3
#define DllExport __declspec( dllexport )
4
#define MAX_INSERT_STRS 64
5
#define MAX_MSG_LENGTH 1024
7
DllExport long MyOpenEventLog(char *pAppName,HANDLE
8
*pEventHandle,long *pNumRecords,long *pLatestRecord);
9
DllExport long MyCloseEventLog(HANDLE hAppLog);
10
DllExport long MyClearEventLog(HANDLE hAppLog);
11
DllExport long MyGetAEventLog(char *pAppName,HANDLE hAppLog,long
12
which,double *pTime,char *pSource,char *pMessage,DWORD *pType,WORD
13
*pCategory, DWORD *timestamp);
33
LOG_FUNC_CALL("In process_eventlog()");
34
INIT_CHECK_MEMORY(main);
36
if (!MyOpenEventLog(source,&hAppLog,&LastID /* number */, &FirstID /* oldest */))
40
if(*lastlogsize > LastID)
41
*lastlogsize = FirstID;
42
else if((*lastlogsize) >= FirstID)
43
FirstID = (*lastlogsize)+1;
45
for (i = FirstID; i < LastID; i++)
47
if(MyGetAEventLog(source,hAppLog,i,&time,src,message,&type,&category,&t) == 0)
49
sprintf(timestamp,"%ld",t);
51
if(type==EVENTLOG_ERROR_TYPE) type=4;
52
else if(type==EVENTLOG_AUDIT_FAILURE) type=7;
53
else if(type==EVENTLOG_AUDIT_SUCCESS) type=8;
54
else if(type==EVENTLOG_INFORMATION_TYPE) type=1;
55
else if(type==EVENTLOG_WARNING_TYPE) type=2;
56
sprintf(severity,"%d",type);
62
MyCloseEventLog(hAppLog);
65
CHECK_MEMORY(main, "process_eventlog","end");
66
LOG_FUNC_CALL("End of process_eventlog()");
71
// open event logger and return number of records
72
DllExport long MyOpenEventLog(
78
HANDLE hAppLog; /* handle to the application log */
80
LOG_FUNC_CALL("In MyOpenEventLog()");
81
INIT_CHECK_MEMORY(main);
85
hAppLog = OpenEventLog(NULL,pAppName); // open log file
88
LOG_DEBUG_INFO("s","MyOpenEventLog: 1");
89
return(GetLastError());
91
GetNumberOfEventLogRecords(hAppLog,(unsigned long*)pNumRecords);// get number of records
92
GetOldestEventLogRecord(hAppLog,(unsigned long*)pLatestRecord);
93
*pEventHandle = hAppLog;
95
CHECK_MEMORY(main, "MyOpenEventLog", "end");
96
LOG_FUNC_CALL("End of MyOpenEventLog()");
101
// close event logger
102
DllExport long MyCloseEventLog(
106
LOG_FUNC_CALL("In MyCloseEventLog()");
107
INIT_CHECK_MEMORY(main);
109
if (hAppLog) CloseEventLog(hAppLog);
111
CHECK_MEMORY(main, "MyCloseEventLog", "end");
112
LOG_FUNC_CALL("End of MyCloseEventLog()");
117
DllExport long MyClearEventLog(
121
LOG_FUNC_CALL("In MyClearEventLog()");
122
INIT_CHECK_MEMORY(main);
124
if (!(ClearEventLog(hAppLog,0)))
126
LOG_DEBUG_INFO("s","MyClearEventLog: error exit");
127
return(GetLastError());
130
CHECK_MEMORY(main, "MyClearEventLog", "end");
131
LOG_FUNC_CALL("End of MyClearEventLog()");
136
// get Nth error from event log. 1 is the first.
137
DllExport long MyGetAEventLog(
149
EVENTLOGRECORD *pELR = NULL;
150
BYTE bBuffer[1024]; /* hold the event log record raw data */
151
DWORD dwRead, dwNeeded;
153
char MsgDll[MAX_PATH]; /* the name of the message DLL */
157
HINSTANCE hLib = NULL; /* handle to the messagetable DLL */
158
char *pCh = NULL, *pFile = NULL, *pNextFile = NULL;
159
char *aInsertStrs[MAX_INSERT_STRS]; // array of pointers to insert
161
LPTSTR msgBuf = NULL; // hold text of the error message that we
164
LOG_FUNC_CALL("In MyGetAEventLog()");
165
INIT_CHECK_MEMORY(main);
167
if (!hAppLog) return(0);
171
if(!ReadEventLog(hAppLog, /* event-log handle */
172
EVENTLOG_SEEK_READ | /* read forward */
173
EVENTLOG_FORWARDS_READ, /* sequential read */
174
which, /* which record to read 1 is first */
175
bBuffer, /* address of buffer */
176
sizeof(bBuffer), /* size of buffer */
177
&dwRead, /* count of bytes read */
178
&dwNeeded)) /* bytes in next record */
180
return GetLastError();
182
pELR = (EVENTLOGRECORD*)bBuffer; // point to data
184
*pTime = (double)pELR->TimeGenerated; // return double timestamp
185
*pType = pELR->EventType; // return event type
186
*pCategory = pELR->EventCategory; // return category
187
*timestamp = pELR->TimeGenerated; // return timestamp
189
strcpy(pSource,((char*)pELR + sizeof(EVENTLOGRECORD)));// copy source name
191
// Get path to message dll
192
strcpy(temp,"SYSTEM\\CurrentControlSet\\Services\\EventLog\\");
193
strcat(temp,pAppName);
195
strcat(temp,((char*)pELR + sizeof(EVENTLOGRECORD)));
198
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, temp, 0, KEY_READ, &hk) == ERROR_SUCCESS)
202
err = RegQueryValueEx(
203
hk, /* handle of key to query */
204
"EventMessageFile", /* value name */
205
NULL, /* must be NULL */
206
&Type, /* address of type value */
207
(UCHAR*)pFile, /* address of value data */
208
&Data); /* length of value data */
211
if(err != ERROR_SUCCESS)
218
pNextFile = strchr(pFile,';');
225
if (ExpandEnvironmentStrings(pFile, MsgDll, MAX_PATH))
227
hLib = LoadLibraryEx(MsgDll, NULL, LOAD_LIBRARY_AS_DATAFILE);
230
/* prepare the array of insert strings for FormatMessage - the
231
insert strings are in the log entry. */
233
i = 0, pCh = (char *)((LPBYTE)pELR + pELR->StringOffset);
234
i < pELR->NumStrings && i < MAX_INSERT_STRS;
235
i++, pCh += strlen(pCh) + 1) /* point to next string */
237
aInsertStrs[i] = pCh;
240
/* Format the message from the message DLL with the insert strings */
242
FORMAT_MESSAGE_FROM_HMODULE |
243
FORMAT_MESSAGE_ALLOCATE_BUFFER |
244
FORMAT_MESSAGE_ARGUMENT_ARRAY |
245
FORMAT_MESSAGE_FROM_SYSTEM,
246
hLib, /* the messagetable DLL handle */
247
pELR->EventID, /* message ID */
248
MAKELANGID(LANG_NEUTRAL, SUBLANG_ENGLISH_US), /* language ID */
249
(LPTSTR) &msgBuf, /* address of pointer to buffer for message */
250
MAX_MSG_LENGTH, /* maximum size of the message buffer */
251
aInsertStrs); /* array of insert strings for the message */
255
strcpy(pMessage,msgBuf); // copy message
258
/* Free the buffer that FormatMessage allocated for us. */
259
LocalFree((HLOCAL) msgBuf);
273
i = 0, pCh = (char *)((LPBYTE)pELR + pELR->StringOffset);
274
i < pELR->NumStrings && i < MAX_INSERT_STRS;
275
i++, pCh += strlen(pCh) + 1) /* point to next string */
277
if(i > 0) strcat(pMessage,",");
278
strcat(pMessage,pCh);
282
CHECK_MEMORY(main, "MyGetAEventLog", "end");
283
LOG_FUNC_CALL("End of MyGetAEventLog()");