diff options
author | Günther Deschner <gd@samba.org> | 2009-01-23 14:58:27 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-02-04 17:17:25 +0100 |
commit | a5597d75d218bff810928d618f4ea41277e554a9 (patch) | |
tree | 3dc351d359c5a4f3f86546e584ff504a394452b8 | |
parent | a0c4fbdb3cf48f317ac5a3ca20ead31acb4c7611 (diff) | |
download | samba-a5597d75d218bff810928d618f4ea41277e554a9.tar.gz samba-a5597d75d218bff810928d618f4ea41277e554a9.tar.bz2 samba-a5597d75d218bff810928d618f4ea41277e554a9.zip |
eventlog: add w32 on-disc EVENTLOG structures (*evt files).
Guenther
-rw-r--r-- | librpc/idl/eventlog.idl | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/librpc/idl/eventlog.idl b/librpc/idl/eventlog.idl index 0826f59ed8..c0230f3693 100644 --- a/librpc/idl/eventlog.idl +++ b/librpc/idl/eventlog.idl @@ -90,6 +90,76 @@ import "lsa.idl", "security.idl"; uint32 padding; } eventlog_Record_tdb; + typedef [v1_enum] enum { + ELF_LOGFILE_HEADER_DIRTY = 0x0001, + ELF_LOGFILE_HEADER_WRAP = 0x0002, + ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004, + ELF_LOGFILE_ARCHIVE_SET = 0x0008 + } EVENTLOG_HEADER_FLAGS; + + typedef [public] struct { + [value(0x30)] uint32 HeaderSize; + [charset(DOS),value("LfLe")] uint8 Signature[4]; + [value(1)] uint32 MajorVersion; + [value(1)] uint32 MinorVersion; + uint32 StartOffset; + uint32 EndOffset; + uint32 CurrentRecordNumber; + uint32 OldestRecordNumber; + uint32 MaxSize; + EVENTLOG_HEADER_FLAGS Flags; + uint32 Retention; + [value(0x30)] uint32 EndHeaderSize; + } EVENTLOGHEADER; + + typedef [public,gensize] struct { + uint32 Length; + [charset(DOS),value("LfLe")] uint8 Reserved[4]; + uint32 RecordNumber; + time_t TimeGenerated; + time_t TimeWritten; + uint32 EventID; + eventlogEventTypes EventType; + uint16 NumStrings; + uint16 EventCategory; + uint16 ReservedFlags; + uint32 ClosingRecordNumber; + uint32 StringOffset; + [value(ndr_size_dom_sid0(&UserSid, ndr->flags))] uint32 UserSidLength; + uint32 UserSidOffset; + uint32 DataLength; + uint32 DataOffset; + nstring SourceName; + nstring Computername; + [flag(NDR_ALIGN4),subcontext(0),subcontext_size(UserSidLength)] dom_sid0 UserSid; + nstring Strings[NumStrings]; + [flag(NDR_PAHEX)] uint8 Data[DataLength]; + astring Pad; + [value(Length)] uint32 Length2; + } EVENTLOGRECORD; + + typedef [public] struct { + [value(0x28)] uint32 RecordSizeBeginning; + [value(0x11111111)] uint32 One; + [value(0x22222222)] uint32 Two; + [value(0x33333333)] uint32 Three; + [value(0x44444444)] uint32 Four; + uint32 BeginRecord; + uint32 EndRecord; + uint32 CurrentRecordNumber; + uint32 OldestRecordNumber; + [value(0x28)] uint32 RecordSizeEnd; + } EVENTLOGEOF; + + /* the following is true for a non-wrapped evt file (e.g. backups + * generated and viewed with eventvwr) */ + + typedef [public] struct { + EVENTLOGHEADER hdr; + EVENTLOGRECORD records[hdr.CurrentRecordNumber-hdr.OldestRecordNumber]; + EVENTLOGEOF eof; + } EVENTLOG_EVT_FILE; + /******************/ /* Function: 0x00 */ NTSTATUS eventlog_ClearEventLogW( |