2 Unix SMB/CIFS implementation.
5 Copyright (C) Günther Deschner 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "rpcclient.h"
24 static NTSTATUS
get_eventlog_handle(struct rpc_pipe_client
*cli
,
27 struct policy_handle
*handle
)
30 struct eventlog_OpenUnknown0 unknown0
;
31 struct lsa_String logname
, servername
;
33 unknown0
.unknown0
= 0x005c;
34 unknown0
.unknown1
= 0x0001;
36 init_lsa_String(&logname
, log
);
37 init_lsa_String(&servername
, NULL
);
39 status
= rpccli_eventlog_OpenEventLogW(cli
, mem_ctx
,
43 0x00000001, /* major */
44 0x00000001, /* minor */
46 if (!NT_STATUS_IS_OK(status
)) {
53 static NTSTATUS
cmd_eventlog_readlog(struct rpc_pipe_client
*cli
,
59 struct policy_handle handle
;
61 uint32_t flags
= EVENTLOG_BACKWARDS_READ
|
62 EVENTLOG_SEQUENTIAL_READ
;
64 uint32_t number_of_bytes
= 0;
66 uint32_t sent_size
= 0;
67 uint32_t real_size
= 0;
69 if (argc
< 2 || argc
> 4) {
70 printf("Usage: %s logname [offset]\n", argv
[0]);
75 offset
= atoi(argv
[2]);
78 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
79 if (!NT_STATUS_IS_OK(status
)) {
84 status
= rpccli_eventlog_ReadEventLogW(cli
, mem_ctx
,
92 if (NT_STATUS_EQUAL(status
, NT_STATUS_BUFFER_TOO_SMALL
) &&
94 number_of_bytes
= real_size
;
95 data
= talloc_array(mem_ctx
, uint8_t, real_size
);
101 if (!NT_STATUS_IS_OK(status
)) {
106 enum ndr_err_code ndr_err
;
108 struct eventlog_Record rec
;
110 blob
= data_blob_const(data
, sent_size
);
112 ndr_err
= ndr_pull_struct_blob_all(&blob
, mem_ctx
, NULL
,
114 (ndr_pull_flags_fn_t
)ndr_pull_eventlog_Record
);
115 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
116 status
= ndr_map_error2ntstatus(ndr_err
);
120 NDR_PRINT_DEBUG(eventlog_Record
, &rec
);
127 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
132 static NTSTATUS
cmd_eventlog_numrecords(struct rpc_pipe_client
*cli
,
138 struct policy_handle handle
;
142 printf("Usage: %s logname\n", argv
[0]);
146 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
147 if (!NT_STATUS_IS_OK(status
)) {
151 status
= rpccli_eventlog_GetNumRecords(cli
, mem_ctx
,
154 if (!NT_STATUS_IS_OK(status
)) {
158 printf("number of records: %d\n", number
);
161 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
166 static NTSTATUS
cmd_eventlog_oldestrecord(struct rpc_pipe_client
*cli
,
172 struct policy_handle handle
;
173 uint32_t oldest_entry
= 0;
176 printf("Usage: %s logname\n", argv
[0]);
180 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
181 if (!NT_STATUS_IS_OK(status
)) {
185 status
= rpccli_eventlog_GetOldestRecord(cli
, mem_ctx
,
188 if (!NT_STATUS_IS_OK(status
)) {
192 printf("oldest entry: %d\n", oldest_entry
);
195 rpccli_eventlog_CloseEventLog(cli
, mem_ctx
, &handle
);
200 struct cmd_set eventlog_commands
[] = {
202 { "eventlog_readlog", RPC_RTYPE_NTSTATUS
, cmd_eventlog_readlog
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Read Eventlog", "" },
203 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS
, cmd_eventlog_numrecords
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Get number of records", "" },
204 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS
, cmd_eventlog_oldestrecord
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Get oldest record", "" },