NCPA not accurately parsing inputs
ne-bbahn opened this issue · 1 comments
https://support.nagios.com/forum/viewtopic.php?t=75483
If I only use the log name in NCPA API "Laserfiche-Directory Service-Server/Operational" - it returns events that aren't in that log. For example,
CODE: SELECT ALL"Laserfiche-Directory Service-Server/Operational": [
{
"category": "0",
"severity": "INFORMATION",
"event_id": "9027",
"application": "Desktop Window Manager",
"computer_name": "",
"message": "",
"time_generated": "07/18/24 07:25:55"
},
That is under Windows Logs > Application.I can even put in "Random" for the Log name and it returns the same result as above. Why is it pulling that result if there is no log named that? If it can't find the log name it just returns results from the Windows Application log?
I have not got the check to work with ANY log that is within a folder. It seems to only work with log names at the root level. You can put in any name you like and it won't error, it will just give you the events from the first log, which is the Application log under Windows Logs.
This leads me to think that the code is doing something similar to the Get-EventLog Powershell command which only gives those root level logs, whereas the Get-WinEvent can get everything.
I have not encountered this, so I will need to investigate this.
It seems that the only remaining issue here is that
When I try to check Microsoft-Windows-AppModel-Runtime%4Admin, it replaces the %4A with a J, causing it to fail.
On the other hand, Microsoft-Windows-Application-Experience%4Program-Telemetry is working as intended.
Once the inputs have an extra encoding layer, so for example %4A is expanded to %254A and is then decoded before the API processes them and security around this has been reviewed, then it will be good to go.