X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Flogcollector%2Flogcollector.c;fp=src%2Flogcollector%2Flogcollector.c;h=9dbaa2b60f87e133a565b169272031e22bafbb6d;hp=e4564674501ad494d0bf92b9dc7950079149b078;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hpb=ef70704f0b31b59bb719b884d6a99cb9e3e2044a

diff --git a/src/logcollector/logcollector.c b/src/logcollector/logcollector.c
index e456467..9dbaa2b 100755
--- a/src/logcollector/logcollector.c
+++ b/src/logcollector/logcollector.c
@@ -115,6 +115,24 @@ void LogCollectorStart()
             logff[i].command = NULL;
             logff[i].fp = NULL;
         }
+        
+        else if(strcmp(logff[i].logformat, "eventchannel") == 0)
+        {
+			#ifdef WIN32
+			
+			#ifdef EVENTCHANNEL_SUPPORT
+			verbose(READING_EVTLOG, ARGV0, logff[i].file);
+			win_start_event_channel(logff[i].file, logff[i].future, logff[i].query);
+			#else
+			merror("%s: WARN: eventchannel not available on this version of OSSEC", ARGV0);
+			#endif
+			
+			#endif
+			
+			logff[i].file = NULL;
+			logff[i].command = NULL;
+            logff[i].fp = NULL;
+        }
 
         else if(strcmp(logff[i].logformat, "command") == 0)
         {
@@ -779,4 +797,37 @@ int handle_file(int i, int do_fseek, int do_log)
 }
 
 
+#ifdef WIN32
+
+/* Remove newlines and replace tabs in the argument fields with spaces */
+void win_format_event_string(char *string)
+{
+    if (string == NULL) {
+        return;
+    }
+
+    while (*string != '\0') {
+        if (*string == '\n' || *string == '\r' || *string == ':') {
+            if (*string == '\n' || *string == '\r') {
+                *string = ' ';
+            }
+
+            string++;
+
+            while (*string == '\t') {
+                *string = ' ';
+                string++;
+            }
+
+            continue;
+        }
+
+        string++;
+    }
+}
+
+#endif /* WIN32 */
+
+
+
 /* EOF */