novi upstream verzije 2.8.3

[ossec-hids.git] / src / logcollector / logcollector.c

diff --git a/src/logcollector/logcollector.c b/src/logcollector/logcollector.c
index e456467..9dbaa2b 100755 (executable)
--- a/src/logcollector/logcollector.c
+++ b/src/logcollector/logcollector.c
@@ -115,6 +115,24 @@ void LogCollectorStart()
             logff[i].command = NULL;
             logff[i].fp = NULL;
         }
+        
+        else if(strcmp(logff[i].logformat, "eventchannel") == 0)
+        {
+                       #ifdef WIN32
+                       
+                       #ifdef EVENTCHANNEL_SUPPORT
+                       verbose(READING_EVTLOG, ARGV0, logff[i].file);
+                       win_start_event_channel(logff[i].file, logff[i].future, logff[i].query);
+                       #else
+                       merror("%s: WARN: eventchannel not available on this version of OSSEC", ARGV0);
+                       #endif
+                       
+                       #endif
+                       
+                       logff[i].file = NULL;
+                       logff[i].command = NULL;
+            logff[i].fp = NULL;
+        }
 
         else if(strcmp(logff[i].logformat, "command") == 0)
         {
@@ -779,4 +797,37 @@ int handle_file(int i, int do_fseek, int do_log)
 }
 
 
+#ifdef WIN32
+
+/* Remove newlines and replace tabs in the argument fields with spaces */
+void win_format_event_string(char *string)
+{
+    if (string == NULL) {
+        return;
+    }
+
+    while (*string != '\0') {
+        if (*string == '\n' || *string == '\r' || *string == ':') {
+            if (*string == '\n' || *string == '\r') {
+                *string = ' ';
+            }
+
+            string++;
+
+            while (*string == '\t') {
+                *string = ' ';
+                string++;
+            }
+
+            continue;
+        }
+
+        string++;
+    }
+}
+
+#endif /* WIN32 */
+
+
+
 /* EOF */