Skip to content

Commit

Permalink
Merge pull request #208 from jrossi/testing-fix-timestamp-win32
Browse files Browse the repository at this point in the history 
bug fix of eventchannel timestamp
  • Loading branch information
@awiddersheim
awiddersheim committed May 22, 2014
2 parents ecf254d + cb0708b commit 77bde77
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions src/logcollector/read_win_event_channel.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,12 @@ char *WinEvtTimeToString(ULONGLONG ulongTime)
FILETIME fTime, lfTime;
ULARGE_INTEGER ulargeTime;
struct tm tm_struct;
char result[80] = "";
char *result;

if (NULL == (result = malloc(80))) {
merror("%s: Not enough memory, could not process convert Timestanp", ARGV0);
return NULL;
}

memset(&tm_struct, 0, sizeof(tm_struct));

Expand Down Expand Up @@ -226,6 +231,7 @@ void send_channel_event(EVT_HANDLE evt, os_channel *channel)
EVT_HANDLE context = NULL;
os_event event;
char final_msg[OS_MAXSTR];
char *timestamp;

context = EvtCreateRenderContext(count, properties, EvtRenderContextValues);

Expand All @@ -248,8 +254,9 @@ void send_channel_event(EVT_HANDLE evt, os_channel *channel)
get_username_and_domain(&event);
get_messages(&event, evt, properties_values[5].StringVal);

timestamp = WinEvtTimeToString(event.time_created);
snprintf(final_msg, OS_MAXSTR, "%s WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s",
WinEvtTimeToString(event.time_created),
timestamp,
event.name,
event.level && strlen(event.level) ? event.level : "UNKNOWN",
event.id,
Expand All @@ -259,6 +266,8 @@ void send_channel_event(EVT_HANDLE evt, os_channel *channel)
event.computer && strlen(event.computer) ? event.computer : "no computer",
event.message && strlen(event.message) ? event.message : "no message");

free(timestamp);

if(SendMSG(logr_queue, final_msg, "WinEvtLog", LOCALFILE_MQ) < 0)
{
merror(QUEUE_SEND, ARGV0);
Expand Down

0 comments on commit 77bde77

Please sign in to comment.