mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
650 lines
15 KiB
650 lines
15 KiB
/*++
|
|
|
|
Copyright (c) 1996-1997 Microsoft Corporation
|
|
|
|
Module Name:
|
|
eventlog.cxx
|
|
|
|
Abstract:
|
|
|
|
This module defines the generic class for logging events.
|
|
|
|
|
|
Author:
|
|
|
|
Murali R. Krishnan (MuraliK) 28-Sept-1994
|
|
|
|
Depends Upon:
|
|
Internet Services Platform Library (isplat.lib)
|
|
Internet Services Debugging Library (isdebug.lib)
|
|
|
|
--*/
|
|
|
|
#include "precomp.hxx"
|
|
|
|
//
|
|
// Include Headers
|
|
//
|
|
|
|
#define DLL_IMPLEMENTATION
|
|
#define IMPLEMENTATION_EXPORT
|
|
|
|
# include <isplat.h>
|
|
# include <dbgutil.h>
|
|
# include <eventlog.hxx>
|
|
# include <string.hxx>
|
|
|
|
|
|
#define EVENTLOG_KEY \
|
|
"SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\"
|
|
|
|
#define EVENTLOG_VALUE_KEY "EventMessageFile"
|
|
|
|
|
|
EVENT_LOG::EVENT_LOG(
|
|
IN LPCTSTR lpszSource
|
|
)
|
|
/*++
|
|
|
|
Description
|
|
Constructor function for given event log object.
|
|
Initializes event logging services.
|
|
|
|
Arguments:
|
|
|
|
lpszSource: Source string for the Event.
|
|
|
|
Note:
|
|
|
|
This is intended to be executed once only.
|
|
This is not to be used for creating multiple event
|
|
log handles for same given source name.
|
|
But can be used for creating EVENT_LOG objects for
|
|
different source names.
|
|
|
|
--*/
|
|
:
|
|
m_ErrorCode (NO_ERROR),
|
|
m_pDateTimeCache (NULL),
|
|
m_hLogFile (INVALID_HANDLE_VALUE)
|
|
{
|
|
|
|
(VOID)IISGetPlatformType();
|
|
|
|
IF_DEBUG( INIT_CLEAN) {
|
|
DBGPRINTF( ( DBG_CONTEXT,
|
|
" Initializing Event Log for %s[%p] fLogFile[%x]\n",
|
|
lpszSource, this, TsIsWindows95()));
|
|
}
|
|
|
|
//
|
|
// Register as an event source.
|
|
//
|
|
|
|
if ( TsIsWindows95() ) {
|
|
|
|
m_hEventSource = RegisterEventSourceChicagoStyle(
|
|
lpszSource,
|
|
&m_hLogFile
|
|
);
|
|
} else {
|
|
|
|
m_hEventSource = RegisterEventSource( NULL, lpszSource);
|
|
}
|
|
|
|
if ( m_hEventSource != NULL ) {
|
|
|
|
//
|
|
// Success!
|
|
//
|
|
|
|
IF_DEBUG( ERROR) {
|
|
DBGPRINTF( ( DBG_CONTEXT,
|
|
" Event Log for %s initialized (hEventSource=%p)\n",
|
|
lpszSource,
|
|
m_hEventSource));
|
|
}
|
|
} else {
|
|
|
|
DBG_ASSERT(m_hLogFile == INVALID_HANDLE_VALUE);
|
|
|
|
//
|
|
// An Error in initializing the event log.
|
|
//
|
|
|
|
m_ErrorCode = GetLastError();
|
|
DBGPRINTF( ( DBG_CONTEXT,
|
|
"Could not register event source (%s) ( Error %lu)\n",
|
|
lpszSource,
|
|
m_ErrorCode));
|
|
}
|
|
|
|
return;
|
|
|
|
} // EVENT_LOG::EVENT_LOG()
|
|
|
|
|
|
|
|
EVENT_LOG::~EVENT_LOG(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Description:
|
|
Destructor function for given EVENT_LOG object.
|
|
Terminates event logging functions and closes
|
|
event log handle
|
|
|
|
--*/
|
|
{
|
|
|
|
IF_DEBUG( INIT_CLEAN) {
|
|
DBGPRINTF( ( DBG_CONTEXT,
|
|
"Terminating events logging[%p] fFile[%x]\n",
|
|
this, TsIsWindows95() ));
|
|
}
|
|
|
|
if ( TsIsWindows95() ) {
|
|
|
|
if ( m_hLogFile != INVALID_HANDLE_VALUE ) {
|
|
FlushFileBuffers(m_hLogFile);
|
|
DBG_REQUIRE(CloseHandle( m_hLogFile ));
|
|
m_hLogFile = INVALID_HANDLE_VALUE;
|
|
}
|
|
|
|
if ( m_pDateTimeCache != NULL ) {
|
|
delete m_pDateTimeCache;
|
|
m_pDateTimeCache = NULL;
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// If there is a valid Events handle, deregister it
|
|
//
|
|
|
|
if ( m_hEventSource != NULL) {
|
|
|
|
BOOL fSuccess;
|
|
|
|
fSuccess = DeregisterEventSource( m_hEventSource);
|
|
|
|
if ( !fSuccess) {
|
|
|
|
//
|
|
// An Error in DeRegistering
|
|
//
|
|
|
|
m_ErrorCode = GetLastError();
|
|
|
|
IF_DEBUG( INIT_CLEAN) {
|
|
|
|
DBGPRINTF( ( DBG_CONTEXT,
|
|
"Termination of EventLog[%p] failed."
|
|
" error %lu\n",
|
|
this,
|
|
m_ErrorCode));
|
|
}
|
|
}
|
|
|
|
//
|
|
// Reset the handle's value. Just as a precaution
|
|
//
|
|
m_hEventSource = NULL;
|
|
}
|
|
}
|
|
|
|
|
|
IF_DEBUG( API_EXIT) {
|
|
DBGPRINTF( ( DBG_CONTEXT, "Terminated events log[%p]\n",this));
|
|
}
|
|
|
|
} /* EVENT_LOG::~EVENT_LOG() */
|
|
|
|
|
|
|
|
VOID
|
|
EVENT_LOG::LogEvent(
|
|
IN DWORD idMessage,
|
|
IN WORD nSubStrings,
|
|
IN const CHAR * rgpszSubStrings[],
|
|
IN DWORD errCode)
|
|
/*++
|
|
|
|
Description:
|
|
Log an event to the event logger
|
|
|
|
Arguments:
|
|
|
|
idMessage Identifies the event message
|
|
|
|
nSubStrings Number of substrings to include in
|
|
this message. (Maybe 0)
|
|
|
|
rgpszSubStrings array of substrings included in the message
|
|
(Maybe NULL if nSubStrings == 0)
|
|
|
|
errCode An error code from Win32 or WinSock or NT_STATUS.
|
|
If this is not Zero, it is considered as
|
|
"raw" data to be included in message
|
|
|
|
Returns:
|
|
|
|
None
|
|
|
|
--*/
|
|
{
|
|
|
|
WORD wType; // Type of Event to be logged
|
|
|
|
//
|
|
// Find type of message for the event log
|
|
//
|
|
|
|
IF_DEBUG( API_ENTRY) {
|
|
|
|
DWORD i;
|
|
|
|
DBGPRINTF( ( DBG_CONTEXT,
|
|
"reporting event %08lX, Error Code = %lu\n",
|
|
idMessage,
|
|
errCode ));
|
|
|
|
for( i = 0 ; i < nSubStrings ; i++ ) {
|
|
DBGPRINTF(( DBG_CONTEXT,
|
|
" substring[%lu] = %s\n",
|
|
i,
|
|
rgpszSubStrings[i] ));
|
|
}
|
|
}
|
|
|
|
if ( NT_INFORMATION( idMessage)) {
|
|
|
|
wType = EVENTLOG_INFORMATION_TYPE;
|
|
|
|
} else {
|
|
|
|
if ( NT_WARNING( idMessage)) {
|
|
|
|
wType = EVENTLOG_WARNING_TYPE;
|
|
|
|
} else {
|
|
|
|
wType = EVENTLOG_ERROR_TYPE;
|
|
|
|
DBG_ASSERT(NT_ERROR( idMessage));
|
|
}
|
|
}
|
|
|
|
//
|
|
// Log the event
|
|
//
|
|
|
|
EVENT_LOG::LogEventPrivate( idMessage,
|
|
wType,
|
|
nSubStrings,
|
|
rgpszSubStrings,
|
|
errCode);
|
|
|
|
|
|
return;
|
|
|
|
} /* EVENT_LOG::LogEvent() */
|
|
|
|
|
|
//
|
|
// Private functions.
|
|
//
|
|
|
|
VOID
|
|
EVENT_LOG::LogEventPrivate(
|
|
IN DWORD idMessage,
|
|
IN WORD wEventType,
|
|
IN WORD nSubStrings,
|
|
IN const CHAR * apszSubStrings[],
|
|
IN DWORD errCode
|
|
)
|
|
/*++
|
|
|
|
Description:
|
|
Log an event to the event logger.
|
|
( Private version, includes EventType)
|
|
|
|
Arguments:
|
|
|
|
idMessage Identifies the event message
|
|
|
|
wEventType Specifies the severety of the event
|
|
(error, warning, or informational).
|
|
|
|
nSubStrings Number of substrings to include in
|
|
this message. (Maybe 0)
|
|
|
|
apszSubStrings array of substrings included in the message
|
|
(Maybe NULL if nSubStrings == 0)
|
|
|
|
errCode An error code from Win32 or WinSock or NT_STATUS.
|
|
If this is not Zero, it is considered as
|
|
"raw" data to be included in message
|
|
|
|
Returns:
|
|
|
|
None
|
|
|
|
--*/
|
|
{
|
|
VOID * pRawData = NULL;
|
|
DWORD cbRawData = 0;
|
|
BOOL fReport;
|
|
DWORD dwErr;
|
|
|
|
if ( m_hEventSource == NULL ) {
|
|
|
|
IF_DEBUG(ERROR) {
|
|
DBGPRINTF((DBG_CONTEXT,"Attempt to log with no event source\n"));
|
|
}
|
|
return;
|
|
}
|
|
|
|
ASSERT( (nSubStrings == 0) || (apszSubStrings != NULL));
|
|
|
|
if( errCode != 0 ) {
|
|
pRawData = &errCode;
|
|
cbRawData = sizeof(errCode);
|
|
}
|
|
|
|
m_ErrorCode = NO_ERROR;
|
|
dwErr = GetLastError();
|
|
|
|
if ( TsIsWindows95() ) {
|
|
fReport = ReportEventChicagoStyle(
|
|
m_hEventSource,
|
|
m_hLogFile,
|
|
idMessage,
|
|
apszSubStrings,
|
|
errCode
|
|
);
|
|
|
|
} else {
|
|
|
|
fReport = ReportEvent(
|
|
m_hEventSource, // hEventSource
|
|
wEventType, // fwEventType
|
|
0, // fwCategory
|
|
idMessage, // IDEvent
|
|
NULL, // pUserSid,
|
|
nSubStrings, // cStrings
|
|
cbRawData, // cbData
|
|
(LPCTSTR *) apszSubStrings, // plpszStrings
|
|
pRawData ); // lpvData
|
|
|
|
#ifdef DBG
|
|
|
|
//
|
|
// Output the event log to the debugger
|
|
//
|
|
|
|
CHAR buffer[MAX_PATH+1];
|
|
PCHAR pBuffer = buffer;
|
|
|
|
::FormatMessageA(FORMAT_MESSAGE_MAX_WIDTH_MASK |
|
|
FORMAT_MESSAGE_FROM_HMODULE |
|
|
FORMAT_MESSAGE_ARGUMENT_ARRAY,
|
|
m_hEventSource,
|
|
idMessage,
|
|
0,
|
|
(LPSTR)pBuffer,
|
|
(DWORD)sizeof(buffer),
|
|
(va_list*)apszSubStrings
|
|
);
|
|
|
|
DBGPRINTF((DBG_CONTEXT,"Reporting EVENT_LOG Event - %s\n", buffer));
|
|
|
|
#endif
|
|
}
|
|
|
|
if ( !fReport ) {
|
|
|
|
IF_DEBUG( ERROR) {
|
|
|
|
m_ErrorCode = GetLastError();
|
|
DBGPRINTF(( DBG_CONTEXT,
|
|
"Cannot report event for %p, error %lu\n",
|
|
this,
|
|
m_ErrorCode));
|
|
}
|
|
}
|
|
else {
|
|
SetLastError( dwErr );
|
|
}
|
|
|
|
} // EVENT_LOG::LogEventPrivate()
|
|
|
|
|
|
|
|
HANDLE
|
|
EVENT_LOG::RegisterEventSourceChicagoStyle(
|
|
IN LPCSTR lpszSource,
|
|
IN PHANDLE hFile
|
|
)
|
|
/*++
|
|
|
|
Description:
|
|
Register event source in win95
|
|
|
|
Arguments:
|
|
|
|
lpszSource - name of event source
|
|
hFile - on return, contains handle to log file
|
|
|
|
Returns:
|
|
|
|
if successful, Handle to event source
|
|
NULL, otherwise
|
|
--*/
|
|
{
|
|
HANDLE hSource = NULL;
|
|
CHAR szPath[MAX_PATH+1];
|
|
STR regKey;
|
|
DWORD len;
|
|
DWORD err = NO_ERROR;
|
|
HKEY hKey;
|
|
HANDLE hEventFile = INVALID_HANDLE_VALUE;
|
|
|
|
//
|
|
// Initialize the cache
|
|
//
|
|
|
|
m_pDateTimeCache = new ASCLOG_DATETIME_CACHE(); //log format
|
|
if ( m_pDateTimeCache == NULL ) {
|
|
err = GetLastError();
|
|
|
|
DBGPRINTF((DBG_CONTEXT,
|
|
"Cannot allocate datetime cache[%d]\n", err));
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// Contruct the log file name
|
|
//
|
|
|
|
len = GetWindowsDirectory(szPath, sizeof(szPath));
|
|
|
|
if ( len == 0 ) {
|
|
DBGPRINTF((DBG_CONTEXT,"GetWindowsDirectory returns 0\n"));
|
|
goto exit;
|
|
}
|
|
|
|
DBG_ASSERT(len <= MAX_PATH);
|
|
|
|
strcat(szPath, "\\");
|
|
strcat(szPath, lpszSource);
|
|
strcat(szPath, ".event.log");
|
|
|
|
IF_DEBUG( INIT_CLEAN) {
|
|
DBGPRINTF((DBG_CONTEXT,"Event log file set to %s\n", szPath));
|
|
}
|
|
|
|
//
|
|
// Open the file
|
|
//
|
|
|
|
hEventFile = CreateFile(
|
|
szPath,
|
|
GENERIC_WRITE,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
NULL,
|
|
OPEN_ALWAYS,
|
|
FILE_ATTRIBUTE_NORMAL,
|
|
NULL
|
|
);
|
|
|
|
if ( hEventFile == INVALID_HANDLE_VALUE ) {
|
|
err = GetLastError();
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// Move to end of file
|
|
//
|
|
|
|
if ( SetFilePointer( hEventFile, 0, NULL, FILE_END ) == (DWORD)-1 ) {
|
|
err = GetLastError();
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// If log file successfully opened - register event message source file.
|
|
// On Win9x registration simply means locating module handle for DLL,
|
|
// where we will load messages from.
|
|
//
|
|
|
|
regKey.Copy(EVENTLOG_KEY);
|
|
regKey.Append(lpszSource);
|
|
|
|
err = RegOpenKeyEx(
|
|
HKEY_LOCAL_MACHINE,
|
|
regKey.QueryStr(),
|
|
0,
|
|
KEY_ALL_ACCESS,
|
|
&hKey);
|
|
|
|
if ( err == NO_ERROR) {
|
|
|
|
DWORD cbBuffer;
|
|
|
|
cbBuffer = sizeof(szPath);
|
|
szPath[0] = '\0';
|
|
|
|
err = RegQueryValueEx( hKey,
|
|
EVENTLOG_VALUE_KEY,
|
|
NULL,
|
|
NULL,
|
|
(LPBYTE) szPath,
|
|
&cbBuffer);
|
|
|
|
RegCloseKey( hKey);
|
|
|
|
if ( err == NO_ERROR ) {
|
|
|
|
hSource = GetModuleHandle(szPath);
|
|
if ( hSource == NULL ) {
|
|
err = GetLastError();
|
|
|
|
DBGPRINTF((DBG_CONTEXT,"GetModuleHandle[%s] returns %d\n",
|
|
szPath, err));
|
|
}
|
|
} else {
|
|
|
|
DBGPRINTF((DBG_CONTEXT,
|
|
"Cannot find value %s. Err = %d\n",
|
|
EVENTLOG_VALUE_KEY, err ));
|
|
}
|
|
} else {
|
|
|
|
DBGPRINTF((DBG_CONTEXT,
|
|
"Cannot open key %s. Err = %d\n",
|
|
regKey.QueryStr(), err ));
|
|
}
|
|
|
|
exit:
|
|
|
|
if ( (err != NO_ERROR) || (hSource == NULL) ) {
|
|
|
|
if ( hEventFile != INVALID_HANDLE_VALUE ) {
|
|
CloseHandle( hEventFile );
|
|
hEventFile = INVALID_HANDLE_VALUE;
|
|
}
|
|
hSource = NULL;
|
|
SetLastError(err);
|
|
}
|
|
|
|
*hFile = hEventFile;
|
|
return(hSource);
|
|
|
|
} // RegisterEventSourceChicagoStyle()
|
|
|
|
|
|
|
|
BOOL
|
|
EVENT_LOG::ReportEventChicagoStyle(
|
|
IN HANDLE hEventSource,
|
|
IN HANDLE hLogFile,
|
|
IN DWORD idMessage,
|
|
IN LPCSTR * apszSubStrings,
|
|
IN DWORD dwErrorCode
|
|
)
|
|
{
|
|
SYSTEMTIME st;
|
|
DWORD cch;
|
|
DWORD nDate;
|
|
CHAR buffer[MAX_PATH+1];
|
|
PCHAR pBuffer = buffer;
|
|
BOOL fReturn = FALSE;
|
|
|
|
GetLocalTime( &st );
|
|
nDate = m_pDateTimeCache->GetFormattedDateTime(&st, pBuffer);
|
|
pBuffer += nDate;
|
|
|
|
//
|
|
// Read message and add inserts
|
|
//
|
|
|
|
cch = ::FormatMessageA(FORMAT_MESSAGE_MAX_WIDTH_MASK |
|
|
FORMAT_MESSAGE_FROM_HMODULE |
|
|
FORMAT_MESSAGE_ARGUMENT_ARRAY,
|
|
hEventSource,
|
|
idMessage,
|
|
0,
|
|
(LPSTR)pBuffer,
|
|
(DWORD)(sizeof(buffer) - nDate),
|
|
(va_list*)apszSubStrings
|
|
);
|
|
|
|
if (cch != 0) {
|
|
|
|
DWORD nBytes = 0;
|
|
|
|
DBGPRINTF((DBG_CONTEXT,"Reporting EVENT_LOG Event - %s\n", buffer));
|
|
|
|
cch += nDate;
|
|
fReturn = WriteFile(
|
|
hLogFile,
|
|
buffer,
|
|
cch,
|
|
&nBytes,
|
|
NULL);
|
|
|
|
if (nBytes != 0) {
|
|
|
|
DBG_ASSERT(cch == nBytes);
|
|
|
|
cch = wsprintf(buffer,"[%x]\r\n",dwErrorCode);
|
|
fReturn = WriteFile(hLogFile,buffer,cch,&nBytes,NULL);
|
|
}
|
|
}
|
|
|
|
return(fReturn);
|
|
|
|
} // ReportEventChicagoStyle()
|
|
|