eventSource; 180 return boost::regex_match(eventSource, eventSourceRegExp_) && (eventSource_ == eventSource); 181 } 182 inline bool matchRegexp(std::string msg) const { 183 if (regexp_.empty()) 184 return notSetValue_; 185 return boost::regex_match(msg, regexp_); 155 186 } 156 187 std::string toString() const { 157 188 std::stringstream ss; 189 ss << " Regexp: " << regexp_ << std::endl; 158 190 ss << " Event type: " << eventType_ << std::endl; 159 191 ss << " Event source: " << eventSource_ << std::endl; 192 ss << " Event source Regexp: " << eventSourceRegExp_ << std::endl; 160 193 ss << " Written delta: " << writtenAfterDelta_ << " > " << writtenBeforeDelta_ << std::endl; 161 194 ss << " Generated delta: " << generatedAfterDelta_ << " > " << generatedBeforeDelta_ << std::endl; … … 167 200 searchQueryBundle() : require(true), exclude(false) {} 168 201 std::string toString() { 169 return " Required:\n" + require.toString() + "\n Ex lude:\n" + exclude.toString();202 return " Required:\n" + require.toString() + "\n Exclude:\n" + exclude.toString(); 170 203 } 171 204 }; … … 189 222 else if (p.first == "eventSource") 190 223 item.eventSource_ = p.second; 224 else if (p.first == "eventSourceRegexp") { 225 try { 226 std::string s = p.second; 227 NSC_DEBUG_MSG_STD("Attempting to make regexp from: " + s); 228 item.eventSourceRegExp_ = s; 229 NSC_DEBUG_MSG_STD("success..."); 230 } catch (const boost::bad_expression e) { 231 item.eventSourceRegExp_ = ""; 232 throw (std::string)"Invalid syntax in regular expression:" + p.second; 233 } 234 } 235 else if (p.first == "generatedBeforeDelta") 236 item.generatedBeforeDelta_ = strEx::stoi(p.second); 237 else if (p.first == "generatedAfterDelta") 238 item.generatedAfterDelta_ = strEx::stoi(p.second); 239 else if (p.first == "writtenBeforeDelta") 240 item.writtenBeforeDelta_ = strEx::stoi(p.second); 241 else if (p.first == "writtenAfterDelta") 242 item.writtenAfterDelta_ = strEx::stoi(p.second); 243 else if (p.first == "regexp") { 244 try { 245 item.regexp_ = p.second; 246 } catch (const boost::bad_expression e) { 247 item.regexp_ = ""; 248 throw (std::string)"Invalid syntax in regular expression:" + p.second; 249 } 250 } else 251 throw (std::string)"Invalid argument: " + p.first; 191 252 } 192 253 void addToQueryBundle(searchQuery::searchQueryBundle &bundle, std::string arg) { … … 196 257 else if (p.first == "exclude") 197 258 addToQueryItem(bundle.exclude, p.second); 259 else 260 throw (std::string)"Invalid require/exclude: " + p.first; 198 261 } 199 262 void addToQuery(searchQuery &q, std::string arg) { … … 212 275 else if (p.first == "descriptions") 213 276 q.descriptions = true; 214 } 215 } 216 217 searchQuery buildQury(std::list<std::string> args) { 218 searchQuery ret; 277 else 278 throw (std::string)"Invalid argument: " + arg; 279 } 280 } 281 282 void buildQury(searchQuery &query, std::list<std::string> args) { 219 283 for (std::list<std::string>::const_iterator it = args.begin(); it!=args.end(); it++) { 220 addToQuery(ret,*it);221 }222 return ret;223 } 224 // huffa&CheckEventLog&Application&1&<type>&<query>&huffa...284 NSC_DEBUG_MSG_STD("Adding: " + *it); 285 addToQuery(query, *it); 286 } 287 } 288 // CheckEventLog 225 289 // request: CheckEventLog&<logfile>&<Query strings> 226 290 // Return: <return state>&<log entry 1> - <log entry 2>... … … 228 292 // 1 - Unknown 229 293 // 2 - Errors 294 // Examples: 295 // CheckEventLog&Application&1&<type>&<query>&huffa... 296 // CheckEventLog&Application&warn.require.eventType=warning&critical.require.eventType=error&truncate=1024&descriptions&all.exclude.eventSourceRegexp=^(Win|Msi|NSClient\+\+|Userenv|ASP\.NET|LoadPerf|Outlook|Application E|NSClient).* 230 297 #define BUFFER_SIZE 1024*64 231 298 … … 233 300 if (command != "CheckEventLog") 234 301 return ""; 302 NSCAPI::returnCodes rCode = NSCAPI::returnOK; 235 303 std::list<std::string> args = NSCHelper::makelist(argLen, char_args); 236 304 if (args.size() < 2) … … 238 306 std::string ret; 239 307 bool critical = false; 308 searchQuery query; 240 309 std::string logFile = args.front(); args.pop_front(); 241 searchQuery query = buildQury(args); 310 try { 311 buildQury(query, args); 312 } catch (std::string s) { 313 return NSCHelper::returnNSCP(NSCAPI::returnUNKNOWN, s); 314 } 242 315 NSC_DEBUG_MSG_STD("Base query: " + query.toString()); 243 316 244 317 HANDLE hLog = OpenEventLog(NULL, logFile.c_str()); 245 318 if (hLog == NULL) 246 return "Could not open the Application event log.";319 return NSCHelper::returnNSCP(NSCAPI::returnUNKNOWN, "Could not open the Application event log."); 247 320 248 321 DWORD dwThisRecord, dwRead, dwNeeded; … … 271 344 query.critical.require.matchSource(record.eventSource()) && 272 345 query.critical.require.matchDateGenerated(currentTime, record.timeGenerated()) && 273 query.critical.require.matchDateWritten(currentTime, record.timeWritten()) 346 query.critical.require.matchDateWritten(currentTime, record.timeWritten()) && 347 query.critical.require.matchRegexp(record.enumStrings()) 274 348 ) { 275 349 match = true; … … 278 352 if ( query.critical.exclude.matchType(record.eventType()) || 279 353 query.critical.exclude.matchSource(record.eventSource()) || 280 query.critical.require.matchDateGenerated(currentTime, record.timeGenerated()) || 281 query.critical.require.matchDateWritten(currentTime, record.timeWritten()) 354 query.critical.exclude.matchDateGenerated(currentTime, record.timeGenerated()) || 355 query.critical.exclude.matchDateWritten(currentTime, record.timeWritten()) || 356 query.critical.exclude.matchRegexp(record.enumStrings()) 282 357 ) { 283 358 match = false; … … 287 362 if ( query.warn.require.matchType(record.eventType()) && 288 363 query.warn.require.matchSource(record.eventSource()) && 289 query.critical.require.matchDateGenerated(currentTime, record.timeGenerated()) && 290 query.critical.require.matchDateWritten(currentTime, record.timeWritten()) 364 query.warn.require.matchDateGenerated(currentTime, record.timeGenerated()) && 365 query.warn.require.matchDateWritten(currentTime, record.timeWritten()) && 366 query.warn.require.matchRegexp(record.enumStrings()) 291 367 ) 292 368 match = true; 293 369 if ( query.warn.exclude.matchType(record.eventType()) || 294 370 query.warn.exclude.matchSource(record.eventSource()) || 295 query.critical.require.matchDateGenerated(currentTime, record.timeGenerated()) || 296 query.critical.require.matchDateWritten(currentTime, record.timeWritten()) 371 query.warn.exclude.matchDateGenerated(currentTime, record.timeGenerated()) || 372 query.warn.exclude.matchDateWritten(currentTime, record.timeWritten()) || 373 query.warn.exclude.matchRegexp(record.enumStrings()) 297 374 ) 298 375 match = false; … … 324 401 ret = "WARNING: " + ret; 325 402 else 326 ret = "OK: No errors/warnings in event log.";403 ret = "OK: No errors/warnings in event log."; 327 404 if (query.truncate != 0) 328 405 ret = ret.substr(0, query.truncate); 329 return ret;406 return NSCHelper::returnNSCP(rCode, ret); 330 407 } 331 408 -
modules/CheckEventLog/CheckEventLog.def
ra0528c4 r36c340d 1 LIBRARY C onsoleLogger1 LIBRARY CheckEventLog 2 2 3 3 EXPORTS -
modules/CheckEventLog/CheckEventLog.vcproj
ra0528c4 r36c340d 21 21 Optimization="0" 22 22 AdditionalIncludeDirectories="../include;../../include" 23 PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_STLP_USE_STATIC_LIB;_STLP_USE_NEWALLOC "23 PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_STLP_USE_STATIC_LIB;_STLP_USE_NEWALLOC,_STLP_DEBUG" 24 24 MinimalRebuild="TRUE" 25 25 BasicRuntimeChecks="3" … … 96 96 <Tool 97 97 Name="VCPreBuildEventTool"/> 98 <Tool 99 Name="VCPreLinkEventTool"/> 100 <Tool 101 Name="VCResourceCompilerTool"/> 102 <Tool 103 Name="VCWebServiceProxyGeneratorTool"/> 104 <Tool 105 Name="VCXMLDataGeneratorTool"/> 106 <Tool 107 Name="VCWebDeploymentTool"/> 108 <Tool 109 Name="VCManagedWrapperGeneratorTool"/> 110 <Tool 111 Name="VCAuxiliaryManagedWrapperGeneratorTool"/> 112 </Configuration> 113 <Configuration 114 Name="Dynamic Linkage|Win32" 115 OutputDirectory="$(ConfigurationName)" 116 IntermediateDirectory="$(ConfigurationName)" 117 ConfigurationType="2" 118 CharacterSet="2"> 119 <Tool 120 Name="VCCLCompilerTool" 121 AdditionalIncludeDirectories="../include;../../include" 122 PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_STLP_USE_STATIC_LIB;SYSTRAY_EXPORTS" 123 RuntimeLibrary="0" 124 UsePrecompiledHeader="3" 125 WarningLevel="3" 126 Detect64BitPortabilityProblems="TRUE" 127 DebugInformationFormat="3"/> 128 <Tool 129 Name="VCCustomBuildTool"/> 130 <Tool 131 Name="VCLinkerTool" 132 OutputFile="../../Release/modules/$(ProjectName).dll" 133 LinkIncremental="1" 134 ModuleDefinitionFile="CheckEventLog.def" 135 GenerateDebugInformation="TRUE" 136 SubSystem="2" 137 OptimizeReferences="2" 138 EnableCOMDATFolding="2" 139 ImportLibrary="$(OutDir)/CheckEventLog.lib" 140 TargetMachine="1"/> 141 <Tool 142 Name="VCMIDLTool"/> 143 <Tool 144 Name="VCPostBuildEventTool"/> 145 <Tool 146 Name="VCPreBuildEventTool" 147 ExcludedFromBuild="TRUE"/> 148 <Tool 149 Name="VCPreLinkEventTool"/> 150 <Tool 151 Name="VCResourceCompilerTool"/> 152 <Tool 153 Name="VCWebServiceProxyGeneratorTool"/> 154 <Tool 155 Name="VCXMLDataGeneratorTool"/> 156 <Tool 157 Name="VCWebDeploymentTool"/> 158 <Tool 159 Name="VCManagedWrapperGeneratorTool"/> 160 <Tool 161 Name="VCAuxiliaryManagedWrapperGeneratorTool"/> 162 </Configuration> 163 <Configuration 164 Name="Debug Dynamic Linkage|Win32" 165 OutputDirectory="$(ConfigurationName)" 166 IntermediateDirectory="$(ConfigurationName)" 167 ConfigurationType="2" 168 CharacterSet="2"> 169 <Tool 170 Name="VCCLCompilerTool" 171 Optimization="0" 172 AdditionalIncludeDirectories="../include;../../include" 173 PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_STLP_USE_NEWALLOC;_STLP_DEBUG=1" 174 MinimalRebuild="TRUE" 175 BasicRuntimeChecks="3" 176 RuntimeLibrary="3" 177 UsePrecompiledHeader="3" 178 WarningLevel="3" 179 Detect64BitPortabilityProblems="TRUE" 180 DebugInformationFormat="4"/> 181 <Tool 182 Name="VCCustomBuildTool"/> 183 <Tool 184 Name="VCLinkerTool" 185 OutputFile="../../Debug/modules/$(ProjectName).dll" 186 LinkIncremental="2" 187 ModuleDefinitionFile="CheckEventLog.def" 188 GenerateDebugInformation="TRUE" 189 ProgramDatabaseFile="$(OutDir)/CheckEventLog.pdb" 190 SubSystem="2" 191 ImportLibrary="$(OutDir)/CheckEventLog.lib" 192 TargetMachine="1"/> 193 <Tool 194 Name="VCMIDLTool"/> 195 <Tool 196 Name="VCPostBuildEventTool"/> 197 <Tool 198 Name="VCPreBuildEventTool" 199 ExcludedFromBuild="TRUE"/> 98 200 <Tool 99 201 Name="VCPreLinkEventTool"/> … … 135 237 <FileConfiguration 136 238 Name="Release|Win32"> 239 <Tool 240 Name="VCCLCompilerTool" 241 UsePrecompiledHeader="1"/> 242 </FileConfiguration> 243 <FileConfiguration 244 Name="Dynamic Linkage|Win32"> 245 <Tool 246 Name="VCCLCompilerTool" 247 UsePrecompiledHeader="1"/> 248 </FileConfiguration> 249 <FileConfiguration 250 Name="Debug Dynamic Linkage|Win32"> 137 251 <Tool 138 252 Name="VCCLCompilerTool" -
modules/CheckEventLog/stdafx.h
ra1e1922 r36c340d 10 10 // Windows Header Files: 11 11 #include <windows.h> 12 12 #include <boost/regex.hpp> 13 13 #include <string> 14 15 14 16 15 #include <NSCAPI.h>
Note: See TracChangeset
for help on using the changeset viewer.
