##########################################################################
# $Id: evtsystem,v 1.3 2008/06/30 23:07:51 kirk Exp $
##########################################################################
# $Log: evtsystem,v $
# Revision 1.3 2008/06/30 23:07:51 kirk
# fixed copyright holders for files where I know who they should be
#
# Revision 1.2 2008/03/24 23:31:26 kirk
# added copyright/license notice to each script
#
# Revision 1.1 2007/04/28 22:50:24 bjorn
# Added files for Windows Event Log, by Orion Poplawski. These are for
# Windows events logged to a server, using Snare Agent or similar.
#
##########################################################################
########################################################
## Copyright (c) 2008 Orion Poplawski
## Covered under the included MIT/X-Consortium License:
## http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms. If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions. If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
while (defined($ThisLine = <STDIN>)) {
#Parse
my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$System,$UserName,$SIDType,$EventLogType,$ComputerName,$CategoryString,$DataString,$ExpandedString,$Extra) =
($ThisLine =~ /(\w+)\sMSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)/);
if (!defined($Hostname)) {
print STDERR "Cannot parse $ThisLine";
next;
}
#print STDERR "ExpandedString = $ExpandedString\n";
if ($System =~ /Application Popup/) {
#Ignore these
next if $ExpandedString =~ /Initialization Failed : The application failed to initialize because the window station is shutting down/;
}
if ($System =~ /EventLog/) {
#Ignore these
next if $ExpandedString =~ /Microsoft \(R\) Windows \(R\) \d+\.\d+\. \d+ Service Pack \d/;
next if $ExpandedString =~ /The Event log service was started./;
next if $ExpandedString =~ /The Event log service was stopped./;
}
if ($System =~ /Service Control Manager/) {
#Ignore these
next if $ExpandedString =~ /The (.*) service entered the running state./;
next if $ExpandedString =~ /The (.*) service entered the stopped state./;
next if $ExpandedString =~ /The (.*) service was successfully sent a start control./;
next if $ExpandedString =~ /The (.*) service was successfully sent a stop control./;
}
# Add to the list
$Systems{$System}->{"$Hostname $ExpandedString"}++;
}
if (keys %Systems) {
foreach $System (sort(keys %Systems)) {
print "\n$System\n";
foreach $Error (sort(keys %{$Systems{$System}})) {
print " $Error : $Systems{$System}->{$Error} Times\n";
}
}
}
exit(0);
# vi: shiftwidth=3 tabstop=3 syntax=perl et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End:
distrib
>
Mandriva
>
2011.0
>
x86_64
>
media
>
contrib-testing
>
by-pkgid
>
db5930ff42273c3d4922c886ff560c8b
>
files
>
197
