Updates to the CLF Agent to use a TCP socket and log messages when it starts and stops
This commit is contained in:
Fish
parent
dbe75cd311
commit
96cb1750f3
6 changed files with 35 additions and 16 deletions
|
|
@ -57,7 +57,7 @@ int MainLoop()
|
|||
return 1;
|
||||
|
||||
/* Service is now running */
|
||||
Log(LOG_INFO, "Centralized Logging Agent Service Started: Version 1.0");
|
||||
Log(LOG_INFO|LOG_SYS, "Centralized Logging Agent Service Started: Version 1.0");
|
||||
|
||||
/* Loop while service is running */
|
||||
do {
|
||||
|
|
@ -79,8 +79,8 @@ int MainLoop()
|
|||
} while (ServiceIsRunning);
|
||||
|
||||
/* Service is stopped */
|
||||
Log(LOG_INFO, "Centralized Logging Agent Service Stopped");
|
||||
|
||||
Log(LOG_INFO|LOG_SYS, "Centralized Logging Agent Service Stopped");
|
||||
SyslogSend("Centralized Logging Agent Service Stopped", SYSLOG_BUILD(SYSLOG_DAEMON, SYSLOG_WARNING));
|
||||
/* Close eventlogs */
|
||||
EventlogsClose();
|
||||
|
||||
|
|
|
|||
15
win32/main.c
15
win32/main.c
|
|
@ -35,6 +35,7 @@
|
|||
*/
|
||||
|
||||
/* Include files */
|
||||
#include <signal.h>
|
||||
#include "main.h"
|
||||
#include "eventlog.h"
|
||||
#include "log.h"
|
||||
|
|
@ -51,6 +52,14 @@ static char * ProgramName;
|
|||
static char * ProgramSyslogLogHost = NULL;
|
||||
static char * ProgramSyslogPort = NULL;
|
||||
|
||||
static int GoingDown(int ok) {
|
||||
SyslogSend("Centralized Logging Agent Service Stopped", SYSLOG_BUILD(SYSLOG_DAEMON, SYSLOG_WARNING));
|
||||
Log(LOG_INFO|LOG_SYS, "Centralized Logging Agent Service Stopped");
|
||||
exit(3);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Operate on program flags */
|
||||
static int mainOperateFlags()
|
||||
{
|
||||
|
|
@ -86,6 +95,9 @@ static int mainOperateFlags()
|
|||
return status;
|
||||
}
|
||||
|
||||
signal(SIGINT, GoingDown);
|
||||
signal(SIGSEGV, GoingDown);
|
||||
signal(SIGTERM, GoingDown);
|
||||
/* Load the current registry keys */
|
||||
if (RegistryRead())
|
||||
return 1;
|
||||
|
|
@ -121,10 +133,8 @@ static void mainUsage()
|
|||
fputc('\n', stderr);
|
||||
fprintf(stderr, "Default port: %u\n", SYSLOG_DEF_PORT);
|
||||
fputs("Host (-h) required if installing.\n", stderr);
|
||||
Sleep(10000);
|
||||
} else {
|
||||
Log(LOG_ERROR, "Invalid flag usage; Check startup parameters");
|
||||
Sleep(10000);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -147,7 +157,6 @@ static int mainProcessFlags(int argc, char ** argv)
|
|||
break;
|
||||
case 'h':
|
||||
ProgramSyslogLogHost = GetOptArg;
|
||||
printf("%s\n", ProgramSyslogLogHost);
|
||||
break;
|
||||
case 'p':
|
||||
ProgramSyslogPort = GetOptArg;
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ struct RegistryData {
|
|||
};
|
||||
|
||||
/* Location of application data in registry tree */
|
||||
static char RegistryApplicationDataPath[] = "Software\\ECN\\EvtSys\\3.0";
|
||||
static char RegistryApplicationDataPath[] = "Software\\CSC\\CLFAgent\\1.1";
|
||||
|
||||
/* List of application data */
|
||||
static struct RegistryData RegistryApplicationDataList[] = {
|
||||
|
|
@ -61,10 +61,10 @@ static struct RegistryData RegistryApplicationDataList[] = {
|
|||
};
|
||||
|
||||
/* Location of eventlog data in registry tree */
|
||||
static char RegistryEventlogDataPath[] = "System\\CurrentControlSet\\Services\\EventLog\\Application\\EvtSys";
|
||||
static char RegistryEventlogDataPath[] = "System\\CurrentControlSet\\Services\\EventLog\\Application\\CLFAgent";
|
||||
|
||||
/* List of eventlog data */
|
||||
static char RegistryEventlogFile[] = "%SystemRoot%\\System32\\evtsys.dll";
|
||||
static char RegistryEventlogFile[] = "%SystemRoot%\\System32\\CLFAgent.dll";
|
||||
static DWORD RegistryEventlogTypes = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE;
|
||||
|
||||
static struct RegistryData RegistrEventlogDataList[] = {
|
||||
|
|
@ -92,10 +92,10 @@ static int RegistryCreate(char * path, struct RegistryData * list, int count)
|
|||
NULL,
|
||||
®istry_handle,
|
||||
&disposition)) {
|
||||
Log(LOG_ERROR|LOG_SYS, "Cannot initialize access to registry: \"%s\"", path);
|
||||
Log(LOG_ERROR|LOG_SYS, "Cannot initialize access to registry: \"%s\" %d", path, WSAGetLastError());
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/* Check for existing */
|
||||
if (disposition == REG_OPENED_EXISTING_KEY)
|
||||
Log(LOG_WARNING, "Replacing existing keys: \"%s\"", path);
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ int ServiceInstall()
|
|||
}
|
||||
|
||||
/* Create a new service */
|
||||
new_service = CreateService(service_manager, "CLFAgent", "CSC CLF Agent", SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, "%SystemRoot%\\System32\\evtsys.exe", NULL, NULL, "eventlog\0", NULL, NULL);
|
||||
new_service = CreateService(service_manager, "CLFAgent", "CSC CLF Agent", SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, "%SystemRoot%\\System32\\clfagent.exe", NULL, NULL, "eventlog\0", NULL, NULL);
|
||||
if (new_service == NULL)
|
||||
Log(LOG_ERROR|LOG_SYS, "Cannot create service");
|
||||
else
|
||||
|
|
@ -146,6 +146,9 @@ static void WINAPI ServiceChange(DWORD code)
|
|||
/* Process main loop */
|
||||
static void WINAPI ServiceMain(DWORD argc, LPTSTR * argv)
|
||||
{
|
||||
|
||||
Log(LOG_INFO|LOG_SYS, "CLFAgent Started As a Service");
|
||||
|
||||
/* Register a control function to the service manager */
|
||||
ServiceStatusHandle = RegisterServiceCtrlHandler("CLFAgent", ServiceChange);
|
||||
if (ServiceStatusHandle == 0) {
|
||||
|
|
@ -172,6 +175,8 @@ static void WINAPI ServiceMain(DWORD argc, LPTSTR * argv)
|
|||
/* Send stop message */
|
||||
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
|
||||
|
||||
Log(LOG_INFO|LOG_SYS, "CLFAgent Stopped As a Service");
|
||||
|
||||
/* Report status */
|
||||
if (SetServiceStatus(ServiceStatusHandle, &ServiceStatus) == FALSE) {
|
||||
Log(LOG_ERROR|LOG_SYS, "Cannot send change service status update");
|
||||
|
|
|
|||
|
|
@ -63,7 +63,6 @@ int SyslogSend(char * message, int level)
|
|||
|
||||
/* Write priority level */
|
||||
_snprintf(error_message, sizeof(error_message), "<%d>%s", level, message);
|
||||
|
||||
/* Send result to syslog server */
|
||||
return WSockSend(error_message);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,18 +88,24 @@ void WSockStop()
|
|||
/* Open connection to syslog */
|
||||
int WSockOpen(unsigned long ip, unsigned short port)
|
||||
{
|
||||
int ret;
|
||||
/* Initialize remote address structure */
|
||||
WSockAddress.sin_family = AF_INET;
|
||||
WSockAddress.sin_port = htons(port);
|
||||
WSockAddress.sin_addr.s_addr = ip;
|
||||
|
||||
/* Create socket */
|
||||
WSockSocket = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
WSockSocket = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (WSockSocket == INVALID_SOCKET) {
|
||||
Log(LOG_ERROR|LOG_SYS, "Cannot create a datagram socket");
|
||||
return 1;
|
||||
}
|
||||
|
||||
ret = connect (WSockSocket, (struct sockaddr *) &WSockAddress, sizeof (WSockAddress));
|
||||
if (ret<0) {
|
||||
Log(LOG_ERROR|LOG_SYS, "Winsock Error: %d", WSAGetLastError());
|
||||
WSockClose();
|
||||
return 1;
|
||||
}
|
||||
/* Success */
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -117,7 +123,7 @@ void WSockClose()
|
|||
/* Send data to syslog */
|
||||
int WSockSend(char * message)
|
||||
{
|
||||
int len;
|
||||
size_t len;
|
||||
|
||||
/* Get message length */
|
||||
len = strlen(message);
|
||||
|
|
|
|||
Reference in a new issue