Changeset 261 for branches/stable/modules/CheckEventLog/CheckEventLog.cpp

Timestamp:

03/08/10 22:02:22 (2 years ago)

Author:

mickem

Message:

+ Added new option append-filter-<key>=<value> to CheckEventLog to allow "and" of filter rules.

CheckEventLog file=application file=system filter=out MaxWarn=1 MaxCrit=1 filter-eventID=ne:1 filter-eventID=eq:1 append-filter-eventSource==SecurityCenter? truncate=1023 unique descriptions "syntax=%source%: %id% (%count%)"

+ Added debug option to CheckEventLog (to allow settingdebug on per-check)
+ Added obfuscated_password to NSCA section
+ Added so "global" ([Settings] password=...) passwords are read from the NSCA module

Also various changes to make it build with latest version of boost build.

File:

• branches/stable/modules/CheckEventLog/CheckEventLog.cpp (modified) (8 diffs)

branches/stable/modules/CheckEventLog/CheckEventLog.cpp

@@ -23 +23 @@
 #include "CheckEventLog.h"
 #include <filter_framework.hpp>
+#include <boost/foreach.hpp>
 
 #include <strEx.h>
@@ -446 +447 @@
       timeWritten.hasFilter() || timeGenerated.hasFilter();
   }
-  std::wstring getValue() const {
-    if (eventSource.hasFilter())
-      return _T("event-source: ") + eventSource.getValue();
-    if (eventType.hasFilter())
-      return _T("event-type: ") + eventType.getValue();
-    if (eventSeverity.hasFilter())
-      return _T("severity: ") + eventSeverity.getValue();
-    if (eventID.hasFilter())
-      return _T("event-id: ") + eventID.getValue();
-    if (message.hasFilter())
-      return _T("message: ") + message.getValue();
-    if (timeWritten.hasFilter())
-      return _T("time-written: ") + timeWritten.getValue();
-    if (timeGenerated.hasFilter())
-      return _T("time-generated: ") + timeGenerated.getValue();
-    return _T("UNknown...");
+
+#define NSCP_EL_DEBUG(key) if (key.hasFilter()) strEx::append_list(str, std::wstring(_T( # key )) + _T(" ") + key.to_string(), _T(","));
+  std::wstring to_string() const {
+    std::wstring str;
+    NSCP_EL_DEBUG(eventSource);
+    NSCP_EL_DEBUG(eventType);
+    NSCP_EL_DEBUG(eventSeverity);
+    NSCP_EL_DEBUG(eventID);
+    NSCP_EL_DEBUG(message);
+    NSCP_EL_DEBUG(timeWritten);
+    NSCP_EL_DEBUG(timeGenerated);
+    return str;
   }
   bool matchFilter(const EventLogRecord &value) const {
+    bool ret = false;
     if ((eventSource.hasFilter())&&(eventSource.matchFilter(value.eventSource())))
-      return true;
+      ret = true;
+    else if (eventSource.hasFilter())
+      return false;
     else if ((eventType.hasFilter())&&(eventType.matchFilter(value.eventType())))
-      return true;
+      ret = true;
+    else if (eventType.hasFilter())
+      return false;
     else if ((eventSeverity.hasFilter())&&(eventSeverity.matchFilter(value.severity())))
-      return true;
+      ret = true;
+    else if (eventSeverity.hasFilter())
+      return false;
     else if ((eventID.hasFilter())&&(eventID.matchFilter(value.eventID()))) 
-      return true;
+      ret = true;
+    else if (eventID.hasFilter())
+      return false;
     else if ((message.hasFilter())&&(message.matchFilter(value.enumStrings())))
-      return true;
+      ret = true;
+    else if (message.hasFilter())
+      return false;
     else if ((timeWritten.hasFilter())&&(timeWritten.matchFilter(value.timeWritten())))
-      return true;
+      ret = true;
+    else if (timeWritten.hasFilter())
+      return false;
     else if ((timeGenerated.hasFilter())&&(timeGenerated.matchFilter(value.timeGenerated())))
-      return true;
-    return false;
+      ret = true;
+    else if (timeGenerated.hasFilter())
+      return false;
+    return ret;
   }
 };
@@ -484 +496 @@
 
 #define MAP_FILTER(value, obj, filtermode) \
-      else if (p__.first == value) { eventlog_filter filter; filter.obj = p__.second; filter_chain.push_back(filteritem_type(filtermode, filter)); }
+      else if (p__.first == value) { filter.obj = p__.second; if (bPush) { filter_chain.push_back(filteritem_type(filtermode, filter)); filter = eventlog_filter(); } }
+#define MAP_FILTER_LAST(value, obj) \
+      else if (p__.first == value) { filter_chain.front().second.obj = p__.second; }
 
 struct event_log_buffer {
@@ -532 +546 @@
   const int filter_compat = 3;
   event_log_buffer buffer(buffer_length_);
+  bool bPush = true;
+  bool bDebug = debug_;
+  eventlog_filter filter;
   /*
   try {
@@ -553 +570 @@
       MAP_OPTIONS_BOOL_EX(_T("filter"), bFilterIn, _T("in"), _T("out"))
       MAP_OPTIONS_BOOL_EX(_T("filter"), bFilterAll, _T("all"), _T("any"))
+      MAP_OPTIONS_BOOL_EX(_T("auto-push"), bPush, _T("true"), _T("false"))
+      MAP_OPTIONS_BOOL_EX(_T("debug"), bDebug, _T("true"), _T("false"))
       MAP_OPTIONS_STR(_T("syntax"), syntax)
       /*
@@ -587 +606 @@
       MAP_FILTER(_T("filter-message"), message, filter_minus)
 
+      MAP_FILTER_LAST(_T("append-filter-eventType"), eventType)
+      MAP_FILTER_LAST(_T("append-filter-severity"), eventSeverity)
+      MAP_FILTER_LAST(_T("append-filter-eventID"), eventID)
+      MAP_FILTER_LAST(_T("append-filter-eventSource"), eventSource)
+      MAP_FILTER_LAST(_T("append-filter-generated"), timeGenerated)
+      MAP_FILTER_LAST(_T("append-filter-written"), timeWritten)
+      MAP_FILTER_LAST(_T("append-filter-message"), message)
+
+
       MAP_OPTIONS_MISSING(message, _T("Unknown argument: "))
       MAP_OPTIONS_END()
@@ -609 +637 @@
   }
   bool buffer_error_reported = false;
-
+  if (bDebug) {
+    std::wstring str;
+    BOOST_FOREACH(filteritem_type item, filter_chain) {
+      if (item.first == filter_normal)
+        str += _T(". {");
+      else if (item.first == filter_plus)
+        str += _T("+ {");
+      else if (item.first == filter_minus)
+        str += _T("- {");
+      else 
+        str += _T("? {");
+
+      str += item.second.to_string() + _T(" }");
+    }
+    NSC_DEBUG_MSG_STD(_T("Filter: ") + str);
+  }
+
+  bDebug = false;
   for (std::list<std::wstring>::const_iterator cit2 = files.begin(); cit2 != files.end(); ++cit2) {
     std::wstring name = *cit2;
@@ -684 +729 @@
             if ((mode == filter_minus)&&(bTmpMatched)) {
               // a -<filter> hit so thrash item and bail out!
-              if (debug_)
-                NSC_DEBUG_MSG_STD(_T("Matched: - ") + (*cit3).second.getValue() + _T(" for: ") + record.render(bShowDescriptions, syntax));
+              if (bDebug)
+                NSC_DEBUG_MSG_STD(_T("Matched: - ") + (*cit3).second.to_string() + _T(" for: ") + record.render(bShowDescriptions, syntax));
               bMatch = false;
               break;
             } else if ((mode == filter_plus)&&(!bTmpMatched)) {
               // a +<filter> missed hit so thrash item and bail out!
-              if (debug_)
-                NSC_DEBUG_MSG_STD(_T("Matched: + ") + (*cit3).second.getValue() + _T(" for: ") + record.render(bShowDescriptions, syntax));
+              if (bDebug)
+                NSC_DEBUG_MSG_STD(_T("Matched: + ") + (*cit3).second.to_string() + _T(" for: ") + record.render(bShowDescriptions, syntax));
               bMatch = false;
               break;
             } else if (bTmpMatched) {
-              if (debug_)
-                NSC_DEBUG_MSG_STD(_T("Matched: . (contiunue): ") + (*cit3).second.getValue() + _T(" for: ") + record.render(bShowDescriptions, syntax));
+              if (bDebug)
+                NSC_DEBUG_MSG_STD(_T("Matched: . (contiunue): ") + (*cit3).second.to_string() + _T(" for: ") + record.render(bShowDescriptions, syntax));
               bMatch = true;
             }