summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-01-23 14:58:27 +0100
committerGünther Deschner <gd@samba.org>2009-02-04 17:17:25 +0100
commita5597d75d218bff810928d618f4ea41277e554a9 (patch)
tree3dc351d359c5a4f3f86546e584ff504a394452b8
parenta0c4fbdb3cf48f317ac5a3ca20ead31acb4c7611 (diff)
downloadsamba-a5597d75d218bff810928d618f4ea41277e554a9.tar.gz
samba-a5597d75d218bff810928d618f4ea41277e554a9.tar.bz2
samba-a5597d75d218bff810928d618f4ea41277e554a9.zip
eventlog: add w32 on-disc EVENTLOG structures (*evt files).
Guenther
-rw-r--r--librpc/idl/eventlog.idl70
1 files changed, 70 insertions, 0 deletions
diff --git a/librpc/idl/eventlog.idl b/librpc/idl/eventlog.idl
index 0826f59ed8..c0230f3693 100644
--- a/librpc/idl/eventlog.idl
+++ b/librpc/idl/eventlog.idl
@@ -90,6 +90,76 @@ import "lsa.idl", "security.idl";
uint32 padding;
} eventlog_Record_tdb;
+ typedef [v1_enum] enum {
+ ELF_LOGFILE_HEADER_DIRTY = 0x0001,
+ ELF_LOGFILE_HEADER_WRAP = 0x0002,
+ ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004,
+ ELF_LOGFILE_ARCHIVE_SET = 0x0008
+ } EVENTLOG_HEADER_FLAGS;
+
+ typedef [public] struct {
+ [value(0x30)] uint32 HeaderSize;
+ [charset(DOS),value("LfLe")] uint8 Signature[4];
+ [value(1)] uint32 MajorVersion;
+ [value(1)] uint32 MinorVersion;
+ uint32 StartOffset;
+ uint32 EndOffset;
+ uint32 CurrentRecordNumber;
+ uint32 OldestRecordNumber;
+ uint32 MaxSize;
+ EVENTLOG_HEADER_FLAGS Flags;
+ uint32 Retention;
+ [value(0x30)] uint32 EndHeaderSize;
+ } EVENTLOGHEADER;
+
+ typedef [public,gensize] struct {
+ uint32 Length;
+ [charset(DOS),value("LfLe")] uint8 Reserved[4];
+ uint32 RecordNumber;
+ time_t TimeGenerated;
+ time_t TimeWritten;
+ uint32 EventID;
+ eventlogEventTypes EventType;
+ uint16 NumStrings;
+ uint16 EventCategory;
+ uint16 ReservedFlags;
+ uint32 ClosingRecordNumber;
+ uint32 StringOffset;
+ [value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength;
+ uint32 UserSidOffset;
+ uint32 DataLength;
+ uint32 DataOffset;
+ nstring SourceName;
+ nstring Computername;
+ [flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid;
+ nstring Strings[NumStrings];
+ [flag(NDR_PAHEX)] uint8 Data[DataLength];
+ astring Pad;
+ [value(Length)] uint32 Length2;
+ } EVENTLOGRECORD;
+
+ typedef [public] struct {
+ [value(0x28)] uint32 RecordSizeBeginning;
+ [value(0x11111111)] uint32 One;
+ [value(0x22222222)] uint32 Two;
+ [value(0x33333333)] uint32 Three;
+ [value(0x44444444)] uint32 Four;
+ uint32 BeginRecord;
+ uint32 EndRecord;
+ uint32 CurrentRecordNumber;
+ uint32 OldestRecordNumber;
+ [value(0x28)] uint32 RecordSizeEnd;
+ } EVENTLOGEOF;
+
+ /* the following is true for a non-wrapped evt file (e.g. backups
+ * generated and viewed with eventvwr) */
+
+ typedef [public] struct {
+ EVENTLOGHEADER hdr;
+ EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber];
+ EVENTLOGEOF eof;
+ } EVENTLOG_EVT_FILE;
+
/******************/
/* Function: 0x00 */
NTSTATUS eventlog_ClearEventLogW(