1 /* 2 ** Zabbix 3 ** Copyright (C) 2001-2021 Zabbix SIA 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License as published by 7 ** the Free Software Foundation; either version 2 of the License, or 8 ** (at your option) any later version. 9 ** 10 ** This program is distributed in the hope that it will be useful, 11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 ** GNU General Public License for more details. 14 ** 15 ** You should have received a copy of the GNU General Public License 16 ** along with this program; if not, write to the Free Software 17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 **/ 19 20 #ifndef ZABBIX_EVENTLOG_H 21 #define ZABBIX_EVENTLOG_H 22 23 #if !defined(_WINDOWS) && !defined(__MINGW32__) 24 # error "This module is only available for Windows OS" 25 #endif 26 27 #include "zbxalgo.h" 28 #include "active.h" 29 #include "metrics.h" 30 31 #define EVT_VARIANT_TYPE_ARRAY 128 32 #define EVT_VARIANT_TYPE_MASK 0x7f 33 34 /* Structures from winevt.h file */ 35 typedef HANDLE EVT_HANDLE, *PEVT_HANDLE; 36 37 typedef struct _EVT_VARIANT 38 { 39 union 40 { 41 BOOL BooleanVal; 42 INT8 SByteVal; 43 INT16 Int16Val; 44 INT32 Int32Val; 45 INT64 Int64Val; 46 UINT8 ByteVal; 47 UINT16 UInt16Val; 48 UINT32 UInt32Val; 49 UINT64 UInt64Val; 50 float SingleVal; 51 double DoubleVal; 52 ULONGLONG FileTimeVal; 53 SYSTEMTIME *SysTimeVal; 54 GUID *GuidVal; 55 const wchar_t *StringVal; 56 const char *AnsiStringVal; 57 PBYTE BinaryVal; 58 PSID SidVal; 59 size_t SizeTVal; 60 61 /* array fields */ 62 BOOL *BooleanArr; 63 INT8 *SByteArr; 64 INT16 *Int16Arr; 65 INT32 *Int32Arr; 66 INT64 *Int64Arr; 67 UINT8 *ByteArr; 68 UINT16 *UInt16Arr; 69 UINT32 *UInt32Arr; 70 UINT64 *UInt64Arr; 71 float *SingleArr; 72 double *DoubleArr; 73 FILETIME *FileTimeArr; 74 SYSTEMTIME *SysTimeArr; 75 GUID *GuidArr; 76 wchar_t **StringArr; 77 char **AnsiStringArr; 78 PSID *SidArr; 79 size_t *SizeTArr; 80 81 /* internal fields */ 82 EVT_HANDLE EvtHandleVal; 83 const wchar_t *XmlVal; 84 const wchar_t **XmlValArr; 85 }; 86 87 DWORD Count; /* number of elements (not length) in bytes */ 88 DWORD Type; 89 } 90 EVT_VARIANT, *PEVT_VARIANT; 91 92 typedef enum _EVT_LOG_PROPERTY_ID 93 { 94 EvtLogCreationTime = 0, /* EvtVarTypeFileTime */ 95 EvtLogLastAccessTime, /* EvtVarTypeFileTime */ 96 EvtLogLastWriteTime, /* EvtVarTypeFileTime */ 97 EvtLogFileSize, /* EvtVarTypeUInt64 */ 98 EvtLogAttributes, /* EvtVarTypeUInt32 */ 99 EvtLogNumberOfLogRecords, /* EvtVarTypeUInt64 */ 100 EvtLogOldestRecordNumber, /* EvtVarTypeUInt64 */ 101 EvtLogFull, /* EvtVarTypeBoolean */ 102 } 103 EVT_LOG_PROPERTY_ID; 104 105 typedef enum _EVT_RENDER_CONTEXT_FLAGS 106 { 107 EvtRenderContextValues = 0, /* render specific properties */ 108 EvtRenderContextSystem, /* render all system properties (System) */ 109 EvtRenderContextUser /* render all user properties (User/EventData) */ 110 } 111 EVT_RENDER_CONTEXT_FLAGS; 112 113 typedef enum _EVT_QUERY_FLAGS 114 { 115 EvtQueryChannelPath = 0x1, 116 EvtQueryFilePath = 0x2, 117 EvtQueryForwardDirection = 0x100, 118 EvtQueryReverseDirection = 0x200, 119 EvtQueryTolerateQueryErrors = 0x1000 120 } 121 EVT_QUERY_FLAGS; 122 123 typedef enum _EVT_RENDER_FLAGS 124 { 125 EvtRenderEventValues = 0, /* variants */ 126 EvtRenderEventXml, /* XML */ 127 EvtRenderBookmark /* bookmark */ 128 } 129 EVT_RENDER_FLAGS; 130 131 typedef enum _EVT_FORMAT_MESSAGE_FLAGS 132 { 133 EvtFormatMessageEvent = 1, 134 EvtFormatMessageLevel, 135 EvtFormatMessageTask, 136 EvtFormatMessageOpcode, 137 EvtFormatMessageKeyword, 138 EvtFormatMessageChannel, 139 EvtFormatMessageProvider, 140 EvtFormatMessageId, 141 EvtFormatMessageXml, 142 } 143 EVT_FORMAT_MESSAGE_FLAGS; 144 145 typedef enum _EVT_OPEN_LOG_FLAGS 146 { 147 EvtOpenChannelPath = 0x1, 148 EvtOpenFilePath = 0x2 149 } 150 EVT_OPEN_LOG_FLAGS; 151 152 typedef enum _EVT_VARIANT_TYPE 153 { 154 EvtVarTypeNull = 0, 155 EvtVarTypeString = 1, 156 EvtVarTypeAnsiString = 2, 157 EvtVarTypeSByte = 3, 158 EvtVarTypeByte = 4, 159 EvtVarTypeInt16 = 5, 160 EvtVarTypeUInt16 = 6, 161 EvtVarTypeInt32 = 7, 162 EvtVarTypeUInt32 = 8, 163 EvtVarTypeInt64 = 9, 164 EvtVarTypeUInt64 = 10, 165 EvtVarTypeSingle = 11, 166 EvtVarTypeDouble = 12, 167 EvtVarTypeBoolean = 13, 168 EvtVarTypeBinary = 14, 169 EvtVarTypeGuid = 15, 170 EvtVarTypeSizeT = 16, 171 EvtVarTypeFileTime = 17, 172 EvtVarTypeSysTime = 18, 173 EvtVarTypeSid = 19, 174 EvtVarTypeHexInt32 = 20, 175 EvtVarTypeHexInt64 = 21, 176 177 /* these types used internally */ 178 EvtVarTypeEvtHandle = 32, 179 EvtVarTypeEvtXml = 35 180 } 181 EVT_VARIANT_TYPE; 182 183 184 185 int process_eventslog(const char *server, unsigned short port, const char *eventlog_name, 186 zbx_vector_ptr_t *regexps, const char *pattern, const char *key_severity, 187 const char *key_source, const char *key_logeventid, int rate, 188 zbx_process_value_func_t process_value_cb, ZBX_ACTIVE_METRIC *metric, 189 zbx_uint64_t *lastlogsize_sent, char **error); 190 int process_eventslog6(const char *server, unsigned short port, const char *eventlog_name, 191 EVT_HANDLE *render_context, EVT_HANDLE *query, zbx_uint64_t lastlogsize, zbx_uint64_t FirstID, 192 zbx_uint64_t LastID, zbx_vector_ptr_t *regexps, const char *pattern, const char *key_severity, 193 const char *key_source, const char *key_logeventid, int rate, 194 zbx_process_value_func_t process_value_cb, ZBX_ACTIVE_METRIC *metric, 195 zbx_uint64_t *lastlogsize_sent, char **error); 196 int initialize_eventlog6(const char *source, zbx_uint64_t *lastlogsize, zbx_uint64_t *FirstID, 197 zbx_uint64_t *LastID, EVT_HANDLE *render_context, EVT_HANDLE *query, char **error); 198 int finalize_eventlog6(EVT_HANDLE *render_context, EVT_HANDLE *query); 199 200 EVT_HANDLE WINAPI EvtOpenLog(EVT_HANDLE Session, const wchar_t *Path, DWORD Flags); 201 EVT_HANDLE WINAPI EvtCreateRenderContext(DWORD ValuePathsCount, const wchar_t **ValuePaths, DWORD Flags); 202 EVT_HANDLE WINAPI EvtQuery(EVT_HANDLE Session, const wchar_t *Path, const wchar_t *Query, DWORD Flags); 203 EVT_HANDLE WINAPI EvtOpenPublisherMetadata(EVT_HANDLE Session, const wchar_t *PublisherId, const wchar_t *LogFilePath, 204 LCID Locale, DWORD Flags); 205 BOOL WINAPI EvtGetLogInfo( EVT_HANDLE Log, EVT_LOG_PROPERTY_ID PropertyId, DWORD PropertyValueBufferSize, 206 PEVT_VARIANT PropertyValueBuffer, __out PDWORD PropertyValueBufferUsed); 207 BOOL WINAPI EvtRender(EVT_HANDLE Context, EVT_HANDLE Fragment, DWORD Flags, DWORD BufferSize, 208 PVOID Buffer, PDWORD BufferUsed, PDWORD PropertyCount); 209 BOOL WINAPI EvtNext(EVT_HANDLE ResultSet, DWORD EventsSize, PEVT_HANDLE Events, DWORD Timeout, DWORD Flags, 210 __out PDWORD Returned); 211 BOOL WINAPI EvtClose(EVT_HANDLE Object); 212 BOOL WINAPI EvtFormatMessage(EVT_HANDLE PublisherMetadata, EVT_HANDLE Event, DWORD MessageId, 213 DWORD ValueCount, PEVT_VARIANT Values, DWORD Flags, DWORD BufferSize, wchar_t *Buffer, 214 PDWORD BufferUsed); 215 216 #endif /* ZABBIX_EVENTLOG_H */ 217 218