X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=src%2Flogcollector%2Fread_win_el.c;h=ed47d8b25efb69df1e18bb67629aa4272eeee6c7;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hp=8442f0edd9542ea002188543fbd62560580b384f;hpb=ef70704f0b31b59bb719b884d6a99cb9e3e2044a;p=ossec-hids.git diff --git a/src/logcollector/read_win_el.c b/src/logcollector/read_win_el.c index 8442f0e..ed47d8b 100755 --- a/src/logcollector/read_win_el.c +++ b/src/logcollector/read_win_el.c @@ -89,6 +89,21 @@ int startEL(char *app, os_el *el) +/** char epoch_to_human(int time) + * Returns a string that is a human readable + * datetime from an epoch int. + */ +char *epoch_to_human(time_t epoch) +{ + struct tm *ts; + static char buf[80]; + + ts = localtime(&epoch); + strftime(buf, sizeof(buf), "%Y %b %d %H:%M:%S", ts); + return(buf); +} + + /** char *el_getCategory(int category_id) * Returns a string related to the category id of the log. */ @@ -464,26 +479,8 @@ void readel(os_el *el, int printit) if(descriptive_msg != NULL) { - /* Remove any \n or \r */ - /* Replace tabs from the argument field to spaces. - * So whenever we have option:\tvalue\t, it will - * become option: value\t - */ - tmp_str = descriptive_msg; - while(*tmp_str != '\0') - { - if(*tmp_str == '\n') - *tmp_str = ' '; - else if(*tmp_str == '\r') - *tmp_str = ' '; - else if((*tmp_str == ':') && (tmp_str[1] == '\t')) - { - tmp_str[1] = ' '; - tmp_str++; - } - - tmp_str++; - } + /* format message */ + win_format_event_string(descriptive_msg); } } else @@ -561,7 +558,8 @@ void readel(os_el *el, int printit) final_msg[OS_MAXSTR - OS_LOG_HEADER -1] = '\0'; snprintf(final_msg, OS_MAXSTR - OS_LOG_HEADER -1, - "WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s", + "%s WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s", + epoch_to_human((int)el->er->TimeGenerated), el->name, category, id,