|
|
/*++
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
ntelfapi.h
Abstract:
This file contains the prototypes for the user-level Elf APIs.
Author:
Rajen Shah (rajens) 30-Jul-1991
Revision History:
--*/
#ifndef _NTELFAPI_#define _NTELFAPI_
#if _MSC_VER > 1000#pragma once#endif
#ifdef __cplusplusextern "C" {#endif
// begin_winnt
//// Defines for the READ flags for Eventlogging//#define EVENTLOG_SEQUENTIAL_READ 0x0001#define EVENTLOG_SEEK_READ 0x0002#define EVENTLOG_FORWARDS_READ 0x0004#define EVENTLOG_BACKWARDS_READ 0x0008
//// The types of events that can be logged.//#define EVENTLOG_SUCCESS 0x0000#define EVENTLOG_ERROR_TYPE 0x0001#define EVENTLOG_WARNING_TYPE 0x0002#define EVENTLOG_INFORMATION_TYPE 0x0004#define EVENTLOG_AUDIT_SUCCESS 0x0008#define EVENTLOG_AUDIT_FAILURE 0x0010
//// Defines for the WRITE flags used by Auditing for paired events// These are not implemented in Product 1//
#define EVENTLOG_START_PAIRED_EVENT 0x0001#define EVENTLOG_END_PAIRED_EVENT 0x0002#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004#define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010
//// Structure that defines the header of the Eventlog record. This is the// fixed-sized portion before all the variable-length strings, binary// data and pad bytes.//// TimeGenerated is the time it was generated at the client.// TimeWritten is the time it was put into the log at the server end.//
typedef struct _EVENTLOGRECORD { ULONG Length; // Length of full record ULONG Reserved; // Used by the service ULONG RecordNumber; // Absolute record number ULONG TimeGenerated; // Seconds since 1-1-1970 ULONG TimeWritten; // Seconds since 1-1-1970 ULONG EventID; USHORT EventType; USHORT NumStrings; USHORT EventCategory; USHORT ReservedFlags; // For use with paired events (auditing) ULONG ClosingRecordNumber; // For use with paired events (auditing) ULONG StringOffset; // Offset from beginning of record ULONG UserSidLength; ULONG UserSidOffset; ULONG DataLength; ULONG DataOffset; // Offset from beginning of record // // Then follow: // // WCHAR SourceName[] // WCHAR Computername[] // SID UserSid // WCHAR Strings[] // BYTE Data[] // CHAR Pad[] // ULONG Length; //} EVENTLOGRECORD, *PEVENTLOGRECORD;
//SS: start of changes to support clustering//SS: ideally the#define MAXLOGICALLOGNAMESIZE 256
#if _MSC_VER >= 1200#pragma warning(push)#endif#pragma warning(disable : 4200)typedef struct _EVENTSFORLOGFILE{ ULONG ulSize; WCHAR szLogicalLogFile[MAXLOGICALLOGNAMESIZE]; //name of the logical file-security/application/system ULONG ulNumRecords; EVENTLOGRECORD pEventLogRecords[];}EVENTSFORLOGFILE, *PEVENTSFORLOGFILE;
typedef struct _PACKEDEVENTINFO{ ULONG ulSize; //total size of the structure ULONG ulNumEventsForLogFile; //number of EventsForLogFile structure that follow ULONG ulOffsets[]; //the offsets from the start of this structure to the EVENTSFORLOGFILE structure}PACKEDEVENTINFO, *PPACKEDEVENTINFO;
#if _MSC_VER >= 1200#pragma warning(pop)#else#pragma warning(default : 4200)#endif//SS: end of changes to support clustering// end_winnt
#ifdef UNICODE#define ElfClearEventLogFile ElfClearEventLogFileW#define ElfBackupEventLogFile ElfBackupEventLogFileW#define ElfOpenEventLog ElfOpenEventLogW#define ElfRegisterEventSource ElfRegisterEventSourceW#define ElfOpenBackupEventLog ElfOpenBackupEventLogW#define ElfReadEventLog ElfReadEventLogW#define ElfReportEvent ElfReportEventW#else#define ElfClearEventLogFile ElfClearEventLogFileA#define ElfBackupEventLogFile ElfBackupEventLogFileA#define ElfOpenEventLog ElfOpenEventLogA#define ElfRegisterEventSource ElfRegisterEventSourceA#define ElfOpenBackupEventLog ElfOpenBackupEventLogA#define ElfReadEventLog ElfReadEventLogA#define ElfReportEvent ElfReportEventA#endif // !UNICODE
//// Handles are RPC context handles. Note that a Context Handle is// always a pointer type unlike regular handles.//
//// Prototypes for the APIs//
NTSTATUSNTAPIElfClearEventLogFileW ( IN HANDLE LogHandle, IN PUNICODE_STRING BackupFileName );
NTSTATUSNTAPIElfClearEventLogFileA ( IN HANDLE LogHandle, IN PSTRING BackupFileName );
NTSTATUSNTAPIElfBackupEventLogFileW ( IN HANDLE LogHandle, IN PUNICODE_STRING BackupFileName );
NTSTATUSNTAPIElfBackupEventLogFileA ( IN HANDLE LogHandle, IN PSTRING BackupFileName );
NTSTATUSNTAPIElfCloseEventLog ( IN HANDLE LogHandle );
NTSTATUSNTAPIElfDeregisterEventSource ( IN HANDLE LogHandle );
NTSTATUSNTAPIElfNumberOfRecords ( IN HANDLE LogHandle, OUT PULONG NumberOfRecords );
NTSTATUSNTAPIElfOldestRecord ( IN HANDLE LogHandle, OUT PULONG OldestRecord );
NTSTATUSNTAPIElfChangeNotify ( IN HANDLE LogHandle, IN HANDLE Event );
NTSTATUSElfGetLogInformation ( IN HANDLE LogHandle, IN ULONG InfoLevel, OUT PVOID lpBuffer, IN ULONG cbBufSize, OUT PULONG pcbBytesNeeded );
NTSTATUSNTAPIElfOpenEventLogW ( IN PUNICODE_STRING UNCServerName, IN PUNICODE_STRING SourceName, OUT PHANDLE LogHandle );
NTSTATUSNTAPIElfRegisterEventSourceW ( IN PUNICODE_STRING UNCServerName, IN PUNICODE_STRING SourceName, OUT PHANDLE LogHandle );
NTSTATUSNTAPIElfOpenBackupEventLogW ( IN PUNICODE_STRING UNCServerName, IN PUNICODE_STRING FileName, OUT PHANDLE LogHandle );
NTSTATUSNTAPIElfOpenEventLogA ( IN PSTRING UNCServerName, IN PSTRING SourceName, OUT PHANDLE LogHandle );
NTSTATUSNTAPIElfRegisterEventSourceA ( IN PSTRING UNCServerName, IN PSTRING SourceName, OUT PHANDLE LogHandle );
NTSTATUSNTAPIElfOpenBackupEventLogA ( IN PSTRING UNCServerName, IN PSTRING FileName, OUT PHANDLE LogHandle );
NTSTATUSNTAPIElfReadEventLogW ( IN HANDLE LogHandle, IN ULONG ReadFlags, IN ULONG RecordNumber, OUT PVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesRead, OUT PULONG MinNumberOfBytesNeeded );
NTSTATUSNTAPIElfReadEventLogA ( IN HANDLE LogHandle, IN ULONG ReadFlags, IN ULONG RecordNumber, OUT PVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesRead, OUT PULONG MinNumberOfBytesNeeded );
NTSTATUSNTAPIElfReportEventW ( IN HANDLE LogHandle, IN USHORT EventType, IN USHORT EventCategory OPTIONAL, IN ULONG EventID, IN PSID UserSid OPTIONAL, IN USHORT NumStrings, IN ULONG DataSize, IN PUNICODE_STRING *Strings OPTIONAL, IN PVOID Data OPTIONAL, IN USHORT Flags, IN OUT PULONG RecordNumber OPTIONAL, IN OUT PULONG TimeWritten OPTIONAL );
NTSTATUSNTAPIElfReportEventA ( IN HANDLE LogHandle, IN USHORT EventType, IN USHORT EventCategory OPTIONAL, IN ULONG EventID, IN PSID UserSid OPTIONAL, IN USHORT NumStrings, IN ULONG DataSize, IN PANSI_STRING *Strings OPTIONAL, IN PVOID Data OPTIONAL, IN USHORT Flags, IN OUT PULONG RecordNumber OPTIONAL, IN OUT PULONG TimeWritten OPTIONAL );
NTSTATUSNTAPIElfRegisterClusterSvc( IN PUNICODE_STRING UNCServerName, OUT PULONG pulEventInfoSize, OUT PVOID *ppPackedEventInfo);
NTSTATUSNTAPIElfDeregisterClusterSvc( IN PUNICODE_STRING UNCServerName );
NTSTATUSNTAPIElfWriteClusterEvents( IN PUNICODE_STRING UNCServerName, IN ULONG ulEventInfoSize, IN PVOID pPackedEventInfo );
NTSTATUSNTAPIElfFlushEventLog ( IN HANDLE LogHandle );
#ifdef __cplusplus}#endif
#endif // _NTELFAPI_
|
