/*****************************************************************/
/**		     Microsoft Windows NT			**/
/**	       Copyright(c) Microsoft Corp.,  1991 		**/
/*****************************************************************/

/*
 *  logmisc.hxx
 *
 *      This file contains some misc. class definitions used in EVENT_LOG
 *  which include the pattern classes for filter/search and the log
 *  entry classes encapsulating common information about the log entries.
 *
 *          EVENT_PATTERN_BASE 			     LOG_ENTRY_BASE
 *           /           \                             /       \
 *          /             \                           /         \
 * EVENT_FILTER_PATTERN  EVENT_FIND_PATTERN  RAW_LOG_ENTRY  FORMATTED_LOG_ENTRY
 *
 *
 *  History:
 *  	Yi-HsinS	10/15/91	Created
 *  	Yi-HsinS	  3/5/92	Added Set methods to log entry classes	
 *  	Yi-HsinS	  4/3/92        Change Subtype to Category
 *
 */

#ifndef _LOGMISC_HXX_
#define _LOGMISC_HXX_

#include "base.hxx"

// Forward declaration of EVENT_LOG in eventlog.hxx
// This file has to be included before eventlog.hxx
DLL_CLASS EVENT_LOG;

/*
 * Direction of reading the event log : forward or backward
 */
enum EVLOG_DIRECTION { EVLOG_FWD, EVLOG_BACK };

#define NUM_MATCH_ALL  ((ULONG) -1)

/*************************************************************************

    NAME:       LOG_ENTRY_BASE

    SYNOPSIS:	This class encapsulates all the common information
		contained in both a RAW_LOG_ENTRY and a FORMATTED_LOG_ENTRY.

    INTERFACE:  LOG_ENTRY_BASE()  - Constructor
                ~LOG_ENTRY_BASE() - Destructor
                Set()             - Set all members in the class. Used mainly
                                    when the object is constructed with the
                                    dummy constructor.

		The QueryXXX methods:
		QueryRecordNum()- Returns the record number of the log entry
		QueryTime()     - Returns the time in ULONG
                QueryType()     - Returns the type of the event
		QueryCategory() - Returns the category string of the event
                QueryEventID()  - Returns the event ID
                QueryDisplayEventID()  - Returns the event ID to be displayed
                                         i. e. strip the top 16 bits off...
                QueryEventLog() - Returns the associated event log that
			          created this entry.

		QuerySource()   - Returns the source which recorded the event.
		QueryUser()     - Returns the name of the user on whose behalf
			          the application which recorded the event is
			          running.
		QueryComputer() - Returns the computer on which the event
			          is recorded.

    PARENT:     BASE

    USES:       NLS_STR, EVENT_LOG

    CAVEATS:

    NOTES:

    HISTORY:
	Yi-HsinS	10/15/91		Created

**************************************************************************/

DLL_CLASS LOG_ENTRY_BASE : public BASE
{

protected:
    /*
     *  The following are the common information between a
     *  RAW_LOG_ENTRY and a FORMATTED_LOG_ENTRY.
     */
    ULONG    _ulRecordNum;
    ULONG    _ulTime;
    USHORT   _usType;
    NLS_STR  _nlsCategory;
    ULONG    _ulEventID;

    /*
     *  The pointer to the eventlog object is kept here so that in
     *  case the log entry description is needed when filtering or finding
     *  the log, we can get the description via this pointer.
     */
    EVENT_LOG *_pEventLog;

public:
    LOG_ENTRY_BASE( VOID ) {};

    LOG_ENTRY_BASE( ULONG        ulRecordNum,
                    ULONG        ulTime,
                    USHORT       usType,
		    const TCHAR *pszCategory,
                    ULONG        ulEventID,
 		    EVENT_LOG   *pEventLog );

    ~LOG_ENTRY_BASE();

    APIERR Set( ULONG        ulRecordNum,
                ULONG        ulTime,
                USHORT       usType,
		const TCHAR *pszCategory,
                ULONG        ulEventID,
                EVENT_LOG   *pEventLog );

    ULONG QueryRecordNum( VOID )  const
	{  return _ulRecordNum; }
    ULONG QueryTime( VOID ) const
	{  return _ulTime; }
    USHORT QueryType( VOID ) const
	{  return _usType; }
    NLS_STR *QueryCategory( VOID )
	{  return &_nlsCategory; }
    ULONG QueryEventID( VOID ) const
	{  return _ulEventID; }
    ULONG QueryDisplayEventID( VOID ) const
	{  return _ulEventID & 0x0000FFFF; }
    EVENT_LOG *QueryEventLog( VOID ) const
	{  return _pEventLog; }

    virtual NLS_STR *QuerySource( VOID ) = 0;
    virtual NLS_STR *QueryUser( VOID ) = 0;
    virtual NLS_STR *QueryComputer( VOID ) = 0;
};


/*************************************************************************

    NAME:       RAW_LOG_ENTRY

    SYNOPSIS:	This class encapsulates all the common information
		contained in a LANMAN audit log entry, LANMAN error
		log entry, or a NT event log entry. Each entry contains
		pointers into the actual buffer. So, there is no
                guarantee that after another read ( Next() or SeekLogEntry() ),
		the pointers will still be valid.

    INTERFACE:  RAW_LOG_ENTRY() - Constructor
                Set()           - Set all members in the class.

		The QueryXXX methods:
		QuerySource()   - Returns the source which recorded the event.
		QueryUser()     - Returns the name of the user on whose behalf
			          the application which recorded the event is
			          running.
		QueryComputer() - Returns the computer on which the event
		    	          is recorded.
		

    PARENT:     LOG_ENTRY_BASE

    USES:       ALIAS_STR, NLS_STR

    CAVEATS:

    NOTES:

    HISTORY:
	Yi-HsinS	10/15/91		Created

**************************************************************************/

DLL_CLASS RAW_LOG_ENTRY : public LOG_ENTRY_BASE
{
private:
    ALIAS_STR _nlsSource;
    ALIAS_STR _nlsComputer;

    /*
     * This cannot be a ALIAS_STR because the buffer for NT_EVENT_LOG
     * contains a SID and not a user name.
     */

    NLS_STR   _nlsUser;

public:
    RAW_LOG_ENTRY( VOID );

    RAW_LOG_ENTRY( ULONG        ulRecordNum,
                   ULONG        ulTime,
                   USHORT       usType,
		   const TCHAR *pszCategory,
                   ULONG        ulEventID,
 		   const TCHAR *pszSource,
                   const TCHAR *pszUser,
		   const TCHAR *pszComputer,
		   EVENT_LOG   *pEventLog    );

    APIERR Set( ULONG        ulRecordNum,
                ULONG        ulTime,
                USHORT       usType,
		const TCHAR *pszCategory,
                ULONG        ulEventID,
 	        const TCHAR *pszSource,
                const TCHAR *pszUser,
      	        const TCHAR *pszComputer,
	        EVENT_LOG   *pEventLog );

    virtual NLS_STR *QuerySource( VOID ) ;
    virtual NLS_STR *QueryUser( VOID ) ;
    virtual NLS_STR *QueryComputer( VOID ) ;


};

/*************************************************************************

    NAME:       FORMATTED_LOG_ENTRY

    SYNOPSIS:	This class encapsulates all the common information
		contained in a LANMAN audit log entry, LANMAN error
		log entry, or a NT event log entry. In contrast to
		the RAW_LOG_ENTRY, all information in the original
		buffer are copied so the log entry will still be
		valid after the next read.

    INTERFACE:  FORMATTED_LOG_ENTRY() - Constructor

                Set()                 - Set all members in the class. Used
                                        mainly when the object is constructed
                                        with the dummy constructor.

		The QueryXXX methods:

		QuerySource()   - Returns the source which recorded the event.
		QueryUser()     - Returns the name of the user on whose behalf
			          the  application which recorded the event is
			          running.
		QueryComputer() - Returns the computer name which the event
			          is recorded

                QueryTypeString()  - Returns the string assoc. with the type

                QueryDescription() - Returns the description of the event.
                SetDesciption()    - Set the description of the event.
		
    PARENT:     LOG_ENTRY_BASE

    USES:       NLS_STR

    CAVEATS:

    NOTES:      This class only contains the common information
		of the LM audit log entry, LM error log entry and the NT
		event log entry for use in the Event Viewer. It does not
		contain all the information available in a log entry.

    HISTORY:
	Yi-HsinS	10/15/91		Created

**************************************************************************/

DLL_CLASS FORMATTED_LOG_ENTRY : public LOG_ENTRY_BASE
{
private:
    NLS_STR _nlsType;
    NLS_STR _nlsSource;
    NLS_STR _nlsUser;
    NLS_STR _nlsComputer;
    NLS_STR _nlsDescription;

public:
    FORMATTED_LOG_ENTRY( VOID ) {};

    FORMATTED_LOG_ENTRY( ULONG        ulRecordNum,
                         ULONG        ulTime,
                         USHORT       usType,
                         const TCHAR *pszType,
			 const TCHAR *pszCategory,
                         ULONG        ulEventID,
			 const TCHAR *pszSource,
			 const TCHAR *pszUser,
                         const TCHAR *pszComputer,
			 const TCHAR *pszDescription,
		         EVENT_LOG   *pEventLog );

    APIERR Set( ULONG        ulRecordNum,
                ULONG        ulTime,
                USHORT       usType,
		const TCHAR *pszType,
		const TCHAR *pszCategory,
                ULONG        ulEventID,
		const TCHAR *pszSource,
		const TCHAR *pszUser,
                const TCHAR *pszComputer,
		const TCHAR *pszDescription,
                EVENT_LOG   *pEventLog );

    /*
     *  The following returns a pointer to the the _nlsSource, _nlsUser...
     *  so that we don't need to instantiate another NLS_STR to hold the
     *  information.
     */
    virtual NLS_STR *QuerySource( VOID ) ;
    virtual NLS_STR *QueryUser( VOID ) ;
    virtual NLS_STR *QueryComputer( VOID ) ;

    NLS_STR *QueryTypeString( VOID )
        {  return &_nlsType; }

    NLS_STR *QueryDescription( VOID )
	{  return &_nlsDescription; }

    APIERR SetDescription( const TCHAR *pszDescription )
	{  return _nlsDescription.CopyFrom( pszDescription ); }

};

/*************************************************************************

    NAME:       EVENT_PATTERN_BASE

    SYNOPSIS:	Contains common parts of the EVENT_FIND_PATTERN and the
		EVENT_FILTER_PATTERN

    INTERFACE:  EVENT_PATTERN_BASE() - Constructor

		QueryType()     - Query the type stored in the pattern
		QueryCategory() - Query the category stored in the pattern
		QuerySource()   - Query the source stored in the pattern
		QueryUser()     - Query the user stored in the pattern
		QueryComputer() - Query the computer stored in the pattern
		QueryEventID()  - Query the event ID stored in the pattern

		CheckForMatch() - Check if a LOG_ENTRY_BASE matches the pattern
				  or not

    PARENT:     BASE

    USES:       NLS_STR

    CAVEATS:

    NOTES:      String fields with empty string "" matches all strings
                and numerical fields with NUM_MATCH_ALL matches any number.

    HISTORY:
	Yi-HsinS	10/15/91		Created

**************************************************************************/

DLL_CLASS EVENT_PATTERN_BASE: public BASE
{
private:
    USHORT    _usType;
    NLS_STR   _nlsCategory;
    NLS_STR   _nlsSource;
    NLS_STR   _nlsUser;
    NLS_STR   _nlsComputer;
    ULONG     _ulEventID;

public:
    EVENT_PATTERN_BASE( USHORT          usType,
			const TCHAR    *pszCategory,
			const TCHAR    *pszSource,
			const TCHAR    *pszUser,
		        const TCHAR    *pszComputer,
			ULONG           ulEventID );

    USHORT QueryType( VOID ) const
	{  return _usType; }
    NLS_STR *QueryCategory( VOID )
	{  return &_nlsCategory; }
    NLS_STR *QuerySource( VOID )
	{  return &_nlsSource; }
    NLS_STR *QueryUser( VOID )
	{  return &_nlsUser; }
    NLS_STR *QueryComputer( VOID )
	{  return &_nlsComputer; }
    ULONG QueryEventID( VOID ) const
	{  return _ulEventID; }

    APIERR CheckForMatch( BOOL *pfMatch, LOG_ENTRY_BASE *pLogEntry ) const;

};

/*************************************************************************

    NAME:       EVENT_FILTER_PATTERN

    SYNOPSIS:   The pattern used in filtering

    INTERFACE:  EVENT_FILTER_PATTERN() - Constructor

		QueryFromTime()    - Query the from time stored in the pattern
		QueryThroughTime() - Query the through time stored in
				     the pattern

		CheckForMatch()    - Check if a RAW_LOG_ENTRY matches the
				     pattern or not


    PARENT:     EVENT_PATTERN_BASE

    USES:

    CAVEATS:

    NOTES:

    HISTORY:
	Yi-HsinS	10/15/91		Created

**************************************************************************/

DLL_CLASS EVENT_FILTER_PATTERN : public EVENT_PATTERN_BASE
{
private:
    ULONG _ulFromTime;
    ULONG _ulThroughTime;

public:
    EVENT_FILTER_PATTERN( USHORT          usType,
			  const TCHAR    *pszCategory,
			  const TCHAR    *pszSource,
			  const TCHAR    *pszUser,
			  const TCHAR    *pszComputer,
			  ULONG           ulEventID,
			  ULONG           ulFromTime,
			  ULONG           ulThroughTime );

    ULONG QueryFromTime( VOID ) const
	{  return _ulFromTime; }
    ULONG QueryThroughTime( VOID ) const
	{  return _ulThroughTime; }

    APIERR CheckForMatch( BOOL *pfMatch, RAW_LOG_ENTRY *pRawLogEntry ) const;
};

/*************************************************************************

    NAME:       EVENT_FIND_PATTERN

    SYNOPSIS:   The pattern used in finding a particular log entry

    INTERFACE:  EVENT_FIND_PATTERN() - Constructor

                QueryDescription()- Query the description
                QueryDirection()  - Query the direction of search the log

		CheckForMatch()   - Check if a RAW_LOG_ENTRY or
				    FORMATTED_LOG_ENTRY matches the pattern
				    or not

    PARENT:     EVENT_PATTERN_BASE

    USES:       NLS_STR

    CAVEATS:

    NOTES:

    HISTORY:
	Yi-HsinS	10/15/91		Created

**************************************************************************/

DLL_CLASS EVENT_FIND_PATTERN: public EVENT_PATTERN_BASE
{
private:
    NLS_STR   _nlsDescription;

    /*
     *  The direction of doing the search - EVLOG_FWD or EVLOG_BACK
     */
    EVLOG_DIRECTION _evdir;

public:
    EVENT_FIND_PATTERN( USHORT           usType,
			const TCHAR     *pszCategory,
			const TCHAR     *pszSource,
			const TCHAR     *pszUser,
			const TCHAR     *pszComputer,
			ULONG        	 ulEventID,
			const TCHAR     *pszDescription,
			EVLOG_DIRECTION  evdir );

    NLS_STR *QueryDescription( VOID )
        {  return &_nlsDescription; }

    EVLOG_DIRECTION QueryDirection( VOID ) const
        {  return _evdir; }

    APIERR CheckForMatch( BOOL *pfMatch,
			  RAW_LOG_ENTRY *pRawLogEntry ) const;
    APIERR CheckForMatch( BOOL *pfMatch,
			  FORMATTED_LOG_ENTRY *pFmtLogEntry ) const;
};

#endif