1919 */
2020
2121#include <fluent-bit/flb_compat.h>
22- #include <fluent-bit/flb_input_plugin.h>
2322#include <fluent-bit/flb_kernel.h>
2423#include <fluent-bit/flb_pack.h>
2524#include <fluent-bit/flb_utils.h>
3635static int in_winevtlog_collect (struct flb_input_instance * ins ,
3736 struct flb_config * config , void * in_context );
3837
38+ static wchar_t * convert_to_wide (struct winevtlog_config * ctx , char * str )
39+ {
40+ int size = 0 ;
41+ wchar_t * buf = NULL ;
42+ DWORD err ;
43+
44+ size = MultiByteToWideChar (CP_UTF8 , 0 , str , -1 , NULL , 0 );
45+ if (size == 0 ) {
46+ err = GetLastError ();
47+ flb_plg_error (ctx -> ins , "Failed MultiByteToWideChar with error code (%d)" , err );
48+ return NULL ;
49+ }
50+
51+ buf = flb_calloc (1 , sizeof (wchar_t ) * size );
52+ if (buf == NULL ) {
53+ flb_errno ();
54+ return NULL ;
55+ }
56+ size = MultiByteToWideChar (CP_UTF8 , 0 , str , -1 , buf , size );
57+ if (size == 0 ) {
58+ err = GetLastError ();
59+ flb_plg_error (ctx -> ins , "Failed MultiByteToWideChar with error code (%d)" , err );
60+ flb_free (buf );
61+ return NULL ;
62+ }
63+
64+ return buf ;
65+ }
66+
67+ static void in_winevtlog_session_destroy (struct winevtlog_session * session );
68+
69+ static struct winevtlog_session * in_winevtlog_session_create (struct winevtlog_config * ctx ,
70+ struct flb_config * config ,
71+ int * status )
72+ {
73+ int len ;
74+ struct winevtlog_session * session ;
75+ PWSTR wtmp ;
76+
77+ if (ctx -> remote_server == NULL ) {
78+ * status = WINEVTLOG_SESSION_SERVER_EMPTY ;
79+ return NULL ;
80+ }
81+
82+ session = flb_calloc (1 , sizeof (struct winevtlog_session ));
83+ if (session == NULL ) {
84+ flb_errno ();
85+ * status = WINEVTLOG_SESSION_ALLOC_FAILED ;
86+ return NULL ;
87+ }
88+
89+ if (ctx -> remote_server != NULL ) {
90+ session -> server = convert_to_wide (ctx , ctx -> remote_server );
91+ if (session -> server == NULL ) {
92+ in_winevtlog_session_destroy (session );
93+ * status = WINEVTLOG_SESSION_FAILED_TO_CONVERT_WIDE ;
94+ return NULL ;
95+ }
96+ }
97+
98+ if (ctx -> remote_domain != NULL ) {
99+ session -> domain = convert_to_wide (ctx , ctx -> remote_domain );
100+ if (session -> domain == NULL ) {
101+ in_winevtlog_session_destroy (session );
102+ * status = WINEVTLOG_SESSION_FAILED_TO_CONVERT_WIDE ;
103+ return NULL ;
104+ }
105+ }
106+
107+ if (ctx -> remote_username != NULL ) {
108+ session -> username = convert_to_wide (ctx , ctx -> remote_username );
109+ if (session -> username == NULL ) {
110+ in_winevtlog_session_destroy (session );
111+ * status = WINEVTLOG_SESSION_FAILED_TO_CONVERT_WIDE ;
112+ return NULL ;
113+ }
114+ }
115+
116+ if (ctx -> remote_password != NULL ) {
117+ session -> password = convert_to_wide (ctx , ctx -> remote_password );
118+ if (session -> password == NULL ) {
119+ in_winevtlog_session_destroy (session );
120+ * status = WINEVTLOG_SESSION_FAILED_TO_CONVERT_WIDE ;
121+ return NULL ;
122+ }
123+ }
124+
125+ session -> flags = EvtRpcLoginAuthDefault ;
126+ * status = WINEVTLOG_SESSION_CREATE_OK ;
127+
128+ return session ;
129+ }
130+
131+ static void in_winevtlog_session_destroy (struct winevtlog_session * session )
132+ {
133+ if (session -> server != NULL ) {
134+ flb_free (session -> server );
135+ }
136+
137+ if (session -> domain != NULL ) {
138+ flb_free (session -> domain );
139+ }
140+
141+ if (session -> username != NULL ) {
142+ flb_free (session -> username );
143+ }
144+
145+ if (session -> password != NULL ) {
146+ flb_free (session -> password );
147+ }
148+
149+ flb_free (session );
150+ }
151+
39152static int in_winevtlog_init (struct flb_input_instance * in ,
40153 struct flb_config * config , void * data )
41154{
@@ -46,6 +159,8 @@ static int in_winevtlog_init(struct flb_input_instance *in,
46159 struct mk_list * head ;
47160 struct winevtlog_channel * ch ;
48161 struct winevtlog_config * ctx ;
162+ struct winevtlog_session * session ;
163+ int status = WINEVTLOG_SESSION_CREATE_OK ;
49164
50165 /* Initialize context */
51166 ctx = flb_calloc (1 , sizeof (struct winevtlog_config ));
@@ -61,7 +176,7 @@ static int in_winevtlog_init(struct flb_input_instance *in,
61176 flb_plg_error (in , "could not initialize event encoder" );
62177 flb_free (ctx );
63178
64- return NULL ;
179+ return -1 ;
65180 }
66181
67182 /* Load the config map */
@@ -72,6 +187,18 @@ static int in_winevtlog_init(struct flb_input_instance *in,
72187 return -1 ;
73188 }
74189
190+ /* Initialize session context */
191+ session = in_winevtlog_session_create (ctx , config , & status );
192+ if (status == WINEVTLOG_SESSION_ALLOC_FAILED ||
193+ status == WINEVTLOG_SESSION_FAILED_TO_CONVERT_WIDE ) {
194+ flb_plg_error (in , "session is not created and invalid with status %d" , status );
195+ return -1 ;
196+ }
197+ else if (session == NULL ) {
198+ flb_plg_debug (in , "connect to local machine" );
199+ }
200+ ctx -> session = session ;
201+
75202 /* Set up total reading size threshold */
76203 if (ctx -> total_size_threshold >= MINIMUM_THRESHOLD_SIZE &&
77204 ctx -> total_size_threshold <= MAXIMUM_THRESHOLD_SIZE ) {
@@ -140,7 +267,7 @@ static int in_winevtlog_init(struct flb_input_instance *in,
140267
141268 mk_list_foreach (head , ctx -> active_channel ) {
142269 ch = mk_list_entry (head , struct winevtlog_channel , _head );
143- winevtlog_sqlite_load (ch , ctx -> db );
270+ winevtlog_sqlite_load (ch , ctx , ctx -> db );
144271 flb_plg_debug (ctx -> ins , "load channel<%s time=%u>" ,
145272 ch -> name , ch -> time_created );
146273 }
@@ -182,7 +309,7 @@ static int in_winevtlog_read_channel(struct flb_input_instance *ins,
182309 ch -> time_updated = time (NULL );
183310 flb_plg_debug (ctx -> ins , "save channel<%s time=%u>" ,
184311 ch -> name , ch -> time_updated );
185- winevtlog_sqlite_save (ch , ctx -> db );
312+ winevtlog_sqlite_save (ch , ctx , ctx -> db );
186313 }
187314
188315 if (ctx -> log_encoder -> output_length > 0 ) {
@@ -235,6 +362,9 @@ static int in_winevtlog_exit(void *data, struct flb_config *config)
235362 if (ctx -> db ) {
236363 flb_sqldb_close (ctx -> db );
237364 }
365+ if (ctx -> session ) {
366+ in_winevtlog_session_destroy (ctx -> session );
367+ }
238368 flb_free (ctx );
239369
240370 return 0 ;
@@ -296,6 +426,26 @@ static struct flb_config_map config_map[] = {
296426 0 , FLB_TRUE , offsetof(struct winevtlog_config , total_size_threshold ),
297427 "Specify reading limit for collecting Windows EventLog per a cycle"
298428 },
429+ {
430+ FLB_CONFIG_MAP_STR , "remote.server" , (char * )NULL ,
431+ 0 , FLB_TRUE , offsetof(struct winevtlog_config , remote_server ),
432+ "Specify server name of remote access for Windows EventLog"
433+ },
434+ {
435+ FLB_CONFIG_MAP_STR , "remote.domain" , (char * )NULL ,
436+ 0 , FLB_TRUE , offsetof(struct winevtlog_config , remote_domain ),
437+ "Specify domain name of remote access for Windows EventLog"
438+ },
439+ {
440+ FLB_CONFIG_MAP_STR , "remote.username" , (char * )NULL ,
441+ 0 , FLB_TRUE , offsetof(struct winevtlog_config , remote_username ),
442+ "Specify username of remote access for Windows EventLog"
443+ },
444+ {
445+ FLB_CONFIG_MAP_STR , "remote.password" , (char * )NULL ,
446+ 0 , FLB_TRUE , offsetof(struct winevtlog_config , remote_password ),
447+ "Specify password of remote access for Windows EventLog"
448+ },
299449 /* EOF */
300450 {0 }
301451};
0 commit comments