/******************************************************************************
* *
* Function: lld_validate_graph_field *
* *
******************************************************************************/
static void lld_validate_graph_field(zbx_lld_graph_t *graph, char **field, char **field_orig, zbx_uint64_t flag,
size_t field_len, char **error)
{
if (0 == (graph->flags & ZBX_FLAG_LLD_GRAPH_DISCOVERED))
return;
/* only new graphs or graphs with changed data will be validated */
if (0 != graph->graphid && 0 == (graph->flags & flag))
return;
if (SUCCEED != zbx_is_utf8(*field))
{
zbx_replace_invalid_utf8(*field);
*error = zbx_strdcatf(*error, "Cannot %s graph: value \"%s\" has invalid UTF-8 sequence.\n",
(0 != graph->graphid ? "update" : "create"), *field);
}
else if (zbx_strlen_utf8(*field) > field_len)
{
*error = zbx_strdcatf(*error, "Cannot %s graph: value \"%s\" is too long.\n",
(0 != graph->graphid ? "update" : "create"), *field);
}
else
return;
if (0 != graph->graphid)
lld_field_str_rollback(field, field_orig, &graph->flags, flag);
else
graph->flags &= ~ZBX_FLAG_LLD_GRAPH_DISCOVERED;
}
/******************************************************************************
* *
* Function: lld_validate_trigger_field *
* *
******************************************************************************/
static void lld_validate_trigger_field(zbx_lld_trigger_t *trigger, char **field, char **field_orig,
zbx_uint64_t flag, size_t field_len, char **error)
{
if (0 == (trigger->flags & ZBX_FLAG_LLD_TRIGGER_DISCOVERED))
return;
/* only new triggers or triggers with changed data will be validated */
if (0 != trigger->triggerid && 0 == (trigger->flags & flag))
return;
if (SUCCEED != zbx_is_utf8(*field))
{
zbx_replace_invalid_utf8(*field);
*error = zbx_strdcatf(*error, "Cannot %s trigger: value \"%s\" has invalid UTF-8 sequence.\n",
(0 != trigger->triggerid ? "update" : "create"), *field);
}
else if (zbx_strlen_utf8(*field) > field_len)
{
*error = zbx_strdcatf(*error, "Cannot %s trigger: value \"%s\" is too long.\n",
(0 != trigger->triggerid ? "update" : "create"), *field);
}
else
return;
if (0 != trigger->triggerid)
lld_field_str_rollback(field, field_orig, &trigger->flags, flag);
else
trigger->flags &= ~ZBX_FLAG_LLD_TRIGGER_DISCOVERED;
}
static char* comms_get_xml_b64_value (const char* tag, const char* val)
{
char data_b64[ZBX_MAX_B64_LEN];
data_b64[0] = '\0';
str_base64_encode(val, data_b64, (int)strlen(val));
return zbx_strdcatf(NULL, "<%s>%s</%s>", tag, data_b64, tag);
}
int SERVICES(AGENT_REQUEST *request, AGENT_RESULT *result)
{
int start_type, service_state, ret;
char *type, *state, *exclude, *buf = NULL, *utf8;
SC_HANDLE h_mgr;
ENUM_SERVICE_STATUS_PROCESS *ssp = NULL;
DWORD sz = 0, szn, i, services, resume_handle = 0;
if (3 < request->nparam)
return SYSINFO_RET_FAIL;
type = get_rparam(request, 0);
state = get_rparam(request, 1);
exclude = get_rparam(request, 2);
if (NULL == type || '\0' == *type || 0 == strcmp(type, "all")) /* default parameter */
start_type = ZBX_SRV_STARTTYPE_ALL;
else if (0 == strcmp(type, "automatic"))
start_type = ZBX_SRV_STARTTYPE_AUTOMATIC;
else if (0 == strcmp(type, "manual"))
start_type = ZBX_SRV_STARTTYPE_MANUAL;
else if (0 == strcmp(type, "disabled"))
start_type = ZBX_SRV_STARTTYPE_DISABLED;
else
return SYSINFO_RET_FAIL;
if (NULL == state || '\0' == *state || 0 == strcmp(state, "all")) /* default parameter */
service_state = ZBX_SRV_STATE_ALL;
else if (0 == strcmp(state, "stopped"))
service_state = ZBX_SRV_STATE_STOPPED;
else if (0 == strcmp(state, "started"))
service_state = ZBX_SRV_STATE_STARTED;
else if (0 == strcmp(state, "start_pending"))
service_state = ZBX_SRV_STATE_START_PENDING;
else if (0 == strcmp(state, "stop_pending"))
service_state = ZBX_SRV_STATE_STOP_PENDING;
else if (0 == strcmp(state, "running"))
service_state = ZBX_SRV_STATE_RUNNING;
else if (0 == strcmp(state, "continue_pending"))
service_state = ZBX_SRV_STATE_CONTINUE_PENDING;
else if (0 == strcmp(state, "pause_pending"))
service_state = ZBX_SRV_STATE_PAUSE_PENDING;
else if (0 == strcmp(state, "paused"))
service_state = ZBX_SRV_STATE_PAUSED;
else
return SYSINFO_RET_FAIL;
if (NULL == (h_mgr = OpenSCManager(NULL, NULL, GENERIC_READ)))
return SYSINFO_RET_FAIL;
while (0 != (ret = EnumServicesStatusEx(h_mgr, SC_ENUM_PROCESS_INFO, SERVICE_WIN32, SERVICE_STATE_ALL,
(LPBYTE)ssp, sz, &szn, &services, &resume_handle, NULL)) || ERROR_MORE_DATA == GetLastError())
{
for (i = 0; i < services; i++)
{
SC_HANDLE h_srv;
if (NULL == (h_srv = OpenService(h_mgr, ssp[i].lpServiceName, SERVICE_QUERY_STATUS | SERVICE_QUERY_CONFIG)))
continue;
if (SUCCEED == check_service_starttype(h_srv, start_type))
{
if (SUCCEED == check_service_state(h_srv, service_state))
{
utf8 = zbx_unicode_to_utf8(ssp[i].lpServiceName);
if (NULL == exclude || FAIL == str_in_list(exclude, utf8, ','))
buf = zbx_strdcatf(buf, "%s\n", utf8);
zbx_free(utf8);
}
}
CloseServiceHandle(h_srv);
}
if (0 == szn)
break;
if (NULL == ssp)
{
sz = szn;
ssp = (ENUM_SERVICE_STATUS_PROCESS *)zbx_malloc((void *)ssp, sz);
}
}
zbx_free(ssp);
CloseServiceHandle(h_mgr);
if (NULL == buf)
buf = zbx_strdup(buf, "0");
SET_STR_RESULT(result, buf);
return SYSINFO_RET_OK;
}
/******************************************************************************
* *
* Function: zbx_db_connect *
* *
* Purpose: connect to the database *
* *
* Return value: ZBX_DB_OK - succefully connected *
* ZBX_DB_DOWN - database is down *
* ZBX_DB_FAIL - failed to connect *
* *
******************************************************************************/
int zbx_db_connect(char *host, char *user, char *password, char *dbname, char *dbschema, char *dbsocket, int port)
{
int ret = ZBX_DB_OK;
#if defined(HAVE_IBM_DB2)
char *connect = NULL;
#elif defined(HAVE_ORACLE)
char *connect = NULL;
sword err = OCI_SUCCESS;
#elif defined(HAVE_POSTGRESQL)
char *cport = NULL;
DB_RESULT result;
DB_ROW row;
#endif
txn_init = 1;
assert(NULL != host);
#if defined(HAVE_IBM_DB2)
connect = zbx_strdup(connect, "PROTOCOL=TCPIP;");
if ('\0' != *host)
connect = zbx_strdcatf(connect, "HOSTNAME=%s;", host);
if (NULL != dbname && '\0' != *dbname)
connect = zbx_strdcatf(connect, "DATABASE=%s;", dbname);
if (0 != port)
connect = zbx_strdcatf(connect, "PORT=%d;", port);
if (NULL != user && '\0' != *user)
connect = zbx_strdcatf(connect, "UID=%s;", user);
if (NULL != password && '\0' != *password)
connect = zbx_strdcatf(connect, "PWD=%s;", password);
memset(&ibm_db2, 0, sizeof(ibm_db2));
/* allocate an environment handle */
if (SUCCEED != zbx_ibm_db2_success(SQLAllocHandle(SQL_HANDLE_ENV, SQL_NULL_HANDLE, &ibm_db2.henv)))
ret = ZBX_DB_FAIL;
/* set attribute to enable application to run as ODBC 3.0 application; */
/* recommended for pure IBM DB2 CLI, but not required */
if (ZBX_DB_OK == ret && SUCCEED != zbx_ibm_db2_success(SQLSetEnvAttr(ibm_db2.henv, SQL_ATTR_ODBC_VERSION,
(void *)SQL_OV_ODBC3, 0)))
ret = ZBX_DB_FAIL;
/* allocate a database connection handle */
if (ZBX_DB_OK == ret && SUCCEED != zbx_ibm_db2_success(SQLAllocHandle(SQL_HANDLE_DBC, ibm_db2.henv,
&ibm_db2.hdbc)))
ret = ZBX_DB_FAIL;
/* connect to the database */
if (ZBX_DB_OK == ret && SUCCEED != zbx_ibm_db2_success(SQLDriverConnect(ibm_db2.hdbc, NULL, (SQLCHAR *)connect,
SQL_NTS, NULL, 0, NULL, SQL_DRIVER_NOPROMPT)))
ret = ZBX_DB_FAIL;
/* set autocommit on */
if (ZBX_DB_OK == ret && SUCCEED != zbx_ibm_db2_success(SQLSetConnectAttr(ibm_db2.hdbc, SQL_ATTR_AUTOCOMMIT,
(SQLPOINTER)SQL_AUTOCOMMIT_ON, SQL_NTS)))
ret = ZBX_DB_DOWN;
/* we do not generate vendor escape clause sequences */
if (ZBX_DB_OK == ret && SUCCEED != zbx_ibm_db2_success(SQLSetConnectAttr(ibm_db2.hdbc, SQL_ATTR_NOSCAN,
(SQLPOINTER)SQL_NOSCAN_ON, SQL_NTS)))
ret = ZBX_DB_DOWN;
/* set current schema */
if (NULL != dbschema && '\0' != *dbschema && ZBX_DB_OK == ret)
{
char *dbschema_esc;
dbschema_esc = DBdyn_escape_string(dbschema);
DBexecute("set current schema='%s'", dbschema_esc);
zbx_free(dbschema_esc);
}
/* output error information */
if (ZBX_DB_OK != ret)
{
zbx_ibm_db2_log_errors(SQL_HANDLE_ENV, ibm_db2.henv);
zbx_ibm_db2_log_errors(SQL_HANDLE_DBC, ibm_db2.hdbc);
zbx_db_close();
}
zbx_free(connect);
#elif defined(HAVE_MYSQL)
conn = mysql_init(NULL);
if (!mysql_real_connect(conn, host, user, password, dbname, port, dbsocket, CLIENT_MULTI_STATEMENTS))
{
zabbix_errlog(ERR_Z3001, dbname, mysql_errno(conn), mysql_error(conn));
ret = ZBX_DB_FAIL;
}
if (ZBX_DB_OK == ret)
{
if (0 != mysql_select_db(conn, dbname))
{
zabbix_errlog(ERR_Z3001, dbname, mysql_errno(conn), mysql_error(conn));
ret = ZBX_DB_FAIL;
}
}
if (ZBX_DB_OK == ret)
{
DBexecute("set names utf8");
}
if (ZBX_DB_FAIL == ret)
{
switch (mysql_errno(conn))
{
case CR_CONN_HOST_ERROR:
case CR_SERVER_GONE_ERROR:
case CR_CONNECTION_ERROR:
case CR_SERVER_LOST:
case CR_UNKNOWN_HOST:
case ER_SERVER_SHUTDOWN:
case ER_ACCESS_DENIED_ERROR: /* wrong user or password */
case ER_ILLEGAL_GRANT_FOR_TABLE: /* user without any privileges */
case ER_TABLEACCESS_DENIED_ERROR: /* user without some privilege */
case ER_UNKNOWN_ERROR:
ret = ZBX_DB_DOWN;
break;
default:
break;
}
}
#elif defined(HAVE_ORACLE)
#if defined(HAVE_GETENV) && defined(HAVE_PUTENV)
if (NULL == getenv("NLS_LANG"))
putenv("NLS_LANG=.UTF8");
#endif
memset(&oracle, 0, sizeof(oracle));
/* connection string format: [//]host[:port][/service name] */
if ('\0' != *host)
{
connect = zbx_strdcatf(connect, "//%s", host);
if (0 != port)
connect = zbx_strdcatf(connect, ":%d", port);
if (NULL != dbname && '\0' != *dbname)
connect = zbx_strdcatf(connect, "/%s", dbname);
}
else
ret = ZBX_DB_FAIL;
if (ZBX_DB_OK == ret)
{
/* initialize environment */
err = OCIEnvCreate((OCIEnv **)&oracle.envhp, (ub4)OCI_DEFAULT,
(dvoid *)0, (dvoid * (*)(dvoid *,size_t))0,
(dvoid * (*)(dvoid *, dvoid *, size_t))0,
(void (*)(dvoid *, dvoid *))0, (size_t)0, (dvoid **)0);
if (OCI_SUCCESS != err)
{
zabbix_errlog(ERR_Z3001, connect, err, zbx_oci_error(err));
ret = ZBX_DB_FAIL;
}
}
if (ZBX_DB_OK == ret)
{
/* allocate an error handle */
(void)OCIHandleAlloc((dvoid *)oracle.envhp, (dvoid **)&oracle.errhp, OCI_HTYPE_ERROR,
(size_t)0, (dvoid **)0);
/* get the session */
err = OCILogon2(oracle.envhp, oracle.errhp, &oracle.svchp,
(text *)user, (ub4)(NULL != user ? strlen(user) : 0),
(text *)password, (ub4)(NULL != password ? strlen(password) : 0),
(text *)connect, (ub4)strlen(connect),
OCI_DEFAULT);
if (OCI_SUCCESS != err)
{
zabbix_errlog(ERR_Z3001, connect, err, zbx_oci_error(err));
ret = ZBX_DB_DOWN;
}
else
{
err = OCIAttrGet((void *)oracle.svchp, OCI_HTYPE_SVCCTX, (void *)&oracle.srvhp, (ub4 *)0,
OCI_ATTR_SERVER, oracle.errhp);
if (OCI_SUCCESS != err)
{
zabbix_errlog(ERR_Z3001, connect, err, zbx_oci_error(err));
ret = ZBX_DB_DOWN;
}
}
}
zbx_free(connect);
if (ZBX_DB_OK != ret)
zbx_db_close();
#elif defined(HAVE_POSTGRESQL)
if (0 != port)
cport = zbx_dsprintf(cport, "%d", port);
conn = PQsetdbLogin(host, cport, NULL, NULL, dbname, user, password);
zbx_free(cport);
/* check to see that the backend connection was successfully made */
if (CONNECTION_OK != PQstatus(conn))
{
zabbix_errlog(ERR_Z3001, dbname, 0, PQerrorMessage(conn));
ret = ZBX_DB_DOWN;
}
else
{
result = DBselect("select oid from pg_type where typname='bytea'");
if (NULL != (row = DBfetch(result)))
ZBX_PG_BYTEAOID = atoi(row[0]);
DBfree_result(result);
}
#ifdef HAVE_FUNCTION_PQSERVERVERSION
ZBX_PG_SVERSION = PQserverVersion(conn);
zabbix_log(LOG_LEVEL_DEBUG, "PostgreSQL Server version: %d", ZBX_PG_SVERSION);
#endif
if (80100 <= ZBX_PG_SVERSION)
{
/* disable "nonstandard use of \' in a string literal" warning */
DBexecute("set escape_string_warning to off");
result = DBselect("show standard_conforming_strings");
if (NULL != (row = DBfetch(result)))
ZBX_PG_ESCAPE_BACKSLASH = (0 == strcmp(row[0], "off"));
DBfree_result(result);
}
if (90000 <= ZBX_PG_SVERSION)
{
/* change the output format for values of type bytea from hex (the default) to escape */
DBexecute("set bytea_output=escape");
}
#elif defined(HAVE_SQLITE3)
#ifdef HAVE_FUNCTION_SQLITE3_OPEN_V2
if (SQLITE_OK != sqlite3_open_v2(dbname, &conn, SQLITE_OPEN_READWRITE, NULL))
#else
if (SQLITE_OK != sqlite3_open(dbname, &conn))
#endif
{
zabbix_errlog(ERR_Z3001, dbname, 0, sqlite3_errmsg(conn));
sqlite3_close(conn);
ret = ZBX_DB_DOWN;
}
else
{
char *p, *path;
/* do not return SQLITE_BUSY immediately, wait for N ms */
sqlite3_busy_timeout(conn, SEC_PER_MIN * 1000);
path = strdup(dbname);
if (NULL != (p = strrchr(path, '/')))
*++p = '\0';
else
*path = '\0';
DBexecute("PRAGMA synchronous = 0"); /* OFF */
DBexecute("PRAGMA temp_store = 2"); /* MEMORY */
DBexecute("PRAGMA temp_store_directory = '%s'", path);
zbx_free(path);
}
#endif /* HAVE_SQLITE3 */
txn_init = 0;
return ret;
}
/******************************************************************************
* *
* Function: lld_graphs_validate *
* *
* Parameters: graphs - [IN] sorted list of graphs *
* *
******************************************************************************/
static void lld_graphs_validate(zbx_uint64_t hostid, zbx_vector_ptr_t *graphs, char **error)
{
const char *__function_name = "lld_graphs_validate";
int i, j;
zbx_lld_graph_t *graph, *graph_b;
zbx_vector_uint64_t graphids;
zbx_vector_str_t names;
zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name);
zbx_vector_uint64_create(&graphids);
zbx_vector_str_create(&names); /* list of graph names */
/* checking a validity of the fields */
for (i = 0; i < graphs->values_num; i++)
{
graph = (zbx_lld_graph_t *)graphs->values[i];
lld_validate_graph_field(graph, &graph->name, &graph->name_orig,
ZBX_FLAG_LLD_GRAPH_UPDATE_NAME, GRAPH_NAME_LEN, error);
}
/* checking duplicated graph names */
for (i = 0; i < graphs->values_num; i++)
{
graph = (zbx_lld_graph_t *)graphs->values[i];
if (0 == (graph->flags & ZBX_FLAG_LLD_GRAPH_DISCOVERED))
continue;
/* only new graphs or graphs with changed name will be validated */
if (0 != graph->graphid && 0 == (graph->flags & ZBX_FLAG_LLD_GRAPH_UPDATE_NAME))
continue;
for (j = 0; j < graphs->values_num; j++)
{
graph_b = (zbx_lld_graph_t *)graphs->values[j];
if (0 == (graph_b->flags & ZBX_FLAG_LLD_GRAPH_DISCOVERED) || i == j)
continue;
if (0 != strcmp(graph->name, graph_b->name))
continue;
*error = zbx_strdcatf(*error, "Cannot %s graph:"
" graph with the same name \"%s\" already exists.\n",
(0 != graph->graphid ? "update" : "create"), graph->name);
if (0 != graph->graphid)
{
lld_field_str_rollback(&graph->name, &graph->name_orig, &graph->flags,
ZBX_FLAG_LLD_GRAPH_UPDATE_NAME);
}
else
graph->flags &= ~ZBX_FLAG_LLD_GRAPH_DISCOVERED;
break;
}
}
/* checking duplicated graphs in DB */
for (i = 0; i < graphs->values_num; i++)
{
graph = (zbx_lld_graph_t *)graphs->values[i];
if (0 == (graph->flags & ZBX_FLAG_LLD_GRAPH_DISCOVERED))
continue;
if (0 != graph->graphid)
{
zbx_vector_uint64_append(&graphids, graph->graphid);
if (0 == (graph->flags & ZBX_FLAG_LLD_GRAPH_UPDATE_NAME))
continue;
}
zbx_vector_str_append(&names, graph->name);
}
if (0 != names.values_num)
{
DB_RESULT result;
DB_ROW row;
char *sql = NULL;
size_t sql_alloc = 256, sql_offset = 0;
sql = zbx_malloc(sql, sql_alloc);
zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset,
"select g.name"
" from graphs g,graphs_items gi,items i"
" where g.graphid=gi.graphid"
" and gi.itemid=i.itemid"
" and i.hostid=" ZBX_FS_UI64
" and",
hostid);
DBadd_str_condition_alloc(&sql, &sql_alloc, &sql_offset, "g.name",
(const char **)names.values, names.values_num);
if (0 != graphids.values_num)
{
zbx_vector_uint64_sort(&graphids, ZBX_DEFAULT_UINT64_COMPARE_FUNC);
zbx_strcpy_alloc(&sql, &sql_alloc, &sql_offset, " and not");
DBadd_condition_alloc(&sql, &sql_alloc, &sql_offset, "g.graphid",
graphids.values, graphids.values_num);
}
result = DBselect("%s", sql);
while (NULL != (row = DBfetch(result)))
{
for (i = 0; i < graphs->values_num; i++)
{
graph = (zbx_lld_graph_t *)graphs->values[i];
if (0 == (graph->flags & ZBX_FLAG_LLD_GRAPH_DISCOVERED))
continue;
if (0 == strcmp(graph->name, row[0]))
{
*error = zbx_strdcatf(*error, "Cannot %s graph:"
" graph with the same name \"%s\" already exists.\n",
(0 != graph->graphid ? "update" : "create"), graph->name);
if (0 != graph->graphid)
{
lld_field_str_rollback(&graph->name, &graph->name_orig, &graph->flags,
ZBX_FLAG_LLD_GRAPH_UPDATE_NAME);
}
else
graph->flags &= ~ZBX_FLAG_LLD_GRAPH_DISCOVERED;
continue;
}
}
}
DBfree_result(result);
zbx_free(sql);
}
zbx_vector_str_destroy(&names);
zbx_vector_uint64_destroy(&graphids);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s()", __function_name);
}
/* obtain a particular message from a desired eventlog */
static int zbx_get_eventlog_message6(const wchar_t *wsource, zbx_uint64_t *which, unsigned short *out_severity,
unsigned long *out_timestamp, char **out_provider, char **out_source, char **out_message,
unsigned long *out_eventid, EVT_HANDLE *render_context, EVT_HANDLE *query, zbx_uint64_t *keywords)
{
const char *__function_name = "zbx_get_eventlog_message6";
EVT_HANDLE event_bookmark = NULL;
EVT_VARIANT* renderedContent = NULL;
const wchar_t *pprovider = NULL;
char *tmp_str = NULL;
DWORD size = DEFAULT_EVENT_CONTENT_SIZE;
DWORD bookmarkedCount = 0;
DWORD require = 0;
const zbx_uint64_t sec_1970 = 116444736000000000;
const zbx_uint64_t success_audit = 0x20000000000000;
const zbx_uint64_t failure_audit = 0x10000000000000;
int ret = FAIL;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() EventRecordID:" ZBX_FS_UI64, __function_name, *which);
if (NULL == *query)
{
zabbix_log(LOG_LEVEL_DEBUG, "%s() no EvtQuery handle", __function_name);
goto out;
}
/* get the entries */
if (TRUE != EvtNext(*query, 1, &event_bookmark, INFINITE, 0, &require))
{
/* The event reading query had less items than we calculated before. */
/* Either the eventlog was cleaned or our calculations were wrong. */
/* Either way we can safely abort the query by setting NULL value */
/* and returning success, which is interpreted as empty eventlog. */
if (ERROR_NO_MORE_ITEMS == GetLastError())
{
ret = SUCCEED;
}
else
{
zabbix_log(LOG_LEVEL_WARNING, "EvtNext failed: %s, EventRecordID:" ZBX_FS_UI64,
strerror_from_system(GetLastError()), *which);
}
goto out;
}
/* obtain the information from the selected events */
renderedContent = (EVT_VARIANT *)zbx_malloc((void *)renderedContent, size);
if (TRUE != EvtRender(*render_context, event_bookmark, EvtRenderEventValues, size, renderedContent,
&require, &bookmarkedCount))
{
/* information exceeds the space allocated */
if (ERROR_INSUFFICIENT_BUFFER != GetLastError())
{
zabbix_log(LOG_LEVEL_WARNING, "EvtRender failed: %s", strerror_from_system(GetLastError()));
goto out;
}
renderedContent = (EVT_VARIANT *)zbx_realloc((void *)renderedContent, require);
size = require;
if (TRUE != EvtRender(*render_context, event_bookmark, EvtRenderEventValues, size, renderedContent,
&require, &bookmarkedCount))
{
zabbix_log(LOG_LEVEL_WARNING, "EvtRender failed: %s", strerror_from_system(GetLastError()));
goto out;
}
}
pprovider = VAR_PROVIDER_NAME(renderedContent);
*out_provider = zbx_unicode_to_utf8(pprovider);
if (NULL != VAR_SOURCE_NAME(renderedContent))
{
*out_source = zbx_unicode_to_utf8(VAR_SOURCE_NAME(renderedContent));
}
*keywords = VAR_KEYWORDS(renderedContent) & (success_audit | failure_audit);
*out_severity = VAR_LEVEL(renderedContent);
*out_timestamp = (unsigned long)((VAR_TIME_CREATED(renderedContent) - sec_1970) / 10000000);
*out_eventid = VAR_EVENT_ID(renderedContent);
*out_message = expand_message6(pprovider, event_bookmark);
tmp_str = zbx_unicode_to_utf8(wsource);
if (VAR_RECORD_NUMBER(renderedContent) != *which)
{
zabbix_log(LOG_LEVEL_DEBUG, "%s() Overwriting expected EventRecordID:" ZBX_FS_UI64 " with the real"
" EventRecordID:" ZBX_FS_UI64 " in eventlog '%s'", __function_name, *which,
VAR_RECORD_NUMBER(renderedContent), tmp_str);
*which = VAR_RECORD_NUMBER(renderedContent);
}
/* some events don't have enough information for making event message */
if (NULL == *out_message)
{
*out_message = zbx_strdcatf(*out_message, "The description for Event ID:%lu in Source:'%s'"
" cannot be found. Either the component that raises this event is not installed"
" on your local computer or the installation is corrupted. You can install or repair"
" the component on the local computer. If the event originated on another computer,"
" the display information had to be saved with the event.", *out_eventid,
NULL == *out_provider ? "" : *out_provider);
if (EvtVarTypeString == (VAR_EVENT_DATA_TYPE(renderedContent) & EVT_VARIANT_TYPE_MASK))
{
unsigned int i;
char *data = NULL;
if (0 != (VAR_EVENT_DATA_TYPE(renderedContent) & EVT_VARIANT_TYPE_ARRAY) &&
0 < VAR_EVENT_DATA_COUNT(renderedContent))
{
*out_message = zbx_strdcatf(*out_message, " The following information was included"
" with the event: ");
for (i = 0; i < VAR_EVENT_DATA_COUNT(renderedContent); i++)
{
if (NULL != VAR_EVENT_DATA_STRING_ARRAY(renderedContent, i))
{
if (0 < i)
*out_message = zbx_strdcat(*out_message, "; ");
data = zbx_unicode_to_utf8(VAR_EVENT_DATA_STRING_ARRAY(renderedContent, i));
*out_message = zbx_strdcatf(*out_message, "%s", data);
zbx_free(data);
}
}
}
else if (NULL != VAR_EVENT_DATA_STRING(renderedContent))
{
data = zbx_unicode_to_utf8(VAR_EVENT_DATA_STRING(renderedContent));
*out_message = zbx_strdcatf(*out_message, "The following information was included"
" with the event: %s", data);
zbx_free(data);
}
}
}
ret = SUCCEED;
out:
if (NULL != event_bookmark)
EvtClose(event_bookmark);
zbx_free(tmp_str);
zbx_free(renderedContent);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
/* get Nth error from event log. 1 is the first. */
static int zbx_get_eventlog_message(const wchar_t *wsource, HANDLE eventlog_handle, DWORD which, char **out_source,
char **out_message, unsigned short *out_severity, unsigned long *out_timestamp,
unsigned long *out_eventid)
{
const char *__function_name = "zbx_get_eventlog_message";
int buffer_size = 512;
EVENTLOGRECORD *pELR = NULL;
DWORD dwRead, dwNeeded, dwErr;
wchar_t *pEventMessageFile = NULL, *pParamMessageFile = NULL, *pFile = NULL, *pNextFile = NULL, *pCh,
*aInsertStrings[MAX_INSERT_STRS];
HINSTANCE hLib = NULL, hParamLib = NULL;
long i, err = 0;
int ret = FAIL;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() lastlogsize:%lu", __function_name, which);
*out_source = NULL;
*out_message = NULL;
*out_severity = 0;
*out_timestamp = 0;
*out_eventid = 0;
memset(aInsertStrings, 0, sizeof(aInsertStrings));
pELR = (EVENTLOGRECORD *)zbx_malloc((void *)pELR, buffer_size);
while (0 == ReadEventLog(eventlog_handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, which,
pELR, buffer_size, &dwRead, &dwNeeded))
{
if (ERROR_INSUFFICIENT_BUFFER != (dwErr = GetLastError()))
{
zabbix_log(LOG_LEVEL_DEBUG, "%s(): %s", __function_name, strerror_from_system(dwErr));
goto out;
}
buffer_size = dwNeeded;
pELR = (EVENTLOGRECORD *)zbx_realloc((void *)pELR, buffer_size);
}
*out_severity = pELR->EventType; /* return event type */
*out_timestamp = pELR->TimeGenerated; /* return timestamp */
*out_eventid = pELR->EventID & 0xffff;
*out_source = zbx_unicode_to_utf8((wchar_t *)(pELR + 1)); /* copy source name */
/* get message file names */
zbx_get_message_files(wsource, (wchar_t *)(pELR + 1), &pEventMessageFile, &pParamMessageFile);
/* prepare insert string array */
if (0 < pELR->NumStrings)
{
pCh = (wchar_t *)((unsigned char *)pELR + pELR->StringOffset);
for (i = 0; i < pELR->NumStrings && i < MAX_INSERT_STRS; i++)
{
aInsertStrings[i] = pCh;
pCh += wcslen(pCh) + 1;
}
}
err = FAIL;
for (pFile = pEventMessageFile; NULL != pFile && err != SUCCEED; pFile = pNextFile)
{
if (NULL != (pNextFile = wcschr(pFile, TEXT(';'))))
{
*pNextFile = '\0';
pNextFile++;
}
if (NULL != (hLib = zbx_load_message_file(pFile)))
{
if (NULL != (*out_message = zbx_format_message(hLib, pELR->EventID, aInsertStrings)))
{
err = SUCCEED;
if (NULL != (hParamLib = zbx_load_message_file(pParamMessageFile)))
{
zbx_translate_message_params(out_message, hParamLib);
FreeLibrary(hParamLib);
}
}
FreeLibrary(hLib);
}
}
zbx_free(pEventMessageFile);
zbx_free(pParamMessageFile);
if (SUCCEED != err)
{
*out_message = zbx_strdcatf(*out_message, "The description for Event ID:%lu in Source:'%s'"
" cannot be found. The local computer may not have the necessary registry"
" information or message DLL files to display messages from a remote computer.",
*out_eventid, NULL == *out_source ? "" : *out_source);
if (0 < pELR->NumStrings)
{
char *buf;
*out_message = zbx_strdcat(*out_message, " The following information is part of the event: ");
for (i = 0, pCh = (wchar_t *)((unsigned char *)pELR + pELR->StringOffset);
i < pELR->NumStrings;
i++, pCh += wcslen(pCh) + 1)
{
if (0 < i)
*out_message = zbx_strdcat(*out_message, "; ");
buf = zbx_unicode_to_utf8(pCh);
*out_message = zbx_strdcat(*out_message, buf);
zbx_free(buf);
}
}
}
ret = SUCCEED;
out:
zbx_free(pELR);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
/******************************************************************************
* *
* Function: lld_triggers_validate *
* *
* Parameters: triggers - [IN] sorted list of triggers *
* *
******************************************************************************/
static void lld_triggers_validate(zbx_uint64_t hostid, zbx_vector_ptr_t *triggers, char **error)
{
const char *__function_name = "lld_triggers_validate";
int i, j, k;
zbx_lld_trigger_t *trigger;
zbx_lld_function_t *function;
zbx_vector_uint64_t triggerids;
zbx_vector_str_t descriptions;
zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name);
zbx_vector_uint64_create(&triggerids);
zbx_vector_str_create(&descriptions);
/* checking a validity of the fields */
for (i = 0; i < triggers->values_num; i++)
{
trigger = (zbx_lld_trigger_t *)triggers->values[i];
lld_validate_trigger_field(trigger, &trigger->description, &trigger->description_orig,
ZBX_FLAG_LLD_TRIGGER_UPDATE_DESCRIPTION, TRIGGER_DESCRIPTION_LEN, error);
lld_validate_trigger_field(trigger, &trigger->comments, &trigger->comments_orig,
ZBX_FLAG_LLD_TRIGGER_UPDATE_COMMENTS, TRIGGER_COMMENTS_LEN, error);
}
/* checking duplicated triggers in DB */
for (i = 0; i < triggers->values_num; i++)
{
trigger = (zbx_lld_trigger_t *)triggers->values[i];
if (0 == (trigger->flags & ZBX_FLAG_LLD_TRIGGER_DISCOVERED))
continue;
if (0 != trigger->triggerid)
{
zbx_vector_uint64_append(&triggerids, trigger->triggerid);
if (SUCCEED != lld_trigger_changed(trigger))
continue;
}
zbx_vector_str_append(&descriptions, trigger->description);
}
if (0 != descriptions.values_num)
{
char *sql = NULL;
size_t sql_alloc = 256, sql_offset = 0;
DB_RESULT result;
DB_ROW row;
zbx_vector_ptr_t db_triggers;
zbx_lld_trigger_t *db_trigger;
zbx_vector_ptr_create(&db_triggers);
zbx_vector_str_sort(&descriptions, ZBX_DEFAULT_STR_COMPARE_FUNC);
zbx_vector_str_uniq(&descriptions, ZBX_DEFAULT_STR_COMPARE_FUNC);
sql = zbx_malloc(sql, sql_alloc);
zbx_snprintf_alloc(&sql, &sql_alloc, &sql_offset,
"select distinct t.triggerid,t.description,t.expression"
" from triggers t,functions f,items i"
" where t.triggerid=f.triggerid"
" and f.itemid=i.itemid"
" and i.hostid=" ZBX_FS_UI64
" and",
hostid);
DBadd_str_condition_alloc(&sql, &sql_alloc, &sql_offset, "t.description",
(const char **)descriptions.values, descriptions.values_num);
if (0 != triggerids.values_num)
{
zbx_vector_uint64_sort(&triggerids, ZBX_DEFAULT_UINT64_COMPARE_FUNC);
zbx_strcpy_alloc(&sql, &sql_alloc, &sql_offset, " and not");
DBadd_condition_alloc(&sql, &sql_alloc, &sql_offset, "t.triggerid",
triggerids.values, triggerids.values_num);
}
result = DBselect("%s", sql);
while (NULL != (row = DBfetch(result)))
{
db_trigger = zbx_malloc(NULL, sizeof(zbx_lld_trigger_t));
ZBX_STR2UINT64(db_trigger->triggerid, row[0]);
db_trigger->description = zbx_strdup(NULL, row[1]);
db_trigger->description_orig = NULL;
db_trigger->expression = zbx_strdup(NULL, row[2]);
db_trigger->expression_orig = NULL;
db_trigger->comments = NULL;
db_trigger->comments_orig = NULL;
db_trigger->flags = ZBX_FLAG_LLD_TRIGGER_UNSET;
zbx_vector_ptr_create(&db_trigger->functions);
zbx_vector_ptr_append(&db_triggers, db_trigger);
}
DBfree_result(result);
zbx_vector_ptr_sort(&db_triggers, ZBX_DEFAULT_UINT64_PTR_COMPARE_FUNC);
lld_functions_get(0, NULL, &db_triggers);
for (i = 0; i < db_triggers.values_num; i++)
{
db_trigger = (zbx_lld_trigger_t *)db_triggers.values[i];
lld_expression_simplify(&db_trigger->expression, &db_trigger->functions);
for (j = 0; j < triggers->values_num; j++)
{
trigger = (zbx_lld_trigger_t *)triggers->values[j];
if (0 == (trigger->flags & ZBX_FLAG_LLD_TRIGGER_DISCOVERED))
continue;
if (SUCCEED != lld_triggers_equal(trigger, db_trigger))
continue;
*error = zbx_strdcatf(*error, "Cannot %s trigger: trigger \"%s\" already exists.\n",
(0 != trigger->triggerid ? "update" : "create"), trigger->description);
if (0 != trigger->triggerid)
{
lld_field_str_rollback(&trigger->description, &trigger->description_orig,
&trigger->flags, ZBX_FLAG_LLD_TRIGGER_UPDATE_DESCRIPTION);
lld_field_str_rollback(&trigger->expression, &trigger->expression_orig,
&trigger->flags, ZBX_FLAG_LLD_TRIGGER_UPDATE_EXPRESSION);
for (k = 0; k < trigger->functions.values_num; k++)
{
function = (zbx_lld_function_t *)trigger->functions.values[k];
if (0 != function->functionid)
{
lld_field_uint64_rollback(&function->itemid,
&function->itemid_orig,
&function->flags,
ZBX_FLAG_LLD_FUNCTION_UPDATE_ITEMID);
lld_field_str_rollback(&function->function,
&function->function_orig,
&function->flags,
ZBX_FLAG_LLD_FUNCTION_UPDATE_FUNCTION);
lld_field_str_rollback(&function->parameter,
&function->parameter_orig,
&function->flags,
ZBX_FLAG_LLD_FUNCTION_UPDATE_PARAMETER);
function->flags &= ~ZBX_FLAG_LLD_FUNCTION_DELETE;
}
else
function->flags &= ~ZBX_FLAG_LLD_FUNCTION_DISCOVERED;
}
}
else
trigger->flags &= ~ZBX_FLAG_LLD_TRIGGER_DISCOVERED;
break; /* only one same trigger can be here */
}
}
zbx_vector_ptr_clean(&db_triggers, (zbx_mem_free_func_t)lld_trigger_free);
zbx_vector_ptr_destroy(&db_triggers);
zbx_free(sql);
}
zbx_vector_str_destroy(&descriptions);
zbx_vector_uint64_destroy(&triggerids);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s()", __function_name);
}
/******************************************************************************
* *
* Function: lld_trigger_make *
* *
* Purpose: create a trigger based on lld rule and add it to the list *
* *
******************************************************************************/
static void lld_trigger_make(zbx_vector_ptr_t *functions_proto, zbx_vector_ptr_t *triggers, zbx_vector_ptr_t *items,
const char *description_proto, const char *expression_proto, const char *comments_proto,
zbx_lld_row_t *lld_row, char **error)
{
const char *__function_name = "lld_trigger_make";
zbx_lld_trigger_t *trigger = NULL;
char *buffer = NULL, *expression = NULL, err[64];
struct zbx_json_parse *jp_row = &lld_row->jp_row;
zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name);
trigger = lld_trigger_get(triggers, &lld_row->item_links);
expression = zbx_strdup(expression, expression_proto);
if (SUCCEED != substitute_discovery_macros(&expression, jp_row, ZBX_MACRO_NUMERIC, err, sizeof(err)))
{
*error = zbx_strdcatf(*error, "Cannot %s trigger: %s.\n",
(NULL != trigger ? "update" : "create"), err);
goto out;
}
if (NULL != trigger)
{
buffer = zbx_strdup(buffer, description_proto);
substitute_discovery_macros(&buffer, jp_row, ZBX_MACRO_ANY, NULL, 0);
zbx_lrtrim(buffer, ZBX_WHITESPACE);
if (0 != strcmp(trigger->description, buffer))
{
trigger->description_orig = trigger->description;
trigger->description = buffer;
buffer = NULL;
trigger->flags |= ZBX_FLAG_LLD_TRIGGER_UPDATE_DESCRIPTION;
}
if (0 != strcmp(trigger->expression, expression))
{
trigger->expression_orig = trigger->expression;
trigger->expression = expression;
expression = NULL;
trigger->flags |= ZBX_FLAG_LLD_TRIGGER_UPDATE_EXPRESSION;
}
buffer = zbx_strdup(buffer, comments_proto);
substitute_discovery_macros(&buffer, jp_row, ZBX_MACRO_ANY, NULL, 0);
zbx_lrtrim(buffer, ZBX_WHITESPACE);
if (0 != strcmp(trigger->comments, buffer))
{
trigger->comments_orig = trigger->comments;
trigger->comments = buffer;
buffer = NULL;
trigger->flags |= ZBX_FLAG_LLD_TRIGGER_UPDATE_COMMENTS;
}
}
else
{
trigger = zbx_malloc(NULL, sizeof(zbx_lld_trigger_t));
trigger->triggerid = 0;
trigger->description = zbx_strdup(NULL, description_proto);
trigger->description_orig = NULL;
substitute_discovery_macros(&trigger->description, jp_row, ZBX_MACRO_ANY, NULL, 0);
zbx_lrtrim(trigger->description, ZBX_WHITESPACE);
trigger->expression = expression;
trigger->expression_orig = NULL;
expression = NULL;
trigger->comments = zbx_strdup(NULL, comments_proto);
trigger->comments_orig = NULL;
substitute_discovery_macros(&trigger->comments, jp_row, ZBX_MACRO_ANY, NULL, 0);
zbx_lrtrim(trigger->comments, ZBX_WHITESPACE);
zbx_vector_ptr_create(&trigger->functions);
trigger->flags = ZBX_FLAG_LLD_TRIGGER_UNSET;
zbx_vector_ptr_append(triggers, trigger);
}
zbx_free(buffer);
if (SUCCEED != lld_functions_make(functions_proto, &trigger->functions, items, &lld_row->item_links))
goto out;
trigger->flags |= ZBX_FLAG_LLD_TRIGGER_DISCOVERED;
out:
zbx_free(expression);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s()", __function_name);
}
/* get Nth error from event log. 1 is the first. */
static int zbx_get_eventlog_message(LPCTSTR wsource, HANDLE eventlog_handle, long which, char **out_source, char **out_message,
unsigned short *out_severity, unsigned long *out_timestamp, unsigned long *out_eventid)
{
const char *__function_name = "zbx_get_eventlog_message";
int buffer_size = 512;
EVENTLOGRECORD *pELR = NULL;
DWORD dwRead, dwNeeded, dwErr;
TCHAR stat_buf[MAX_PATH], MsgDll[MAX_PATH];
HKEY hk = NULL;
LPTSTR pFile = NULL, pNextFile = NULL;
DWORD szData, Type;
HINSTANCE hLib = NULL; /* handle to the messagetable DLL */
LPTSTR pCh, aInsertStrs[MAX_INSERT_STRS]; /* array of pointers to insert */
LPTSTR msgBuf = NULL; /* hold text of the error message */
char *buf = NULL;
long i, err = 0;
int ret = FAIL;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() which:%ld", __function_name, which);
*out_source = NULL;
*out_message = NULL;
*out_severity = 0;
*out_timestamp = 0;
*out_eventid = 0;
memset(aInsertStrs, 0, sizeof(aInsertStrs));
pELR = (EVENTLOGRECORD *)zbx_malloc((void *)pELR, buffer_size);
retry:
if (0 == ReadEventLog(eventlog_handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, which,
pELR, buffer_size, &dwRead, &dwNeeded))
{
dwErr = GetLastError();
if (dwErr == ERROR_INSUFFICIENT_BUFFER)
{
buffer_size = dwNeeded;
pELR = (EVENTLOGRECORD *)zbx_realloc((void *)pELR, buffer_size);
goto retry;
}
else
{
zabbix_log(LOG_LEVEL_DEBUG, "%s(): %s", __function_name, strerror_from_system(dwErr));
goto out;
}
}
*out_severity = pELR->EventType; /* return event type */
*out_timestamp = pELR->TimeGenerated; /* return timestamp */
*out_eventid = pELR->EventID & 0xffff;
*out_source = zbx_unicode_to_utf8((LPTSTR)(pELR + 1)); /* copy source name */
err = FAIL;
/* prepare the array of insert strings for FormatMessage - the
insert strings are in the log entry. */
for (i = 0, pCh = (LPTSTR)((LPBYTE)pELR + pELR->StringOffset);
i < pELR->NumStrings && i < MAX_INSERT_STRS;
i++, pCh += zbx_strlen(pCh) + 1) /* point to next string */
{
aInsertStrs[i] = pCh;
}
/* Get path to message dll */
zbx_wsnprintf(stat_buf, MAX_PATH, EVENTLOG_REG_PATH TEXT("%s\\%s"), wsource, (LPTSTR)(pELR + 1));
if (ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, stat_buf, 0, KEY_READ, &hk))
{
if (ERROR_SUCCESS == RegQueryValueEx(hk, TEXT("EventMessageFile"), NULL, &Type, NULL, &szData))
{
buf = zbx_malloc(buf, szData);
if (ERROR_SUCCESS == RegQueryValueEx(hk, TEXT("EventMessageFile"), NULL, &Type, (LPBYTE)buf, &szData))
pFile = (LPTSTR)buf;
}
RegCloseKey(hk);
}
err = FAIL;
while (NULL != pFile && FAIL == err)
{
if (NULL != (pNextFile = zbx_strchr(pFile, ';')))
{
*pNextFile = '\0';
pNextFile++;
}
if (ExpandEnvironmentStrings(pFile, MsgDll, MAX_PATH))
{
if (NULL != (hLib = LoadLibraryEx(MsgDll, NULL, LOAD_LIBRARY_AS_DATAFILE)))
{
/* Format the message from the message DLL with the insert strings */
if (0 != FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_ARGUMENT_ARRAY | FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_MAX_WIDTH_MASK, /* do not generate new line breaks */
hLib, /* the messagetable DLL handle */
pELR->EventID, /* message ID */
MAKELANGID(LANG_NEUTRAL, SUBLANG_ENGLISH_US), /* language ID */
(LPTSTR)&msgBuf, /* address of pointer to buffer for message */
0,
(va_list *)aInsertStrs)) /* array of insert strings for the message */
{
*out_message = zbx_unicode_to_utf8(msgBuf);
zbx_rtrim(*out_message, "\r\n ");
/* Free the buffer that FormatMessage allocated for us. */
LocalFree((HLOCAL)msgBuf);
err = SUCCEED;
}
FreeLibrary(hLib);
}
}
pFile = pNextFile;
}
zbx_free(buf);
if (SUCCEED != err)
{
*out_message = zbx_strdcatf(*out_message, "The description for Event ID (%lu) in Source (%s) cannot be found."
" The local computer may not have the necessary registry information or message DLL files to"
" display messages from a remote computer.", *out_eventid, NULL == *out_source ? "" : *out_source);
if (pELR->NumStrings)
*out_message = zbx_strdcatf(*out_message, " The following information is part of the event: ");
for (i = 0; i < pELR->NumStrings && i < MAX_INSERT_STRS; i++)
{
if (i > 0)
*out_message = zbx_strdcatf(*out_message, "; ");
if (aInsertStrs[i])
{
buf = zbx_unicode_to_utf8(aInsertStrs[i]);
*out_message = zbx_strdcatf(*out_message, "%s", buf);
zbx_free(buf);
}
}
}
ret = SUCCEED;
out:
zbx_free(pELR);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
/* obtain a particular message from a desired eventlog */
static int zbx_get_eventlog_message6(const wchar_t *wsource, zbx_uint64_t *which, unsigned short *out_severity,
unsigned long *out_timestamp, char **out_provider, char **out_source, char **out_message,
unsigned long *out_eventid, EVT_HANDLE *render_context, EVT_HANDLE *query, zbx_uint64_t *keywords)
{
const char *__function_name = "zbx_get_eventlog_message6";
EVT_HANDLE event_bookmark = NULL;
EVT_VARIANT* renderedContent = NULL;
const wchar_t *pprovider = NULL;
char *tmp_str = NULL;
DWORD size = DEFAULT_EVENT_CONTENT_SIZE;
DWORD bookmarkedCount = 0;
DWORD require = 0;
const zbx_uint64_t sec_1970 = 116444736000000000;
const zbx_uint64_t success_audit = 0x20000000000000;
const zbx_uint64_t failure_audit = 0x10000000000000;
int ret = FAIL;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() lastlogsize:" ZBX_FS_UI64, __function_name, *which);
if (NULL == *query)
{
zabbix_log(LOG_LEVEL_DEBUG, "no EvtQuery handle");
goto finish;
}
/* get the entries and allocate required space */
renderedContent = zbx_malloc(renderedContent, size);
if (TRUE != EvtNext(*query, 1, &event_bookmark, INFINITE, 0, &require))
{
zabbix_log(LOG_LEVEL_WARNING, "EvtNext failed: %s, lastlogsize:" ZBX_FS_UI64,
strerror_from_system(GetLastError()), *which);
goto finish;
}
/* obtain the information from the selected events */
if (TRUE != EvtRender(*render_context, event_bookmark, EvtRenderEventValues, size, renderedContent,
&require, &bookmarkedCount) )
{
/* information exceeds the space allocated */
if (ERROR_INSUFFICIENT_BUFFER != GetLastError())
{
zabbix_log(LOG_LEVEL_WARNING, "EvtRender failed: %s", strerror_from_system(GetLastError()));
goto finish;
}
renderedContent = (EVT_VARIANT*)zbx_realloc((void *)renderedContent, require);
size = require;
if (TRUE != EvtRender(*render_context, event_bookmark, EvtRenderEventValues, size, renderedContent,
&require, &bookmarkedCount))
{
zabbix_log(LOG_LEVEL_WARNING, "EvtRender failed: %s", strerror_from_system(GetLastError()));
goto finish;
}
}
pprovider = VAR_PROVIDER_NAME(renderedContent);
*out_provider = zbx_unicode_to_utf8(pprovider);
if (NULL != VAR_SOURCE_NAME(renderedContent))
{
*out_source = zbx_unicode_to_utf8(VAR_SOURCE_NAME(renderedContent));
}
*keywords = VAR_KEYWORDS(renderedContent) & (success_audit | failure_audit);
*out_severity = VAR_LEVEL(renderedContent);
*out_timestamp = (unsigned long)((VAR_TIME_CREATED(renderedContent) - sec_1970) / 10000000);
*out_eventid = VAR_EVENT_ID(renderedContent);
*out_message = expand_message6(pprovider, event_bookmark);
tmp_str = zbx_unicode_to_utf8(wsource);
if (VAR_RECORD_NUMBER(renderedContent) != *which)
{
zabbix_log(LOG_LEVEL_DEBUG, "Overwriting expected EventRecordID:" ZBX_FS_UI64 " with the real"
" EventRecordID:" ZBX_FS_UI64 " in eventlog '%s'", *which,
VAR_RECORD_NUMBER(renderedContent), tmp_str);
*which = VAR_RECORD_NUMBER(renderedContent);
}
/* some events dont have enough information for making event message */
if (NULL == *out_message)
{
*out_message = zbx_strdcatf(*out_message, "The description for Event ID:%lu in Source:'%s'"
" cannot be found. Either the component that raises this event is not installed"
" on your local computer or the installation is corrupted. You can install or repair"
" the component on the local computer. If the event originated on another computer,"
" the display information had to be saved with the event.", *out_eventid,
NULL == *out_provider ? "" : *out_provider);
}
ret = SUCCEED;
finish:
if (NULL != event_bookmark)
EvtClose(event_bookmark);
zbx_free(tmp_str);
zbx_free(renderedContent);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
char* comms_append_multi_request (char* request, const char* data, unsigned long timestamp)
{
return zbx_strdcatf (request, "<value>%s<timestamp>%lu</timestamp></value>",
comms_get_xml_b64_value ("data", data), timestamp);
}
