1 /* 2 ** Zabbix 3 ** Copyright (C) 2001-2021 Zabbix SIA 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License as published by 7 ** the Free Software Foundation; either version 2 of the License, or 8 ** (at your option) any later version. 9 ** 10 ** This program is distributed in the hope that it will be useful, 11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 ** GNU General Public License for more details. 14 ** 15 ** You should have received a copy of the GNU General Public License 16 ** along with this program; if not, write to the Free Software 17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 **/ 19 20 #ifndef ZABBIX_EVENTLOG_H 21 #define ZABBIX_EVENTLOG_H 22 23 #ifndef _WINDOWS 24 # error "This module is only available for Windows OS" 25 #endif 26 27 #define EVT_VARIANT_TYPE_ARRAY 128 28 #define EVT_VARIANT_TYPE_MASK 0x7f 29 30 /* Structures from winevt.h file */ 31 typedef HANDLE EVT_HANDLE, *PEVT_HANDLE; 32 33 typedef struct _EVT_VARIANT 34 { 35 union 36 { 37 BOOL BooleanVal; 38 INT8 SByteVal; 39 INT16 Int16Val; 40 INT32 Int32Val; 41 INT64 Int64Val; 42 UINT8 ByteVal; 43 UINT16 UInt16Val; 44 UINT32 UInt32Val; 45 UINT64 UInt64Val; 46 float SingleVal; 47 double DoubleVal; 48 ULONGLONG FileTimeVal; 49 SYSTEMTIME *SysTimeVal; 50 GUID *GuidVal; 51 const wchar_t *StringVal; 52 const char *AnsiStringVal; 53 PBYTE BinaryVal; 54 PSID SidVal; 55 size_t SizeTVal; 56 57 /* array fields */ 58 BOOL *BooleanArr; 59 INT8 *SByteArr; 60 INT16 *Int16Arr; 61 INT32 *Int32Arr; 62 INT64 *Int64Arr; 63 UINT8 *ByteArr; 64 UINT16 *UInt16Arr; 65 UINT32 *UInt32Arr; 66 UINT64 *UInt64Arr; 67 float *SingleArr; 68 double *DoubleArr; 69 FILETIME *FileTimeArr; 70 SYSTEMTIME *SysTimeArr; 71 GUID *GuidArr; 72 wchar_t **StringArr; 73 char **AnsiStringArr; 74 PSID *SidArr; 75 size_t *SizeTArr; 76 77 /* internal fields */ 78 EVT_HANDLE EvtHandleVal; 79 const wchar_t *XmlVal; 80 const wchar_t **XmlValArr; 81 }; 82 83 DWORD Count; /* number of elements (not length) in bytes */ 84 DWORD Type; 85 } 86 EVT_VARIANT, *PEVT_VARIANT; 87 88 typedef enum _EVT_LOG_PROPERTY_ID 89 { 90 EvtLogCreationTime = 0, /* EvtVarTypeFileTime */ 91 EvtLogLastAccessTime, /* EvtVarTypeFileTime */ 92 EvtLogLastWriteTime, /* EvtVarTypeFileTime */ 93 EvtLogFileSize, /* EvtVarTypeUInt64 */ 94 EvtLogAttributes, /* EvtVarTypeUInt32 */ 95 EvtLogNumberOfLogRecords, /* EvtVarTypeUInt64 */ 96 EvtLogOldestRecordNumber, /* EvtVarTypeUInt64 */ 97 EvtLogFull, /* EvtVarTypeBoolean */ 98 } 99 EVT_LOG_PROPERTY_ID; 100 101 typedef enum _EVT_RENDER_CONTEXT_FLAGS 102 { 103 EvtRenderContextValues = 0, /* render specific properties */ 104 EvtRenderContextSystem, /* render all system properties (System) */ 105 EvtRenderContextUser /* render all user properties (User/EventData) */ 106 } 107 EVT_RENDER_CONTEXT_FLAGS; 108 109 typedef enum _EVT_QUERY_FLAGS 110 { 111 EvtQueryChannelPath = 0x1, 112 EvtQueryFilePath = 0x2, 113 EvtQueryForwardDirection = 0x100, 114 EvtQueryReverseDirection = 0x200, 115 EvtQueryTolerateQueryErrors = 0x1000 116 } 117 EVT_QUERY_FLAGS; 118 119 typedef enum _EVT_RENDER_FLAGS 120 { 121 EvtRenderEventValues = 0, /* variants */ 122 EvtRenderEventXml, /* XML */ 123 EvtRenderBookmark /* bookmark */ 124 } 125 EVT_RENDER_FLAGS; 126 127 typedef enum _EVT_FORMAT_MESSAGE_FLAGS 128 { 129 EvtFormatMessageEvent = 1, 130 EvtFormatMessageLevel, 131 EvtFormatMessageTask, 132 EvtFormatMessageOpcode, 133 EvtFormatMessageKeyword, 134 EvtFormatMessageChannel, 135 EvtFormatMessageProvider, 136 EvtFormatMessageId, 137 EvtFormatMessageXml, 138 } 139 EVT_FORMAT_MESSAGE_FLAGS; 140 141 typedef enum _EVT_OPEN_LOG_FLAGS 142 { 143 EvtOpenChannelPath = 0x1, 144 EvtOpenFilePath = 0x2 145 } 146 EVT_OPEN_LOG_FLAGS; 147 148 typedef enum _EVT_VARIANT_TYPE 149 { 150 EvtVarTypeNull = 0, 151 EvtVarTypeString = 1, 152 EvtVarTypeAnsiString = 2, 153 EvtVarTypeSByte = 3, 154 EvtVarTypeByte = 4, 155 EvtVarTypeInt16 = 5, 156 EvtVarTypeUInt16 = 6, 157 EvtVarTypeInt32 = 7, 158 EvtVarTypeUInt32 = 8, 159 EvtVarTypeInt64 = 9, 160 EvtVarTypeUInt64 = 10, 161 EvtVarTypeSingle = 11, 162 EvtVarTypeDouble = 12, 163 EvtVarTypeBoolean = 13, 164 EvtVarTypeBinary = 14, 165 EvtVarTypeGuid = 15, 166 EvtVarTypeSizeT = 16, 167 EvtVarTypeFileTime = 17, 168 EvtVarTypeSysTime = 18, 169 EvtVarTypeSid = 19, 170 EvtVarTypeHexInt32 = 20, 171 EvtVarTypeHexInt64 = 21, 172 173 /* these types used internally */ 174 EvtVarTypeEvtHandle = 32, 175 EvtVarTypeEvtXml = 35 176 } 177 EVT_VARIANT_TYPE; 178 179 int process_eventlog(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp, 180 char **out_source, unsigned short *out_severity, char **out_message, unsigned long *out_eventid, 181 unsigned char skip_old_data); 182 int process_eventlog6(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp, 183 char **out_provider, char **out_source, unsigned short *out_severity, char **out_message, 184 unsigned long *out_eventid, zbx_uint64_t *FirstID, zbx_uint64_t *LastID, 185 EVT_HANDLE *render_context, EVT_HANDLE *query, zbx_uint64_t *keywords, 186 unsigned char skip_old_data); 187 int initialize_eventlog6(const char *source, zbx_uint64_t *lastlogsize, zbx_uint64_t *FirstID, 188 zbx_uint64_t *LastID, EVT_HANDLE *render_context, EVT_HANDLE *query); 189 int finalize_eventlog6(EVT_HANDLE *render_context, EVT_HANDLE *query); 190 191 EVT_HANDLE WINAPI EvtOpenLog(EVT_HANDLE Session, const wchar_t *Path, DWORD Flags); 192 EVT_HANDLE WINAPI EvtCreateRenderContext(DWORD ValuePathsCount, const wchar_t **ValuePaths, DWORD Flags); 193 EVT_HANDLE WINAPI EvtQuery(EVT_HANDLE Session, const wchar_t *Path, const wchar_t *Query, DWORD Flags); 194 EVT_HANDLE WINAPI EvtOpenPublisherMetadata(EVT_HANDLE Session, const wchar_t *PublisherId, const wchar_t *LogFilePath, 195 LCID Locale, DWORD Flags); 196 BOOL WINAPI EvtGetLogInfo( EVT_HANDLE Log, EVT_LOG_PROPERTY_ID PropertyId, DWORD PropertyValueBufferSize, 197 PEVT_VARIANT PropertyValueBuffer, __out PDWORD PropertyValueBufferUsed); 198 BOOL WINAPI EvtRender(EVT_HANDLE Context, EVT_HANDLE Fragment, DWORD Flags, DWORD BufferSize, 199 __out_bcount_part_opt(BufferSize, *BufferUsed) PVOID Buffer, __out PDWORD BufferUsed, 200 __out PDWORD PropertyCount); 201 BOOL WINAPI EvtNext(EVT_HANDLE ResultSet, DWORD EventsSize, PEVT_HANDLE Events, DWORD Timeout, DWORD Flags, 202 __out PDWORD Returned); 203 BOOL WINAPI EvtClose(EVT_HANDLE Object); 204 BOOL WINAPI EvtFormatMessage(EVT_HANDLE PublisherMetadata, EVT_HANDLE Event, DWORD MessageId, 205 DWORD ValueCount, PEVT_VARIANT Values, DWORD Flags, DWORD BufferSize, 206 __out_ecount_part_opt(BufferSize, *BufferUsed) wchar_t *Buffer, __out PDWORD BufferUsed); 207 #endif /* ZABBIX_EVENTLOG_H */ 208 209