Catching generic exception in order to avoid crashing when parsing windows events logs by AndreaMarangoni · Pull Request #8513

Catching generic exception in order to avoid crashing when parsing windows events logs by AndreaMarangoni · Pull Request #8513 · osquery/osquery

Fixes #7340

For the time being we are only catching the exception to avoid crashing the process.
The schema description is explained on this page EventType Schema

The downside of this solution is that we are going to miss the event. In order to get those events, it should be as easy as adding the parsing of xml elements: DebugData, BinaryEventData and ProcessingErrorData. The content of those elements will be flattened out and stored into row["data"].

E.g.

getDataFromPtree("Event.EventData");
getDataFromPtree("Event.UserData");

getDataFromPtree("Event.DebugData");
getDataFromPtree("Event.BinaryEventData");
getDataFromPtree("Event.ProcessingErrorData");

Happy to add those if you are happy to.