├── CHANGELOG ├── Datagram SyslogAgent manual.pdf ├── LICENSE ├── README.md ├── SyslogAgent ├── AppParse.cpp ├── AppParse.h ├── IcmpAPI.h ├── LICENSE.txt ├── NTSyslog.ico ├── RegistrySettings.cpp ├── RegistrySettings.h ├── appWatch.cpp ├── appWatch.h ├── engine.cpp ├── engine.h ├── error.h ├── errorHandling.cpp ├── errorHandling.h ├── event.cpp ├── event.h ├── eventlog.cpp ├── eventlog.h ├── icmp.Lib ├── leakwatcher.h ├── list.cpp ├── list.h ├── ntsl.cpp ├── ntsl.h ├── ntsyslog.rc ├── output.cpp ├── output.h ├── resource.h ├── safestr.cpp ├── safestr.h ├── service.cpp ├── service.h └── zlibstat.lib ├── SyslogAgentConfig ├── ConfAppl.cpp ├── ConfAppl.h ├── ConfigLogging.cpp ├── ConfigLogging.h ├── LICENSE.txt ├── NTService.cpp ├── NTService.h ├── NTService_msg.h ├── NTSyslogCtrl.aps ├── NTSyslogCtrl.cpp ├── NTSyslogCtrl.h ├── NTSyslogCtrl.rc ├── NTSyslogCtrlDlg.cpp ├── NTSyslogCtrlDlg.h ├── StdAfx.cpp ├── StdAfx.h ├── res │ ├── Error.ICO │ ├── GreenLight.ICO │ ├── NTSyslogCtrl.ico │ ├── NTSyslogCtrl.rc2 │ ├── RedLight.ICO │ ├── YellowLight.ICO │ ├── _svn │ │ ├── entries │ │ ├── prop-base │ │ │ ├── Error.ICO.svn-base │ │ │ ├── GreenLight.ICO.svn-base │ │ │ ├── NTSyslogCtrl.ico.svn-base │ │ │ ├── RedLight.ICO.svn-base │ │ │ ├── YellowLight.ICO.svn-base │ │ │ └── vssver.scc.svn-base │ │ └── text-base │ │ │ ├── Error.ICO.svn-base │ │ │ ├── GreenLight.ICO.svn-base │ │ │ ├── NTSyslogCtrl.ico.svn-base │ │ │ ├── NTSyslogCtrl.rc2.svn-base │ │ │ ├── RedLight.ICO.svn-base │ │ │ ├── YellowLight.ICO.svn-base │ │ │ └── vssver.scc.svn-base │ └── vssver.scc └── resource.h ├── Syslogserver ├── common_StdAfx.h ├── common_SyslogProject.h ├── common_registry.cpp ├── common_registry.h ├── common_registry_permissions.h └── common_registry_permissons.cpp └── images ├── syslogagent.jpg └── syslogagent_thumb.jpg /CHANGELOG: -------------------------------------------------------------------------------- 1 | SyslogAgent 2 | 3 | 3.6, April 2011 4 | 5 | Fixed parsing error when encountering multiple spaces in the process field, which caused duplicate text to be inserted into the message. 6 | Added more debug messages. 7 | Under-the-hood-change: using libraries with MS Visual Studio 2010 8 | Adjustments for x64 and newer Windows versions, such as Win 2008 9 | R2 amd Windows 7. 10 | Replaced help files with PDF dito. 11 | 12 | 3.5 10 april 2008 13 | 14 | SyslogAgent now handles EVENTLOG_SUCCESS events. 15 | SyslogAgent now also uses ProviderGUID info to locale all dll files with message info, which means less frequent failed parsing of events. 16 | Application logging now triggers on file written time, rather than file creation time (since that is not always properly updated). 17 | Fixed bug with filtering events with eventId zero. 18 | In case of crash, a miniDump file is now created - great for debugging. 19 | Fixed bug with overly long syslog messages. 20 | Bug fixes. 21 | 22 | 3.4 11 January 2008 23 | 24 | Improved application unicode log file support. 25 | Improved detection of service permission issues - especially useful in Vista. 26 | Added tab character handling via the registry. 27 | Bug fixed where syslog messages completely void of spaces were badly handled. 28 | Bug fixes. 29 | 30 | 3.3.5 11 January 2007 31 | 32 | Fixed serious parsing bug, introduced in 3.3.4, related to parsing of error codes in event log messages. The bug caused the service to terminate, and would more often occur on servers with active auditing, such as domain controllers (Thanks Fran�ois M). 33 | Fixed bug with 'suggest setting' button in application loggning, which inspected a log file with wrong arguments, which could cause the read to fail. 34 | Added debug arguments to simplify basic debug information to be generated. 35 | 36 | 3.3.4 30 October 2006 37 | 38 | Fixed parsing bug, where unexpected event log contents codes (%00) were experienced. Would cause eternal loop with cpu usage. 39 | Introduced dynamic sized buffers, after realising hangups would occur for event log entries larger than some 50k(!) 40 | Changed development environment, menaing new libraries introduced and safer(?) function calls 41 | Bug fix in recovery after network issues 42 | Somewhat better application log file sharing code 43 | Backup syslogserver configuration change - more intuitive with UDP with ping settings 44 | 45 | 3.2, 16 May 2006 46 | 47 | Fixed event id parsing bug, which caused way too many 'No description available' messages. Bug introduced in 3.1.1 (!) 48 | Changed CR/LF handling and configuration. See manual for details. 49 | Event ID filter list now accepts ID zero. 50 | Fixed bug where first SID lookup was not used. 51 | Rotating application log user interface fixed. 52 | Setting of registry permissions code replaced. 53 | Other minor changes. 54 | 55 | 3.1.1, 14 October 2005 56 | 57 | Fixed parsing bug, in which padding certain entries with static text, so that the message does not just contain values, failed due to library lookup failure. The error was dynamic and would primarly occur when having many sources of messages. 58 | Added registry setting which character is to replace carrige return in input entries. 59 | 60 | 3.1, 4 July 2005 61 | 62 | Added EventID filtering added to GUI. 63 | Fixed filter bug for certain eventIDs on Win2000 and Win2003 64 | Improved Windows error code parsing. 65 | Fixed bug related to service crash during server shutdown. 66 | Changes in setting registry permission on own key. 67 | Other minor changes. 68 | 69 | 3.0, 23 February 2005 70 | 71 | Added application logging 72 | Engine overhaul - several orders of magnitude faster! 73 | Event ID filtering 74 | 75 | 2.01, 6 June 2004 76 | 77 | Added port configuration 78 | 79 | 2.0, 3 March 2004 80 | 81 | Improved support for EventLogs types other than standard(System, Application, Security..) 82 | Added ping-before-send configuration 83 | Added explicit parsing of Windows error messages into text 84 | 85 | 1.3.1, 6 October 2003 86 | 87 | Expect few or none further updates 88 | -------------------------------------------------------------------------------- /Datagram SyslogAgent manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/Datagram SyslogAgent manual.pdf -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | , 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SyslogAgent 2 | 3 | SyslogAgent is a Windows add-on, allowing Windows EventLog events as well as other Windows applications logs to be sent to a syslog server. SyslogAgent is installed as a transparant service on Windows. 4 | 5 | The SyslogAgent is a derivate of NTSyslog by SaberNet.net, and is shipped under the GNU license. Therefore, the software is freely downloadable and free to use. 6 | The application logging functionality of SyslogAgent handles any logs that are text-based and uses one line per log entry. A wizard functionality suggests which configuration to use, or the user can manually configure the mapping from log file to syslog format. Most common logging formats on Windows (IIS, FTP etc) are automatically supported. 7 | 8 | ![Image](./images/syslogagent.jpg "Image") 9 | 10 | SyslogAgent has been significantly optimized compared to NTSyslog. Changes in the engine has resultet in several orders of magnitude faster parsing, which was needed for large volume installations. Communication with domain servers has also be minimized. Filtering based on EventIDs has also been introduced. 11 | 12 | SyslogAgent has a security feature agains loss of data because of network availability. SyslogAgent will not transmit any logs when a reliable network connection to the SyslogServer is unavailable. When it does become available, all the accumulated event logs are transmitted. This feature is designed primarily for laptops, but is also to an advantage in an enterprise environment in case of network connectivity problems, or SyslogServer downtime. 13 | -------------------------------------------------------------------------------- /SyslogAgent/AppParse.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/AppParse.cpp -------------------------------------------------------------------------------- /SyslogAgent/AppParse.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "..\Syslogserver\common_registry.h" 4 | 5 | extern "C" { 6 | void GetOwnIP(); 7 | } 8 | 9 | 10 | void parseFieldCodes(applSettings *,char *); 11 | int getLine(FILE *fp,bool unicode,char *buf,int maxNbr); 12 | int cleanInput(unsigned char *buf,unsigned char *buf2,int numbytes); 13 | CString getLatestLogFileName(CString logPath,CString fileExtension, CString SpecificFile); 14 | int parseMessage(unsigned char*,unsigned char*,applSettings*); 15 | bool testUnicode(char *filename); 16 | char ernogetc(FILE *fp,bool unicode); 17 | 18 | -------------------------------------------------------------------------------- /SyslogAgent/IcmpAPI.h: -------------------------------------------------------------------------------- 1 | //extern "C" by erno aug04 2 | extern "C" { 3 | 4 | /*++ 5 | 6 | Copyright (c) 1991-1998 Microsoft Corporation 7 | 8 | Module Name: 9 | 10 | icmpapi.h 11 | 12 | Abstract: 13 | 14 | Declarations for the Win32 ICMP Echo request API. 15 | 16 | Author: 17 | 18 | Portable Systems Group 30-December-1993 19 | 20 | Revision History: 21 | 22 | 23 | Notes: 24 | 25 | --*/ 26 | 27 | #ifndef _ICMP_INCLUDED_ 28 | #define _ICMP_INCLUDED_ 29 | 30 | 31 | // 32 | // Exported Routines. 33 | // 34 | 35 | //++ 36 | // 37 | // Routine Name: 38 | // 39 | // IcmpCreateFile 40 | // 41 | // Routine Description: 42 | // 43 | // Opens a handle on which ICMP Echo Requests can be issued. 44 | // 45 | // Arguments: 46 | // 47 | // None. 48 | // 49 | // Return Value: 50 | // 51 | // An open file handle or INVALID_HANDLE_VALUE. Extended error information 52 | // is available by calling GetLastError(). 53 | // 54 | //-- 55 | 56 | HANDLE 57 | WINAPI 58 | IcmpCreateFile( 59 | VOID 60 | ); 61 | 62 | 63 | //++ 64 | // 65 | // Routine Name: 66 | // 67 | // IcmpCloseHandle 68 | // 69 | // Routine Description: 70 | // 71 | // Closes a handle opened by ICMPOpenFile. 72 | // 73 | // Arguments: 74 | // 75 | // IcmpHandle - The handle to close. 76 | // 77 | // Return Value: 78 | // 79 | // TRUE if the handle was closed successfully, otherwise FALSE. Extended 80 | // error information is available by calling GetLastError(). 81 | // 82 | //-- 83 | 84 | BOOL 85 | WINAPI 86 | IcmpCloseHandle( 87 | HANDLE IcmpHandle 88 | ); 89 | 90 | 91 | 92 | //++ 93 | // 94 | // Routine Name: 95 | // 96 | // IcmpSendEcho 97 | // 98 | // Routine Description: 99 | // 100 | // Sends an ICMP Echo request and returns any replies. The 101 | // call returns when the timeout has expired or the reply buffer 102 | // is filled. 103 | // 104 | // Arguments: 105 | // 106 | // IcmpHandle - An open handle returned by ICMPCreateFile. 107 | // 108 | // DestinationAddress - The destination of the echo request. 109 | // 110 | // RequestData - A buffer containing the data to send in the 111 | // request. 112 | // 113 | // RequestSize - The number of bytes in the request data buffer. 114 | // 115 | // RequestOptions - Pointer to the IP header options for the request. 116 | // May be NULL. 117 | // 118 | // ReplyBuffer - A buffer to hold any replies to the request. 119 | // On return, the buffer will contain an array of 120 | // ICMP_ECHO_REPLY structures followed by the 121 | // options and data for the replies. The buffer 122 | // should be large enough to hold at least one 123 | // ICMP_ECHO_REPLY structure plus 124 | // MAX(RequestSize, 8) bytes of data since an ICMP 125 | // error message contains 8 bytes of data. 126 | // 127 | // ReplySize - The size in bytes of the reply buffer. 128 | // 129 | // Timeout - The time in milliseconds to wait for replies. 130 | // 131 | // Return Value: 132 | // 133 | // Returns the number of ICMP_ECHO_REPLY structures stored in ReplyBuffer. 134 | // The status of each reply is contained in the structure. If the return 135 | // value is zero, extended error information is available via 136 | // GetLastError(). 137 | // 138 | //-- 139 | 140 | DWORD 141 | WINAPI 142 | IcmpSendEcho( 143 | HANDLE IcmpHandle, 144 | IPAddr DestinationAddress, 145 | LPVOID RequestData, 146 | WORD RequestSize, 147 | PIP_OPTION_INFORMATION RequestOptions, 148 | LPVOID ReplyBuffer, 149 | DWORD ReplySize, 150 | DWORD Timeout 151 | ); 152 | 153 | 154 | //++ 155 | // 156 | // Routine Description: 157 | // 158 | // Sends an ICMP Echo request and the call returns either immediately 159 | // (if Event or ApcRoutine is NonNULL) or returns after the specified 160 | // timeout. The ReplyBuffer contains the ICMP responses, if any. 161 | // 162 | // Arguments: 163 | // 164 | // IcmpHandle - An open handle returned by ICMPCreateFile. 165 | // 166 | // Event - This is the event to be signalled whenever an IcmpResponse 167 | // comes in. 168 | // 169 | // ApcRoutine - This routine would be called when the calling thread 170 | // is in an alertable thread and an ICMP reply comes in. 171 | // 172 | // ApcContext - This optional parameter is given to the ApcRoutine when 173 | // this call succeeds. 174 | // 175 | // DestinationAddress - The destination of the echo request. 176 | // 177 | // RequestData - A buffer containing the data to send in the 178 | // request. 179 | // 180 | // RequestSize - The number of bytes in the request data buffer. 181 | // 182 | // RequestOptions - Pointer to the IP header options for the request. 183 | // May be NULL. 184 | // 185 | // ReplyBuffer - A buffer to hold any replies to the request. 186 | // On return, the buffer will contain an array of 187 | // ICMP_ECHO_REPLY structures followed by options 188 | // and data. The buffer must be large enough to 189 | // hold at least one ICMP_ECHO_REPLY structure. 190 | // It should be large enough to also hold 191 | // 8 more bytes of data - this is the size of 192 | // an ICMP error message. 193 | // 194 | // ReplySize - The size in bytes of the reply buffer. 195 | // 196 | // Timeout - The time in milliseconds to wait for replies. 197 | // This is NOT used if ApcRoutine is not NULL or if Event 198 | // is not NULL. 199 | // 200 | // Return Value: 201 | // 202 | // Returns the number of replies received and stored in ReplyBuffer. If 203 | // the return value is zero, extended error information is available 204 | // via GetLastError(). 205 | // 206 | // Remarks: 207 | // 208 | // On NT platforms, 209 | // If used Asynchronously (either ApcRoutine or Event is specified), then 210 | // ReplyBuffer and ReplySize are still needed. This is where the response 211 | // comes in. 212 | // ICMP Response data is copied to the ReplyBuffer provided, and the caller of 213 | // this function has to parse it asynchronously. The function IcmpParseReply 214 | // is provided for this purpose. 215 | // 216 | // On non-NT platforms, 217 | // Event, ApcRoutine and ApcContext are IGNORED. 218 | // 219 | //-- 220 | 221 | 222 | DWORD 223 | WINAPI 224 | IcmpSendEcho2( 225 | HANDLE IcmpHandle, 226 | HANDLE Event, 227 | #ifdef PIO_APC_ROUTINE_DEFINED 228 | PIO_APC_ROUTINE ApcRoutine, 229 | #else 230 | FARPROC ApcRoutine, 231 | #endif 232 | PVOID ApcContext, 233 | IPAddr DestinationAddress, 234 | LPVOID RequestData, 235 | WORD RequestSize, 236 | PIP_OPTION_INFORMATION RequestOptions, 237 | LPVOID ReplyBuffer, 238 | DWORD ReplySize, 239 | DWORD Timeout 240 | ); 241 | 242 | 243 | //++ 244 | // 245 | // Routine Description: 246 | // 247 | // Parses the reply buffer provided and returns the number of ICMP responses found. 248 | // 249 | // Arguments: 250 | // 251 | // ReplyBuffer - This must be the same buffer that was passed to IcmpSendEcho2 252 | // This is rewritten to hold an array of ICMP_ECHO_REPLY structures. 253 | // (i.e. the type is PICMP_ECHO_REPLY). 254 | // 255 | // ReplySize - This must be the size of the above buffer. 256 | // 257 | // Return Value: 258 | // Returns the number of ICMP responses found. If there is an errors, return value is 259 | // zero. The error can be determined by a call to GetLastError. 260 | // 261 | // Remarks: 262 | // This function SHOULD NOT BE USED on a reply buffer that was passed to SendIcmpEcho. 263 | // SendIcmpEcho actually parses the buffer before returning back to the user. This function 264 | // is meant to be used only with SendIcmpEcho2. 265 | //-- 266 | 267 | DWORD 268 | IcmpParseReplies( 269 | LPVOID ReplyBuffer, 270 | DWORD ReplySize 271 | ); 272 | 273 | 274 | #endif // _ICMP_INCLUDED_ 275 | 276 | 277 | } //end extern "C" by erno aug04 278 | 279 | -------------------------------------------------------------------------------- /SyslogAgent/LICENSE.txt: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 5 | 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Library General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License 307 | along with this program; if not, write to the Free Software 308 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 309 | 310 | 311 | Also add information on how to contact you by electronic and paper mail. 312 | 313 | If the program is interactive, make it output a short notice like this 314 | when it starts in an interactive mode: 315 | 316 | Gnomovision version 69, Copyright (C) year name of author 317 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 318 | This is free software, and you are welcome to redistribute it 319 | under certain conditions; type `show c' for details. 320 | 321 | The hypothetical commands `show w' and `show c' should show the appropriate 322 | parts of the General Public License. Of course, the commands you use may 323 | be called something other than `show w' and `show c'; they could even be 324 | mouse-clicks or menu items--whatever suits your program. 325 | 326 | You should also get your employer (if you work as a programmer) or your 327 | school, if any, to sign a "copyright disclaimer" for the program, if 328 | necessary. Here is a sample; alter the names: 329 | 330 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 331 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 332 | 333 | , 1 April 1989 334 | Ty Coon, President of Vice 335 | 336 | This General Public License does not permit incorporating your program into 337 | proprietary programs. If your program is a subroutine library, you may 338 | consider it more useful to permit linking proprietary applications with the 339 | library. If this is what you want to do, use the GNU Library General 340 | Public License instead of this License. 341 | -------------------------------------------------------------------------------- /SyslogAgent/NTSyslog.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/NTSyslog.ico -------------------------------------------------------------------------------- /SyslogAgent/RegistrySettings.cpp: -------------------------------------------------------------------------------- 1 | // This file NOT extern C, even though its part of ntsyslog 2 | 3 | #include "..\Syslogserver\common_stdafx.h" 4 | #include "RegistrySettings.h" 5 | #include "..\Syslogserver\common_registry.h" 6 | #include "..\Syslogserver\common_registry_permissions.h" 7 | #include "winsock2.h" 8 | extern "C" { 9 | #include "service.h" 10 | } 11 | 12 | 13 | 14 | /***************************************************************************** 15 | *initEventLogTypeEntry - Register the different event log types (security, DNS server...) and thereby activate SyslogAgents handling of them... 16 | ********************************************************************************/ 17 | 18 | void initEventLogTypeEntry(HKEY hKey,char *Name,int facility) { 19 | 20 | HKEY hKeySection; 21 | DWORD dwSize, dwValue; 22 | 23 | // Create the appropriate subkey or open it if it exists 24 | if (RegCreateKeyEx( hKey, Name, 0, REG_NONE, REG_OPTION_NON_VOLATILE, 25 | KEY_WRITE|KEY_READ|WRITE_DAC, NULL, &hKeySection, &dwValue) != ERROR_SUCCESS) { 26 | return; 27 | } 28 | 29 | // Write that we have to forward Information events 30 | dwValue = 1; 31 | dwSize = sizeof (DWORD); 32 | if (RegSetValueEx( hKeySection, INFORMATION_ENTRY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 33 | return; 34 | } 35 | // Write Information event priority 36 | dwValue = (facility*8)+SEVERITY_INFORMATION; 37 | dwSize = sizeof (DWORD); 38 | if (RegSetValueEx( hKeySection, INFORMATION_PRIORITY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 39 | return; 40 | } 41 | 42 | // Write that we have to forward Warning events 43 | dwValue = 1; 44 | dwSize = sizeof (DWORD); 45 | if (RegSetValueEx( hKeySection, WARNING_ENTRY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 46 | return; 47 | } 48 | // Write Warning event priority 49 | dwValue = (facility*8)+SEVERITY_WARNING; 50 | dwSize = sizeof (DWORD); 51 | if (RegSetValueEx( hKeySection, WARNING_PRIORITY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 52 | return; 53 | } 54 | 55 | // Write that we to forward Error events 56 | dwValue = 1; 57 | dwSize = sizeof (DWORD); 58 | if (RegSetValueEx( hKeySection, ERROR_ENTRY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS){ 59 | return; 60 | } 61 | // Write Error event priority 62 | dwValue = (facility*8)+mySEVERITY_ERROR; 63 | dwSize = sizeof (DWORD); 64 | if (RegSetValueEx( hKeySection, ERROR_PRIORITY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 65 | return; 66 | } 67 | 68 | // Write that we have to forward Audit Success events 69 | dwValue = 1; 70 | dwSize = sizeof (DWORD); 71 | if (RegSetValueEx( hKeySection, AUDIT_SUCCESS_ENTRY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 72 | return; 73 | } 74 | // Write Audit Success event priority 75 | dwValue = (facility*8)+SEVERITY_INFORMATION; 76 | dwSize = sizeof (DWORD); 77 | if (RegSetValueEx( hKeySection, AUDIT_SUCCESS_PRIORITY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 78 | return; 79 | } 80 | 81 | // Write we have to forward Audit Failure events 82 | dwValue = 1; 83 | dwSize = sizeof (DWORD); 84 | if (RegSetValueEx( hKeySection, AUDIT_FAILURE_ENTRY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 85 | return; 86 | } 87 | // Write Audit Failure event priority 88 | dwValue = (facility*8)+SEVERITY_NOTICE; 89 | dwSize = sizeof (DWORD); 90 | if (RegSetValueEx( hKeySection, AUDIT_FAILURE_PRIORITY, 0, REG_DWORD, (LPBYTE ) &dwValue, dwSize) != ERROR_SUCCESS) { 91 | return; 92 | } 93 | RegCloseKey( hKeySection); 94 | } 95 | /***************************************************************************** 96 | *initRegistry 97 | * 98 | * Called upon installation of service *AND* upon start of service. Checks if entry exists before overwriting. 99 | * SyslogAddress can be NULL, indicating it is not an installation 100 | ********************************************************************************/ 101 | void __cdecl initRegistry(char *SyslogAddress) { 102 | //,char *csRegPath, int facility) { 103 | 104 | // Save the changes to the appropriate registry. 105 | HKEY hKeyRemote,hKeySoftware,hReg,hRegTest; 106 | DWORD dwSize,dwValue; 107 | bool usePing=0; //i.e. default 108 | bool forwardEvents=1; 109 | bool forwardApplications=0; 110 | int port=514; 111 | int status; 112 | int EventLogPollInterval=2; //SyslogAgent default. 113 | CString regPermSet; 114 | 115 | 116 | // Connect to the registry on HKLM 117 | if (RegConnectRegistry( (char*)((LPCTSTR)""), HKEY_LOCAL_MACHINE, &hKeyRemote) != ERROR_SUCCESS){ 118 | DEBUGSERVICE(Message,"Failed to open HKEY_LOCAL_MACHINE in registry - settings not read"); 119 | return; 120 | } 121 | // Create the SOFTWARE\Datagram key or open it if it exists 122 | if (RegCreateKeyEx( hKeyRemote, NTSYSLOG_SOFTWARE_KEY, 0, REG_NONE, REG_OPTION_NON_VOLATILE, 123 | KEY_WRITE|KEY_READ|WRITE_DAC, NULL, &hKeySoftware, &dwValue) != ERROR_SUCCESS){ 124 | DEBUGSERVICE(Message,"Failed to open or create SyslogAgent key in registry - settings not read"); 125 | RegCloseKey( hKeyRemote); 126 | return; 127 | } 128 | 129 | if (SyslogAddress!=NULL) { 130 | // Write the primary syslogd server 131 | dwSize = strlen(SyslogAddress); 132 | if (RegSetValueEx( hKeySoftware, PRIMARY_SYSLOGD_ENTRY, 0, REG_SZ, (LPBYTE ) (LPCTSTR)( SyslogAddress), dwSize) != ERROR_SUCCESS){ 133 | DEBUGSERVICE(Message,"Failed to write SyslogIPAdress key to registry."); 134 | RegCloseKey (hKeySoftware); 135 | RegCloseKey( hKeyRemote); 136 | return; 137 | } 138 | } 139 | 140 | // Write the usePing bool 141 | dwValue=REG_BINARY; 142 | dwSize=sizeof(bool); 143 | if (RegQueryValueEx( hKeySoftware, USE_PING_ENTRY, 0,&dwValue , (LPBYTE ) &usePing, &dwSize) != ERROR_SUCCESS){ 144 | dwSize = sizeof(bool); 145 | if (RegSetValueEx( hKeySoftware, USE_PING_ENTRY, 0, REG_BINARY, (LPBYTE ) &usePing, dwSize) != ERROR_SUCCESS){ 146 | RegCloseKey (hKeySoftware); 147 | RegCloseKey( hKeyRemote); 148 | return; 149 | } 150 | } 151 | 152 | // Write port 153 | dwSize = sizeof (DWORD); 154 | dwValue=REG_DWORD; 155 | if (RegQueryValueEx( hKeySoftware, PORT_ENTRY, 0, &dwValue, (LPBYTE ) &port, &dwSize) != ERROR_SUCCESS) { 156 | dwSize = sizeof (DWORD); 157 | if (RegSetValueEx( hKeySoftware, PORT_ENTRY, 0, REG_DWORD, (LPBYTE ) &port, dwSize) != ERROR_SUCCESS) { 158 | return; 159 | } 160 | } 161 | 162 | // Write backup port 163 | dwSize = sizeof (DWORD); 164 | dwValue=REG_DWORD; 165 | if (RegQueryValueEx( hKeySoftware, PORT_BACKUP_ENTRY, 0, &dwValue, (LPBYTE ) &port, &dwSize) != ERROR_SUCCESS) { 166 | dwSize = sizeof (DWORD); 167 | if (RegSetValueEx( hKeySoftware, PORT_BACKUP_ENTRY, 0, REG_DWORD, (LPBYTE ) &port, dwSize) != ERROR_SUCCESS) { 168 | return; 169 | } 170 | } 171 | 172 | // Write the forwardEvents bool 173 | dwSize = sizeof(bool); 174 | dwValue=REG_BINARY; 175 | if (RegQueryValueEx( hKeySoftware, FORWARDEVENTLOGS, 0, &dwValue, (LPBYTE ) &forwardEvents, &dwSize) != ERROR_SUCCESS){ 176 | dwSize = sizeof(bool); 177 | if (RegSetValueEx( hKeySoftware, FORWARDEVENTLOGS, 0, REG_BINARY, (LPBYTE ) &forwardEvents, dwSize) != ERROR_SUCCESS){ 178 | RegCloseKey (hKeySoftware); 179 | RegCloseKey( hKeyRemote); 180 | return; 181 | } 182 | } 183 | // Write the forwardApplication bool 184 | dwSize = sizeof(bool); 185 | dwValue=REG_BINARY; 186 | if (RegQueryValueEx( hKeySoftware, FORWARDAPPLICATIONLOGS, 0, &dwValue, (LPBYTE ) &forwardApplications, &dwSize) != ERROR_SUCCESS){ 187 | dwSize = sizeof(bool); 188 | if (RegSetValueEx( hKeySoftware, FORWARDAPPLICATIONLOGS, 0, REG_BINARY, (LPBYTE ) &forwardApplications, dwSize) != ERROR_SUCCESS){ 189 | RegCloseKey (hKeySoftware); 190 | RegCloseKey( hKeyRemote); 191 | return; 192 | } 193 | } 194 | 195 | // Write EventLogPollInterval 196 | dwSize = sizeof (DWORD); 197 | dwValue=REG_DWORD; 198 | if (RegQueryValueEx( hKeySoftware, EVENTLOG_POLL_INTERVAL, 0, &dwValue, (LPBYTE ) &EventLogPollInterval, &dwSize) != ERROR_SUCCESS) { 199 | dwSize = sizeof (DWORD); 200 | if (RegSetValueEx( hKeySoftware, EVENTLOG_POLL_INTERVAL, 0, REG_DWORD, (LPBYTE ) &EventLogPollInterval, dwSize) != ERROR_SUCCESS) { 201 | return; 202 | } 203 | } 204 | 205 | DEBUGSERVICE(Message,"Registry init phase 1 done."); 206 | 207 | if (RegOpenKeyEx(hKeySoftware,APPLICATION_SECTION,0,KEY_WRITE|KEY_READ|WRITE_DAC,&hRegTest)!= ERROR_SUCCESS) { 208 | initEventLogTypeEntry(hKeySoftware,APPLICATION_SECTION, FACILITY_LOCAL7); 209 | regPermSet.Format("%s\\%s",NTSYSLOG_SOFTWARE_KEY,APPLICATION_SECTION); 210 | AddPermissions(regPermSet); 211 | } else 212 | RegCloseKey(hRegTest); 213 | 214 | if (RegOpenKeyEx(hKeySoftware,SECURITY_SECTION,0,KEY_WRITE|KEY_READ|WRITE_DAC,&hRegTest)!= ERROR_SUCCESS) { 215 | initEventLogTypeEntry(hKeySoftware,SECURITY_SECTION, FACILITY_SECURITYAUTH); 216 | regPermSet.Format("HKEY_LOCAL_MACHINE\\%s\\%s",NTSYSLOG_SOFTWARE_KEY,SECURITY_SECTION); 217 | AddPermissions(regPermSet); 218 | } else 219 | RegCloseKey(hRegTest); 220 | 221 | if (RegOpenKeyEx(hKeySoftware,SYSTEM_SECTION,0,KEY_WRITE|KEY_READ|WRITE_DAC,&hRegTest)!= ERROR_SUCCESS) { 222 | initEventLogTypeEntry(hKeySoftware,SYSTEM_SECTION, FACILITY_SYSTEM); 223 | regPermSet.Format("HKEY_LOCAL_MACHINE\\%s\\%s",NTSYSLOG_SOFTWARE_KEY,SYSTEM_SECTION); 224 | AddPermissions(regPermSet); 225 | } else 226 | RegCloseKey(hRegTest); 227 | 228 | DEBUGSERVICE(Message,"Registry init phase 2 done."); 229 | 230 | //Create and fix settings for applicationlogs 231 | if (RegCreateKeyEx( hKeySoftware, APPLICATIONLOGS, 0, REG_NONE, REG_OPTION_NON_VOLATILE,KEY_WRITE|KEY_READ|WRITE_DAC, NULL, &hRegTest, &dwValue) == ERROR_SUCCESS){ 232 | regPermSet.Format("HKEY_LOCAL_MACHINE\\%s\\%s",NTSYSLOG_SOFTWARE_KEY,APPLICATIONLOGS); 233 | AddPermissions(regPermSet); 234 | } else 235 | RegCloseKey(hRegTest); 236 | 237 | DEBUGSERVICE(Message,"Registry init phase 3 done."); 238 | 239 | status=AddPermissions("SYSTEM\\CurrentControlSet\\Services\\EventLog"); 240 | if (status) { 241 | DEBUGSERVICE(Message,"Failed to write permissions to registry, with error %d",status); 242 | } 243 | 244 | status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\EventLog", 0, KEY_READ, &hReg); 245 | if (status == ERROR_SUCCESS){ 246 | int i = 0; 247 | char buffer[256]; 248 | 249 | while (RegEnumKey(hReg, i++, buffer, sizeof(buffer)) == ERROR_SUCCESS) { 250 | if ((_stricmp(buffer,"System")==0)|(_stricmp(buffer,"Application")==0)|(_stricmp(buffer,"Security")==0)) 251 | continue; //three main already initialized 252 | 253 | regPermSet.Format("SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s",buffer); 254 | AddPermissions(regPermSet); 255 | 256 | if (RegOpenKeyEx(hKeySoftware,buffer,0,KEY_READ,&hRegTest)!= ERROR_SUCCESS) { 257 | initEventLogTypeEntry(hKeySoftware,buffer, FACILITY_SYSTEM); 258 | } else 259 | RegCloseKey(hRegTest); 260 | } 261 | RegCloseKey(hReg); 262 | } 263 | 264 | RegCloseKey( hKeySoftware); 265 | RegCloseKey( hKeyRemote); 266 | } 267 | /***************************************************************************** 268 | * 269 | ********************************************************************************/ 270 | void __cdecl ReadSettings(int *_syslogaPort, int *_syslogBackupPort, bool *forwardEvents,int *EventLogPollInterval) { 271 | HKEY hKeyRemote,hKeySoftware; 272 | DWORD dwSize,dwValue,dwType; 273 | 274 | bool tempForwardEvents=true; 275 | 276 | // Connect to the registry on HKLM 277 | if (RegConnectRegistry( (char*)((LPCTSTR)""), HKEY_LOCAL_MACHINE, &hKeyRemote) != ERROR_SUCCESS){ 278 | DEBUGSERVICE(Message,"Failed to open HKEY_LOCAL_MACHINE in registry - settings not read"); 279 | return; 280 | } 281 | // Create the SOFTWARE\Datagram\SyslogAgent key or open it if it exists 282 | if (RegCreateKeyEx( hKeyRemote, NTSYSLOG_SOFTWARE_KEY, 0, REG_NONE, REG_OPTION_NON_VOLATILE, 283 | KEY_WRITE|KEY_READ, NULL, &hKeySoftware, &dwValue) != ERROR_SUCCESS){ 284 | RegCloseKey( hKeyRemote); 285 | DEBUGSERVICE(Message,"Failed to open SyslogAgent key in registry - settings not read"); 286 | return; 287 | } 288 | 289 | // Read the forwardEvents info 290 | dwSize =sizeof( bool); 291 | if (RegQueryValueEx( hKeySoftware, FORWARDEVENTLOGS, 0, &dwType, (LPBYTE) &tempForwardEvents, &dwSize) != ERROR_SUCCESS) { 292 | RegCloseKey (hKeySoftware); 293 | RegCloseKey( hKeyRemote); 294 | return; 295 | } 296 | *forwardEvents=tempForwardEvents; 297 | 298 | //port info 299 | dwSize =sizeof( DWORD); 300 | if ((RegQueryValueEx( hKeySoftware, PORT_ENTRY, 0, &dwType, (LPBYTE) &dwValue, &dwSize) != ERROR_SUCCESS)) { 301 | RegCloseKey (hKeySoftware); 302 | RegCloseKey( hKeyRemote); 303 | return; 304 | } 305 | *_syslogaPort=dwValue; 306 | 307 | //backup port info 308 | dwSize =sizeof( DWORD); 309 | if ((RegQueryValueEx( hKeySoftware, PORT_BACKUP_ENTRY, 0, &dwType, (LPBYTE) &dwValue, &dwSize) != ERROR_SUCCESS)) { 310 | RegCloseKey (hKeySoftware); 311 | RegCloseKey( hKeyRemote); 312 | return; 313 | } 314 | *_syslogBackupPort=dwValue; 315 | 316 | //Event Log Poll Interval, in seconds 317 | dwSize =sizeof( DWORD); 318 | if ((RegQueryValueEx( hKeySoftware, EVENTLOG_POLL_INTERVAL, 0, &dwType, (LPBYTE) &dwValue, &dwSize) != ERROR_SUCCESS)) { 319 | RegCloseKey (hKeySoftware); 320 | RegCloseKey( hKeyRemote); 321 | return; 322 | } 323 | *EventLogPollInterval=dwValue; 324 | 325 | RegCloseKey( hKeySoftware); 326 | RegCloseKey( hKeyRemote); 327 | 328 | } 329 | 330 | /**************************************************************************** 331 | * initFilterEventArray - read registry event ids to filter out 332 | 333 | ****************************************************************************/ 334 | void initFilterEventArray( DWORD *A) { 335 | CString filterArray; 336 | char theList[256]; 337 | char *Ptr=&(theList[0]); 338 | DWORD anEventId; 339 | int status,counter=0; 340 | 341 | OpenRegistry(NTSYSLOG_SYSLOG_KEY); 342 | ReadRegKey(&filterArray,"",EVENTIDFILTERARRAY); 343 | CloseRegistry(); 344 | 345 | strcpy_s(theList,filterArray.GetBuffer()); 346 | 347 | do { 348 | status=sscanf_s(Ptr,"%d",&anEventId); 349 | if (status==-1) { 350 | *A=-1; 351 | break; 352 | } 353 | if (status==0) { 354 | *A=-1; 355 | logger(Error,"EventIDFilterList in registry contained invalid characters. Only numbers, comma and spaces are allowed. Complete filter list possibly not read."); 356 | break; 357 | } 358 | *A=anEventId; 359 | A++; 360 | counter++; 361 | 362 | Ptr=strstr(Ptr,","); 363 | while((Ptr!=NULL)&&((*Ptr==' ')||(*Ptr==','))) //move past ',' and space 364 | Ptr++; 365 | 366 | } while ((Ptr!=NULL)&(counter 5 | #include 6 | #include 7 | #include "ntsl.h" 8 | #include "engine.h" 9 | 10 | extern "C" { 11 | 12 | /*----------------------------------------------------------------------------- 13 | * 14 | * engine.c - Event processing engine 15 | * 16 | * Copyright (c) 1998, SaberNet.net - All rights reserved 17 | * 18 | * This program is free software; you can redistribute it and/or 19 | * modify it under the terms of the GNU General Public License 20 | * as published by the Free Software Foundation; either version 2 21 | * of the License, or (at your option) any later version. 22 | * 23 | * This program is distributed in the hope that it will be useful, 24 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 25 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 26 | * GNU General Public License for more details. 27 | * 28 | * You should have received a copy of the GNU General Public License 29 | * along with this program; if not, write to the Free Software 30 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 31 | * 32 | * $Id: engine.c,v 1.9 2002/06/27 21:05:44 jason Exp $ 33 | * 34 | * Revision history: 35 | * 17-Aug-98 JRR Module completed 36 | * 37 | *----------------------------------------------------------------------------*/ 38 | 39 | 40 | /*------------------------------[ private data ]------------------------------*/ 41 | static ntsl_event *engine_last_event = NULL; 42 | static HANDLE engine_event_mutex = NULL; 43 | 44 | 45 | /*-------------------------------[ engine_init ]------------------------------- 46 | * Create mutex object and open logfile 47 | *----------------------------------------------------------------------------*/ 48 | void engine_init(){ 49 | 50 | if ((engine_event_mutex = CreateMutex(NULL, FALSE, NULL)) == 0) 51 | ntsl_die(NTSL_ERROR_ENGINE_MUTEX, GetLastError()); 52 | 53 | } 54 | /*-----------------------------[ engine_shutdown ]----------------------------- 55 | * Force execution of shutdown functions. 56 | *----------------------------------------------------------------------------*/ 57 | void engine_shutdown() 58 | { 59 | CloseHandle(engine_event_mutex); 60 | free(engine_last_event); 61 | } 62 | 63 | 64 | /*--------------------------[ engine_process_event ]-------------------------- 65 | * Top level event handler. 66 | * 67 | * Returns: 68 | * success 0 69 | * failure -1 70 | * 71 | * NOTE: This module is resposible for freeing event objects. 72 | *----------------------------------------------------------------------------*/ 73 | int engine_process_event(ntsl_event *event) 74 | { 75 | int rc = -1; 76 | 77 | if (NULL != event){ 78 | 79 | _event_output(event); 80 | 81 | free(engine_last_event); 82 | engine_last_event = event; 83 | 84 | rc = 1; 85 | } 86 | 87 | return(rc); 88 | } 89 | 90 | 91 | 92 | } //end extern "C" by erno aug04 93 | 94 | -------------------------------------------------------------------------------- /SyslogAgent/engine.h: -------------------------------------------------------------------------------- 1 | //extern "C" by erno aug04 2 | extern "C" { 3 | 4 | /*----------------------------------------------------------------------------- 5 | * 6 | * engine.h - Event processing engine 7 | * 8 | * Copyright (c) 1998, SaberNet.net - All rights reserved 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 23 | * 24 | * $Id: engine.h,v 1.9 2002/06/27 21:05:44 jason Exp $ 25 | * 26 | *----------------------------------------------------------------------------*/ 27 | #ifndef _ENGINE_H_ 28 | #define _ENGINE_H_ 29 | 30 | #include "event.h" 31 | 32 | void engine_init(); 33 | int engine_process_event(ntsl_event *event); 34 | void engine_crontab(); 35 | void engine_shutdown(); 36 | 37 | #endif 38 | 39 | } //end extern "C" by erno aug04 40 | 41 | -------------------------------------------------------------------------------- /SyslogAgent/error.h: -------------------------------------------------------------------------------- 1 | /*----------------------------------------------------------------------------- 2 | * 3 | * error.h - Application error messages 4 | * 5 | * Copyright (c) 1998, SaberNet.net - All rights reserved 6 | * 7 | * This program is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU General Public License 9 | * as published by the Free Software Foundation; either version 2 10 | * of the License, or (at your option) any later version. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 20 | * 21 | * $Id: error.h,v 1.10 2002/07/31 23:09:28 jason Exp $ 22 | * 23 | *----------------------------------------------------------------------------*/ 24 | #define NTSL_ERROR_EVENT_LOG_ACCESS \ 25 | "Unable to access %s event log for host %s" 26 | 27 | #define NTSL_ERROR_EVENT_MALLOC \ 28 | "Unable to create event - out of memory" 29 | 30 | #define NTSL_ERROR_MKDIR \ 31 | "Unable to create directory: %s" 32 | 33 | #define NTSL_ERROR_TIME_DATA_READ \ 34 | "Unable to read data file: %s" 35 | 36 | #define NTSL_ERROR_TIME_DATA_WRITE \ 37 | "Unable to write to registry: %s" 38 | 39 | #define NTSL_ERROR_MAPI_LOGON \ 40 | "Failed to logon to MAPI subsystem. status: %d lhSession: %08lx" 41 | 42 | #define NTSL_ERROR_MAPI_LOGOFF \ 43 | "Failed to logoff MAPU subsystem. status: %s lhSession: %08lx" 44 | 45 | #define NTSL_ERROR_MAPI_DLL_LOAD \ 46 | "Failed to load MAPI library. status: %d" 47 | 48 | #define NTSL_ERROR_MAPI_DLL_FUNC \ 49 | "Failed to get function address in MAPI library" 50 | 51 | #define NTSL_ERROR_MAPI_SEND \ 52 | "Failed to send MAPI message. error: %d" 53 | 54 | #define NTSL_ERROR_APP_HOME \ 55 | "Failed to locate registry information for %s" 56 | 57 | #define NTSL_ERROR_WSASTARTUP \ 58 | "WSAStartup failed with error %d" 59 | 60 | #define NTSL_ERROR_SOCKET_INIT \ 61 | "Failed to open syslog socket. error: %d" 62 | 63 | #define NTSL_ERROR_SOCKET_SEND \ 64 | "Failed to send data to syslog host. error: %d" 65 | 66 | #define NTSL_ERROR_WRITE_LOG \ 67 | "Unable to write to log file: %s" 68 | 69 | #define NTSL_ERROR_ENGINE_MUTEX \ 70 | "Failed to create engine mutex. error: %d" 71 | 72 | #define NTSL_ERROR_SYSLOG_THREAD \ 73 | "Failed to start syslog service." 74 | 75 | #define NTSL_ERROR_SERVICE_DISPATCH \ 76 | "StartServiceCtrlDispatcher failed. error: %d" 77 | 78 | #define NTSL_ERROR_SERVICE_STATUS \ 79 | "Failed to report status. error: %d" 80 | 81 | #define NTSL_ERROR_CONFIG_MALLOC \ 82 | "Unable initialize configuration data - out of memory" 83 | 84 | #define NTSL_ERROR_CONFIG_OPEN \ 85 | "Unable to open registry: %s" 86 | 87 | #define NTSL_ERROR_SYSLOG_CONFIG \ 88 | "A Syslog host has not been configured in the registry" 89 | 90 | #define NTSL_ERROR_CONFIG_READ \ 91 | "Unable to read access registry key: %s" 92 | 93 | #define NTSL_ERROR_ACTION_MUTEX \ 94 | "Failed to create action mutex. error: %d" 95 | 96 | #define NTSL_ERROR_ACTION_QUEUE \ 97 | "Failed to open queue for action: %s" 98 | 99 | #define NTSL_ERROR_CRON \ 100 | "Failed to start scheduler. error: %d" 101 | 102 | #define NTSL_ERROR_ACTION_EXEC \ 103 | "Failed to execute program for action: %s" 104 | 105 | #define NTSL_ERROR_FILTER_REGEX \ 106 | "Invalid expression in filter: %d" 107 | 108 | #define NTSL_ERROR_SYSLOG_HOST \ 109 | "Received syslog message from unauthorized host: %s" 110 | 111 | #define NTSL_WARNING_LOG_DISK \ 112 | "Log disk running low on space. bytes free: %u" 113 | 114 | #define NTSL_INFO_SERVICE \ 115 | "Service %s." 116 | 117 | #define NTSL_ERROR_EVENT_READ_BUF \ 118 | "Insufficient read buffer: %d configured; %d required" 119 | -------------------------------------------------------------------------------- /SyslogAgent/errorHandling.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/errorHandling.cpp -------------------------------------------------------------------------------- /SyslogAgent/errorHandling.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | // http://www.debuginfo.com/articles/effminidumps.html 5 | #include 6 | #include 7 | 8 | //erno 08-01 9 | extern "C" { 10 | 11 | void CreateMiniDump( EXCEPTION_POINTERS* pep ); 12 | long WINAPI top_level_exception_filter(_EXCEPTION_POINTERS *exceptioninfo); 13 | 14 | BOOL CALLBACK MyMiniDumpCallback( 15 | PVOID pParam, 16 | const PMINIDUMP_CALLBACK_INPUT pInput, 17 | PMINIDUMP_CALLBACK_OUTPUT pOutput 18 | ); 19 | 20 | } 21 | 22 | void trans_func( unsigned int u, EXCEPTION_POINTERS* pExp ); 23 | 24 | 25 | //Yes, code in a header file... 26 | class SE_Exception 27 | { 28 | private: 29 | unsigned int nSE; 30 | public: 31 | SE_Exception() {} 32 | SE_Exception( unsigned int n ) : nSE( n ) {} 33 | ~SE_Exception() {} 34 | unsigned int getSeNumber() { return nSE; } 35 | }; 36 | -------------------------------------------------------------------------------- /SyslogAgent/event.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/event.cpp -------------------------------------------------------------------------------- /SyslogAgent/event.h: -------------------------------------------------------------------------------- 1 | //extern "C" by erno aug04 2 | extern "C" { 3 | 4 | /*----------------------------------------------------------------------------- 5 | * 6 | * event.h - Event type definition 7 | * 8 | * Copyright (c) 1998, SaberNet.net - All rights reserved 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 23 | * 24 | * $Id: event.h,v 1.12 2002/09/20 06:12:47 jason Exp $ 25 | * 26 | *----------------------------------------------------------------------------*/ 27 | #ifndef _EVENT_H_ 28 | #define _EVENT_H_ 29 | 30 | #include "ntsl.h" 31 | #include 32 | 33 | 34 | /*-------------------------------[ static data ]------------------------------*/ 35 | #define NTSL_EVENT_ERROR "[error]" 36 | #define NTSL_EVENT_WARNING "[warning]" 37 | #define NTSL_EVENT_INFORMATION "[info]" 38 | #define NTSL_EVENT_SUCCESS "[success]" 39 | #define NTSL_EVENT_FAILURE "[failure]" 40 | #define NTSL_EVENT_FORMAT_LEN NTSL_EVENT_LEN 41 | #define NTSL_DEFAULT_PRIORITY 9 42 | 43 | /*-------------------------------[ ntsl_event ]-------------------------------*/ 44 | typedef struct 45 | { 46 | char date[NTSL_DATE_LEN]; 47 | //erno2005 48 | char facilityName[256]; 49 | DWORD time1970format; 50 | 51 | char host[NTSL_SYS_LEN]; 52 | char source[NTSL_SYS_LEN]; 53 | char etype[NTSL_SYS_LEN]; 54 | char msg[NTSL_EVENT_LEN]; 55 | int priority; 56 | uint32 id; 57 | char user[NTSL_SYS_LEN]; 58 | char domain[NTSL_SYS_LEN]; 59 | } ntsl_event; 60 | 61 | 62 | //typedef struct { 63 | // char text[1200]; //MAXBUFLEN not used due to c/c++ problems if including appwatch.h 64 | //} aMess; 65 | 66 | //erno2005 67 | int _event_output(ntsl_event *event); 68 | 69 | //void ping_syslog_server(); 70 | 71 | #endif 72 | 73 | } //end extern "C" by erno aug04 74 | 75 | -------------------------------------------------------------------------------- /SyslogAgent/eventlog.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/eventlog.cpp -------------------------------------------------------------------------------- /SyslogAgent/eventlog.h: -------------------------------------------------------------------------------- 1 | //extern "C" by erno aug04 2 | extern "C" { 3 | 4 | /*----------------------------------------------------------------------------- 5 | * 6 | * eventlog.h - Windows NT eventlog module 7 | * 8 | * Copyright (c) 1998, SaberNet.net - All rights reserved 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 23 | * 24 | * $Id: eventlog.h,v 1.10 2002/07/23 06:36:51 jason Exp $ 25 | * 26 | *----------------------------------------------------------------------------*/ 27 | #ifndef _EVENTLOG_H_ 28 | #define _EVENTLOG_H_ 29 | 30 | #include "event.h" 31 | 32 | 33 | typedef struct LoadedLibraryStruct { 34 | char name[1024]; 35 | HINSTANCE hlib; 36 | } _LoadedLibrary; 37 | 38 | typedef struct LoadedSIDStruct { 39 | bool valid; 40 | char SID[64]; 41 | char user[256]; 42 | char domain[256]; 43 | } _LoadedSIDS; 44 | 45 | int eventlog_init(); 46 | void eventlog_shutdown(); 47 | void eventlog_check_events(); 48 | int eventlog_parse_libs(char*,char*,uint32); 49 | #endif 50 | 51 | } //end extern "C" by erno aug04 52 | 53 | -------------------------------------------------------------------------------- /SyslogAgent/icmp.Lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/icmp.Lib -------------------------------------------------------------------------------- /SyslogAgent/leakwatcher.h: -------------------------------------------------------------------------------- 1 | #ifndef IMWATCHINGYOULEAK 2 | #define IMWATCHINGYOULEAK 3 | 4 | #include 5 | 6 | #ifdef _DEBUG 7 | //void* operator new(size_t nSize, const char * lpszFileName, int nLine) 8 | //{ 9 | // return ::operator new(nSize, 1, lpszFileName, nLine); 10 | //} 11 | extern void* operator new(size_t nSize, const char * lpszFileName, int nLine); 12 | #define DEBUG_NEW new(THIS_FILE, __LINE__) 13 | 14 | #define MALLOC_DBG(x) _malloc_dbg(x, 1, THIS_FILE, __LINE__); 15 | #define malloc(x) MALLOC_DBG(x) 16 | 17 | #endif // _DEBUG 18 | 19 | #endif // #include guard 20 | -------------------------------------------------------------------------------- /SyslogAgent/list.cpp: -------------------------------------------------------------------------------- 1 | //extern "C" by erno aug04 2 | #include "..\Syslogserver\common_stdafx.h" 3 | extern "C" { 4 | 5 | /*----------------------------------------------------------------------------- 6 | * 7 | * list.c - Dynamic list management package 8 | * 9 | * Copyright (c) 1997-1998, SaberNet.net - All rights reserved 10 | * 11 | * This program is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU General Public License 13 | * as published by the Free Software Foundation; either version 2 14 | * of the License, or (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 24 | * 25 | * $Id: list.c,v 1.10 2002/07/23 06:36:51 jason Exp $ 26 | * 27 | * Revision History: 28 | * 15-Aug-98 JRR Code restructured - added ListIterator 29 | * 04-May-97 JRR Module completed 30 | * 31 | *----------------------------------------------------------------------------*/ 32 | #include 33 | #include "list.h" 34 | 35 | 36 | /*------------------------------[private methods]-----------------------------*/ 37 | static int list_append_(List *list, void *item); 38 | static int list_insert_(List *list, void *item, int (*comp)()); 39 | static int list_insert_at_(List *list, void *item, int index); 40 | 41 | 42 | /*---------------------------------[list_new]--------------------------------- 43 | * Inits a new list 44 | * 45 | * Returns: 46 | * success pointer to a list 47 | * failure null 48 | *----------------------------------------------------------------------------*/ 49 | List *list_new() 50 | { 51 | List *list = (List*)malloc(sizeof(List)); 52 | 53 | if (list != NULL) 54 | { 55 | list->car = NULL; 56 | list->cdr = NULL; 57 | } 58 | 59 | return(list); 60 | } 61 | 62 | /*-----------------------------------[list_delete]------------------------------ 63 | * Deletes a list 64 | * 65 | *----------------------------------------------------------------------------*/ 66 | List* list_delete(List* list) 67 | { 68 | list_flush(list, 1); 69 | return NULL; 70 | } 71 | 72 | 73 | /*--------------------------------[list_empty]-------------------------------- 74 | * Check if the list is empty 75 | * 76 | * Paramaters: 77 | * list pointer to a list struct 78 | * 79 | * Returns: 80 | * empty (0) 81 | * not empty (!0) 82 | *----------------------------------------------------------------------------*/ 83 | int list_empty(List *list) 84 | { 85 | return ( (list == NULL) || (list->car == NULL) ); 86 | } 87 | 88 | /*---------------------------------[list_size]--------------------------------- 89 | * Returns the number of items in the list 90 | * 91 | * Paramaters: 92 | * list pointer to a list struct 93 | * 94 | * Returns: 95 | * success number of items 96 | * error (0) 97 | *----------------------------------------------------------------------------*/ 98 | int list_size(List *list) 99 | { 100 | int size = 0; 101 | List *temp = list; 102 | 103 | while(temp != NULL) 104 | { 105 | if (temp->car != NULL) 106 | size++; 107 | temp = temp->cdr; 108 | } 109 | 110 | return(size); 111 | } 112 | 113 | /*--------------------------------[list_flush]-------------------------------- 114 | * Removes all items from the list 115 | * 116 | * Paramaters: 117 | * list pointer to a list 118 | * destory 1 = free item, 0 = leave item intact 119 | * 120 | * Returns: 121 | * success (0) 122 | * failure (-1) 123 | *----------------------------------------------------------------------------*/ 124 | int list_flush(List *list, int destroy) 125 | { 126 | if (list == NULL) 127 | return(-1); 128 | 129 | while (!list_empty(list)) 130 | list_remove_first(list, destroy); 131 | 132 | if (destroy) 133 | free(list); 134 | 135 | return(0); 136 | } 137 | 138 | 139 | /*---------------------------------[list_add]--------------------------------- 140 | * Adds an item at the top of the list 141 | * 142 | * Paramaters: 143 | * list pointer to a list 144 | * item pointer to the item to add 145 | * 146 | * Returns: 147 | * success (0) 148 | * failure (-1) 149 | *----------------------------------------------------------------------------*/ 150 | int list_add(List *list, void *item) 151 | { 152 | List *temp; 153 | 154 | if ( (list == NULL) || 155 | (item == NULL) || ((temp = list_new()) == NULL) ) 156 | return(-1); 157 | 158 | temp->car = list->car; 159 | temp->cdr = list->cdr; 160 | list->cdr = temp; 161 | list->car = item; 162 | 163 | return(0); 164 | } 165 | 166 | /*--------------------------------[list_append]-------------------------------- 167 | * Appends an item to the end of a list 168 | * 169 | * Paramaters: 170 | * list pointer to a list 171 | * item pointer to the item to add 172 | * 173 | * Returns: 174 | * success (0) 175 | * failure (-1) 176 | *----------------------------------------------------------------------------*/ 177 | int list_append(List *list, void *item) 178 | { 179 | int rc = -1; 180 | 181 | if ( (list != NULL) && (item != NULL) ) 182 | rc = list_append_(list, item); 183 | 184 | return(rc); 185 | } 186 | 187 | /*--------------------------------[list_append_]------------------------------- 188 | * Recursive append operation 189 | * 190 | * Returns: 191 | * success (0) 192 | * failure (-1) 193 | *----------------------------------------------------------------------------*/ 194 | static int list_append_(List *list, void *item) 195 | { 196 | int rc; 197 | 198 | if (list_empty(list)) 199 | rc = list_add(list, item); 200 | else 201 | rc = list_append_(list->cdr, item); 202 | 203 | return(rc); 204 | } 205 | 206 | /*-------------------------------[list_insert]-------------------------------- 207 | * Inserts an item based on its sorted order. Existing items will be shuffled 208 | * down to make room for the item. 209 | * 210 | * Paramaters: 211 | * list pointer to a list 212 | * item item to insert into list 213 | * comp comparison function in the form: int comp(x, y) 214 | * which returns an integer greater than, equal to, or 215 | * less than 0, if the item x is greater than, equal 216 | * to, or less than item y. 217 | * Returns: 218 | * success (0) 219 | * failure (-1) 220 | *----------------------------------------------------------------------------*/ 221 | /* erno not used, caused compiler error when moving from C to C++ 222 | /*int list_insert(List *list, void *item, int (*comp)()) 223 | { 224 | int rc = -1; 225 | 226 | if ( (list != NULL) && (item != NULL) && (comp != NULL) ) 227 | rc = list_insert_(list, item, comp); 228 | 229 | return(rc); 230 | } 231 | */ 232 | 233 | /*-------------------------------[list_insert_]------------------------------- 234 | * Recursive insert method 235 | * 236 | * Returns: 237 | * success (0) 238 | * failure (-1) 239 | *----------------------------------------------------------------------------*/ 240 | /* erno not used, caused compiler error when moving from C to C++ 241 | static int list_insert_(List *list, void *item, int (*comp)()) 242 | { 243 | 244 | 245 | int rc; 246 | 247 | if (list_empty(list) || (comp(item, list->car) < 0)) 248 | rc = list_add(list, item); 249 | else 250 | rc = list_insert_(list->cdr, item, comp); 251 | 252 | return(rc); 253 | } 254 | */ 255 | /*------------------------------[list_insert_at]------------------------------- 256 | * Inserts an item at the specified index. Existing items will be shuffled 257 | * down to make room for the item. 258 | * 259 | * Paramaters: 260 | * list pointer to a list 261 | * item item to insert into list 262 | * index index to insert item at 263 | * 264 | * Returns: 265 | * success (0) 266 | * failure (-1) 267 | *----------------------------------------------------------------------------*/ 268 | int list_insert_at(List *list, void *item, int index) 269 | { 270 | int rc = -1; 271 | 272 | if ( (list != NULL) && (item != NULL) && (index >= 0) ) 273 | rc = list_insert_at_(list, item, index); 274 | 275 | return(rc); 276 | } 277 | 278 | /*-----------------------------[list_insert_at_]------------------------------ 279 | * Recursive insert method 280 | * 281 | * Returns: 282 | * success (0) 283 | * failure (-1) 284 | *----------------------------------------------------------------------------*/ 285 | static int list_insert_at_(List *list, void *item, int index) 286 | { 287 | int rc; 288 | 289 | if ( (list_empty(list)) || (index == 0) ) 290 | rc = list_add(list, item); 291 | else 292 | rc = list_insert_at_(list->cdr, item, index - 1); 293 | 294 | return(rc); 295 | } 296 | 297 | /*-----------------------------[list_remove_first]----------------------------- 298 | * Removes the first item in the list 299 | * 300 | * Paramaters: 301 | * list pointer to a list 302 | * destory 1 = free item, 0 = leave item intact 303 | * 304 | * Returns: 305 | * success (0) 306 | * failure (-1) 307 | *----------------------------------------------------------------------------*/ 308 | int list_remove_first(List *list, int destroy) 309 | { 310 | void *data; 311 | void *node; 312 | 313 | if (list_empty(list)) 314 | return(-1); 315 | 316 | data = list->car; 317 | node = list->cdr; 318 | 319 | list->car = list->cdr->car; 320 | list->cdr = list->cdr->cdr; 321 | 322 | if (destroy) 323 | free(data); 324 | free(node); 325 | 326 | return(0); 327 | } 328 | 329 | 330 | /*--------------------------------[list_remove]-------------------------------- 331 | * Removes the first matching item from the list 332 | * 333 | * Paramaters: 334 | * list pointer to a list 335 | * item item to remove 336 | * comp comparison function in the form: int comp(x, y) 337 | * which returns an integer greater than, equal to, or 338 | * less than 0, if the item x is greater than, equal 339 | * to, or less than item y. 340 | * destory 1 = free item, 0 = leave item intact 341 | * 342 | * Returns: 343 | * success (0) 344 | * failure (-1) 345 | *----------------------------------------------------------------------------*/ 346 | /* erno not used, caused compiler error when moving from C to C++ 347 | int list_remove(List *list, void *item, int (*comp)(), int destroy) 348 | { 349 | List *templist = list; 350 | int rc = -1; 351 | 352 | if ( (list == NULL) || (item == NULL) || (comp == NULL) ) 353 | return(rc); 354 | 355 | while (templist->car != NULL) 356 | { 357 | if ((*comp)(item, templist->car) == 0) 358 | rc = list_remove_first(templist, destroy); 359 | if (templist->cdr != NULL) 360 | templist = templist->cdr; 361 | else 362 | break; 363 | } 364 | 365 | return(rc); 366 | } 367 | */ 368 | 369 | /*------------------------------[list_remove_at]------------------------------ 370 | * Removes the item at the specified index 371 | * 372 | * Paramaters: 373 | * list pointer to a list 374 | * index index of item to remove 375 | * destory 1 = free item, 0 = leave item intact 376 | * 377 | * Returns: 378 | * success (0) 379 | * failure (-1) 380 | *----------------------------------------------------------------------------*/ 381 | int list_remove_at(List *list, int index, int destroy) 382 | { 383 | int rc; 384 | 385 | if (list_empty(list)) 386 | return(-1); 387 | 388 | if (index == 0) 389 | rc = list_remove_first(list, destroy); 390 | else 391 | rc = list_remove_at(list->cdr, index - 1, destroy); 392 | 393 | return(rc); 394 | } 395 | 396 | /*---------------------------------[list_at]---------------------------------- 397 | * Removes the item at the specified index 398 | * 399 | * Paramaters: 400 | * list pointer to a list 401 | * index index of item to return 402 | * 403 | * Returns: 404 | * success pointer to an object 405 | * failure null 406 | *----------------------------------------------------------------------------*/ 407 | void *list_at(List *list, int index) 408 | { 409 | if (list_empty(list)) 410 | return(NULL); 411 | 412 | if (index == 0) 413 | return(list->car); 414 | else 415 | return(list_at(list->cdr, index - 1)); 416 | } 417 | 418 | 419 | /*-------------------------------[list_print_on]------------------------------- 420 | * Print the contents of the list on a stream 421 | * 422 | * Paramaters: 423 | * list pointer to a list 424 | * fp pointer to an open file descriptor 425 | * func print function in the form: void func(FILE*, void*) 426 | * 427 | * Returns: 428 | * success (0) 429 | * failure (-1) 430 | *----------------------------------------------------------------------------*/ 431 | /* erno not used, caused compiler error when moving from C to C++ 432 | int list_print_on(List *list, FILE *fp, void (*func)()) 433 | { 434 | ListIterator *iter; 435 | void *item; 436 | 437 | if ( (fp == NULL) || (func == NULL) | 438 | ((iter = list_iterator(list)) == NULL) ) 439 | return(-1); 440 | 441 | item = list_first(iter); 442 | while (item != NULL) 443 | { 444 | (*func)(fp, item); 445 | item = list_next(iter); 446 | } 447 | 448 | free(iter); 449 | return(0); 450 | } 451 | */ 452 | /*------------------------------[ list_iterator ]----------------------------- 453 | * Inits a new list iterator 454 | * 455 | * Parameters: 456 | * list list to iterate 457 | * 458 | * Returns: 459 | * success pointer to an iterator 460 | * failure null 461 | *----------------------------------------------------------------------------*/ 462 | ListIterator *list_iterator(List *list) 463 | { 464 | ListIterator *iter = NULL; 465 | 466 | if (list != NULL) 467 | { 468 | iter = (ListIterator*)malloc(sizeof(ListIterator)); 469 | iter->list = list; 470 | list_first(iter); 471 | } 472 | 473 | return(iter); 474 | } 475 | 476 | /*-----------------------------[ list_iterator_delete ]------------------------- 477 | * Deletes a list iterator 478 | *----------------------------------------------------------------------------*/ 479 | ListIterator* list_iterator_delete(ListIterator* iterator) 480 | { 481 | free(iterator); 482 | return NULL; 483 | } 484 | 485 | 486 | /*-----------------------------------[ list_first ]--------------------------- 487 | * Returns the first object in the list 488 | * 489 | * Parameters: 490 | * iter pointer to a list iterator 491 | * 492 | * Return value: 493 | * success pointer to an object 494 | * failure null 495 | *----------------------------------------------------------------------------*/ 496 | void *list_first(ListIterator *iter) 497 | { 498 | if (iter == NULL) 499 | return(NULL); 500 | 501 | iter->node = iter->list; 502 | iter->index = 0; 503 | 504 | if (iter->node == NULL) 505 | return(NULL); 506 | 507 | return(iter->node->car); 508 | } 509 | 510 | /*------------------------------------[ list_next ]--------------------------- 511 | * Returns the next object in the list 512 | * 513 | * Parameters: 514 | * iter pointer to a list iterator 515 | * 516 | * Return value: 517 | * success pointer to an object 518 | * failure null 519 | *----------------------------------------------------------------------------*/ 520 | void *list_next(ListIterator *iter) 521 | { 522 | if (iter == NULL) 523 | return(NULL); 524 | 525 | iter->node = iter->node->cdr; 526 | iter->index++; 527 | 528 | if (iter->node == NULL) 529 | return(NULL); 530 | 531 | return(iter->node->car); 532 | } 533 | /*------------------------------[ list_current ]------------------------------ 534 | * Returns the object at the current index 535 | * 536 | * Parameters: 537 | * iter pointer to a list iterator 538 | * 539 | * Return value: 540 | * success pointer to an object 541 | * failure null 542 | *----------------------------------------------------------------------------*/ 543 | void *list_current(ListIterator *iter) 544 | { 545 | if (iter == NULL) 546 | return(NULL); 547 | 548 | return(iter->node->car); 549 | } 550 | 551 | /*-------------------------------[ list_index ]------------------------------- 552 | * Returns the object at the current index 553 | * 554 | * Parameters: 555 | * iter pointer to a list iterator 556 | * 557 | * Return value: 558 | * success current index 559 | * failure (-1) 560 | *----------------------------------------------------------------------------*/ 561 | int list_index(ListIterator *iter) 562 | { 563 | if (iter == NULL) 564 | return(-1); 565 | 566 | return(iter->index); 567 | } 568 | 569 | 570 | /*---------------------------------[list_find]-------------------------------- 571 | * Returns the index of the specified object 572 | * 573 | * Paramaters: 574 | * iter pointer to a list iterator 575 | * item pointer to item to search for 576 | * comp comparison function in the form: int comp(x, y) 577 | * which returns an integer greater than, equal to, or 578 | * less than 0, if the item x is greater than, equal 579 | * to, or less than item y. 580 | * 581 | * Returns: 582 | * success index of the requested item 583 | * failure (-1) 584 | *----------------------------------------------------------------------------*/ 585 | /* erno not used, caused compiler error when moving from C to C++ 586 | int list_find(ListIterator *iter, void *item, int (*comp)()) 587 | { 588 | if ( (iter != NULL) && (item != NULL) && (comp != NULL) ) 589 | { 590 | void *tempitem = list_first(iter); 591 | 592 | while (tempitem != NULL) 593 | { 594 | if ((*comp)(item, tempitem) == 0) 595 | return(iter->index); 596 | else 597 | tempitem = list_next(iter); 598 | } 599 | } 600 | 601 | return(-1); 602 | } 603 | */ 604 | 605 | } //end extern "C" by erno aug04 606 | 607 | -------------------------------------------------------------------------------- /SyslogAgent/list.h: -------------------------------------------------------------------------------- 1 | //extern "C" by erno aug04 2 | extern "C" { 3 | 4 | /*----------------------------------------------------------------------------- 5 | * 6 | * list.h - Dynamic list management package 7 | * 8 | * Copyright (c) 1997-1998, SaberNet.net - All rights reserved 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 23 | * 24 | * $Id: list.h,v 1.10 2002/07/23 06:36:51 jason Exp $ 25 | * 26 | *----------------------------------------------------------------------------*/ 27 | #include 28 | 29 | #ifndef _LIST_H_ 30 | #define _LIST_H_ 31 | 32 | 33 | struct _List 34 | { 35 | void *car; /* pointer to data */ 36 | struct _List *cdr; /* pointer to next node */ 37 | }; 38 | typedef struct _List List; 39 | 40 | 41 | typedef struct 42 | { 43 | List *list; /* pointer to the list */ 44 | List *node; /* current node */ 45 | int index; /* current index */ 46 | 47 | } ListIterator; 48 | 49 | 50 | List* list_new(); 51 | List* list_delete(List* list); 52 | 53 | int list_empty(List *list); 54 | int list_size(List *list); 55 | int list_flush(List *list, int destroy); 56 | int list_add(List *list, void *item); 57 | int list_append(List *list, void *item); 58 | int list_insert(List *list, void *item, int (*comp)()); 59 | int list_insert_at(List *list, void *item, int index); 60 | int list_remove_first(List *list, int destroy); 61 | int list_remove(List *list, void *item, int (*comp)(), int destroy); 62 | int list_remove_at(List *list, int index, int destroy); 63 | void *list_at(List *list, int index); 64 | 65 | int list_print_on(List *list, FILE *fp, void (*func)()); 66 | 67 | 68 | ListIterator* list_iterator(List *list); 69 | ListIterator* list_iterator_delete(ListIterator* iterator); 70 | 71 | void *list_first(ListIterator *iterator); 72 | void *list_next(ListIterator *iterator); 73 | void *list_current(ListIterator *iterator); 74 | int list_index(ListIterator *iterator); 75 | int list_find(ListIterator *iterator, void *item, int (*comp)()); 76 | 77 | #endif 78 | 79 | } //end extern "C" by erno aug04 80 | 81 | -------------------------------------------------------------------------------- /SyslogAgent/ntsl.cpp: -------------------------------------------------------------------------------- 1 | #include "..\Syslogserver\common_stdafx.h" 2 | /*----------------------------------------------------------------------------- 3 | * 4 | * ntsl.c - NTSysLog main 5 | * 6 | * Copyright (c) 1998, SaberNet.net - All rights reserved 7 | * 8 | * This program is free software; you can redistribute it and/or 9 | * modify it under the terms of the GNU General Public License 10 | * as published by the Free Software Foundation; either version 2 11 | * of the License, or (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software 20 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 21 | * 22 | * $Id: ntsl.c,v 1.10 2002/07/23 06:36:51 jason Exp $ 23 | * 24 | * Options: 25 | * _DEBUG - Turns on memory leak detection 26 | * NTSL_STUB - Minimal functions for module testing 27 | * 28 | * Revision history: 29 | * 17-Aug-98 JRR Module completed 30 | * 31 | *----------------------------------------------------------------------------*/ 32 | 33 | //Interface according to C syntax, so it can be called from C 34 | extern "C" { 35 | void AppWatchMain(); 36 | extern void GetOwnIP(); 37 | } 38 | 39 | 40 | 41 | //extern "C" by erno aug04 42 | extern "C" { 43 | 44 | #include 45 | #include 46 | #include 47 | #include 48 | #include 49 | #include 50 | #include 51 | #include 52 | #include "ntsl.h" 53 | #include "service.h" 54 | #include "eventlog.h" 55 | #include "engine.h" 56 | 57 | //Erno 06, introduced strcpy_s et al 58 | #define _CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES 1 59 | 60 | 61 | 62 | /*-------------------------------[ static data ]------------------------------*/ 63 | #define MAX_ERROR_LEN 512 64 | static void ntsl_cron(void *arg); 65 | 66 | extern int hostIsUpdated; 67 | extern volatile bool ReadMoreFromRegistry; 68 | 69 | 70 | /*-----------------------------[ ntsl_log_error ]----------------------------- 71 | * Report error to the event log 72 | *----------------------------------------------------------------------------*/ 73 | void ntsl_log_error(char *format, ...) 74 | { 75 | va_list args; 76 | char s[MAX_ERROR_LEN]; 77 | 78 | va_start(args, format); 79 | _vsnprintf_s(s,MAX_ERROR_LEN, MAX_ERROR_LEN, format, args); 80 | va_end(args); 81 | 82 | s[MAX_ERROR_LEN - 1] = 0; 83 | ntsl_log_msg(EVENTLOG_ERROR_TYPE, s); 84 | } 85 | 86 | /*------------------------------[ ntsl_log_info ]----------------------------- 87 | * Write information message to the event log 88 | *----------------------------------------------------------------------------*/ 89 | void ntsl_log_info(char *format, ...) 90 | { 91 | va_list args; 92 | char s[MAX_ERROR_LEN]; 93 | 94 | va_start(args, format); 95 | _vsnprintf_s(s, MAX_ERROR_LEN,MAX_ERROR_LEN, format, args); 96 | va_end(args); 97 | 98 | s[MAX_ERROR_LEN - 1] = 0; 99 | ntsl_log_msg(EVENTLOG_INFORMATION_TYPE, s); 100 | } 101 | 102 | /*----------------------------[ ntsl_log_warning ]---------------------------- 103 | * Write information message to the event log 104 | *----------------------------------------------------------------------------*/ 105 | void ntsl_log_warning(char *format, ...) 106 | { 107 | va_list args; 108 | char s[MAX_ERROR_LEN]; 109 | 110 | va_start(args, format); 111 | _vsnprintf_s(s,MAX_ERROR_LEN, MAX_ERROR_LEN, format, args); 112 | va_end(args); 113 | 114 | s[MAX_ERROR_LEN - 1] = 0; 115 | ntsl_log_msg(EVENTLOG_WARNING_TYPE, s); 116 | } 117 | 118 | /*------------------------------[ ntsl_log_msg ]----------------------------- 119 | * Write message to the event log 120 | *----------------------------------------------------------------------------*/ 121 | void ntsl_log_msg(uint16 etype, char *format, ...) 122 | { 123 | va_list args; 124 | char s[MAX_ERROR_LEN]; 125 | 126 | va_start(args, format); 127 | _vsnprintf_s(s, MAX_ERROR_LEN, MAX_ERROR_LEN, format, args); 128 | va_end(args); 129 | 130 | s[MAX_ERROR_LEN - 1] = 0; 131 | 132 | 133 | #ifndef _DEBUG 134 | { 135 | HANDLE hEvent = RegisterEventSource(NULL, APP_NAME); 136 | char *strings[2] = { s, NULL }; 137 | 138 | ReportEvent(hEvent, etype, 0, 0, NULL, 1, 0, (LPCSTR*)strings, NULL); 139 | DeregisterEventSource(hEvent); 140 | } 141 | #else 142 | fprintf(stderr, "%s\n", s); 143 | #endif 144 | 145 | DEBUGSERVICE(Message,"ntsl error handler activated, code %u.",etype); 146 | DEBUGSERVICE(Message,s); 147 | } 148 | 149 | 150 | /*--------------------------------[ ntsl_die ]-------------------------------- 151 | * Log error and exit. 152 | *----------------------------------------------------------------------------*/ 153 | void ntsl_die(char *format, ...) 154 | { 155 | va_list args; 156 | char s[MAX_ERROR_LEN]; 157 | 158 | va_start(args, format); 159 | _vsnprintf_s(s, MAX_ERROR_LEN,MAX_ERROR_LEN, format, args); 160 | va_end(args); 161 | 162 | s[MAX_ERROR_LEN - 1] = 0; 163 | ntsl_log_msg(EVENTLOG_ERROR_TYPE, s); 164 | 165 | 166 | #ifndef NTSL_STUB 167 | service_stop(); 168 | #else 169 | exit(1); 170 | #endif 171 | } 172 | 173 | 174 | //#ifdef _DEBUG 175 | #include 176 | //#endif 177 | 178 | /*--------------------------------[ ntsl_nit ]-------------------------------- 179 | * Initialize sybsystems 180 | *----------------------------------------------------------------------------*/ 181 | void ntsl_init() 182 | { 183 | #ifdef _DEBUG 184 | _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE ); 185 | _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDOUT ); 186 | _CrtSetReportMode(_CRT_ERROR, _CRTDBG_MODE_FILE ); 187 | _CrtSetReportFile(_CRT_ERROR, _CRTDBG_FILE_STDOUT ); 188 | _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_FILE ); 189 | _CrtSetReportFile(_CRT_ASSERT, _CRTDBG_FILE_STDOUT ); 190 | #endif 191 | 192 | engine_init(); 193 | eventlog_init(); 194 | } 195 | 196 | 197 | /*--------------------------------[ ntsl_run ]-------------------------------- 198 | * Service event loop 199 | *----------------------------------------------------------------------------*/ 200 | void ntsl_run(bool forwardEvents,int _EventLogPollInterval){ 201 | int i; 202 | int EventLogPollInterval=_EventLogPollInterval; 203 | bool TimeToStop=false; 204 | HANDLE AppWatchThreadId; 205 | //ntsl_log_info(NTSL_INFO_SERVICE, "started"); 206 | 207 | EventLogPollInterval=_EventLogPollInterval; 208 | if (EventLogPollInterval<1) //safety 209 | EventLogPollInterval=1; 210 | 211 | #ifdef _DEBUG 212 | EventLogPollInterval=2; 213 | #endif 214 | 215 | SetPriorityClass( GetCurrentProcess(), BELOW_NORMAL_PRIORITY_CLASS ); 216 | 217 | DEBUGSERVICE(Message,"Lookup own IP."); 218 | GetOwnIP(); 219 | 220 | //Launch point for application logging 221 | //The new thread begins with to start the outputThread - regardless of application settings 222 | 223 | DEBUGSERVICE(Message,"Launching application logging thread."); 224 | AppWatchThreadId=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)&AppWatchMain,0,0,NULL); //Exists if failure 225 | 226 | Sleep(1000); //Let output process get started 227 | 228 | DEBUGSERVICE(Message,"Entering main event log loop - init done in this thread."); 229 | 230 | do 231 | { 232 | 233 | if (TimeToStop) break; 234 | if (forwardEvents) { //The function can be disabled from the gui (and just do application logging) 235 | DEBUGPARSE(Title,"Scanning event logs..."); 236 | 237 | hostIsUpdated=false; 238 | 239 | if (ReadMoreFromRegistry) { //Set in output process to signal continue 240 | eventlog_check_events(); 241 | } 242 | 243 | DEBUGPARSE(Title,"Sleeping...\n"); 244 | } 245 | for (i=0;i 31 | #include "error.h" 32 | #include "safestr.h" 33 | 34 | //Erno 06, introduced strcpy_s et al 35 | #define _CRT_SECURE_CPP_OVERLOAD_SECURE_NAMES 1 36 | 37 | 38 | #define VERSION_MAJOR "3" 39 | #define VERSION_MINOR "6" 40 | #define COPYRIGHT "Copyright (c) 2011, Datagram Consulting, Sweden. GNU licensed." 41 | 42 | #define APP_NAME "Syslog Agent" 43 | #define SERVICE_NAME "Syslog Agent" 44 | #define SERVICE_EXE "SyslogAgent.exe" 45 | 46 | #define DEV_NAME "Datagram\\SyslogAgent" 47 | 48 | #define NTSL_NAME_LEN 32 49 | #define NTSL_DESC_LEN 80 50 | #define NTSL_SYS_LEN 256 51 | #define NTSL_DATE_LEN 16 52 | #define NTSL_EVENT_LEN 1024 53 | #define NTSL_PATH_LEN 1024 54 | #define NTSL_PASSWD_LEN 64 55 | #define NTSL_LOOP_WAIT 500 /* milliseconds to wait for shutdown event */ 56 | #define NTSL_BIAS 150000 /* milliseconds to sleep between scans */ 57 | #define NTSL_LOG_DIR "log" 58 | 59 | /*------------------------[ portable type definitions ]-----------------------*/ 60 | #ifndef uchar 61 | #define uchar UCHAR 62 | #endif 63 | #ifndef uint16 64 | #define uint16 WORD 65 | #endif 66 | #ifndef uint32 67 | #define uint32 DWORD 68 | #endif 69 | #ifndef int16 70 | #define int16 SHORT 71 | #endif 72 | #ifndef int32 73 | #define int32 LONG 74 | #endif 75 | #ifndef int64 76 | #define int64 DWORDLONG 77 | #endif 78 | #ifndef bool 79 | #define bool BOOL 80 | #endif 81 | #ifndef true 82 | #define true TRUE 83 | #endif 84 | #ifndef false 85 | #define false FALSE 86 | #endif 87 | 88 | /*---------------------------------[ globals ]--------------------------------*/ 89 | void ntsl_log_info(char *format, ...); 90 | void ntsl_log_warning(char *format, ...); 91 | void ntsl_log_error(char *format, ...); 92 | void ntsl_log_msg(uint16 etype, char *format, ...); 93 | void ntsl_die(char *format, ...); 94 | int ntsl_check_dir(char *dir, int relative); 95 | void ntsl_init(); 96 | void ntsl_run(bool forwardEvents,int EventLogPollInterval); 97 | void ntsl_shutdown(); 98 | 99 | 100 | /*-------------------------------[ static data ]------------------------------*/ 101 | #define REG_BUFFER_LEN 2048 102 | //#define EVENTLOG_BUFFER_LEN 500*1024 // Used to be 511*1024, with allocation every loop, with comment 'Changed to support .NET'. But i experienced continous small cpu spikes with that size static allocation. Customer has reported error , where error message indicated that at least 131k was needed. 103 | #define EVENTLOG_BUFFER_LEN 50*1024 // Used to be 511*1024, with allocation every loop, with comment 'Changed to support .NET'. But i experienced continous small cpu spikes with that size static allocation. 104 | // docs say 32k is max, but customer has reported error, where error message indicated that at least 131k was needed. 105 | //system calls fail at 512k buffer - too big 106 | #define MAX_LOG_NAME_LEN 256 107 | #define MAX_MSG_STRINGS 100 // FormatMessage(): %n = {1..99} 108 | #define LAST_RUN_REG "LastRun" 109 | #define LOOKUPACCOUNTSID "LookupAccountSID" 110 | #define CARRIGERETURNREPLACEMENTCHARINASCII "CarrigeReturnReplacementCharInASCII" 111 | #define LINEFEEDRETURNREPLACEMENTCHARINASCII "LineFeedReplacementCharInASCII" 112 | #define TABREPLACEMENTCHARINASCII "TabReplacementCharInASCII" 113 | 114 | #define EVENTLOG_NO_FLAGS 0x0 115 | #define EVENTLOG_SUCCESS_FLAG 0x20 //Value in Windows as actually zero. But zero does not work well as flag for filtering. 116 | #define EVENTLOG_INFORMATION_FLAG 0x1 117 | #define EVENTLOG_WARNING_FLAG 0x2 118 | #define EVENTLOG_ERROR_FLAG 0x4 119 | #define EVENTLOG_AUDIT_SUCCESS_FLAG 0x8 120 | #define EVENTLOG_AUDIT_FAILURE_FLAG 0x10 121 | 122 | #define EVENTLOG_DEFAULT_PRIORITY 9 // Default to user.alert 123 | 124 | #define SYSLOG_NAME "syslog" 125 | #define SYSLOG_REG_KEY_0 "Syslog" 126 | #define SYSLOG_REG_KEY_1 "Syslog1" 127 | 128 | //Network settings (move into registry/gui one day?) 129 | #define ippingtimeout 3000 130 | #define PingInterval 20 131 | #define TCPResetPeriod 60 132 | #define NetworkTimeout 3 //Seconds connect timeout 133 | 134 | #define MAXLOADEDLIBRARIES 50 135 | #define MAXLOADEDSIDS 50 136 | 137 | //RFC3164 messages 138 | //Not defined in common_Syslogproject since syslogagent is c, not cpp. 139 | #define Emergency 0 140 | #define Alert 1 141 | #define Critical 2 142 | #define Error 3 143 | #define Warning 4 144 | #define Notice 5 145 | #define Informational 6 146 | #define Debug 7 147 | 148 | 149 | 150 | 151 | #endif 152 | 153 | } //end extern "C" by erno aug04 154 | 155 | -------------------------------------------------------------------------------- /SyslogAgent/ntsyslog.rc: -------------------------------------------------------------------------------- 1 | // Microsoft Visual C++ generated resource script. 2 | // 3 | #include "resource.h" 4 | 5 | #define APSTUDIO_READONLY_SYMBOLS 6 | ///////////////////////////////////////////////////////////////////////////// 7 | // 8 | // Generated from the TEXTINCLUDE 2 resource. 9 | // 10 | #include "afxres.h" 11 | 12 | ///////////////////////////////////////////////////////////////////////////// 13 | #undef APSTUDIO_READONLY_SYMBOLS 14 | 15 | ///////////////////////////////////////////////////////////////////////////// 16 | // English (U.S.) resources 17 | 18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) 19 | #ifdef _WIN32 20 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US 21 | #pragma code_page(1252) 22 | #endif //_WIN32 23 | 24 | #ifdef APSTUDIO_INVOKED 25 | ///////////////////////////////////////////////////////////////////////////// 26 | // 27 | // TEXTINCLUDE 28 | // 29 | 30 | 1 TEXTINCLUDE 31 | BEGIN 32 | "resource.h\0" 33 | END 34 | 35 | 2 TEXTINCLUDE 36 | BEGIN 37 | "#include ""afxres.h""\r\n" 38 | "\0" 39 | END 40 | 41 | 3 TEXTINCLUDE 42 | BEGIN 43 | "\r\n" 44 | "\0" 45 | END 46 | 47 | #endif // APSTUDIO_INVOKED 48 | 49 | #endif // English (U.S.) resources 50 | ///////////////////////////////////////////////////////////////////////////// 51 | 52 | 53 | ///////////////////////////////////////////////////////////////////////////// 54 | // Swedish resources 55 | 56 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE) 57 | #ifdef _WIN32 58 | LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT 59 | #pragma code_page(1252) 60 | #endif //_WIN32 61 | 62 | ///////////////////////////////////////////////////////////////////////////// 63 | // 64 | // Version 65 | // 66 | 67 | VS_VERSION_INFO VERSIONINFO 68 | FILEVERSION 3,6,0,0 69 | PRODUCTVERSION 3,6,0,0 70 | FILEFLAGSMASK 0x17L 71 | #ifdef _DEBUG 72 | FILEFLAGS 0x1L 73 | #else 74 | FILEFLAGS 0x0L 75 | #endif 76 | FILEOS 0x4L 77 | FILETYPE 0x1L 78 | FILESUBTYPE 0x0L 79 | BEGIN 80 | BLOCK "StringFileInfo" 81 | BEGIN 82 | BLOCK "040904b0" 83 | BEGIN 84 | VALUE "CompanyName", "Datagram Consulting" 85 | VALUE "FileDescription", "SyslogAgent" 86 | VALUE "FileVersion", "3, 6, 0, 0" 87 | VALUE "InternalName", "Syslogag" 88 | VALUE "OriginalFilename", "SyslogAgent.exe" 89 | VALUE "ProductName", "SyslogAgent" 90 | VALUE "ProductVersion", "3, 6, 0, 0" 91 | END 92 | END 93 | BLOCK "VarFileInfo" 94 | BEGIN 95 | VALUE "Translation", 0x409, 1200 96 | END 97 | END 98 | 99 | #endif // Swedish resources 100 | ///////////////////////////////////////////////////////////////////////////// 101 | 102 | 103 | 104 | #ifndef APSTUDIO_INVOKED 105 | ///////////////////////////////////////////////////////////////////////////// 106 | // 107 | // Generated from the TEXTINCLUDE 3 resource. 108 | // 109 | 110 | 111 | ///////////////////////////////////////////////////////////////////////////// 112 | #endif // not APSTUDIO_INVOKED 113 | 114 | -------------------------------------------------------------------------------- /SyslogAgent/output.h: -------------------------------------------------------------------------------- 1 | #include "appWatch.h" 2 | 3 | 4 | void outputMain(applSettings *SettingsPtr); 5 | void insertIntoOutputQueue(void *mess); 6 | 7 | //Internal, support function 8 | void LoggerInsertIntoOutputQueue(void *mess); 9 | 10 | -------------------------------------------------------------------------------- /SyslogAgent/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Developer Studio generated include file. 3 | // Used by ntsyslog.rc 4 | // 5 | #define IDR_APPLICATION 128 6 | 7 | // Next default values for new objects 8 | // 9 | #ifdef APSTUDIO_INVOKED 10 | #ifndef APSTUDIO_READONLY_SYMBOLS 11 | #define _APS_NEXT_RESOURCE_VALUE 102 12 | #define _APS_NEXT_COMMAND_VALUE 40001 13 | #define _APS_NEXT_CONTROL_VALUE 1000 14 | #define _APS_NEXT_SYMED_VALUE 101 15 | #endif 16 | #endif 17 | -------------------------------------------------------------------------------- /SyslogAgent/safestr.cpp: -------------------------------------------------------------------------------- 1 | #include "..\Syslogserver\common_stdafx.h" 2 | //extern "C" by erno aug04 3 | extern "C" { 4 | 5 | /*----------------------------------------------------------------------------- 6 | * 7 | * safestr.c - Safe string functions 8 | * 9 | * Copyright (c) 1998, SaberNet.net - All rights reserved 10 | * 11 | * This program is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU General Public License 13 | * as published by the Free Software Foundation; either version 2 14 | * of the License, or (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 24 | * 25 | * $Id: safestr.c,v 1.9 2002/06/27 21:05:44 jason Exp $ 26 | * 27 | * Revision history: 28 | * 11-Sep-98 JRR Module completed 29 | * 30 | *----------------------------------------------------------------------------*/ 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | /*-------------------------------[ _snprintf0 ]------------------------------- 37 | * Write formatted data to a string. A null character is always appended 38 | * to the end of the buffer. 39 | * 40 | * Returns 41 | * success number of characters written 42 | * failure negative value 43 | *----------------------------------------------------------------------------*/ 44 | /*int _snprintf0(char *buffer, size_t count, const char *format, ...) 45 | { 46 | va_list args; 47 | size_t rc; 48 | 49 | if ( (buffer == NULL) || (format == NULL) || (count < 0) ) 50 | return(-1); 51 | 52 | va_start(args, format); 53 | rc = _vsnprintf_s(buffer, count,count, format, args); 54 | va_end(args); 55 | 56 | buffer[count - 1] = 0; 57 | if (rc == count) 58 | rc--; 59 | 60 | return(rc); 61 | } 62 | */ 63 | 64 | /*--------------------------------[ strncpy0 ]-------------------------------- 65 | * Copy characters of one string to another. A null character is always 66 | * appended to the copied string. 67 | * 68 | * Returns 69 | * success pointer to copied string 70 | * failure null 71 | *----------------------------------------------------------------------------*/ 72 | /*char *strncpy0(char *strDest, const char *strSource, size_t count) 73 | { 74 | if ( (strDest == NULL) || (strSource == NULL) || (count < 0) ) 75 | return(NULL); 76 | 77 | strncpy_s(strDest, count,strSource, count); 78 | strDest[count - 1] = 0; 79 | 80 | return(strDest); 81 | } 82 | */ 83 | 84 | /*---------------------------------[ malloc0 ]--------------------------------- 85 | * Allocate memory blocks - initialize to 0 86 | * 87 | * Parameters: 88 | * size number of bytes to allocate 89 | * 90 | * Return value: 91 | * success pointer to memory block 92 | * failure null pointer 93 | *----------------------------------------------------------------------------*/ 94 | void *malloc0(size_t size) 95 | { 96 | void *rc = NULL; 97 | 98 | if (size > 0) 99 | { 100 | rc = malloc(size); 101 | if (rc != NULL) 102 | memset(rc, 0, size); 103 | } 104 | 105 | return(rc); 106 | } 107 | 108 | } //end extern "C" by erno aug04 109 | 110 | -------------------------------------------------------------------------------- /SyslogAgent/safestr.h: -------------------------------------------------------------------------------- 1 | //extern "C" by erno aug04 2 | extern "C" { 3 | 4 | /*----------------------------------------------------------------------------- 5 | * 6 | * safestr.h - Safe string functions 7 | * 8 | * Copyright (c) 1998, SaberNet.net - All rights reserved 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 23 | * 24 | * $Id: safestr.h,v 1.9 2002/06/27 21:05:44 jason Exp $ 25 | * 26 | *----------------------------------------------------------------------------*/ 27 | 28 | //not needed with _s functions int _snprintf0(char *buffer, size_t count, const char *format, ...); 29 | 30 | //not needed with _s functions char *strncpy0(char *strDest, const char *strSource, size_t count); 31 | 32 | void *malloc0(size_t size); 33 | 34 | } //end extern "C" by erno aug04 35 | 36 | -------------------------------------------------------------------------------- /SyslogAgent/service.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/service.cpp -------------------------------------------------------------------------------- /SyslogAgent/service.h: -------------------------------------------------------------------------------- 1 | /*----------------------------------------------------------------------------- 2 | * 3 | * service.h - NT Service module 4 | * 5 | * Copyright (c) 1998, SaberNet.net - All rights reserved 6 | * 7 | * This program is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU General Public License 9 | * as published by the Free Software Foundation; either version 2 10 | * of the License, or (at your option) any later version. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 20 | * 21 | * $Id: service.h,v 1.9 2002/06/27 21:05:44 jason Exp $ 22 | * 23 | *----------------------------------------------------------------------------*/ 24 | 25 | #ifndef _ERNOSRV_H_ 26 | #define _ERNOSRV_H_ 27 | 28 | 29 | void service_start(int argc, char **argv); 30 | 31 | void service_stop(); 32 | void service_stop_with_error(DWORD errorCode, LPTSTR comment); 33 | 34 | int service_halting(); 35 | 36 | 37 | typedef struct { 38 | char DebugFilePath[256]; 39 | char DebugDumpFilePath[256]; 40 | char DebugOldDumpFilePath[256]; 41 | bool Debugging; 42 | bool Debug_Service; 43 | int DebugServiceIndentation; 44 | bool Debug_Parse; 45 | int DebugParseIndentation; 46 | bool Debug_Appl; 47 | int DebugApplIndentation; 48 | bool Debug_Logger; 49 | int DebugLoggerIndentation; 50 | } DebugFlagsDef; 51 | 52 | //Debug indentation 53 | #define EndHeader 1 54 | #define Header 2 55 | #define Title 3 56 | #define Message 4 57 | 58 | void DEBUGSERVICE(int indentLevel,char *a,...); 59 | void DEBUGPARSE(int indentLevel,char *a,...); 60 | void DEBUGAPPLPARSE(int indentLevel,char *a,...); 61 | void DEBUGLOGGER(int indentLevel,char *a,...); 62 | 63 | #endif -------------------------------------------------------------------------------- /SyslogAgent/zlibstat.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgent/zlibstat.lib -------------------------------------------------------------------------------- /SyslogAgentConfig/ConfAppl.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "afxwin.h" 3 | #include "afxcmn.h" 4 | 5 | 6 | // CConfAppl dialog 7 | 8 | class CConfAppl : public CDialog 9 | { 10 | DECLARE_DYNAMIC(CConfAppl) 11 | 12 | public: 13 | CConfAppl(CWnd* pParent = NULL); // standard constructor 14 | virtual ~CConfAppl(); 15 | 16 | // Dialog Data 17 | enum { IDD = IDD_CONFAPPL }; 18 | 19 | protected: 20 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 21 | virtual BOOL OnInitDialog(); 22 | DECLARE_MESSAGE_MAP() 23 | public: 24 | afx_msg void OnBnClickedOk(); 25 | CEdit m_ApplicationName; 26 | CEdit m_Path; 27 | CEdit m_File_Extension; 28 | CButton ParseDate; 29 | CButton ParseHost; 30 | CButton ParseSeverity; 31 | CComboBox SeverityLevel; 32 | CButton ParseProcess; 33 | CEdit ProcessName; 34 | CComboBox Facility; 35 | CButton ignorePrefixLines; 36 | CEdit prefix; 37 | CButton ignoreFirstLines; 38 | CEdit NbrIgnoreLines; 39 | CString m_initString; //Used to send the application name to this instance 40 | afx_msg void OnCbnSelchangeTest(); 41 | int SetupDialog(CString ApplicationName); 42 | private: 43 | int ReadSettings(void); 44 | void Browse(CEdit*); 45 | public: 46 | afx_msg void OnBnClickedBrowse(); 47 | afx_msg void OnBnClickedUsePrefix(); 48 | afx_msg void OnBnClickedUseIgnoreLines(); 49 | afx_msg void OnBnClickedParseProcess(); 50 | afx_msg void OnBnClickedParseSeverity(); 51 | afx_msg void OnBnClickedRadioDir(); 52 | afx_msg void OnBnClickedRadioFile(); 53 | afx_msg void OnBnClickedBrowse2(); 54 | CButton radioButtonDir; 55 | CEdit m_fileName; 56 | CButton radioButtonFile; 57 | int m_radio; 58 | afx_msg void OnBnClickedBrowseRotate1(); 59 | afx_msg void OnBnClickedBrowseRotate2(); 60 | CEdit m_rotate_file; 61 | CEdit m_rotated_file; 62 | afx_msg void OnBnClickedRadioRotateFile(); 63 | afx_msg void OnBnClickedSuggestsettings(); 64 | CButton Unicode; 65 | }; 66 | -------------------------------------------------------------------------------- /SyslogAgentConfig/ConfigLogging.h: -------------------------------------------------------------------------------- 1 | #if !defined(AFX_CONFIGLOGGING_H__F78FB47C_8919_44F7_94EC_BE51A0D702AD__INCLUDED_) 2 | #define AFX_CONFIGLOGGING_H__F78FB47C_8919_44F7_94EC_BE51A0D702AD__INCLUDED_ 3 | 4 | #if _MSC_VER > 1000 5 | #pragma once 6 | #endif // _MSC_VER > 1000 7 | // ConfigLogging.h : header file 8 | // 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // CConfigLogging dialog 12 | 13 | class CConfigLogging : public CDialog 14 | { 15 | // Construction 16 | public: 17 | CConfigLogging(CWnd* pParent = NULL); // standard constructor 18 | 19 | // Dialog Data 20 | //{{AFX_DATA(CConfigLogging) 21 | enum { IDD = IDD_CONFIG_LOG }; 22 | // NOTE: the ClassWizard will add data members here 23 | //}}AFX_DATA 24 | void SetupDialog(CString selection, 25 | LPCTSTR lpstrComputer = NULL, UINT defaultChecks = DEFAULT_CHECKS); 26 | 27 | // Overrides 28 | // ClassWizard generated virtual function overrides 29 | //{{AFX_VIRTUAL(CConfigLogging) 30 | protected: 31 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 32 | //}}AFX_VIRTUAL 33 | 34 | // Implementation 35 | protected: 36 | CString m_csComputer; 37 | CString m_idTitle; 38 | CString m_idRegpath; 39 | UINT m_uDefaultChecks; 40 | 41 | UINT m_uCurrentState; 42 | UINT m_uInfoPriority; 43 | UINT m_uSuccessPriority; 44 | UINT m_uWarningPriority; 45 | UINT m_uErrorPriority; 46 | UINT m_uAuditSuccessPriority; 47 | UINT m_uAuditFailurePriority; 48 | 49 | BOOL IsModified(); 50 | UINT PriorityFromDialog(int facilityId, int severityId); 51 | void SetDialogFromPriority(int facilityId, int severityId, UINT priority); 52 | 53 | // Generated message map functions 54 | //{{AFX_MSG(CConfigLogging) 55 | virtual BOOL OnInitDialog(); 56 | virtual void OnOK(); 57 | virtual void OnCancel(); 58 | afx_msg void OnDefaults(); 59 | //}}AFX_MSG 60 | DECLARE_MESSAGE_MAP() 61 | }; 62 | 63 | 64 | 65 | //{{AFX_INSERT_LOCATION}} 66 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 67 | 68 | #endif // !defined(AFX_CONFIGLOGGING_H__F78FB47C_8919_44F7_94EC_BE51A0D702AD__INCLUDED_) 69 | -------------------------------------------------------------------------------- /SyslogAgentConfig/LICENSE.txt: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 5 | 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Library General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License 307 | along with this program; if not, write to the Free Software 308 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 309 | 310 | 311 | Also add information on how to contact you by electronic and paper mail. 312 | 313 | If the program is interactive, make it output a short notice like this 314 | when it starts in an interactive mode: 315 | 316 | Gnomovision version 69, Copyright (C) year name of author 317 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 318 | This is free software, and you are welcome to redistribute it 319 | under certain conditions; type `show c' for details. 320 | 321 | The hypothetical commands `show w' and `show c' should show the appropriate 322 | parts of the General Public License. Of course, the commands you use may 323 | be called something other than `show w' and `show c'; they could even be 324 | mouse-clicks or menu items--whatever suits your program. 325 | 326 | You should also get your employer (if you work as a programmer) or your 327 | school, if any, to sign a "copyright disclaimer" for the program, if 328 | necessary. Here is a sample; alter the names: 329 | 330 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 331 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 332 | 333 | , 1 April 1989 334 | Ty Coon, President of Vice 335 | 336 | This General Public License does not permit incorporating your program into 337 | proprietary programs. If your program is a subroutine library, you may 338 | consider it more useful to permit linking proprietary applications with the 339 | library. If this is what you want to do, use the GNU Library General 340 | Public License instead of this License. 341 | -------------------------------------------------------------------------------- /SyslogAgentConfig/NTService_msg.h: -------------------------------------------------------------------------------- 1 | // 2 | // Values are 32 bit values layed out as follows: 3 | // 4 | // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 5 | // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 6 | // +---+-+-+-----------------------+-------------------------------+ 7 | // |Sev|C|R| Facility | Code | 8 | // +---+-+-+-----------------------+-------------------------------+ 9 | // 10 | // where 11 | // 12 | // Sev - is the severity code 13 | // 14 | // 00 - Success 15 | // 01 - Informational 16 | // 10 - Warning 17 | // 11 - Error 18 | // 19 | // C - is the Customer code flag 20 | // 21 | // R - is a reserved bit 22 | // 23 | // Facility - is the facility code 24 | // 25 | // Code - is the facility's status code 26 | // 27 | // 28 | // Define the facility codes 29 | // 30 | 31 | 32 | // 33 | // Define the severity codes 34 | // 35 | 36 | 37 | // 38 | // MessageId: CNTS_MSG_SERVICE_INSTALLED 39 | // 40 | // MessageText: 41 | // 42 | // "%1" was successfully installed. 43 | // 44 | #define CNTS_MSG_SERVICE_INSTALLED 0x40000001L 45 | 46 | // 47 | // MessageId: CNTS_MSG_SERVICE_UNINSTALLED 48 | // 49 | // MessageText: 50 | // 51 | // "%1" was successfully uninstalled. 52 | // 53 | #define CNTS_MSG_SERVICE_UNINSTALLED 0x40000002L 54 | 55 | // 56 | // MessageId: CNTS_MSG_SERVICE_STARTED 57 | // 58 | // MessageText: 59 | // 60 | // "%1" started successfully. 61 | // 62 | #define CNTS_MSG_SERVICE_STARTED 0x40000003L 63 | 64 | // 65 | // MessageId: CNTS_MSG_SERVICE_STOPPED 66 | // 67 | // MessageText: 68 | // 69 | // "%1" stopped successfully. 70 | // 71 | #define CNTS_MSG_SERVICE_STOPPED 0x40000004L 72 | 73 | // 74 | // MessageId: CNTS_MSG_SERVICE_PAUSED 75 | // 76 | // MessageText: 77 | // 78 | // "%1" paused successfully. 79 | // 80 | #define CNTS_MSG_SERVICE_PAUSED 0x40000005L 81 | 82 | // 83 | // MessageId: CNTS_MSG_SERVICE_CONTINUED 84 | // 85 | // MessageText: 86 | // 87 | // "%1" continued successfully. 88 | // 89 | #define CNTS_MSG_SERVICE_CONTINUED 0x40000006L 90 | 91 | // 92 | // MessageId: CNTS_MSG_SERVICE_SHUTDOWN 93 | // 94 | // MessageText: 95 | // 96 | // "%1" was successfully shutdown. 97 | // 98 | #define CNTS_MSG_SERVICE_SHUTDOWN 0x40000007L 99 | 100 | // 101 | // MessageId: CNTS_MSG_SERVICE_FAIL_CONNECT_SCM 102 | // 103 | // MessageText: 104 | // 105 | // Failed to connect to the Service Control Manager, ErrorCode:%1. 106 | // 107 | #define CNTS_MSG_SERVICE_FAIL_CONNECT_SCM 0xC0000008L 108 | 109 | // 110 | // MessageId: CNTS_MSG_SERVICE_FAIL_OPEN_SERVICE 111 | // 112 | // MessageText: 113 | // 114 | // Failed to open the service, ErrorCode:%1. 115 | // 116 | #define CNTS_MSG_SERVICE_FAIL_OPEN_SERVICE 0xC0000009L 117 | 118 | // 119 | // MessageId: CNTS_MSG_SERVICE_FAIL_DELETE_SERVICE 120 | // 121 | // MessageText: 122 | // 123 | // Failed to delete the service, ErrorCode:%1. 124 | // 125 | #define CNTS_MSG_SERVICE_FAIL_DELETE_SERVICE 0xC000000AL 126 | 127 | // 128 | // MessageId: CNTS_MSG_SERVICE_GENERIC_ERROR 129 | // 130 | // MessageText: 131 | // 132 | // "%1" encouter a fatal error: "%2". 133 | // 134 | #define CNTS_MSG_SERVICE_GENERIC_ERROR 0xC000000BL 135 | 136 | -------------------------------------------------------------------------------- /SyslogAgentConfig/NTSyslogCtrl.aps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/NTSyslogCtrl.aps -------------------------------------------------------------------------------- /SyslogAgentConfig/NTSyslogCtrl.cpp: -------------------------------------------------------------------------------- 1 | // NTSyslogCtrl.cpp : Defines the class behaviors for the application. 2 | // 3 | 4 | #include "..\Syslogserver\common_stdafx.h" 5 | //#include "stdafx.h" 6 | #include "NTSyslogCtrl.h" 7 | #include "NTSyslogCtrlDlg.h" 8 | 9 | #ifdef _DEBUG 10 | #define new DEBUG_NEW 11 | #undef THIS_FILE 12 | static char THIS_FILE[] = __FILE__; 13 | #endif 14 | 15 | ///////////////////////////////////////////////////////////////////////////// 16 | // CNTSyslogCtrlApp 17 | 18 | BEGIN_MESSAGE_MAP(CNTSyslogCtrlApp, CWinApp) 19 | //{{AFX_MSG_MAP(CNTSyslogCtrlApp) 20 | // NOTE - the ClassWizard will add and remove mapping macros here. 21 | // DO NOT EDIT what you see in these blocks of generated code! 22 | //}}AFX_MSG 23 | ON_COMMAND(ID_HELP, CWinApp::OnHelp) 24 | END_MESSAGE_MAP() 25 | 26 | ///////////////////////////////////////////////////////////////////////////// 27 | // CNTSyslogCtrlApp construction 28 | 29 | CNTSyslogCtrlApp::CNTSyslogCtrlApp(){ 30 | // Add construction code here, 31 | // Place all significant initialization in InitInstance 32 | } 33 | 34 | ///////////////////////////////////////////////////////////////////////////// 35 | // The one and only CNTSyslogCtrlApp object 36 | 37 | CNTSyslogCtrlApp theApp; 38 | 39 | ///////////////////////////////////////////////////////////////////////////// 40 | // CNTSyslogCtrlApp initialization 41 | 42 | BOOL CNTSyslogCtrlApp::InitInstance(){ 43 | // Standard initialization 44 | // If you are not using these features and wish to reduce the size 45 | // of your final executable, you should remove from the following 46 | // the specific initialization routines you do not need. 47 | 48 | //ifdef _AFXDLL 49 | // Enable3dControls(); // Call this when using MFC in a shared DLL 50 | //else 51 | // Enable3dControlsStatic(); // Call this when linking to MFC statically 52 | //endif 53 | 54 | CNTSyslogCtrlDlg dlg; 55 | m_pMainWnd = &dlg; 56 | int nResponse = dlg.DoModal(); 57 | if (nResponse == IDOK){ 58 | // Place code here to handle when the dialog is dismissed with OK 59 | } 60 | else if (nResponse == IDCANCEL){ 61 | // Place code here to handle when the dialog is dismissed with Cancel 62 | } 63 | 64 | // Since the dialog has been closed, return FALSE so that we exit the 65 | // application, rather than start the application's message pump. 66 | return FALSE; 67 | } 68 | -------------------------------------------------------------------------------- /SyslogAgentConfig/NTSyslogCtrl.h: -------------------------------------------------------------------------------- 1 | // NTSyslogCtrl.h : main header file for the NTSYSLOGCTRL application 2 | // 3 | 4 | #if !defined(AFX_NTSYSLOGCTRL_H__9FB33EE5_E0E8_11D5_B306_0040055338AF__INCLUDED_) 5 | #define AFX_NTSYSLOGCTRL_H__9FB33EE5_E0E8_11D5_B306_0040055338AF__INCLUDED_ 6 | 7 | #if _MSC_VER > 1000 8 | #pragma once 9 | #endif // _MSC_VER > 1000 10 | 11 | #ifndef __AFXWIN_H__ 12 | #error include 'stdafx.h' before including this file for PCH 13 | #endif 14 | 15 | #include "resource.h" // main symbols 16 | 17 | #define CHECK_NOT_ENABLED 0 18 | #define CHECK_INFORMATION 1 19 | #define CHECK_SUCCESS 32 //In windows EVENTLOG_SUCCESS is zero, but that works out bad for filtering purposes. Bastard solution. 20 | #define CHECK_WARNING 2 21 | #define CHECK_ERROR 4 22 | #define CHECK_AUDIT_SUCCESS 8 23 | #define CHECK_AUDIT_FAILURE 16 24 | 25 | #define DEFAULT_CHECKS (CHECK_WARNING + CHECK_ERROR + CHECK_AUDIT_FAILURE) 26 | #define ALL_CHECKS (CHECK_INFORMATION + CHECK_WARNING + CHECK_SUCCESS + CHECK_ERROR \ 27 | + CHECK_AUDIT_SUCCESS + CHECK_AUDIT_FAILURE) 28 | 29 | #define DEFAULT_PRIORITY 9 30 | 31 | //erno Many defines in registrySettings.h! 32 | 33 | 34 | //void __cdecl initRegistry(char * SyslogAddress); 35 | extern "C" { 36 | void __cdecl initRegistry(char * SyslogAddress); 37 | } 38 | 39 | 40 | ///////////////////////////////////////////////////////////////////////////// 41 | // CNTSyslogCtrlApp: 42 | // See NTSyslogCtrl.cpp for the implementation of this class 43 | // 44 | 45 | class CNTSyslogCtrlApp : public CWinApp 46 | { 47 | public: 48 | CNTSyslogCtrlApp(); 49 | 50 | // Overrides 51 | // ClassWizard generated virtual function overrides 52 | //{{AFX_VIRTUAL(CNTSyslogCtrlApp) 53 | public: 54 | virtual BOOL InitInstance(); 55 | //}}AFX_VIRTUAL 56 | 57 | // Implementation 58 | 59 | //{{AFX_MSG(CNTSyslogCtrlApp) 60 | // NOTE - the ClassWizard will add and remove member functions here. 61 | // DO NOT EDIT what you see in these blocks of generated code ! 62 | //}}AFX_MSG 63 | DECLARE_MESSAGE_MAP() 64 | }; 65 | 66 | 67 | ///////////////////////////////////////////////////////////////////////////// 68 | 69 | //{{AFX_INSERT_LOCATION}} 70 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 71 | 72 | #endif // !defined(AFX_NTSYSLOGCTRL_H__9FB33EE5_E0E8_11D5_B306_0040055338AF__INCLUDED_) 73 | -------------------------------------------------------------------------------- /SyslogAgentConfig/NTSyslogCtrlDlg.h: -------------------------------------------------------------------------------- 1 | // NTSyslogCtrlDlg.h : header file 2 | // 3 | 4 | #include "afxwin.h" 5 | #if !defined(AFX_NTSYSLOGCTRLDLG_H__9FB33EE7_E0E8_11D5_B306_0040055338AF__INCLUDED_) 6 | #define AFX_NTSYSLOGCTRLDLG_H__9FB33EE7_E0E8_11D5_B306_0040055338AF__INCLUDED_ 7 | 8 | #if _MSC_VER > 1000 9 | #pragma once 10 | #endif // _MSC_VER > 1000 11 | 12 | #define COMPUTERS_SECTION _T( "Computers") 13 | #define LAST_COMPUTER_ENTRY _T( "Last") 14 | 15 | #define SYSLOG_AGENT_NAME _T( "SyslogAgent.exe") 16 | 17 | ///////////////////////////////////////////////////////////////////////////// 18 | // CNTSyslogCtrlDlg dialog 19 | 20 | class CNTSyslogCtrlDlg : public CDialog 21 | { 22 | // Construction 23 | public: 24 | CNTSyslogCtrlDlg(CWnd* pParent = NULL); // standard constructor 25 | void OnAppAbout(); 26 | // Dialog Data 27 | //{{AFX_DATA(CNTSyslogCtrlDlg) 28 | enum { IDD = IDD_NTSYSLOGCTRL_DIALOG }; 29 | CStatic m_StatusIcon; 30 | //}}AFX_DATA 31 | 32 | // ClassWizard generated virtual function overrides 33 | //{{AFX_VIRTUAL(CNTSyslogCtrlDlg) 34 | protected: 35 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 36 | //}}AFX_VIRTUAL 37 | 38 | // Implementation 39 | protected: 40 | void SetComputerName(); 41 | 42 | //added to reduce redundant coding 43 | void SetMainDialogControls(int _i_); 44 | void ReadMachineEventLogSettings(int good_query); 45 | CStringArray m_csaEventlogSelect; 46 | DWORD m_csaEventlogSelectSize; 47 | 48 | BOOL DisplayStatus( UINT nIconID, DWORD dwServiceState = 0); 49 | BOOL QueryServiceStatus(); 50 | HICON m_hIcon; 51 | CString m_csComputer; 52 | 53 | CString reg_primary; 54 | CString reg_secondary; 55 | 56 | bool m_deliveryMode; //0=udp, 1=tcp 57 | bool m_usePing; //Require m_deliveryMode==0 for impact 58 | int reg_Port,reg_Port2; 59 | 60 | CString reg_FilterArray; 61 | 62 | bool m_RestartServiceQuestionPlanned; 63 | 64 | UINT_PTR daTimer; 65 | 66 | // Generated message map functions 67 | //{{AFX_MSG(CNTSyslogCtrlDlg) 68 | virtual BOOL OnInitDialog(); 69 | afx_msg void OnSysCommand(UINT nID, LPARAM lParam); 70 | afx_msg void OnPaint(); 71 | afx_msg HCURSOR OnQueryDragIcon(); 72 | afx_msg void OnSelectComputer(); 73 | afx_msg void OnTimer(UINT_PTR nIDEvent); 74 | //afx_msg void OnSyslogd(); 75 | afx_msg void OnEventLog(); 76 | afx_msg void OnStartService(); 77 | afx_msg void OnStopService(); 78 | //}}AFX_MSG 79 | DECLARE_MESSAGE_MAP() 80 | public: 81 | afx_msg void OnBnClickedInstall(); 82 | afx_msg void OnBnClickedHelp(); 83 | afx_msg void OnBnClickedForwardEvents(); 84 | afx_msg void logger(int severity, char *text,...); 85 | 86 | afx_msg void OnBnClickedForwardApplication(); 87 | afx_msg void OnBnClickedAddApplication(); 88 | afx_msg void OnBnClickedUseping(); 89 | CListBox m_ApplicationList; 90 | afx_msg void OnLbnSelchangeApplicationList(); 91 | void UpdateApplicationList(void); 92 | afx_msg void OnBnClickedRemoveapplication(); 93 | afx_msg void OnBnClickedEditApplication(); 94 | LRESULT OnHelpCommand(WPARAM wParam, LRESULT lParam); 95 | private: 96 | void CheckRestartService(void); 97 | public: 98 | afx_msg void OnBnClickedCancel(); 99 | afx_msg void OnBnClickedDelLogFiles(); 100 | afx_msg void OnBnClickedDir(); 101 | afx_msg void OnEnChangeFilterarray(); 102 | afx_msg void OnBnClickedUseMirror(); 103 | afx_msg void OnBnClickedRadioUdp(); 104 | afx_msg void OnBnClickedRadioUdpPing(); 105 | afx_msg void OnBnClickedRadioTcp(); 106 | }; 107 | 108 | //////////////////////////////////////////////////////////////////////////////// 109 | //The following were removed from protected in class CNTSyslogCtrlDlg : public CDialog 110 | /* 111 | 112 | afx_msg void OnApplicaions(); 113 | afx_msg void OnSecurity(); 114 | afx_msg void OnSystem(); 115 | 116 | */ 117 | 118 | 119 | //{{AFX_INSERT_LOCATION}} 120 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 121 | 122 | #endif // !defined(AFX_NTSYSLOGCTRLDLG_H__9FB33EE7_E0E8_11D5_B306_0040055338AF__INCLUDED_) 123 | -------------------------------------------------------------------------------- /SyslogAgentConfig/StdAfx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // NTSyslogCtrl.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "..\Syslogserver\common_stdafx.h" 6 | //#include "stdafx.h" 7 | -------------------------------------------------------------------------------- /SyslogAgentConfig/StdAfx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | // NOT USED !!!!! 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | #if !defined(AFX_STDAFX_H__9FB33EE9_E0E8_11D5_B306_0040055338AF__INCLUDED_) 25 | #define AFX_STDAFX_H__9FB33EE9_E0E8_11D5_B306_0040055338AF__INCLUDED_ 26 | 27 | #if _MSC_VER > 1000 28 | #pragma once 29 | #endif // _MSC_VER > 1000 30 | 31 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers 32 | 33 | #include // MFC core and standard components 34 | #include // MFC extensions 35 | //#include // MFC support for Internet Explorer 4 Common Controls 36 | #include 37 | #ifndef _AFX_NO_AFXCMN_SUPPORT 38 | #include // MFC support for Windows Common Controls 39 | #endif // _AFX_NO_AFXCMN_SUPPORT 40 | 41 | // Microsoft's STL dosen't compile clean at high warning levels, 42 | // under VC6. This lets it be sloppy, but keeps our code at the higher 43 | // warning level. 44 | //#pragma warning(push, 3) 45 | //#include 46 | //#pragma warning(pop) 47 | // Reference additional headers your program requires here 48 | 49 | // For implementing NT Services 50 | #include 51 | #include 52 | 53 | //{{AFX_INSERT_LOCATION}} 54 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 55 | 56 | #endif // !defined(AFX_STDAFX_H__9FB33EE9_E0E8_11D5_B306_0040055338AF__INCLUDED_) 57 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/Error.ICO: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/Error.ICO -------------------------------------------------------------------------------- /SyslogAgentConfig/res/GreenLight.ICO: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/GreenLight.ICO -------------------------------------------------------------------------------- /SyslogAgentConfig/res/NTSyslogCtrl.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/NTSyslogCtrl.ico -------------------------------------------------------------------------------- /SyslogAgentConfig/res/NTSyslogCtrl.rc2: -------------------------------------------------------------------------------- 1 | // 2 | // NTSYSLOGCTRL.RC2 - resources Microsoft Visual C++ does not edit directly 3 | // 4 | 5 | #ifdef APSTUDIO_INVOKED 6 | #error this file is not editable by Microsoft Visual C++ 7 | #endif //APSTUDIO_INVOKED 8 | 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // Add manually edited resources here... 12 | 13 | ///////////////////////////////////////////////////////////////////////////// 14 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/RedLight.ICO: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/RedLight.ICO -------------------------------------------------------------------------------- /SyslogAgentConfig/res/YellowLight.ICO: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/YellowLight.ICO -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/entries: -------------------------------------------------------------------------------- 1 | 10 2 | 3 | dir 4 | 73 5 | svn://r2d2/Syslogserver%20Suite/Trunk/SyslogAgentConfig/res 6 | svn://r2d2 7 | 8 | 9 | 10 | 2010-12-03T15:38:04.926135Z 11 | 34 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | bc2c52e9-ad52-d045-a2fa-bb553991c592 28 | 29 | vssver.scc 30 | file 31 | 32 | 33 | 34 | 35 | 2011-04-02T12:15:02.104668Z 36 | ed3caee756bd7ffa45e563edf818e20e 37 | 2010-12-03T15:38:04.926135Z 38 | 34 39 | 40 | has-props 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 128 62 | 63 | NTSyslogCtrl.ico 64 | file 65 | 66 | 67 | 68 | 69 | 2011-04-02T12:15:02.106668Z 70 | c98eb22c4a874151c59642fda7bce84c 71 | 2010-12-03T15:38:04.926135Z 72 | 34 73 | 74 | has-props 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 1078 96 | 97 | GreenLight.ICO 98 | file 99 | 100 | 101 | 102 | 103 | 2011-04-02T12:15:02.108668Z 104 | b1ae18b47188ff771755dabdf5b80229 105 | 2010-12-03T15:38:04.926135Z 106 | 34 107 | 108 | has-props 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 1078 130 | 131 | Error.ICO 132 | file 133 | 134 | 135 | 136 | 137 | 2011-04-02T12:15:02.195673Z 138 | 8934e6ca47512ddde893d540ce0936fa 139 | 2010-12-03T15:38:04.926135Z 140 | 34 141 | 142 | has-props 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 1078 164 | 165 | RedLight.ICO 166 | file 167 | 168 | 169 | 170 | 171 | 2011-04-02T12:15:02.198673Z 172 | 17dd3d26e1e7921ba74307ec3b64ada1 173 | 2010-12-03T15:38:04.926135Z 174 | 34 175 | 176 | has-props 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 1078 198 | 199 | NTSyslogCtrl.rc2 200 | file 201 | 202 | 203 | 204 | 205 | 2011-04-02T12:15:02.200673Z 206 | 4ca9ce2495a6613b2f59887339f6fbd0 207 | 2010-12-03T15:38:04.926135Z 208 | 34 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 404 232 | 233 | YellowLight.ICO 234 | file 235 | 236 | 237 | 238 | 239 | 2011-04-02T12:15:02.203673Z 240 | a261824e98c7757b8a4414ae2894da79 241 | 2010-12-03T15:38:04.926135Z 242 | 34 243 | 244 | has-props 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 1078 266 | 267 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/prop-base/Error.ICO.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 24 4 | application/octet-stream 5 | END 6 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/prop-base/GreenLight.ICO.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 24 4 | application/octet-stream 5 | END 6 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/prop-base/NTSyslogCtrl.ico.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 24 4 | application/octet-stream 5 | END 6 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/prop-base/RedLight.ICO.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 24 4 | application/octet-stream 5 | END 6 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/prop-base/YellowLight.ICO.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 24 4 | application/octet-stream 5 | END 6 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/prop-base/vssver.scc.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 24 4 | application/octet-stream 5 | END 6 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/text-base/Error.ICO.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/_svn/text-base/Error.ICO.svn-base -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/text-base/GreenLight.ICO.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/_svn/text-base/GreenLight.ICO.svn-base -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/text-base/NTSyslogCtrl.ico.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/_svn/text-base/NTSyslogCtrl.ico.svn-base -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/text-base/NTSyslogCtrl.rc2.svn-base: -------------------------------------------------------------------------------- 1 | // 2 | // NTSYSLOGCTRL.RC2 - resources Microsoft Visual C++ does not edit directly 3 | // 4 | 5 | #ifdef APSTUDIO_INVOKED 6 | #error this file is not editable by Microsoft Visual C++ 7 | #endif //APSTUDIO_INVOKED 8 | 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // Add manually edited resources here... 12 | 13 | ///////////////////////////////////////////////////////////////////////////// 14 | -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/text-base/RedLight.ICO.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/_svn/text-base/RedLight.ICO.svn-base -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/text-base/YellowLight.ICO.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/_svn/text-base/YellowLight.ICO.svn-base -------------------------------------------------------------------------------- /SyslogAgentConfig/res/_svn/text-base/vssver.scc.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/_svn/text-base/vssver.scc.svn-base -------------------------------------------------------------------------------- /SyslogAgentConfig/res/vssver.scc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/SyslogAgentConfig/res/vssver.scc -------------------------------------------------------------------------------- /SyslogAgentConfig/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by NTSyslogCtrl.rc 4 | // 5 | #define IDOK2 3 6 | #define SUGGESTSETTINGS 3 7 | #define IDM_ABOUTBOX 0x0010 8 | #define IDC_ABOUTBOX 0x0010 9 | #define IDC_HELPBOX 17 10 | #define IDD_ABOUTBOX 100 11 | #define IDD_NTSYSLOGCTRL_DIALOG 101 12 | #define IDD_SYSTEM_DIALOG 102 13 | #define IDD_APPLICATION_DIALOG 104 14 | #define IDD_SECURITY_DIALOG 105 15 | #define IDS_ABOUTBOX 107 16 | #define IDD_CONFAPPL 108 17 | #define IDR_MAINFRAME 128 18 | #define IDI_GREEN_ICON 129 19 | #define IDI_YELLOW_ICON 130 20 | #define IDI_RED_ICON 131 21 | #define IDI_ERROR_ICON 132 22 | #define IDC_STATUS_LIGHT 200 23 | #define IDC_STATUS 201 24 | #define IDC_SELECT_COMPUTER 202 25 | #define IDC_START 203 26 | #define IDC_STOP 204 27 | #define IDC_SYSLOGD 205 28 | #define IDC_APPLICATIONS 206 29 | #define IDC_SECURITY 207 30 | #define IDC_SYSTEM 208 31 | #define IDC_COMPUTER 209 32 | #define IDC_INFORMATION_CHECK 210 33 | #define IDC_WARNING_CHECK 211 34 | #define IDC_PRIMARY_SYSLOGD 212 35 | #define IDC_ERROR_CHECK 213 36 | #define IDC_BACKUP_SYSLOGD 214 37 | #define IDC_SUCCESS_CHECK 214 38 | #define IDC_DEFAULTS 215 39 | #define IDC_AUDIT_SUCCESS_CHECK 216 40 | #define IDC_AUDIT_FAILURE_CHECK 217 41 | #define IDC_LABEL 220 42 | #define IDC_INFO_FACILITY 221 43 | #define IDC_INFO_SEVERITY 222 44 | #define IDC_WARNING_FACILITY 223 45 | #define IDC_EVENTLOG_SELECT 223 46 | #define IDC_WARNING_SEVERITY 224 47 | #define IDC_EVENTLOG 224 48 | #define IDC_ERROR_FACILITY 225 49 | #define IDC_ERROR_SEVERITY 226 50 | #define IDC_AUDIT_SUCCESS_FACILITY 227 51 | #define IDC_AUDIT_SUCCESS_SEVERITY 228 52 | #define IDC_BUTTON1 228 53 | #define IDC_INSTALL 228 54 | #define IDC_BROWSE 228 55 | #define IDC_AUDIT_FAILURE_FACILITY 229 56 | #define IDC_BROWSE2 229 57 | #define IDC_AUDIT_FAILURE_SEVERITY 230 58 | #define IDC_IPADDRESS2 230 59 | #define IDC_BROWSE_ROTATE1 230 60 | #define IDC_BROWSE_ROTATE2 231 61 | #define IDC_SUCCESS_FACILITY 231 62 | #define IDC_USEPING 232 63 | #define IDC_INFO_SEVERITY2 232 64 | #define IDC_SUCCESS_SEVERITY 232 65 | #define IDC_PORT 233 66 | #define IDC_FORWARD_EVENTS 234 67 | #define IDC_EDIT_APPLICATION 235 68 | #define IDC_PORT2 236 69 | #define IDC_APPLICATION_LIST 237 70 | #define IDC_FORWARD_APPLICATION 238 71 | #define IDC_ADD_APPLICATION 239 72 | #define IDC_STATIC_CURR_APPL 240 73 | #define IDC_APPNAME 241 74 | #define IDC_FTPUSER 241 75 | #define IDC_FORWARD_EVENTS2 241 76 | #define IDC_USE_MIRROR 241 77 | #define IDC_APP_PATH 242 78 | #define IDC_FTPPASS 242 79 | #define IDC_FILE_EXT 243 80 | #define IDC_DIRECTORY 243 81 | #define IDC_PARSE_DATE 244 82 | #define IDC_DEL_LOG_FILES 244 83 | #define IDC_PARSE_HOST 245 84 | #define IDC_PARSE_PROCESS 246 85 | #define IDC_APP_FILEPATH 247 86 | #define IDC_RAW_MODE 248 87 | #define IDC_PARSE_DATE2 248 88 | #define IDC_UNICODE 248 89 | #define IDC_COMBOBOXEX1 250 90 | #define IDC_FACILITY 250 91 | #define IDC_COMBOBOXEX2 251 92 | #define IDC_CHECK6 252 93 | #define IDC_USE_PREFIX 252 94 | #define IDC_PREFIX 253 95 | #define IDC_USE_IGNORE_LINES 254 96 | #define IDC_LINES_TO_IGNORE 255 97 | #define IDC_PROCESS_NAME 256 98 | #define IDC_PARSE_SEVERITY 257 99 | #define IDC_REMOVEAPPLICATION 258 100 | #define IDC_SEVERITY_LEVEL 263 101 | #define IDC_COMBO1 264 102 | #define IDC_RADIO_FILE 265 103 | #define IDC_RADIO_DIR 266 104 | #define IDC_RADIO_ROTATE_FILE 267 105 | #define IDC_APP_ROTATE_FILE1 268 106 | #define IDC_APP_ROTATE_FILE2 269 107 | #define IDC_HELP2 271 108 | #define IDC_DIR 272 109 | #define IDC_EDIT1 272 110 | #define IDC_FILTERARRAY 272 111 | #define IDC_RADIO_UDP 273 112 | #define IDC_RADIO_UDP_PING 274 113 | #define IDC_RADIO_TCP 275 114 | #define IDD_CONFIG_LOG 301 115 | #define IDS_APPLICATION_LOG_TITLE 57345 116 | #define IDS_APPLICATION_LOG_PATH 57346 117 | #define IDS_SECURITY_LOG_TITLE 57347 118 | #define IDS_SECURITY_LOG_PATH 57348 119 | #define IDS_SYSTEM_LOG_TITLE 57349 120 | #define IDS_SYSTEM_LOG_PATH 57350 121 | #define IDS_CONFIRM_SAVE 57351 122 | #define IDS_CONFIRM_DISCARD 57352 123 | 124 | // Next default values for new objects 125 | // 126 | #ifdef APSTUDIO_INVOKED 127 | #ifndef APSTUDIO_READONLY_SYMBOLS 128 | #define _APS_NEXT_RESOURCE_VALUE 310 129 | #define _APS_NEXT_COMMAND_VALUE 32771 130 | #define _APS_NEXT_CONTROL_VALUE 276 131 | #define _APS_NEXT_SYMED_VALUE 109 132 | #endif 133 | #endif 134 | -------------------------------------------------------------------------------- /Syslogserver/common_StdAfx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | 7 | #if !defined(AFX_STDAFX_H__48C23943_84C7_11D5_898D_0008C725AC74__INCLUDED_) 8 | #define AFX_STDAFX_H__48C23943_84C7_11D5_898D_0008C725AC74__INCLUDED_ 9 | 10 | #if _MSC_VER > 1000 11 | #pragma once 12 | #endif // _MSC_VER > 1000 13 | 14 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers 15 | 16 | #ifndef _WIN32_WINNT // Allow use of features specific to Windows NT 4 or later. 17 | #define _WIN32_WINNT 0x0400 // Change this to the appropriate value to target Windows 98 and Windows 2000 or later. 18 | #endif 19 | 20 | 21 | 22 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // some CString constructors will be explicit 23 | 24 | // turns off MFC's hiding of some common and often safely ignored warning messages 25 | #define _AFX_ALL_WARNINGS 26 | 27 | #include 28 | #include // MFC core and standard components 29 | #include // MFC extensions 30 | #include // MFC support for Internet Explorer 4 Common Controls 31 | #ifndef _AFX_NO_AFXCMN_SUPPORT 32 | #include // MFC support for Windows Common Controls 33 | #endif // _AFX_NO_AFXCMN_SUPPORT 34 | 35 | #include 36 | 37 | // For implementing NT Services 38 | #include 39 | #include 40 | 41 | //For CSingleLock 42 | #include 43 | 44 | // TODO: reference additional headers your program requires here 45 | //#include 46 | #include 47 | #include 48 | #include 49 | #include 50 | #include 51 | 52 | 53 | #import ".\msado27.tlb" no_namespace rename( "EOF", "adoEOF" ) 54 | #import ".\MSJRO.DLL" no_namespace 55 | 56 | 57 | //{{AFX_INSERT_LOCATION}} 58 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 59 | 60 | #endif // !defined(AFX_STDAFX_H__48C23943_84C7_11D5_898D_0008C725AC74__INCLUDED_) 61 | -------------------------------------------------------------------------------- /Syslogserver/common_SyslogProject.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/Syslogserver/common_SyslogProject.h -------------------------------------------------------------------------------- /Syslogserver/common_registry.cpp: -------------------------------------------------------------------------------- 1 | #include "..\Syslogserver\common_stdafx.h" 2 | #include 3 | #include "..\Syslogserver\common_SyslogProject.h" 4 | #include "..\Syslogserver\common_registry.h" 5 | #include "winerror.h" 6 | #include "assert.h" 7 | //-----LeakWatcher-------------------- 8 | #include "LeakWatcher.h" 9 | #ifdef _DEBUG 10 | #define new DEBUG_NEW 11 | #undef THIS_FILE 12 | static char THIS_FILE[] = __FILE__; 13 | #endif 14 | //------------------------------------ 15 | HKEY hKeySoftware=NULL,hKey=NULL,hKeyTemp=NULL; 16 | int enumerator = 0; 17 | 18 | /******************************************************* 19 | * WriteRegKey - int 20 | ********************************************************/ 21 | int WriteRegKey(UINT *value, CString Name){ 22 | 23 | if (hKey==NULL) { 24 | return 0; 25 | } 26 | 27 | if (RegSetValueEx( hKey, Name, 0, REG_DWORD, (LPBYTE ) value, sizeof( DWORD)) != ERROR_SUCCESS) { 28 | return 0; 29 | } 30 | return 1; 31 | } 32 | /******************************************************* 33 | * WriteRegKey - bool 34 | ********************************************************/ 35 | int WriteRegKey(bool *value, CString Name){ 36 | if (hKey==NULL) { 37 | return 0; 38 | } 39 | if (RegSetValueEx( hKey, Name, 0, REG_BINARY, (LPBYTE ) value, sizeof(bool)) != ERROR_SUCCESS) { 40 | return 0; 41 | } 42 | return 1; 43 | } 44 | /******************************************************* 45 | * WriteRegKey - string 46 | ********************************************************/ 47 | int WriteRegKey(CString *value, CString Name){ 48 | if (hKey==NULL) { 49 | return 0; 50 | } 51 | if (RegSetValueEx( hKey, Name, 0, REG_SZ, (LPBYTE) ((*value).GetString()), (*value).GetLength()) != ERROR_SUCCESS) { 52 | return 0; 53 | } 54 | return 1; 55 | } 56 | /******************************************************* 57 | * ReadRegKey - int 58 | ********************************************************/ 59 | void ReadRegKey(UINT *value, UINT DefaultValue, CString Name){ 60 | DWORD dwSize,dwType,dwValue=REG_DWORD; 61 | dwSize = sizeof( DWORD); 62 | 63 | if (hKey==NULL) { 64 | return; 65 | } 66 | 67 | if ((RegQueryValueEx( hKey, Name, 0, &dwType, (LPBYTE) &dwValue, &dwSize) == ERROR_SUCCESS)) { 68 | *value = dwValue; 69 | } else { //key not found 70 | *value=DefaultValue; 71 | } 72 | } 73 | /******************************************************* 74 | * ReadRegKey - bool 75 | ********************************************************/ 76 | void ReadRegKey(bool *value, bool DefaultValue, CString Name){ 77 | DWORD dwSize,dwType=REG_BINARY; 78 | bool dwValue; 79 | dwSize = sizeof( bool); 80 | if (hKey==NULL) { 81 | return; 82 | } 83 | 84 | if ((RegQueryValueEx( hKey, Name, 0, &dwType, (LPBYTE) &dwValue, &dwSize) == ERROR_SUCCESS)) { 85 | *value = dwValue; 86 | } else { //key not found 87 | *value=DefaultValue; 88 | } 89 | } 90 | /******************************************************* 91 | * ReadRegKey - string 92 | ********************************************************/ 93 | void ReadRegKey(CString *value, CString DefaultValue, CString Name){ 94 | DWORD dwSize,dwType=REG_SZ; 95 | char temp[256]=""; 96 | dwSize = sizeof( temp); 97 | if (hKey==NULL) { 98 | return; 99 | } 100 | 101 | if ((RegQueryValueEx( hKey, Name, 0, &dwType, (LPBYTE) &(temp[0]), &dwSize) == ERROR_SUCCESS)) { 102 | *value = temp; 103 | } else { //key not found 104 | *value=DefaultValue; 105 | } 106 | } 107 | 108 | 109 | /******************************************************* 110 | * DeleteKey - delete entire key 111 | ********************************************************/ 112 | void DeleteKey(CString name) { 113 | RegDeleteKey(hKey,name); 114 | } 115 | 116 | /******************************************************* 117 | * GetNextKey - cycle through existing keys 118 | ********************************************************/ 119 | int GetNextKey(CString *keyName) { 120 | char buffer[256]; 121 | 122 | if (RegEnumKey(hKey, enumerator++, buffer, sizeof(buffer)) == ERROR_SUCCESS) { 123 | *keyName=buffer; 124 | return 1; 125 | } 126 | *keyName=""; 127 | return 0; 128 | } 129 | 130 | /******************************************************* 131 | * GoToRegKey - create if not existant 132 | ********************************************************/ 133 | int GoToRegKey(CString name){ 134 | long i; 135 | DWORD dwValue; 136 | CString m_csComputer,csKeyName; 137 | assert(hKey!=NULL); 138 | 139 | // Open the sub key 140 | csKeyName.Format( _T( "%s\\"),name); 141 | i=RegCreateKeyEx( hKey, csKeyName, 0, REG_NONE, REG_OPTION_NON_VOLATILE,KEY_WRITE|KEY_READ|WRITE_DAC, NULL, &hKeyTemp, &dwValue); 142 | if (i != ERROR_SUCCESS) { 143 | logger(Error,"Failed to go to new sub registry key."); 144 | hKeyTemp=NULL; 145 | return -1; 146 | } 147 | 148 | //make the new sub key the default 149 | RegCloseKey(hKey); 150 | hKey=hKeyTemp; 151 | hKeyTemp=NULL; 152 | return 0; 153 | 154 | } 155 | /******************************************************** 156 | SystemDSNtype - reply type of db engine 157 | 0 - means not found or can not open 158 | 1 - not fullt identified -> use standard SQL 159 | 2 - Mysql 160 | 3 - Access 161 | 4 - Postgres 162 | ********************************************************/ 163 | int SystemDSNtype() { 164 | CString m_csComputer,csKeyName,csRegPath,dbName,dbDriver; 165 | int i,type; 166 | HKEY hKeySoftware,hKeySyslogODBC; 167 | DWORD dwSize,dwType=REG_SZ; 168 | char temp[256]=""; 169 | dwSize = sizeof( temp); 170 | 171 | 172 | m_csComputer.Empty(); 173 | if (RegConnectRegistry( (char*)((LPCTSTR)m_csComputer), HKEY_LOCAL_MACHINE, &hKeySoftware) != ERROR_SUCCESS) { 174 | logger(Error,"Error while connecting to the registry!"); 175 | RegCloseKey(hKeySoftware); 176 | return 0; 177 | } 178 | 179 | // Open the SYSLOG ODBC 180 | csKeyName="SOFTWARE\\ODBC\\ODBC.INI\\Syslog\\"; 181 | i=RegOpenKeyEx( hKeySoftware, csKeyName, 0, KEY_READ, &hKeySyslogODBC); 182 | if (i != ERROR_SUCCESS) { 183 | RegCloseKey(hKeySyslogODBC); 184 | RegCloseKey(hKeySoftware); 185 | return 0; //error 186 | } 187 | 188 | //Read driver details 189 | if ((RegQueryValueEx( hKeySyslogODBC, "Driver", 0, &dwType, (LPBYTE) &(temp[0]), &dwSize) == ERROR_SUCCESS)) { 190 | dbDriver=temp; 191 | } else { //key not found 192 | dbDriver="void"; 193 | } 194 | if ((RegQueryValueEx( hKeySyslogODBC, "Database", 0, &dwType, (LPBYTE) &(temp[0]), &dwSize) == ERROR_SUCCESS)) { 195 | dbName=temp; 196 | } else { //key not found 197 | dbName="void"; 198 | } 199 | 200 | if ((dbName.CompareNoCase("Syslog")!=0)&(strstr(dbDriver,"odbcjt")==NULL)) { //not access, no db specified 201 | //Wrong in registry. We do not have permission to write... 202 | // logger("Error in configuration. The ODBC connection Syslog does not have database 'Syslog' specified. Syslogserver not allowed to correct error.",Error); 203 | // return 0; 204 | } 205 | 206 | if (strstr(dbDriver,"myodbc")) { 207 | type=2; 208 | } else if (strstr(dbDriver,"odbcjt")) { //Access 209 | type=3; 210 | } else if (strstr(dbDriver,"psqlodbc")) { //Postgres 211 | type=4; 212 | } else { 213 | type=1; 214 | } 215 | 216 | RegCloseKey(hKeySyslogODBC); 217 | RegCloseKey(hKeySoftware); 218 | return type; //ok 219 | } 220 | /******************************************************** 221 | ReadPathFromRegistry 222 | ********************************************************/ 223 | void ReadPathFromRegistry(char *connStr,CString ownPath){ 224 | DWORD dwSize; 225 | CString m_csComputer,csKeyName,DefaultPath; 226 | // Forward logpath info 227 | dwSize = 256; 228 | CString DaPath; 229 | char apa[256]; 230 | int pos=0; 231 | char *connStrpos; 232 | 233 | //backup 234 | strcpy_s(connStr,256,"driver={Microsoft Access Driver (*.mdb)};Dbq=c:\\syslog.mdb;UID=;PWD="); 235 | 236 | if (!OpenRegistry((CString)SYSLOG_SYSLOG_KEY)) { 237 | return; //failed 238 | } 239 | 240 | ReadRegKey(&DaPath,ownPath,LOGPATH); 241 | strcpy_s(apa,DaPath); 242 | strcpy_s(connStr,256,"driver={Microsoft Access Driver (*.mdb)};Dbq="); 243 | connStrpos=&connStr[0]+strlen(connStr); 244 | while(apa[pos]!='\0') { 245 | *connStrpos++=apa[pos++]; 246 | if (apa[pos-1]=='\\') *connStrpos++=apa[pos-1]; 247 | } 248 | *connStrpos++=apa[pos]; 249 | strcat_s(connStr,256,"\\\\syslog.mdb;UID=;PWD="); 250 | CloseRegistry(); 251 | 252 | } 253 | 254 | /******************************************************** 255 | OpenRegistry 256 | ********************************************************/ 257 | int OpenRegistry(CString key) { 258 | CString csKeyName; 259 | DWORD dwValue; 260 | int i; 261 | 262 | enumerator=0; 263 | 264 | if (RegConnectRegistry( "", HKEY_LOCAL_MACHINE, &hKeySoftware) != ERROR_SUCCESS) { 265 | logger(Error,"Error while connecting to the registry (HKEY_LOCAL_MACHINE)!"); 266 | RegCloseKey(hKeySoftware); 267 | return 0; 268 | } 269 | 270 | // Open the appropriate Syslog key 271 | csKeyName.Format( _T( "%s\\%s\\"), SYSLOG_SOFTWARE_KEY, key); 272 | i=RegCreateKeyEx( hKeySoftware, csKeyName, 0, REG_NONE, REG_OPTION_NON_VOLATILE,KEY_WRITE|KEY_READ, NULL, &hKey, &dwValue); 273 | 274 | if (i != ERROR_SUCCESS) { 275 | logger(Error,"Failed to open registry key %s.",csKeyName); 276 | RegCloseKey(hKeySoftware); 277 | hKey=NULL; 278 | hKeySoftware=NULL; 279 | return 0; 280 | } 281 | return 1; 282 | } 283 | /******************************************************** 284 | CloseRegistry 285 | ********************************************************/ 286 | void CloseRegistry() { 287 | if (hKey!=NULL) { 288 | RegCloseKey(hKey); 289 | } 290 | if (hKeySoftware!=NULL) { 291 | RegCloseKey(hKeySoftware); 292 | } 293 | hKey=NULL; 294 | hKeySoftware=NULL; 295 | hKeyTemp=NULL; 296 | 297 | } 298 | 299 | /******************************************************** 300 | writeServiceDescription 301 | ********************************************************/ 302 | void writeServiceDescription() { 303 | HKEY hKeyRemote=NULL,hKey=NULL; 304 | long DaCode; 305 | if (RegConnectRegistry( "", HKEY_LOCAL_MACHINE, &hKeyRemote) == ERROR_SUCCESS) { 306 | //Open the key to where Windows stores service info 307 | if (RegOpenKeyEx( hKeyRemote, SERVICE_REG_PATH, 0, KEY_WRITE, &hKey) == ERROR_SUCCESS) 308 | DaCode=RegSetValueEx( hKey, SERVICESTRING, 0, REG_SZ, (LPBYTE)"SyslogServer by Datagram receives and stores syslog entries sent via the network.", (DWORD)81); 309 | RegCloseKey(hKey); 310 | 311 | } 312 | RegCloseKey(hKeyRemote); 313 | } 314 | -------------------------------------------------------------------------------- /Syslogserver/common_registry.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/Syslogserver/common_registry.h -------------------------------------------------------------------------------- /Syslogserver/common_registry_permissions.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | int AddPermissions(CString keyName); -------------------------------------------------------------------------------- /Syslogserver/common_registry_permissons.cpp: -------------------------------------------------------------------------------- 1 | #include "..\Syslogserver\common_stdafx.h" 2 | #include 3 | #include "..\Syslogserver\common_registry.h" 4 | #include "winerror.h" 5 | #include "assert.h" 6 | //-----LeakWatcher-------------------- 7 | #include "LeakWatcher.h" 8 | #ifdef _DEBUG 9 | #define new DEBUG_NEW 10 | #undef THIS_FILE 11 | static char THIS_FILE[] = __FILE__; 12 | #endif 13 | //------------------------------------ 14 | 15 | 16 | PSECURITY_DESCRIPTOR pRegKeySD; 17 | CString pszRegKeyName; 18 | //erno. From Microsofts site, articles Q106387 and http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/msdn_ntprog.asp called windows nt security (from 94!) 19 | /*---------------------------------------------------------------- 20 | | Name: GetRegKeySecurity 21 | | Desc: gets security registry sec. descriptor 22 | | pRegKeySD is global of type PSECURITY_DESCRIPTOR; you must free 23 | | the memory alloc'ed for this when done with the reg key 24 | -----------------------------------------------------------------*/ 25 | int GetRegKeySecurity ( CString szRegKey){ 26 | 27 | HKEY hRegKey; // handle for register key 28 | LONG lError = 0L; // reg errors 29 | // (GetLastError won't work with registry calls) 30 | 31 | 32 | CHAR szClassName[MAX_PATH] = ""; // Buffer for class name. 33 | DWORD dwcClassLen = MAX_PATH; // Length of class string. 34 | DWORD dwcSubKeys; // Number of sub keys. 35 | DWORD dwcMaxSubKey; // Longest sub key size. 36 | DWORD dwcMaxClass; // Longest class string. 37 | DWORD dwcValues; // Number of values for this key. 38 | DWORD dwcMaxValueName; // Longest Value name. 39 | DWORD dwcMaxValueData; // Longest Value data. 40 | DWORD dwcSDLength; // Security descriptor length 41 | FILETIME ftLastWriteTime; // Last write time. 42 | 43 | 44 | // open the security key 45 | if ( ( lError = RegOpenKey ( HKEY_LOCAL_MACHINE, szRegKey, &hRegKey) ) ) { 46 | return ( lError); 47 | } 48 | 49 | // get length of security descriptor 50 | if ( ( lError = RegQueryInfoKey ( hRegKey, szClassName, &dwcClassLen, 51 | NULL, &dwcSubKeys, &dwcMaxSubKey, &dwcMaxClass, 52 | &dwcValues, &dwcMaxValueName, &dwcMaxValueData, 53 | &dwcSDLength, &ftLastWriteTime) ) ) 54 | { 55 | RegCloseKey ( hRegKey); 56 | return lError; 57 | } 58 | 59 | // get SD memory 60 | pRegKeySD = ( PSECURITY_DESCRIPTOR) LocalAlloc ( LPTR, ( UINT)dwcSDLength); 61 | 62 | // now get SD 63 | if ( ( lError = RegGetKeySecurity ( hRegKey, 64 | (SECURITY_INFORMATION)( OWNER_SECURITY_INFORMATION 65 | | GROUP_SECURITY_INFORMATION 66 | | DACL_SECURITY_INFORMATION), 67 | pRegKeySD, &dwcSDLength) ) ) 68 | { 69 | RegCloseKey ( hRegKey); 70 | return lError; 71 | } 72 | 73 | // check if SD is good 74 | if ( ! IsValidSecurityDescriptor ( pRegKeySD)) { 75 | lError = GetLastError(); 76 | 77 | RegCloseKey ( hRegKey); 78 | return lError; 79 | } 80 | 81 | 82 | return 0; 83 | } 84 | /* eof - GetRegKeySecurity */ 85 | 86 | //---------------------------------------------------------------------------- 87 | /*------------------------------------------------------------------ 88 | | Name: AddToRegKeySD 89 | | Desc: adds SID to SD on reg key 90 | | passed into function: 91 | | SD in self-relative mode 92 | | SID from the group or user 93 | | permission access requested 94 | ------------------------------------------------------------------*/ 95 | DWORD AddToRegKeySD ( PSECURITY_DESCRIPTOR pRelSD, PSID pGroupSID, 96 | DWORD dwAccessMask) 97 | { 98 | PSECURITY_DESCRIPTOR pAbsSD = NULL; 99 | 100 | PACL pDACL; 101 | 102 | DWORD dwSDLength = 0; 103 | DWORD dwSDRevision; 104 | DWORD dwDACLLength = 0; 105 | 106 | SECURITY_DESCRIPTOR_CONTROL sdcSDControl; 107 | 108 | PACL pNewDACL = NULL; 109 | DWORD dwAddDACLLength = 0; 110 | 111 | BOOL fHasDACL = FALSE; 112 | BOOL fDACLDefaulted = FALSE; 113 | 114 | ACCESS_ALLOWED_ACE *pDACLAce; 115 | 116 | DWORD dwError = 0; 117 | 118 | DWORD i; 119 | 120 | // handle for security registry key 121 | HKEY hSecurityRegKey = ( HKEY) 0; 122 | 123 | // get SD control bits 124 | if ( ! GetSecurityDescriptorControl ( pRelSD, 125 | ( PSECURITY_DESCRIPTOR_CONTROL) &sdcSDControl, 126 | ( LPDWORD) &dwSDRevision) ) 127 | return ( GetLastError() ); 128 | 129 | // check if DACL is present 130 | if ( SE_DACL_PRESENT & sdcSDControl) 131 | { 132 | // get dacl 133 | if ( ! GetSecurityDescriptorDacl ( pRelSD, ( LPBOOL) &fHasDACL, 134 | ( PACL *) &pDACL, 135 | ( LPBOOL) &fDACLDefaulted) ) 136 | return ( GetLastError()); 137 | 138 | // get dacl length 139 | dwDACLLength = pDACL->AclSize; 140 | 141 | // now check if SID's ACE is there 142 | for ( i = 0; i < pDACL->AceCount; i++) 143 | { 144 | if ( ! GetAce ( pDACL, i, ( LPVOID *) &pDACLAce) ) 145 | return ( GetLastError()); 146 | 147 | // check if group sid is already there 148 | if ( EqualSid ( ( PSID) &(pDACLAce->SidStart), pGroupSID) ) 149 | break; 150 | } 151 | 152 | // exit if found (means already has been set) 153 | if ( i < pDACL->AceCount) 154 | { 155 | dwError = ERROR_GROUP_EXISTS; 156 | 157 | return ( dwError); 158 | } 159 | 160 | // get length of new DACL 161 | dwAddDACLLength = sizeof ( ACCESS_ALLOWED_ACE) - 162 | sizeof ( DWORD) + GetLengthSid ( pGroupSID); 163 | } 164 | else 165 | // get length of new DACL 166 | dwAddDACLLength = sizeof ( ACL) + sizeof ( ACCESS_ALLOWED_ACE) - 167 | sizeof ( DWORD) + GetLengthSid ( pGroupSID); 168 | 169 | // get memory needed for new DACL 170 | if ( ! ( pNewDACL = ( PACL) malloc ( dwDACLLength + dwAddDACLLength) ) ) 171 | return ( GetLastError()); 172 | 173 | // get the sd length 174 | dwSDLength = GetSecurityDescriptorLength ( pRelSD); 175 | 176 | // get memory for new SD 177 | if ( ! ( pAbsSD = ( PSECURITY_DESCRIPTOR) 178 | malloc ( dwSDLength + dwAddDACLLength) ) ) 179 | { 180 | dwError = GetLastError(); 181 | 182 | goto ErrorExit; 183 | } 184 | 185 | // change self-relative SD to absolute by making new SD 186 | if ( ! InitializeSecurityDescriptor ( pAbsSD, SECURITY_DESCRIPTOR_REVISION) ) { 187 | dwError = GetLastError(); 188 | goto ErrorExit; 189 | } 190 | 191 | // init new DACL 192 | if ( ! InitializeAcl ( pNewDACL, dwDACLLength + dwAddDACLLength, ACL_REVISION) ) { 193 | dwError = GetLastError(); 194 | goto ErrorExit; 195 | } 196 | 197 | // now add in all of the ACEs into the new DACL (if org DACL is there) 198 | if ( SE_DACL_PRESENT & sdcSDControl) 199 | { 200 | for ( i = 0; i < pDACL->AceCount; i++) 201 | { 202 | // get ace from original dacl 203 | if ( ! GetAce ( pDACL, i, ( LPVOID *) &pDACLAce) ) 204 | { 205 | dwError = GetLastError(); 206 | 207 | goto ErrorExit; 208 | } 209 | 210 | // now add ace to new dacl 211 | if ( ! AddAccessAllowedAce ( pNewDACL, 212 | ACL_REVISION, 213 | pDACLAce->Mask, 214 | ( PSID) &(pDACLAce->SidStart) ) ) 215 | { 216 | dwError = GetLastError(); 217 | 218 | goto ErrorExit; 219 | } 220 | } 221 | } 222 | 223 | // now add new ACE to new DACL 224 | if ( ! AddAccessAllowedAce ( pNewDACL, ACL_REVISION, dwAccessMask, 225 | pGroupSID) ) 226 | { 227 | dwError = GetLastError(); 228 | 229 | goto ErrorExit; 230 | } 231 | 232 | // check if everything went ok 233 | if ( ! IsValidAcl ( pNewDACL) ){ 234 | dwError = GetLastError(); 235 | goto ErrorExit; 236 | } 237 | 238 | // now set security descriptor DACL 239 | if ( ! SetSecurityDescriptorDacl ( pAbsSD, TRUE, pNewDACL, fDACLDefaulted) ) { 240 | dwError = GetLastError(); 241 | goto ErrorExit; 242 | } 243 | 244 | // check if everything went ok 245 | if ( ! IsValidSecurityDescriptor ( pAbsSD) ) { 246 | dwError = GetLastError(); 247 | goto ErrorExit; 248 | } 249 | 250 | // now open reg key to set security 251 | // note: pzsRegKeyName is a global 252 | //erno if ( ( dwError = RegOpenKeyEx ( HKEY_LOCAL_MACHINE, pszRegKeyName, 0,KEY_ALL_ACCESS, &hSecurityRegKey) ) ) 253 | if ( ( dwError = RegOpenKeyEx ( HKEY_LOCAL_MACHINE, pszRegKeyName, 0,WRITE_DAC, &hSecurityRegKey) ) ) 254 | 255 | goto ErrorExit; 256 | 257 | 258 | // now set the reg key security (this will overwrite any existing security) 259 | dwError = RegSetKeySecurity ( 260 | hSecurityRegKey, 261 | (SECURITY_INFORMATION)( DACL_SECURITY_INFORMATION), 262 | pAbsSD); 263 | 264 | // close reg key 265 | RegCloseKey ( hSecurityRegKey); 266 | 267 | 268 | ErrorExit: 269 | 270 | // free memory 271 | if ( pAbsSD) 272 | free ( ( VOID *) pAbsSD); 273 | if ( pNewDACL) 274 | free ( ( VOID *) pNewDACL); 275 | 276 | return ( dwError); 277 | } 278 | /* eof - AddToRegKeySD */ 279 | 280 | /*----------------------------------------------------------------------------- 281 | * 282 | * Add Authenticated group to permissions 283 | * 284 | -----------------------------------------------------------------------------*/ 285 | int AddPermissions(CString keyName){ 286 | 287 | PSID pAuthenticatedUsersSID = NULL; 288 | SID_IDENTIFIER_AUTHORITY siaNT = SECURITY_NT_AUTHORITY; 289 | 290 | int status=GetRegKeySecurity ( keyName); 291 | //fixes global PSECURITY_DESCRIPTOR pRegKeySD; 292 | 293 | if (status) //failed 294 | return status; 295 | 296 | pszRegKeyName=keyName; 297 | 298 | // obtain a sid for the Authenticated Users Group 299 | if (!AllocateAndInitializeSid(&siaNT, 1,SECURITY_AUTHENTICATED_USER_RID, 0, 0, 0, 0, 0, 0, 0,&pAuthenticatedUsersSID)) { 300 | return GetLastError(); 301 | } 302 | 303 | status=AddToRegKeySD ( pRegKeySD, pAuthenticatedUsersSID,KEY_ALL_ACCESS); 304 | if (status) //failed 305 | return status; 306 | 307 | return 0; 308 | } 309 | 310 | -------------------------------------------------------------------------------- /images/syslogagent.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/images/syslogagent.jpg -------------------------------------------------------------------------------- /images/syslogagent_thumb.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fmikker/syslogagent/dc087ead0086e2d5385f89b36212e9f042d3eb57/images/syslogagent_thumb.jpg --------------------------------------------------------------------------------