diff options
Diffstat (limited to 'src/fluent-bit/plugins/in_windows_exporter_metrics/we_wmi_logon.c')
-rw-r--r-- | src/fluent-bit/plugins/in_windows_exporter_metrics/we_wmi_logon.c | 198 |
1 files changed, 198 insertions, 0 deletions
diff --git a/src/fluent-bit/plugins/in_windows_exporter_metrics/we_wmi_logon.c b/src/fluent-bit/plugins/in_windows_exporter_metrics/we_wmi_logon.c new file mode 100644 index 000000000..761d4ac7a --- /dev/null +++ b/src/fluent-bit/plugins/in_windows_exporter_metrics/we_wmi_logon.c @@ -0,0 +1,198 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ + +/* Fluent Bit + * ========== + * Copyright (C) 2022 The Fluent Bit Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <fluent-bit/flb_input_plugin.h> +#include <fluent-bit/flb_config.h> +#include <fluent-bit/flb_config_map.h> +#include <fluent-bit/flb_error.h> +#include <fluent-bit/flb_pack.h> + +#include "we.h" +#include "we_wmi.h" +#include "we_wmi_cpu_info.h" +#include "we_util.h" +#include "we_metric.h" + +static double nop_adjust(double value) +{ + return value; +} + +int we_wmi_logon_init(struct flb_we *ctx) +{ + ctx->wmi_logon = flb_calloc(1, sizeof(struct we_wmi_logon_counters)); + if (!ctx->wmi_logon) { + flb_errno(); + return -1; + } + ctx->wmi_logon->operational = FLB_FALSE; + + struct cmt_gauge *g; + + g = cmt_gauge_create(ctx->cmt, "windows", "logon", "logon_type", + "Number of active logon sessions (LogonSession.LogonType) by WMI Win32_LogonSession", + 1, (char *[]) {"status"}); + if (!g) { + return -1; + } + + ctx->wmi_logon->info = flb_calloc(1, sizeof(struct wmi_query_spec)); + if (!ctx->wmi_logon->info) { + flb_errno(); + return -1; + } + ctx->wmi_logon->info->label_property_keys = (char **) flb_calloc(1, sizeof(char *)); + if (!ctx->wmi_logon->info->label_property_keys) { + flb_errno(); + return -1; + } + + ctx->wmi_logon->info->metric_instance = (void *)g; + ctx->wmi_logon->info->type = CMT_GAUGE; + ctx->wmi_logon->info->value_adjuster = nop_adjust; + ctx->wmi_logon->info->wmi_counter = "Win32_LogonSession"; + ctx->wmi_logon->info->wmi_property = "LogonType"; + ctx->wmi_logon->info->label_property_count = 1; + ctx->wmi_logon->info->label_property_keys[0] = "status" ; + ctx->wmi_logon->info->where_clause = NULL; + + ctx->wmi_logon->operational = FLB_TRUE; + + return 0; +} + +int we_wmi_logon_exit(struct flb_we *ctx) +{ + flb_free(ctx->wmi_logon->info->label_property_keys); + flb_free(ctx->wmi_logon->info); + flb_free(ctx->wmi_logon); + + return 0; +} + +int we_wmi_logon_update(struct flb_we *ctx) +{ + IEnumWbemClassObject* enumerator = NULL; + HRESULT hr; + + IWbemClassObject *class_obj = NULL; + ULONG ret = 0; + double val = 0; + int type = 0; + uint64_t timestamp = 0; + /* Init counters for logon */ + uint64_t system = 0, interactive = 0, network = 0, batch = 0, service = 0, + proxy = 0, unlock = 0, networkcleartext = 0, newcredentials = 0, remoteinteractive = 0, + cachedinteractive = 0, cachedremoteinteractive = 0, cachedunlock = 0; + struct wmi_query_spec *spec; + + if (!ctx->wmi_logon->operational) { + flb_plg_error(ctx->ins, "logon collector not yet in operational state"); + + return -1; + } + + if (FAILED(we_wmi_coinitialize(ctx))) { + return -1; + } + + timestamp = cfl_time_now(); + + if (FAILED(we_wmi_execute_query(ctx, ctx->wmi_logon->info, &enumerator))) { + return -1; + } + + while(enumerator) { + hr = enumerator->lpVtbl->Next(enumerator, WBEM_INFINITE, 1, + &class_obj, &ret); + + if(0 == ret) { + break; + } + + val = we_wmi_get_value(ctx, ctx->wmi_logon->info, class_obj); + type = (int)val; + + switch(type) { + case 0: + system++; + break; + case 2: + interactive++; + break; + case 3: + network++; + break; + case 4: + batch++; + break; + case 5: + service++; + break; + case 6: + proxy++; + break; + case 7: + unlock++; + break; + case 8: + networkcleartext++; + break; + case 9: + newcredentials++; + break; + case 10: + remoteinteractive++; + break; + case 11: + cachedinteractive++; + break; + case 12: + cachedremoteinteractive++; + break; + case 13: + cachedunlock++; + break; + } + + class_obj->lpVtbl->Release(class_obj); + } + + enumerator->lpVtbl->Release(enumerator); + + spec = ctx->wmi_logon->info; + + we_wmi_update_counters(ctx, spec, timestamp, (double)system, 1, (char *[]) {"system"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)interactive, 1, (char *[]) {"interactive"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)network, 1, (char *[]) {"network"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)batch, 1, (char *[]) {"batch"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)service, 1, (char *[]) {"service"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)proxy, 1, (char *[]) {"proxy"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)unlock, 1, (char *[]) {"unlock"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)networkcleartext, 1, (char *[]) {"network_clear_text"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)newcredentials, 1, (char *[]) {"new_credentials"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)remoteinteractive, 1, (char *[]) {"remote_interactive"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)cachedinteractive, 1, (char *[]) {"cached_interactive"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)cachedremoteinteractive, 1, (char *[]) {"cached_remote_interactive"} ); + we_wmi_update_counters(ctx, spec, timestamp, (double)cachedunlock, 1, (char *[]) {"cached_unlock"} ); + + we_wmi_cleanup(ctx); + + return 0; +} |