3
* Samba Unix/Linux SMB client utility
4
* Write Eventlog records to a tdb, perform other eventlog related functions
7
* Copyright (C) Brian Moran 2005.
8
* Copyright (C) Guenther Deschner 2009.
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License as published by
12
* the Free Software Foundation; either version 3 of the License, or
13
* (at your option) any later version.
15
* This program is distributed in the hope that it will be useful,
16
* but WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
* GNU General Public License for more details.
20
* You should have received a copy of the GNU General Public License
21
* along with this program; if not, see <http://www.gnu.org/licenses/>.
28
#define DBGC_CLASS DBGC_UTIL_EVENTLOG
36
static void usage( char *s )
38
printf( "\nUsage: %s [OPTION]\n\n", s );
39
printf( " -o write <Eventlog Name> \t\t\t\t\tWrites records to eventlog from STDIN\n" );
40
printf( " -o addsource <EventlogName> <sourcename> <msgfileDLLname> \tAdds the specified source & DLL eventlog registry entry\n" );
41
printf( " -o dump <Eventlog Name> <starting_record>\t\t\t\t\tDump stored eventlog entries on STDOUT\n" );
42
printf( "\nMiscellaneous options:\n" );
43
printf( " -d\t\t\t\t\t\t\t\tturn debug on\n" );
44
printf( " -h\t\t\t\t\t\t\t\tdisplay help\n\n" );
47
static void display_eventlog_names( void )
52
elogs = lp_eventlog_list( );
53
printf( "Active eventlog names (from smb.conf):\n" );
54
printf( "--------------------------------------\n" );
56
for ( i = 0; elogs[i]; i++ ) {
57
printf( "\t%s\n", elogs[i] );
61
printf( "\t<None specified>\n");
64
static int DoAddSourceCommand( int argc, char **argv, bool debugflag, char *exename )
68
printf( "need more arguments:\n" );
69
printf( "-o addsource EventlogName SourceName /path/to/EventMessageFile.dll\n" );
72
/* must open the registry before we access it */
73
if (!W_ERROR_IS_OK(regdb_init())) {
74
printf( "Can't open the registry.\n" );
78
if ( !eventlog_add_source( argv[0], argv[1], argv[2] ) )
83
static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename )
90
/* fixed constants are bad bad bad */
93
struct eventlog_Record_tdb ee;
94
uint32_t record_number;
95
TALLOC_CTX *mem_ctx = talloc_tos();
99
printf( "Can't open STDIN\n" );
104
printf( "Starting write for eventlog [%s]\n", argv[0] );
105
display_eventlog_names( );
110
if ( !( etdb = elog_open_tdb( argfname, False, False ) ) ) {
111
printf( "can't open the eventlog TDB (%s)\n", argfname );
115
ZERO_STRUCT( ee ); /* MUST initialize between records */
117
while ( !feof( f1 ) ) {
118
if (fgets( linein, sizeof( linein ) - 1, f1 ) == NULL) {
121
linein[strlen( linein ) - 1] = 0; /* whack the line delimiter */
124
printf( "Read line [%s]\n", linein );
129
parse_logentry( mem_ctx, ( char * ) &linein, &ee, &is_eor );
130
/* should we do something with the return code? */
133
fixup_eventlog_record_tdb( &ee );
136
printf( "record number [%d], tg [%d] , tw [%d]\n",
137
ee.record_number, (int)ee.time_generated, (int)ee.time_written );
139
if ( ee.time_generated != 0 ) {
141
/* printf("Writing to the event log\n"); */
143
status = evlog_push_record_tdb( mem_ctx, ELOG_TDB_CTX(etdb),
144
&ee, &record_number );
145
if ( !NT_STATUS_IS_OK(status) ) {
146
printf( "Can't write to the event log: %s\n",
150
printf( "Wrote record %d\n",
155
printf( "<null record>\n" );
157
ZERO_STRUCT( ee ); /* MUST initialize between records */
161
elog_close_tdb( etdb , False );
166
static int DoDumpCommand(int argc, char **argv, bool debugflag, char *exename)
169
TALLOC_CTX *mem_ctx = talloc_tos();
170
const char *tdb_filename;
177
tdb_filename = argv[0];
180
count = atoi(argv[1]);
183
etdb = elog_open_tdb(argv[0], false, true);
185
printf("can't open the eventlog TDB (%s)\n", argv[0]);
191
struct eventlog_Record_tdb *r;
194
r = evlog_pull_record_tdb(mem_ctx, etdb->tdb, count);
199
printf("displaying record: %d\n", count);
201
s = NDR_PRINT_STRUCT_STRING(mem_ctx, eventlog_Record_tdb, r);
209
elog_close_tdb(etdb, false);
214
/* would be nice to use the popT stuff here, however doing so forces us to drag in a lot of other infrastructure */
216
int main( int argc, char *argv[] )
220
TALLOC_CTX *frame = talloc_stackframe();
227
opt_debug = 0; /* todo set this from getopts */
229
lp_load(get_dyn_CONFIGFILE(), True, False, False, True);
235
fstrcpy( opname, "write" ); /* the default */
237
#if 0 /* TESTING CODE */
238
eventlog_add_source( "System", "TestSourceX", "SomeTestPathX" );
240
while ( ( opt = getopt( argc, argv, "dho:" ) ) != EOF ) {
244
fstrcpy( opname, optarg );
249
display_eventlog_names( );
263
printf( "\nNot enough arguments!\n" );
268
/* note that the separate command types should call usage if they need to... */
270
if ( !StrCaseCmp( opname, "addsource" ) ) {
271
rc = DoAddSourceCommand( argc, argv, opt_debug,
275
if ( !StrCaseCmp( opname, "write" ) ) {
276
rc = DoWriteCommand( argc, argv, opt_debug, exename );
279
if ( !StrCaseCmp( opname, "dump" ) ) {
280
rc = DoDumpCommand( argc, argv, opt_debug, exename );
283
printf( "unknown command [%s]\n", opname );