Add and enable EventLog plugin.

Author: SeanCampbell

Makefile.am

@@ -1679,6 +1679,24 @@ syslog_la_LDFLAGS = $(PLUGIN_LDFLAGS)
 syslog_la_LIBADD = libcollectd.la
 endif
 
+if BUILD_PLUGIN_EVENTLOG
+RCFLAGS = --preprocessor="${CC} -E -xc-header -DRC_INVOKED"
+
+%.lo: %.mc
+	windmc $*.mc --headerdir=src --rcdir=src
+	$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --tag=RC --mode=compile $(RC) $(RCFLAGS) $*.rc -o $*.lo
+
+pkglib_LTLIBRARIES += eventlogres.la
+eventlogres_la_SOURCES = src/eventlogres.mc src/eventlogres.c
+eventlogres_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+
+pkglib_LTLIBRARIES += eventlog.la
+eventlog_la_SOURCES = src/eventlog.c
+eventlog_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+eventlog_la_LIBADD = libcollectd.la
+eventlog_la_DEPENDENCIES = eventlogres.la
+endif
+
 if BUILD_PLUGIN_TABLE
 pkglib_LTLIBRARIES += table.la
 table_la_SOURCES = src/table.c

build.sh

@@ -151,6 +151,7 @@ build_windows ()
 	  --disable-all-plugins \
 	  --host="mingw32" \
 	  --enable-logfile \
+	  --enable-eventlog \
 	  --enable-network \
 	  --enable-wmi
 

configure.ac

@@ -30,6 +30,7 @@ AC_PROG_CC_C99([],
 
 AX_COMPILER_VENDOR
 
+LT_PROG_RC
 AC_PROG_CXX
 AC_PROG_CPP
 AC_PROG_EGREP
@@ -6142,6 +6143,7 @@ plugin_dpdkevents="no"
 plugin_dpdkstat="no"
 plugin_entropy="no"
 plugin_ethstat="no"
+plugin_eventlog="no"
 plugin_fhcount="no"
 plugin_fscache="no"
 plugin_gps="no"
@@ -6183,6 +6185,7 @@ plugin_virt="no"
 plugin_vmem="no"
 plugin_vserver="no"
 plugin_wireless="no"
+plugin_wmi="no"
 plugin_write_prometheus="no"
 plugin_xencpu="no"
 plugin_zfs_arc="no"
@@ -6244,6 +6247,7 @@ if test "x$ac_system" = "xLinux"; then
 fi
 
 if test "x$ac_system" = "xWindows"; then
+  plugin_eventlog="yes"
   plugin_wmi="yes"
 fi
 
@@ -6562,6 +6566,7 @@ AC_PLUGIN([drbd],                [$plugin_drbd],            [DRBD statistics])
 AC_PLUGIN([email],               [yes],                     [EMail statistics])
 AC_PLUGIN([entropy],             [$plugin_entropy],         [Entropy statistics])
 AC_PLUGIN([ethstat],             [$plugin_ethstat],         [Stats from NIC driver])
+AC_PLUGIN([eventlog],            [$plugin_eventlog],        [Windows event logging plugin])
 AC_PLUGIN([exec],                [yes],                     [Execution of external programs])
 AC_PLUGIN([fhcount],             [$plugin_fhcount],         [File handles statistics])
 AC_PLUGIN([filecount],           [yes],                     [Count files in directories])
@@ -6701,6 +6706,12 @@ else
   LOAD_PLUGIN_SYSLOG="##"
 fi
 
+if test "x$enable_eventlog" = "xyes"; then
+  default_log_plugin="eventlog"
+else
+  LOAD_PLUGIN_EVENTLOG="##"
+fi
+
 if test "x$enable_logfile" = "xyes"; then
   if test "x$default_log_plugin" = "xnone"; then
     default_log_plugin="logfile"
@@ -6720,6 +6731,7 @@ fi
 AC_MSG_RESULT([$default_log_plugin])
 
 AC_SUBST([LOAD_PLUGIN_SYSLOG])
+AC_SUBST([LOAD_PLUGIN_EVENTLOG])
 AC_SUBST([LOAD_PLUGIN_LOGFILE])
 AC_SUBST([LOAD_PLUGIN_LOG_LOGSTASH])
 
@@ -6982,6 +6994,7 @@ AC_MSG_RESULT([    drbd  . . . . . . . . $enable_drbd])
 AC_MSG_RESULT([    email . . . . . . . . $enable_email])
 AC_MSG_RESULT([    entropy . . . . . . . $enable_entropy])
 AC_MSG_RESULT([    ethstat . . . . . . . $enable_ethstat])
+AC_MSG_RESULT([    eventlog  . . . . . . $enable_eventlog])
 AC_MSG_RESULT([    exec  . . . . . . . . $enable_exec])
 AC_MSG_RESULT([    fhcount . . . . . . . $enable_fhcount])
 AC_MSG_RESULT([    filecount . . . . . . $enable_filecount])

src/eventlog.c

@@ -0,0 +1,208 @@
+/**
+ * collectd - src/eventlog.c
+ * Copyright (c) 2018  Google LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ **/
+
+#include "collectd.h"
+
+#include "common.h"
+#include "plugin.h"
+
+#include "eventlogres.h"
+
+#include <windows.h>
+
+#if COLLECT_DEBUG
+static int log_level = LOG_DEBUG;
+#else
+static int log_level = LOG_INFO;
+#endif /* COLLECT_DEBUG */
+static int notif_severity = 0;
+
+static const char *config_keys[] = {
+    "LogLevel", "NotifyLevel",
+};
+static int config_keys_num = STATIC_ARRAY_SIZE(config_keys);
+
+static HANDLE event_source;
+static char log_prefix[512];
+
+int event_type_from_priority(int event_id) {
+  switch (event_id) {
+    case LOG_INFO:
+      return EVENTLOG_INFORMATION_TYPE;
+    case LOG_NOTICE:
+      return EVENTLOG_INFORMATION_TYPE;
+    case LOG_DEBUG:
+      return EVENTLOG_INFORMATION_TYPE;
+    case LOG_ERR:
+      return EVENTLOG_ERROR_TYPE;
+    default:
+      return EVENTLOG_WARNING_TYPE;
+  }
+}
+
+static void openlog(const char *ident) {
+  sprintf(log_prefix, "%s[%d]", ident, getpid());
+  event_source = RegisterEventSource(NULL, ident);
+  if (event_source == NULL) {
+    ERROR("eventlog: failed to register '%s' as an event source", ident);
+  }
+}
+
+static int closelog() {
+  BOOL success = DeregisterEventSource(event_source);
+  if (!success) {
+    ERROR("eventlog: failed to deregister 'collectd' as an event source");
+	return 1;
+  }
+  return 0;
+}
+
+static void veventlog(int priority, const char *format, va_list args) {
+  char msg[2056];
+  vsprintf(msg, format, args);
+  const char *messages[] = {log_prefix, msg};
+
+  BOOL success = ReportEvent(
+      event_source,
+      event_type_from_priority(priority), // wType
+      0,        // wCategory
+      MSG_LOG,  // dwEventID
+      NULL,     // lpUserSid
+      2,        // wNumStrings
+      0,        // dwDataSize
+      messages, // lpStrings
+      NULL      // lpRawData
+  );
+  if (!success) {
+    ERROR("eventlog: failed to report event to event log");
+  }
+}
+
+static void eventlog(int priority, const char *format, ...) {
+  va_list args;
+  va_start(args, format);
+  veventlog(priority, format, args);
+  va_end(args);
+}
+
+static int el_config(const char *key, const char *value) {
+  if (strcasecmp(key, "LogLevel") == 0) {
+    log_level = parse_log_severity(value);
+    if (log_level < 0) {
+      log_level = LOG_INFO;
+      ERROR("eventlog: invalid loglevel [%s] defaulting to 'info'", value);
+      return 1;
+    }
+  } else if (strcasecmp(key, "NotifyLevel") == 0) {
+    notif_severity = parse_notif_severity(value);
+    if (notif_severity < 0)
+      return 1;
+  }
+
+  return 0;
+} /* int el_config */
+
+static void el_log(int severity, const char *msg,
+                   user_data_t __attribute__((unused)) * user_data) {
+  if (severity > log_level)
+    return;
+
+  eventlog(severity, "%s", msg);
+} /* void el_log */
+
+static int el_shutdown(void) {
+  return closelog();
+}
+
+static int el_notification(const notification_t *n,
+                           user_data_t __attribute__((unused)) * user_data) {
+  char buf[1024] = "";
+  size_t offset = 0;
+  int log_severity;
+  const char *severity_string;
+  int status;
+
+  if (n->severity > notif_severity)
+    return 0;
+
+  switch (n->severity) {
+  case NOTIF_FAILURE:
+    severity_string = "FAILURE";
+    log_severity = LOG_ERR;
+    break;
+  case NOTIF_WARNING:
+    severity_string = "WARNING";
+    log_severity = LOG_WARNING;
+    break;
+  case NOTIF_OKAY:
+    severity_string = "OKAY";
+    log_severity = LOG_NOTICE;
+    break;
+  default:
+    severity_string = "UNKNOWN";
+    log_severity = LOG_ERR;
+  }
+
+#define BUFFER_ADD(...)                                                        \
+  do {                                                                         \
+    status = snprintf(&buf[offset], sizeof(buf) - offset, __VA_ARGS__);        \
+    if (status < 1)                                                            \
+      return -1;                                                               \
+    else if (((size_t)status) >= (sizeof(buf) - offset))                       \
+      return -ENOMEM;                                                          \
+    else                                                                       \
+      offset += ((size_t)status);                                              \
+  } while (0)
+
+#define BUFFER_ADD_FIELD(field)                                                \
+  do {                                                                         \
+    if (n->field[0])                                                           \
+      BUFFER_ADD(", " #field " = %s", n->field);                               \
+  } while (0)
+
+  BUFFER_ADD("Notification: severity = %s", severity_string);
+  BUFFER_ADD_FIELD(host);
+  BUFFER_ADD_FIELD(plugin);
+  BUFFER_ADD_FIELD(plugin_instance);
+  BUFFER_ADD_FIELD(type);
+  BUFFER_ADD_FIELD(type_instance);
+  BUFFER_ADD_FIELD(message);
+
+#undef BUFFER_ADD_FIELD
+#undef BUFFER_ADD
+
+  buf[sizeof(buf) - 1] = '\0';
+
+  el_log(log_severity, buf, NULL);
+
+  return 0;
+} /* int el_notification */
+
+void module_register(void) {
+  openlog("collectd");
+
+  plugin_register_config("eventlog", el_config, config_keys, config_keys_num);
+  plugin_register_log("eventlog", el_log, /* user_data = */ NULL);
+  plugin_register_notification("eventlog", el_notification, NULL);
+  plugin_register_shutdown("eventlog", el_shutdown);
+} /* void module_register(void) */

src/eventlogres.mc

@@ -0,0 +1,5 @@
+MessageId=0x1
+SymbolicName=MSG_LOG
+Language=English
+%1: %2
+.