1 /* 2 ** Zabbix 3 ** Copyright (C) 2001-2021 Zabbix SIA 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License as published by 7 ** the Free Software Foundation; either version 2 of the License, or 8 ** (at your option) any later version. 9 ** 10 ** This program is distributed in the hope that it will be useful, 11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 ** GNU General Public License for more details. 14 ** 15 ** You should have received a copy of the GNU General Public License 16 ** along with this program; if not, write to the Free Software 17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 **/ 19 20 #ifndef ZABBIX_EVENTLOG_H 21 #define ZABBIX_EVENTLOG_H 22 23 #ifndef _WINDOWS 24 # error "This module is only available for Windows OS" 25 #endif 26 27 #include "zbxalgo.h" 28 #include "active.h" 29 30 #define EVT_VARIANT_TYPE_ARRAY 128 31 #define EVT_VARIANT_TYPE_MASK 0x7f 32 33 /* Structures from winevt.h file */ 34 typedef HANDLE EVT_HANDLE, *PEVT_HANDLE; 35 36 typedef struct _EVT_VARIANT 37 { 38 union 39 { 40 BOOL BooleanVal; 41 INT8 SByteVal; 42 INT16 Int16Val; 43 INT32 Int32Val; 44 INT64 Int64Val; 45 UINT8 ByteVal; 46 UINT16 UInt16Val; 47 UINT32 UInt32Val; 48 UINT64 UInt64Val; 49 float SingleVal; 50 double DoubleVal; 51 ULONGLONG FileTimeVal; 52 SYSTEMTIME *SysTimeVal; 53 GUID *GuidVal; 54 const wchar_t *StringVal; 55 const char *AnsiStringVal; 56 PBYTE BinaryVal; 57 PSID SidVal; 58 size_t SizeTVal; 59 60 /* array fields */ 61 BOOL *BooleanArr; 62 INT8 *SByteArr; 63 INT16 *Int16Arr; 64 INT32 *Int32Arr; 65 INT64 *Int64Arr; 66 UINT8 *ByteArr; 67 UINT16 *UInt16Arr; 68 UINT32 *UInt32Arr; 69 UINT64 *UInt64Arr; 70 float *SingleArr; 71 double *DoubleArr; 72 FILETIME *FileTimeArr; 73 SYSTEMTIME *SysTimeArr; 74 GUID *GuidArr; 75 wchar_t **StringArr; 76 char **AnsiStringArr; 77 PSID *SidArr; 78 size_t *SizeTArr; 79 80 /* internal fields */ 81 EVT_HANDLE EvtHandleVal; 82 const wchar_t *XmlVal; 83 const wchar_t **XmlValArr; 84 }; 85 86 DWORD Count; /* number of elements (not length) in bytes */ 87 DWORD Type; 88 } 89 EVT_VARIANT, *PEVT_VARIANT; 90 91 typedef enum _EVT_LOG_PROPERTY_ID 92 { 93 EvtLogCreationTime = 0, /* EvtVarTypeFileTime */ 94 EvtLogLastAccessTime, /* EvtVarTypeFileTime */ 95 EvtLogLastWriteTime, /* EvtVarTypeFileTime */ 96 EvtLogFileSize, /* EvtVarTypeUInt64 */ 97 EvtLogAttributes, /* EvtVarTypeUInt32 */ 98 EvtLogNumberOfLogRecords, /* EvtVarTypeUInt64 */ 99 EvtLogOldestRecordNumber, /* EvtVarTypeUInt64 */ 100 EvtLogFull, /* EvtVarTypeBoolean */ 101 } 102 EVT_LOG_PROPERTY_ID; 103 104 typedef enum _EVT_RENDER_CONTEXT_FLAGS 105 { 106 EvtRenderContextValues = 0, /* render specific properties */ 107 EvtRenderContextSystem, /* render all system properties (System) */ 108 EvtRenderContextUser /* render all user properties (User/EventData) */ 109 } 110 EVT_RENDER_CONTEXT_FLAGS; 111 112 typedef enum _EVT_QUERY_FLAGS 113 { 114 EvtQueryChannelPath = 0x1, 115 EvtQueryFilePath = 0x2, 116 EvtQueryForwardDirection = 0x100, 117 EvtQueryReverseDirection = 0x200, 118 EvtQueryTolerateQueryErrors = 0x1000 119 } 120 EVT_QUERY_FLAGS; 121 122 typedef enum _EVT_RENDER_FLAGS 123 { 124 EvtRenderEventValues = 0, /* variants */ 125 EvtRenderEventXml, /* XML */ 126 EvtRenderBookmark /* bookmark */ 127 } 128 EVT_RENDER_FLAGS; 129 130 typedef enum _EVT_FORMAT_MESSAGE_FLAGS 131 { 132 EvtFormatMessageEvent = 1, 133 EvtFormatMessageLevel, 134 EvtFormatMessageTask, 135 EvtFormatMessageOpcode, 136 EvtFormatMessageKeyword, 137 EvtFormatMessageChannel, 138 EvtFormatMessageProvider, 139 EvtFormatMessageId, 140 EvtFormatMessageXml, 141 } 142 EVT_FORMAT_MESSAGE_FLAGS; 143 144 typedef enum _EVT_OPEN_LOG_FLAGS 145 { 146 EvtOpenChannelPath = 0x1, 147 EvtOpenFilePath = 0x2 148 } 149 EVT_OPEN_LOG_FLAGS; 150 151 typedef enum _EVT_VARIANT_TYPE 152 { 153 EvtVarTypeNull = 0, 154 EvtVarTypeString = 1, 155 EvtVarTypeAnsiString = 2, 156 EvtVarTypeSByte = 3, 157 EvtVarTypeByte = 4, 158 EvtVarTypeInt16 = 5, 159 EvtVarTypeUInt16 = 6, 160 EvtVarTypeInt32 = 7, 161 EvtVarTypeUInt32 = 8, 162 EvtVarTypeInt64 = 9, 163 EvtVarTypeUInt64 = 10, 164 EvtVarTypeSingle = 11, 165 EvtVarTypeDouble = 12, 166 EvtVarTypeBoolean = 13, 167 EvtVarTypeBinary = 14, 168 EvtVarTypeGuid = 15, 169 EvtVarTypeSizeT = 16, 170 EvtVarTypeFileTime = 17, 171 EvtVarTypeSysTime = 18, 172 EvtVarTypeSid = 19, 173 EvtVarTypeHexInt32 = 20, 174 EvtVarTypeHexInt64 = 21, 175 176 /* these types used internally */ 177 EvtVarTypeEvtHandle = 32, 178 EvtVarTypeEvtXml = 35 179 } 180 EVT_VARIANT_TYPE; 181 182 183 typedef int (*zbx_process_value_t)(const char *server, unsigned short port, const char *host, 184 const char *key, const char *value, unsigned char state, zbx_uint64_t *lastlogsize, int *mtime, 185 unsigned long *timestamp, const char *source, unsigned short *severity, 186 unsigned long *logeventid, unsigned char flags); 187 int process_eventslog(const char *server, unsigned short port, const char *eventlog_name, 188 zbx_vector_ptr_t *regexps, const char *pattern, const char *key_severity, 189 const char *key_source, const char *key_logeventid, int rate, 190 zbx_process_value_t process_value_cb, ZBX_ACTIVE_METRIC *metric, 191 zbx_uint64_t *lastlogsize_sent, char **error); 192 int process_eventslog6(const char *server, unsigned short port, const char *eventlog_name, 193 EVT_HANDLE *render_context, EVT_HANDLE *query, zbx_uint64_t lastlogsize, zbx_uint64_t FirstID, 194 zbx_uint64_t LastID, zbx_vector_ptr_t *regexps, const char *pattern, const char *key_severity, 195 const char *key_source, const char *key_logeventid, int rate, 196 zbx_process_value_t process_value_cb, ZBX_ACTIVE_METRIC *metric, 197 zbx_uint64_t *lastlogsize_sent, char **error); 198 int initialize_eventlog6(const char *source, zbx_uint64_t *lastlogsize, zbx_uint64_t *FirstID, 199 zbx_uint64_t *LastID, EVT_HANDLE *render_context, EVT_HANDLE *query, char **error); 200 int finalize_eventlog6(EVT_HANDLE *render_context, EVT_HANDLE *query); 201 202 EVT_HANDLE WINAPI EvtOpenLog(EVT_HANDLE Session, const wchar_t *Path, DWORD Flags); 203 EVT_HANDLE WINAPI EvtCreateRenderContext(DWORD ValuePathsCount, const wchar_t **ValuePaths, DWORD Flags); 204 EVT_HANDLE WINAPI EvtQuery(EVT_HANDLE Session, const wchar_t *Path, const wchar_t *Query, DWORD Flags); 205 EVT_HANDLE WINAPI EvtOpenPublisherMetadata(EVT_HANDLE Session, const wchar_t *PublisherId, const wchar_t *LogFilePath, 206 LCID Locale, DWORD Flags); 207 BOOL WINAPI EvtGetLogInfo( EVT_HANDLE Log, EVT_LOG_PROPERTY_ID PropertyId, DWORD PropertyValueBufferSize, 208 PEVT_VARIANT PropertyValueBuffer, __out PDWORD PropertyValueBufferUsed); 209 BOOL WINAPI EvtRender(EVT_HANDLE Context, EVT_HANDLE Fragment, DWORD Flags, DWORD BufferSize, 210 __out_bcount_part_opt(BufferSize, *BufferUsed) PVOID Buffer, __out PDWORD BufferUsed, 211 __out PDWORD PropertyCount); 212 BOOL WINAPI EvtNext(EVT_HANDLE ResultSet, DWORD EventsSize, PEVT_HANDLE Events, DWORD Timeout, DWORD Flags, 213 __out PDWORD Returned); 214 BOOL WINAPI EvtClose(EVT_HANDLE Object); 215 BOOL WINAPI EvtFormatMessage(EVT_HANDLE PublisherMetadata, EVT_HANDLE Event, DWORD MessageId, 216 DWORD ValueCount, PEVT_VARIANT Values, DWORD Flags, DWORD BufferSize, 217 __out_ecount_part_opt(BufferSize, *BufferUsed) wchar_t *Buffer, __out PDWORD BufferUsed); 218 #endif /* ZABBIX_EVENTLOG_H */ 219 220