[Openvas-commits] r10530 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Mar 11 16:04:17 CET 2011 

Author: mwiegand
Date: 2011-03-11 16:04:13 +0100 (Fri, 11 Mar 2011)
New Revision: 10530

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_wmi_eventlog.nasl
Log:
* scripts/gb_wmi_eventlog.nasl: Commiting updated version on behalf of
  Thomas Rotter.


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-03-11 12:29:22 UTC (rev 10529)
+++ trunk/openvas-plugins/ChangeLog	2011-03-11 15:04:13 UTC (rev 10530)
@@ -1,3 +1,8 @@
+2011-03-11  Michael Wiegand <michael.wiegand at greenbone.net>
+
+	* scripts/gb_wmi_eventlog.nasl: Commiting updated version on behalf of
+	Thomas Rotter.
+
 2011-03-11  Michael Meyer <michael.meyer at greenbone.net>
 
 	* cripts/gb_starttls_smtp.nasl,

Modified: trunk/openvas-plugins/scripts/gb_wmi_eventlog.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wmi_eventlog.nasl	2011-03-11 12:29:22 UTC (rev 10529)
+++ trunk/openvas-plugins/scripts/gb_wmi_eventlog.nasl	2011-03-11 15:04:13 UTC (rev 10530)
@@ -74,33 +74,54 @@
 
 AppRecNumber = wmi_query(wmi_handle:handle, query:"SELECT RecordNumber from Win32_NTLogEvent WHERE LogFile='Application'");
 AppRecNumber = split(AppRecNumber, keep:0);
-var = split(AppRecNumber[2], sep:"|", keep:0);
+var = split(AppRecNumber[1], sep:"|", keep:0);
 AppFirstRecNumber = var[1];
 
 SecRecNumber = wmi_query(wmi_handle:handle, query:"SELECT RecordNumber from Win32_NTLogEvent WHERE LogFile='Security'");
 SecRecNumber = split(SecRecNumber, keep:0);
-var = split(SecRecNumber[2], sep:"|", keep:0);
+var = split(SecRecNumber[1], sep:"|", keep:0);
 SecFirstRecNumber = var[1];
 
 SysRecNumber = wmi_query(wmi_handle:handle, query:"SELECT RecordNumber from Win32_NTLogEvent WHERE LogFile='System'");
 SysRecNumber = split(SysRecNumber, keep:0);
-var = split(SysRecNumber[2], sep:"|", keep:0);
+var = split(SysRecNumber[1], sep:"|", keep:0);
 SysFirstRecNumber = var[1];
 
-AppRecNumber = int(AppFirstRecNumber) - int(RecNumber);
-SecRecNumber = int(SecFirstRecNumber) - int(RecNumber);
-SysRecNumber = int(SysFirstRecNumber) - int(RecNumber);
+set_kb_item(name:"WMI/SysFirstRecNumber", value:SysFirstRecNumber);#TEST
 
-AppQuery = "SELECT * from Win32_NTLogEvent WHERE LogFile='Application' and RecordNumber <= '" + AppRecNumber + "'";
-SecQuery = "SELECT * from Win32_NTLogEvent WHERE LogFile='Security' and RecordNumber <= '" + SecRecNumber + "'";
-SysQuery = "SELECT * from Win32_NTLogEvent WHERE LogFile='System' and RecordNumber <= '" + SysRecNumber + "'";
+if(AppFirstRecNumber != "1"){
+  if (int(AppFirstRecNumber) > int(RecNumber)){
+    AppRecNumber = int(AppFirstRecNumber) - int(RecNumber);
+  }else{
+    AppRecNumber = int(AppFirstRecNumber);
+  }
+  set_kb_item(name:"WMI/AppRecNumber", value:AppRecNumber);#TEST
+  AppQuery = "SELECT * from Win32_NTLogEvent WHERE LogFile='Application' and RecordNumber >= '" + AppRecNumber + "'";
+  Application = wmi_query(wmi_handle:handle, query:AppQuery);
+}
 
-if(AppFirstRecNumber)Application = wmi_query(wmi_handle:handle, query:AppQuery);
-if(SecFirstRecNumber)Security = wmi_query(wmi_handle:handle, query:SecQuery);
-if(SysFirstRecNumber)System = wmi_query(wmi_handle:handle, query:SysQuery);
+if(SecFirstRecNumber != "1"){
+  if (int(SecFirstRecNumber) > int(RecNumber)){
+    SecRecNumber = int(SecFirstRecNumber) - int(RecNumber);
+  }else{
+    SecRecNumber = int(SecFirstRecNumber);
+  }
+  SecQuery = "SELECT * from Win32_NTLogEvent WHERE LogFile='Security' and RecordNumber >= '" + SecRecNumber + "'";
+  Security = wmi_query(wmi_handle:handle, query:SecQuery);
+}
 
-if (Application)security_note(port:0, proto: "MS-Eventlog/Application", data:Application);
-if (Security)security_note(port:0, proto: "MS-Eventlog/Security", data:Security);
-if (System)security_note(port:0, proto: "MS-Eventlog/System", data:System);
+if(SysFirstRecNumber != "1"){
+  if (int(SysFirstRecNumber) > int(RecNumber)){
+    SysRecNumber = int(SysFirstRecNumber) - int(RecNumber);
+  }else{
+    SysRecNumber = int(SysFirstRecNumber);
+  }
+  SysQuery = "SELECT * from Win32_NTLogEvent WHERE LogFile='System' and RecordNumber >= '" + SysRecNumber + "'";
+  System = wmi_query(wmi_handle:handle, query:SysQuery);
+}
 
+if (Application)log_message(port:0, proto: "MS-Eventlog/Application", data:Application);
+if (Security)log_message(port:0, proto: "MS-Eventlog/Security", data:Security);
+if (System)log_message(port:0, proto: "MS-Eventlog/System", data:System);
+
 exit(0);

More information about the Openvas-commits mailing list