Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

170 lines
4.1 KiB

  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) 1998, Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // NTEventLog.cpp
  8. //
  9. // SYNOPSIS
  10. //
  11. // This file implements the class NTEventLog
  12. //
  13. // MODIFICATION HISTORY
  14. //
  15. // 08/05/1997 Original version.
  16. // 04/19/1998 New trigger/filter model.
  17. // 08/11/1998 Convert to IASTL.
  18. // 04/23/1999 Don't log RADIUS events. Simplify filtering.
  19. // 02/16/2000 Log Success at the same level as warnings.
  20. //
  21. ///////////////////////////////////////////////////////////////////////////////
  22. #include <iascore.h>
  23. #include <iasevent.h>
  24. #include <sdoias.h>
  25. #include <nteventlog.h>
  26. ///////////////////////////////////////////////////////////////////////////////
  27. //
  28. // METHOD
  29. //
  30. // NTEventLog::Initialize
  31. //
  32. ///////////////////////////////////////////////////////////////////////////////
  33. STDMETHODIMP NTEventLog::Initialize()
  34. {
  35. // Register the event source ...
  36. eventLog = RegisterEventSourceW(NULL, IASServiceName);
  37. if (!eventLog)
  38. {
  39. DWORD error = GetLastError();
  40. return HRESULT_FROM_WIN32(error);
  41. }
  42. // ... then connect to the audit channel.
  43. HRESULT hr = Auditor::Initialize();
  44. if (FAILED(hr))
  45. {
  46. DeregisterEventSource(eventLog);
  47. eventLog = NULL;
  48. }
  49. return hr;
  50. }
  51. ///////////////////////////////////////////////////////////////////////////////
  52. //
  53. // METHOD
  54. //
  55. // NTEventLog::Shutdown
  56. //
  57. ///////////////////////////////////////////////////////////////////////////////
  58. HRESULT NTEventLog::Shutdown()
  59. {
  60. Auditor::Shutdown();
  61. if (eventLog)
  62. {
  63. DeregisterEventSource(eventLog);
  64. eventLog = NULL;
  65. }
  66. return S_OK;
  67. }
  68. ///////////////////////////////////////////////////////////////////////////////
  69. //
  70. // METHOD
  71. //
  72. // NTEventLog::PutProperty
  73. //
  74. ///////////////////////////////////////////////////////////////////////////////
  75. STDMETHODIMP NTEventLog::PutProperty(LONG Id, VARIANT *pValue)
  76. {
  77. if (pValue == NULL) { return E_INVALIDARG; }
  78. switch (Id)
  79. {
  80. case PROPERTY_EVENTLOG_LOG_APPLICATION_EVENTS:
  81. shouldReport[IAS_SEVERITY_ERROR] = V_BOOL(pValue);
  82. break;
  83. case PROPERTY_EVENTLOG_LOG_MALFORMED:
  84. shouldReport[IAS_SEVERITY_SUCCESS] = V_BOOL(pValue);
  85. shouldReport[IAS_SEVERITY_WARNING] = V_BOOL(pValue);
  86. break;
  87. case PROPERTY_EVENTLOG_LOG_DEBUG:
  88. shouldReport[IAS_SEVERITY_INFORMATIONAL] = V_BOOL(pValue);
  89. break;
  90. default:
  91. {
  92. return DISP_E_MEMBERNOTFOUND;
  93. }
  94. }
  95. return S_OK;
  96. }
  97. ///////////////////////////////////////////////////////////////////////////////
  98. //
  99. // METHOD
  100. //
  101. // NTEventLog::AuditEvent
  102. //
  103. // DESCRIPTION
  104. //
  105. // I have intentionally not serialized access to this method. If this
  106. // method is invoked while another caller is in SetMinSeverity, worst case
  107. // an event won't get filtered.
  108. //
  109. ///////////////////////////////////////////////////////////////////////////////
  110. STDMETHODIMP NTEventLog::AuditEvent(
  111. ULONG ulEventID,
  112. ULONG ulNumStrings,
  113. ULONG ulDataSize,
  114. wchar_t** aszStrings,
  115. byte* pRawData
  116. )
  117. {
  118. // Don't log RADIUS events.
  119. ULONG facility = (ulEventID & 0x0FFF0000) >> 16;
  120. if (facility == IAS_FACILITY_RADIUS) { return S_OK; }
  121. ULONG severity = ulEventID >> 30;
  122. if (shouldReport[severity])
  123. {
  124. WORD type;
  125. switch (severity)
  126. {
  127. case IAS_SEVERITY_ERROR:
  128. type = EVENTLOG_ERROR_TYPE;
  129. break;
  130. case IAS_SEVERITY_WARNING:
  131. type = EVENTLOG_WARNING_TYPE;
  132. break;
  133. default:
  134. type = EVENTLOG_INFORMATION_TYPE;
  135. }
  136. ReportEventW(
  137. eventLog,
  138. type,
  139. 0, // category code
  140. ulEventID,
  141. NULL, // user security identifier
  142. (WORD)ulNumStrings,
  143. ulDataSize,
  144. (LPCWSTR*)aszStrings,
  145. pRawData
  146. );
  147. }
  148. return S_OK;
  149. }