2 Unix SMB/CIFS implementation.
5 Copyright (C) Günther Deschner 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "rpcclient.h"
24 static NTSTATUS
get_eventlog_handle(struct rpc_pipe_client
*cli
,
27 struct policy_handle
*handle
)
30 struct eventlog_OpenUnknown0 unknown0
;
31 struct lsa_String logname
, servername
;
33 unknown0
.unknown0
= 0x005c;
34 unknown0
.unknown1
= 0x0001;
36 init_lsa_String(&logname
, log
);
37 init_lsa_String(&servername
, NULL
);
39 status
= rpccli_eventlog_OpenEventLogW(cli
, mem_ctx
,
43 0x00000001, /* major */
44 0x00000001, /* minor */
46 if (!NT_STATUS_IS_OK(status
)) {
53 static NTSTATUS
cmd_eventlog_readlog(struct rpc_pipe_client
*cli
,
59 struct policy_handle handle
;
61 uint32_t flags
= EVENTLOG_BACKWARDS_READ
|
62 EVENTLOG_SEQUENTIAL_READ
;
64 uint32_t number_of_bytes
= 0;
66 uint32_t sent_size
= 0;
67 uint32_t real_size
= 0;
70 printf("Usage: %s logname\n", argv
[0]);
74 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
75 if (!NT_STATUS_IS_OK(status
)) {
80 status
= rpccli_eventlog_ReadEventLogW(cli
, mem_ctx
,
88 if (NT_STATUS_EQUAL(status
, NT_STATUS_BUFFER_TOO_SMALL
)) {
89 number_of_bytes
= real_size
;
90 data
= talloc_array(mem_ctx
, uint8_t, real_size
);
94 if (!NT_STATUS_IS_OK(status
)) {
99 enum ndr_err_code ndr_err
;
101 struct eventlog_Record rec
;
103 blob
= data_blob_const(data
, sent_size
);
105 ndr_err
= ndr_pull_struct_blob(&blob
, mem_ctx
, NULL
,
107 (ndr_pull_flags_fn_t
)ndr_pull_eventlog_Record
);
108 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
109 return ndr_map_error2ntstatus(ndr_err
);
112 NDR_PRINT_DEBUG(eventlog_Record
, &rec
);
121 static NTSTATUS
cmd_eventlog_numrecords(struct rpc_pipe_client
*cli
,
127 struct policy_handle handle
;
131 printf("Usage: %s logname\n", argv
[0]);
135 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
136 if (!NT_STATUS_IS_OK(status
)) {
140 status
= rpccli_eventlog_GetNumRecords(cli
, mem_ctx
,
143 if (!NT_STATUS_IS_OK(status
)) {
147 printf("number of records: %d\n", number
);
152 static NTSTATUS
cmd_eventlog_oldestrecord(struct rpc_pipe_client
*cli
,
158 struct policy_handle handle
;
159 uint32_t oldest_entry
= 0;
162 printf("Usage: %s logname\n", argv
[0]);
166 status
= get_eventlog_handle(cli
, mem_ctx
, argv
[1], &handle
);
167 if (!NT_STATUS_IS_OK(status
)) {
171 status
= rpccli_eventlog_GetOldestRecord(cli
, mem_ctx
,
174 if (!NT_STATUS_IS_OK(status
)) {
178 printf("oldest entry: %d\n", oldest_entry
);
183 struct cmd_set eventlog_commands
[] = {
185 { "eventlog_readlog", RPC_RTYPE_NTSTATUS
, cmd_eventlog_readlog
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Read Eventlog", "" },
186 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS
, cmd_eventlog_numrecords
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Get number of records", "" },
187 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS
, cmd_eventlog_oldestrecord
, NULL
, &ndr_table_eventlog
.syntax_id
, NULL
, "Get oldest record", "" },