Zabbix

/*

** Zabbix

** Copyright (C) 2001-2023 Zabbix SIA

**

** This program is free software; you can redistribute it and/or modify

** it under the terms of the GNU General Public License as published by

** the Free Software Foundation; either version 2 of the License, or

** (at your option) any later version.

**

** This program is distributed in the hope that it will be useful,

** but WITHOUT ANY WARRANTY; without even the implied warranty of

** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

** GNU General Public License for more details.

**

** You should have received a copy of the GNU General Public License

** along with this program; if not, write to the Free Software

** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

**/

​

#include "eventlog.h"

​

#include "log.h"

#include "zbxsysinfo.h"

#include "zbxregexp.h"

#include "winmeta.h"

#include <strsafe.h>

#include <delayimp.h>

#include <sddl.h>

#include "zbxstr.h"

#include "zbx_item_constants.h"

​

#define MAX_NAME            256

​

static const wchar_t    *RENDER_ITEMS[] = {

    L"/Event/System/Provider/@Name",

    L"/Event/System/Provider/@EventSourceName",

    L"/Event/System/EventRecordID",

    L"/Event/System/EventID",

    L"/Event/System/Level",

    L"/Event/System/Keywords",

    L"/Event/System/TimeCreated/@SystemTime",

    L"/Event/EventData/Data"

};

​

#define RENDER_ITEMS_COUNT (sizeof(RENDER_ITEMS) / sizeof(const wchar_t *))

​

#define VAR_PROVIDER_NAME(p)            (p[0].StringVal)

#define VAR_SOURCE_NAME(p)          (p[1].StringVal)

#define VAR_RECORD_NUMBER(p)            (p[2].UInt64Val)

#define VAR_EVENT_ID(p)             (p[3].UInt16Val)

#define VAR_LEVEL(p)                (p[4].ByteVal)

#define VAR_KEYWORDS(p)             (p[5].UInt64Val)

#define VAR_TIME_CREATED(p)         (p[6].FileTimeVal)

#define VAR_EVENT_DATA_STRING(p)        (p[7].StringVal)

#define VAR_EVENT_DATA_STRING_ARRAY(p, i)   (p[7].StringArr[i])

#define VAR_EVENT_DATA_TYPE(p)          (p[7].Type)

#define VAR_EVENT_DATA_COUNT(p)         (p[7].Count)

​

#define EVENTLOG_REG_PATH TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\")

​

#ifndef INFORMATION_TYPE

#   define INFORMATION_TYPE "Information"

#endif

#ifndef WARNING_TYPE

#   define WARNING_TYPE "Warning"

#endif

#ifndef ERROR_TYPE

#   define ERROR_TYPE   "Error"

#endif

#ifndef AUDIT_FAILURE

#   define AUDIT_FAILURE    "Failure Audit"

#endif

#ifndef AUDIT_SUCCESS

#   define AUDIT_SUCCESS    "Success Audit"

#endif

#ifndef CRITICAL_TYPE

#   define CRITICAL_TYPE    "Critical"

#endif

#ifndef VERBOSE_TYPE

#   define VERBOSE_TYPE "Verbose"

#endif

​

extern int  CONFIG_EVENTLOG_MAX_LINES_PER_SECOND;

​

LONG WINAPI DelayLoadDllExceptionFilter(PEXCEPTION_POINTERS excpointers)

{

    LONG        disposition = EXCEPTION_EXECUTE_HANDLER;

    PDelayLoadInfo  delayloadinfo = (PDelayLoadInfo)(excpointers->ExceptionRecord->ExceptionInformation[0]);

​

    switch (excpointers->ExceptionRecord->ExceptionCode)

    {