File: eventlogremoveservice

package info (click to toggle)
logwatch 7.14-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,572 kB
  • sloc: perl: 8,290; sh: 354; makefile: 38
file content (66 lines) | stat: -rw-r--r-- 2,825 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
##########################################################################
# $Id$
##########################################################################
# $Log: eventlogremoveservice,v $
# Revision 1.3  2008/06/30 23:07:51  kirk
# fixed copyright holders for files where I know who they should be
#
# Revision 1.2  2008/03/24 23:31:27  kirk
# added copyright/license notice to each script
#
# Revision 1.1  2007/04/28 22:50:24  bjorn
# Added files for Windows Event Log, by Orion Poplawski.  These are for
# Windows events logged to a server, using Snare Agent or similar.
#
##########################################################################

########################################################
## Copyright (c) 2008 Orion Poplawski
## Covered under the included MIT/X-Consortium License:
##    http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms.  If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions.  If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################

use strict;

my ($ServiceName, $ThisLine);
my ($linesin, $linesout) = (0, 0);

# This will remove the unwanted service from a logfile
# in a Windows Event Log format.  Case insensitive

#Apr  2 16:21:02 hotwheels hotwheels MSWinEventLog       1       Security        26      Mon Apr 02 16:21:02 2007  861     Security        SYSTEM  User    Failure Audit   HOTWHEELSDetailed Tracking                The Windows Firewall has detected an application listening for incoming traffic.        Name: -    Path: C:\Program Files\Snare\SnareCore.exe    Process identifier: 2656    User account: SYSTEM    User domain: NT AUTHORITY    Service: Yes    RPC server: No    IP version: IPv4    IP protocol: TCP    Port number: 6161    Allowed: No    User notified: No       18

if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
   print STDERR "DEBUG: Inside RemoveService...\n";
}

$ServiceName = $ARGV[0];

while (defined($ThisLine = <STDIN>)) {
   $linesin++;
   unless ($ThisLine =~ m/^... .. ..:..:.. .* MSWinEventLog(\t\d+\t|\[\d+\]:)$ServiceName\t/oi) {
      $linesout++;
      print $ThisLine;
   }
}

if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
   print STDERR "DEBUG: Inside RemoveService: $linesin Lines In, $linesout Lines Out\n";
}

# vi: shiftwidth=3 syntax=perl tabstop=3 et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End: