2 Unix SMB/CIFS implementation.
5 Copyright (C) Günther Deschner 2009
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "rpcclient.h"
24 static NTSTATUS get_eventlog_handle(struct rpc_pipe_client *cli,
27 struct policy_handle *handle)
30 struct eventlog_OpenUnknown0 unknown0;
31 struct lsa_String logname, servername;
33 unknown0.unknown0 = 0x005c;
34 unknown0.unknown1 = 0x0001;
36 init_lsa_String(&logname, log);
37 init_lsa_String(&servername, NULL);
39 status = rpccli_eventlog_OpenEventLogW(cli, mem_ctx,
43 0x00000001, /* major */
44 0x00000001, /* minor */
46 if (!NT_STATUS_IS_OK(status)) {
53 static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
59 struct policy_handle handle;
61 uint32_t flags = EVENTLOG_BACKWARDS_READ |
62 EVENTLOG_SEQUENTIAL_READ;
64 uint32_t number_of_bytes = 0;
66 uint32_t sent_size = 0;
67 uint32_t real_size = 0;
69 if (argc < 2 || argc > 4) {
70 printf("Usage: %s logname [offset]\n", argv[0]);
75 offset = atoi(argv[2]);
78 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
79 if (!NT_STATUS_IS_OK(status)) {
84 status = rpccli_eventlog_ReadEventLogW(cli, mem_ctx,
92 if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL) &&
94 number_of_bytes = real_size;
95 data = talloc_array(mem_ctx, uint8_t, real_size);
101 if (!NT_STATUS_IS_OK(status)) {
106 enum ndr_err_code ndr_err;
108 struct eventlog_Record rec;
110 blob = data_blob_const(data, sent_size);
112 ndr_err = ndr_pull_struct_blob_all(&blob, mem_ctx, NULL,
114 (ndr_pull_flags_fn_t)ndr_pull_eventlog_Record);
115 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
116 status = ndr_map_error2ntstatus(ndr_err);
120 NDR_PRINT_DEBUG(eventlog_Record, &rec);
127 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
132 static NTSTATUS cmd_eventlog_numrecords(struct rpc_pipe_client *cli,
138 struct policy_handle handle;
142 printf("Usage: %s logname\n", argv[0]);
146 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
147 if (!NT_STATUS_IS_OK(status)) {
151 status = rpccli_eventlog_GetNumRecords(cli, mem_ctx,
154 if (!NT_STATUS_IS_OK(status)) {
158 printf("number of records: %d\n", number);
161 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
166 static NTSTATUS cmd_eventlog_oldestrecord(struct rpc_pipe_client *cli,
172 struct policy_handle handle;
173 uint32_t oldest_entry = 0;
176 printf("Usage: %s logname\n", argv[0]);
180 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
181 if (!NT_STATUS_IS_OK(status)) {
185 status = rpccli_eventlog_GetOldestRecord(cli, mem_ctx,
188 if (!NT_STATUS_IS_OK(status)) {
192 printf("oldest entry: %d\n", oldest_entry);
195 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
200 static NTSTATUS cmd_eventlog_reportevent(struct rpc_pipe_client *cli,
206 struct policy_handle handle;
208 uint16_t num_of_strings = 1;
209 uint32_t data_size = 0;
210 struct lsa_String servername;
211 struct lsa_String *strings;
212 uint8_t *data = NULL;
213 uint32_t record_number = 0;
214 time_t time_written = 0;
217 printf("Usage: %s logname\n", argv[0]);
221 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
222 if (!NT_STATUS_IS_OK(status)) {
226 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
228 return NT_STATUS_NO_MEMORY;
231 init_lsa_String(&strings[0], "test event written by rpcclient\n");
232 init_lsa_String(&servername, NULL);
234 status = rpccli_eventlog_ReportEventW(cli, mem_ctx,
237 EVENTLOG_INFORMATION_TYPE,
238 0, /* event_category */
250 if (!NT_STATUS_IS_OK(status)) {
254 printf("entry: %d written at %s\n", record_number,
255 http_timestring(talloc_tos(), time_written));
258 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
263 static NTSTATUS cmd_eventlog_reporteventsource(struct rpc_pipe_client *cli,
269 struct policy_handle handle;
271 uint16_t num_of_strings = 1;
272 uint32_t data_size = 0;
273 struct lsa_String servername, sourcename;
274 struct lsa_String *strings;
275 uint8_t *data = NULL;
276 uint32_t record_number = 0;
277 time_t time_written = 0;
280 printf("Usage: %s logname\n", argv[0]);
284 status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
285 if (!NT_STATUS_IS_OK(status)) {
289 strings = talloc_array(mem_ctx, struct lsa_String, num_of_strings);
291 return NT_STATUS_NO_MEMORY;
294 init_lsa_String(&strings[0], "test event written by rpcclient\n");
295 init_lsa_String(&servername, NULL);
296 init_lsa_String(&sourcename, "rpcclient");
298 status = rpccli_eventlog_ReportEventAndSourceW(cli, mem_ctx,
301 EVENTLOG_INFORMATION_TYPE,
302 0, /* event_category */
314 if (!NT_STATUS_IS_OK(status)) {
318 printf("entry: %d written at %s\n", record_number,
319 http_timestring(talloc_tos(), time_written));
322 rpccli_eventlog_CloseEventLog(cli, mem_ctx, &handle);
328 struct cmd_set eventlog_commands[] = {
330 { "eventlog_readlog", RPC_RTYPE_NTSTATUS, cmd_eventlog_readlog, NULL, &ndr_table_eventlog.syntax_id, NULL, "Read Eventlog", "" },
331 { "eventlog_numrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_numrecords, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get number of records", "" },
332 { "eventlog_oldestrecord", RPC_RTYPE_NTSTATUS, cmd_eventlog_oldestrecord, NULL, &ndr_table_eventlog.syntax_id, NULL, "Get oldest record", "" },
333 { "eventlog_reportevent", RPC_RTYPE_NTSTATUS, cmd_eventlog_reportevent, NULL, &ndr_table_eventlog.syntax_id, NULL, "Report event", "" },
334 { "eventlog_reporteventsource", RPC_RTYPE_NTSTATUS, cmd_eventlog_reporteventsource, NULL, &ndr_table_eventlog.syntax_id, NULL, "Report event and source", "" },