##########################################################################
# $Id: eventlogremoveservice,v 1.3 2008/06/30 23:07:51 kirk Exp $
##########################################################################
# $Log: eventlogremoveservice,v $
# Revision 1.3  2008/06/30 23:07:51  kirk
# fixed copyright holders for files where I know who they should be
#
# Revision 1.2  2008/03/24 23:31:27  kirk
# added copyright/license notice to each script
#
# Revision 1.1  2007/04/28 22:50:24  bjorn
# Added files for Windows Event Log, by Orion Poplawski.  These are for
# Windows events logged to a server, using Snare Agent or similar.
#
##########################################################################

########################################################
## Copyright (c) 2008 Orion Poplawski
## Covered under the included MIT/X-Consortium License:
##    http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms.  If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions.  If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################

use strict;

my ($ServiceName, $ThisLine);
my ($linesin, $linesout) = (0, 0);

# This will remove the unwanted service from a logfile
# in a Windows Event Log format.  Case insensitive

#Apr  2 16:21:02 hotwheels hotwheels MSWinEventLog       1       Security        26      Mon Apr 02 16:21:02 2007  861     Security        SYSTEM  User    Failure Audit   HOTWHEELSDetailed Tracking                The Windows Firewall has detected an application listening for incoming traffic.        Name: -    Path: C:\Program Files\Snare\SnareCore.exe    Process identifier: 2656    User account: SYSTEM    User domain: NT AUTHORITY    Service: Yes    RPC server: No    IP version: IPv4    IP protocol: TCP    Port number: 6161    Allowed: No    User notified: No       18

if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
   print STDERR "DEBUG: Inside RemoveService...\n";
}

$ServiceName = $ARGV[0];

while (defined($ThisLine = <STDIN>)) {
   $linesin++;
   unless ($ThisLine =~ m/^... .. ..:..:.. \w+ \w+ \w+\t\d+\t$ServiceName\t\d/oi) {
      $linesout++;
      print $ThisLine;
   }
}

if ( $ENV{'LOGWATCH_DEBUG'} > 5 ) {
   print STDERR "DEBUG: Inside RemoveService: $linesin Lines In, $linesout Lines Out\n";
}

# vi: shiftwidth=3 syntax=perl tabstop=3 et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End: