Exemple #1
0
/* Open event logs */
int EventlogsOpen()
{
	int i;

	/* Open the log files */
	for (i = 0; i < EventlogCount; i++)
		if (EventlogOpen(i))
			break;

	/* Check for errors */
	if (i != EventlogCount) {
		EventlogsClose();
		return 1;
	}

	/* Success */
	return 0;
}
Exemple #2
0
/* Main eventlog monitoring loop */
int MainLoop()
{
	char * output = NULL;
	EventList IgnoredEvents[MAX_IGNORED_EVENTS];
	HKEY hkey = NULL;
	int level;
	int log, rv;
	int stat_counter = 0;
    BOOL winEvents;
	FILE *fp = NULL;

    /* Check for new Crimson Log Service */
	winEvents = CheckForWindowsEvents();

	/* Grab Ignore List From File */
	if (CheckSyslogIgnoreFile(IgnoredEvents, CONFIG_FILE) < 0)
		return 1;

    /* Determine whether Tag is set */
    if (strlen(SyslogTag) > 0)
        SyslogIncludeTag = TRUE;

	/* Gather eventlog names */
	if (RegistryGather(winEvents))
		return 1;

	/* Open all eventlogs */
	if (winEvents == FALSE) {
		if (EventlogsOpen())
			return 1;
	}

	/* Service is now running */
	Log(LOG_INFO, "Eventlog to Syslog Service Started: Version %s (%s-bit)", VERSION,
#ifdef _WIN64
		"64"
#else
		"32"
#endif
	);
	Log(LOG_INFO, "Flags: LogLevel=%u, IncludeOnly=%s, EnableTcp=%s, IncludeTag=%s, StatusInterval=%u",
		SyslogLogLevel,
        SyslogIncludeOnly ? "True" : "False",
        SyslogEnableTcp ? "True" : "False",
        SyslogIncludeTag ? "True" : "False",
		SyslogStatusInterval
	);

    if (winEvents) {
        if((rv = WinEventSubscribe(IgnoredEvents)) != ERROR_SUCCESS)
        {
            ServiceIsRunning = FALSE;
        } 
    }

	/* Loop while service is running */
	while (ServiceIsRunning)
    {
		/* Process records */
		if (winEvents == FALSE) {
			for (log = 0; log < EventlogCount; log++) {
				/* Loop for all messages */
                while ((output = EventlogNext(IgnoredEvents, log, &level))) {
                    if (output != NULL) {
						if (SyslogSend(output, level)) {
							ServiceIsRunning = FALSE;
							break;
						}
                    }
                }
			}
		}
		
		/* Send status message to inform server that client is active */
		if (SyslogStatusInterval != 0) {
			if (++stat_counter == SyslogStatusInterval*12) { // Because the service loops ~12 times/min
				stat_counter = 0; /* Reset Counter */
				Log(LOG_INFO, "Eventlog to Syslog Service Running");
			}
        }

		/* Sleep five seconds */
		Sleep(5000);
	}

	/* Service is stopped */
	Log(LOG_INFO, "Eventlog to Syslog Service Stopped");

	/* Close eventlogs */
    if (winEvents)
        WinEventCancelSubscribes();

	EventlogsClose();
    SyslogClose();

	/* Success */
	return 0;
}