Documentation
¶
Index ¶
- Variables
- func EventlogServerHandle(ctx context.Context, o EventlogServer, opNum int, r ndr.Reader) (dcerpc.Operation, error)
- func NewEventlogServerHandle(o EventlogServer) dcerpc.ServerHandle
- func RegisterEventlogServer(conn dcerpc.Conn, o EventlogServer, opts ...dcerpc.Option)
- type BackupEventLogARequest
- type BackupEventLogAResponse
- type BackupEventLogWRequest
- type BackupEventLogWResponse
- type ChangeNotifyRequest
- type ChangeNotifyResponse
- type ClearEventLogARequest
- type ClearEventLogAResponse
- type ClearEventLogWRequest
- type ClearEventLogWResponse
- type ClientID
- type CloseEventLogRequest
- type CloseEventLogResponse
- type DeregisterEventSourceRequest
- type DeregisterEventSourceResponse
- type EventlogClient
- type EventlogServer
- type GetLogInformationRequest
- type GetLogInformationResponse
- type Handle
- type NumberOfRecordsRequest
- type NumberOfRecordsResponse
- type OldestRecordRequest
- type OldestRecordResponse
- type OpenBackupEventLogARequest
- type OpenBackupEventLogAResponse
- type OpenBackupEventLogWRequest
- type OpenBackupEventLogWResponse
- type OpenEventLogARequest
- type OpenEventLogAResponse
- type OpenEventLogWRequest
- type OpenEventLogWResponse
- type ReadEventLogARequest
- type ReadEventLogAResponse
- type ReadEventLogWRequest
- type ReadEventLogWResponse
- type RegisterEventSourceARequest
- type RegisterEventSourceAResponse
- type RegisterEventSourceWRequest
- type RegisterEventSourceWResponse
- type ReportEventARequest
- type ReportEventAResponse
- type ReportEventAndSourceWRequest
- type ReportEventAndSourceWResponse
- type ReportEventExARequest
- type ReportEventExAResponse
- type ReportEventExWRequest
- type ReportEventExWResponse
- type ReportEventWRequest
- type ReportEventWResponse
- type String
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // Syntax UUID EventlogSyntaxUUID = &uuid.UUID{TimeLow: 0x82273fdc, TimeMid: 0xe32a, TimeHiAndVersion: 0x18c3, ClockSeqHiAndReserved: 0x3f, ClockSeqLow: 0x78, Node: [6]uint8{0x82, 0x79, 0x29, 0xdc, 0x23, 0xea}} // Syntax ID EventlogSyntaxV0_0 = &dcerpc.SyntaxID{IfUUID: EventlogSyntaxUUID, IfVersionMajor: 0, IfVersionMinor: 0} )
View Source
var (
// import guard
GoPackage = "even"
)
View Source
var MaxBatchBuffer = 524287
MaxBatchBuffer represents the MAX_BATCH_BUFF RPC constant
View Source
var MaxSingleEvent = 262143
MaxSingleEvent represents the MAX_SINGLE_EVENT RPC constant
View Source
var MaxStrings = 256
MaxStrings represents the MAX_STRINGS RPC constant
Functions ¶
func EventlogServerHandle ¶
func NewEventlogServerHandle ¶
func NewEventlogServerHandle(o EventlogServer) dcerpc.ServerHandle
func RegisterEventlogServer ¶
func RegisterEventlogServer(conn dcerpc.Conn, o EventlogServer, opts ...dcerpc.Option)
Types ¶
type BackupEventLogARequest ¶
type BackupEventLogARequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA
// (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// BackupFileName: Provides an ANSI string (as specified in section 2.2.12) that points
// to an NT Object Path of a file (as specified in section 2.2.4.1), in which a current
// copy of the event log is to be placed. This MUST NOT be NULL or empty.
BackupFileName *String `idl:"name:BackupFileName" json:"backup_file_name"`
}
BackupEventLogARequest structure represents the ElfrBackupELFA operation request
func (*BackupEventLogARequest) MarshalNDR ¶
func (*BackupEventLogARequest) UnmarshalNDR ¶
type BackupEventLogAResponse ¶
type BackupEventLogAResponse struct {
// Return: The ElfrBackupELFA return value.
Return int32 `idl:"name:Return" json:"return"`
}
BackupEventLogAResponse structure represents the ElfrBackupELFA operation response
func (*BackupEventLogAResponse) MarshalNDR ¶
func (*BackupEventLogAResponse) UnmarshalNDR ¶
type BackupEventLogWRequest ¶
type BackupEventLogWRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA
// (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// BackupFileName: Provides a Unicode string (as specified in section 2.2.11) that points
// to an NT Object Path of a file, (as specified in section 2.2.4.1), in which a current
// copy of the event log is to be placed. This MUST NOT be NULL or empty. The path is
// evalutated relative to the server.
BackupFileName *dtyp.UnicodeString `idl:"name:BackupFileName" json:"backup_file_name"`
}
BackupEventLogWRequest structure represents the ElfrBackupELFW operation request
func (*BackupEventLogWRequest) MarshalNDR ¶
func (*BackupEventLogWRequest) UnmarshalNDR ¶
type BackupEventLogWResponse ¶
type BackupEventLogWResponse struct {
// Return: The ElfrBackupELFW return value.
Return int32 `idl:"name:Return" json:"return"`
}
BackupEventLogWResponse structure represents the ElfrBackupELFW operation response
func (*BackupEventLogWResponse) MarshalNDR ¶
func (*BackupEventLogWResponse) UnmarshalNDR ¶
type ChangeNotifyRequest ¶
type ChangeNotifyRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// ClientId: Ignored when the method is called remotely.
ClientID *ClientID `idl:"name:ClientId" json:"client_id"`
// Event: Ignored when the method is called remotely.
Event uint32 `idl:"name:Event" json:"event"`
}
ChangeNotifyRequest structure represents the ElfrChangeNotify operation request
func (*ChangeNotifyRequest) MarshalNDR ¶
func (*ChangeNotifyRequest) UnmarshalNDR ¶
type ChangeNotifyResponse ¶
type ChangeNotifyResponse struct {
// Return: The ElfrChangeNotify return value.
Return int32 `idl:"name:Return" json:"return"`
}
ChangeNotifyResponse structure represents the ElfrChangeNotify operation response
func (*ChangeNotifyResponse) MarshalNDR ¶
func (*ChangeNotifyResponse) UnmarshalNDR ¶
type ClearEventLogARequest ¶
type ClearEventLogARequest struct {
// LogHandle: Handle to the event log to be cleared. This parameter is a server context
// handle, as specified in section 2.2.6. This handle MUST NOT be one obtained via the
// ElfrOpenBELA (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// BackupFileName: Provides an ANSI string (as specified in section 2.2.12) that points
// to an NT Object Path of a file (as specified in section 2.2.4.1), in which a current
// copy of the event log is to be placed. If this is NULL or empty, the server MUST
// NOT create a backup as part of this method.
BackupFileName *String `idl:"name:BackupFileName;pointer:unique" json:"backup_file_name"`
}
ClearEventLogARequest structure represents the ElfrClearELFA operation request
func (*ClearEventLogARequest) MarshalNDR ¶
func (*ClearEventLogARequest) UnmarshalNDR ¶
type ClearEventLogAResponse ¶
type ClearEventLogAResponse struct {
// Return: The ElfrClearELFA return value.
Return int32 `idl:"name:Return" json:"return"`
}
ClearEventLogAResponse structure represents the ElfrClearELFA operation response
func (*ClearEventLogAResponse) MarshalNDR ¶
func (*ClearEventLogAResponse) UnmarshalNDR ¶
type ClearEventLogWRequest ¶
type ClearEventLogWRequest struct {
// LogHandle: Handle to the event log to be cleared. This parameter is a server context
// handle, as specified in section 2.2.6. This handle MUST NOT be one obtained via the
// ElfrOpenBELA (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// BackupFileName: Provides a Unicode string (as specified in section 2.2.11) that points
// to an NT Object Path of a file in which a current copy of the event log is to be
// placed. If this is NULL or empty, no backup is to be created. The path is relative
// to the server rather than the client.
BackupFileName *dtyp.UnicodeString `idl:"name:BackupFileName;pointer:unique" json:"backup_file_name"`
}
ClearEventLogWRequest structure represents the ElfrClearELFW operation request
func (*ClearEventLogWRequest) MarshalNDR ¶
func (*ClearEventLogWRequest) UnmarshalNDR ¶
type ClearEventLogWResponse ¶
type ClearEventLogWResponse struct {
// Return: The ElfrClearELFW return value.
Return int32 `idl:"name:Return" json:"return"`
}
ClearEventLogWResponse structure represents the ElfrClearELFW operation response
func (*ClearEventLogWResponse) MarshalNDR ¶
func (*ClearEventLogWResponse) UnmarshalNDR ¶
type ClientID ¶
type ClientID struct {
// UniqueProcess: A 32-bit unsigned integer. Ignored when ElfrChangeNotify (section
// 3.1.4.23) is invoked remotely.
UniqueProcess uint32 `idl:"name:UniqueProcess" json:"unique_process"`
// UniqueThread: A 32-bit unsigned integer. Ignored when ElfrChangeNotify (section
// 3.1.4.23) is invoked remotely.
UniqueThread uint32 `idl:"name:UniqueThread" json:"unique_thread"`
}
ClientID structure represents RPC_CLIENT_ID RPC structure.
The RPC_CLIENT_ID structure is used in the ElfrChangeNotify (section 3.1.4.23) method for local method invocations only.
func (*ClientID) MarshalNDR ¶
type CloseEventLogRequest ¶
type CloseEventLogRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
}
CloseEventLogRequest structure represents the ElfrCloseEL operation request
func (*CloseEventLogRequest) MarshalNDR ¶
func (*CloseEventLogRequest) UnmarshalNDR ¶
type CloseEventLogResponse ¶
type CloseEventLogResponse struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrCloseEL return value.
Return int32 `idl:"name:Return" json:"return"`
}
CloseEventLogResponse structure represents the ElfrCloseEL operation response
func (*CloseEventLogResponse) MarshalNDR ¶
func (*CloseEventLogResponse) UnmarshalNDR ¶
type DeregisterEventSourceRequest ¶
type DeregisterEventSourceRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
}
DeregisterEventSourceRequest structure represents the ElfrDeregisterEventSource operation request
func (*DeregisterEventSourceRequest) MarshalNDR ¶
func (*DeregisterEventSourceRequest) UnmarshalNDR ¶
type DeregisterEventSourceResponse ¶
type DeregisterEventSourceResponse struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrDeregisterEventSource return value.
Return int32 `idl:"name:Return" json:"return"`
}
DeregisterEventSourceResponse structure represents the ElfrDeregisterEventSource operation response
func (*DeregisterEventSourceResponse) MarshalNDR ¶
func (*DeregisterEventSourceResponse) UnmarshalNDR ¶
type EventlogClient ¶
type EventlogClient interface {
// The ElfrClearELFW (Opnum 0) method instructs the server to clear an event log, and,
// optionally, to back up the event log before the clear operation takes place.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
ClearEventLogW(context.Context, *ClearEventLogWRequest, ...dcerpc.CallOption) (*ClearEventLogWResponse, error)
// The ElfrBackupELFW (Opnum 1) method instructs the server to back up the event log
// to a specified file name.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].<25>
BackupEventLogW(context.Context, *BackupEventLogWRequest, ...dcerpc.CallOption) (*BackupEventLogWResponse, error)
// The ElfrCloseEL (Opnum 2) method instructs the server to close a handle to the event
// log, freeing resources on the server that maintained an association between the handle
// and the corresponding event log. This handle MUST have been obtained via the ElfrOpenELW
// (section 3.1.4.3) method, the ElfrOpenELA (section 3.1.4.4) method, the ElfrOpenBELW
// (section 3.1.4.1) method, or the ElfrOpenBELA (section 3.1.4.2) method.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
CloseEventLog(context.Context, *CloseEventLogRequest, ...dcerpc.CallOption) (*CloseEventLogResponse, error)
// The ElfrDeregisterEventSource (Opnum 3) method instructs the server to close a handle
// to the event log, freeing resources on the server that maintained an association
// between the handle and the corresponding event log. This handle MUST have been obtained
// via the ElfrRegisterEventSourceW (section 3.1.4.5) method or the ElfrRegisterEventSourceA
// (section 3.1.4.6) method.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
DeregisterEventSource(context.Context, *DeregisterEventSourceRequest, ...dcerpc.CallOption) (*DeregisterEventSourceResponse, error)
// The ElfrNumberOfRecords (Opnum 4) method instructs the server to report the number
// of records currently in the event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
NumberOfRecords(context.Context, *NumberOfRecordsRequest, ...dcerpc.CallOption) (*NumberOfRecordsResponse, error)
// The ElfrOldestRecord (Opnum 5) method instructs the server to report the record number
// of the oldest record in the event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
OldestRecord(context.Context, *OldestRecordRequest, ...dcerpc.CallOption) (*OldestRecordResponse, error)
// The ElfrChangeNotify (Opnum 6) method is intended for local use.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; the
// method always returns STATUS_INVALID_HANDLE (0xC0000008) when called remotely. For
// all other errors it MUST return an implementation-based, nonzero NTSTATUS value specified
// in [MS-ERREF].
ChangeNotify(context.Context, *ChangeNotifyRequest, ...dcerpc.CallOption) (*ChangeNotifyResponse, error)
// The ElfrOpenELW method instructs the server to return a server context handle to
// a live event log. The caller MUST<18> have permission to read the file that contains
// the event log for this to succeed.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
OpenEventLogW(context.Context, *OpenEventLogWRequest, ...dcerpc.CallOption) (*OpenEventLogWResponse, error)
// The ElfrRegisterEventSourceW (Opnum 8) method instructs the server to return a server
// context handle to an event log for writing. The caller MUST have permission to write
// to the file containing the event log for this to succeed. The module name argument
// specifies the event source that is used to determine the relevant event log as specified
// below.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
RegisterEventSourceW(context.Context, *RegisterEventSourceWRequest, ...dcerpc.CallOption) (*RegisterEventSourceWResponse, error)
// The ElfrOpenBELW (Opnum 9) method instructs the server to return a handle to a backup
// event log. The caller MUST have permission to read the file containing the backup
// event log for this to succeed.
//
// Note The server has an Access Control List (ACL) that is used to control access
// to the log. The protocol has no methods for reading or setting that ACL.
//
// Return Values: The method MUST return STATUS_SUCCESS on success; otherwise, it MUST
// return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// Note The value of STATUS_SUCCESS is 0x00000000.
OpenBackupEventLogW(context.Context, *OpenBackupEventLogWRequest, ...dcerpc.CallOption) (*OpenBackupEventLogWResponse, error)
// The ElfrReadELW (Opnum 10) method reads events from the event log; the server transmits
// these events to the client and advances the reader's position within the event log
// associated with the server context handle that is passed in the LogHandle parameter.
// The strings in the returned event MUST be in [UNICODE].
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success. If
// the method is successful, the read position MUST be adjusted by NumberOfBytesRead.
// The method MUST return STATUS_BUFFER_TOO_SMALL (0xC0000023) if the buffer is too
// small to fit even one record. Otherwise, it MUST return any other implementation-based,
// nonzero NTSTATUS value specified in [MS-ERREF].
ReadEventLogW(context.Context, *ReadEventLogWRequest, ...dcerpc.CallOption) (*ReadEventLogWResponse, error)
// The ElfrReportEventW (Opnum 11) method writes events to the event log; the server
// receives these events from the client.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
ReportEventW(context.Context, *ReportEventWRequest, ...dcerpc.CallOption) (*ReportEventWResponse, error)
// The ElfrClearELFA (Opnum 12) method instructs the server to clear an event log, and,
// optionally, to back up the event log before the clear operation takes place.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// The ElfrClearELFA and ElfrClearELFW (section 3.1.4.9) methods are identical in functionality.
// The difference between the two methods is that the ElfrClearELFA method specifies
// BackupFileName as an ANSI string. The ElfrClearELFW method specifies BackupFileName
// as a UNICODE string.
ClearEventLogA(context.Context, *ClearEventLogARequest, ...dcerpc.CallOption) (*ClearEventLogAResponse, error)
// The ElfrBackupELFA (Opnum 13) method instructs the server to back up the event log
// to a specified file name.<26>
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// ElfrBackupELFA is identical to the ElfrBackupELFW (section 3.1.4.11) method except
// in the following case:
//
// * When BackUpFileName is an ANSI string.
BackupEventLogA(context.Context, *BackupEventLogARequest, ...dcerpc.CallOption) (*BackupEventLogAResponse, error)
// The ElfrOpenELA (Opnum 14) method instructs the server to return a server context
// handle to a live event log. For this to succeed, the caller MUST have permission
// to read the file that contains the event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This is identical to the ElfrOpenELW (section 3.1.4.3) method except that the ModuleName,
// RegModuleName, and the UNCServerName are ANSI strings in this case.
OpenEventLogA(context.Context, *OpenEventLogARequest, ...dcerpc.CallOption) (*OpenEventLogAResponse, error)
// The ElfrRegisterEventSourceA (Opnum 15) method instructs the server to return a server
// context handle to an event log for writing. The caller MUST have permission to write
// to the file containing the event log for this to succeed. The module name argument
// specifies the event source, which is used to determine the relevant event log, as
// specified in the following sections.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This is identical to the ElfrRegisterEventSourceW (section 3.1.4.5) method except
// that the ModuleName, RegModuleName, and the UNCServerName parameters are ANSI strings
// in this case.
RegisterEventSourceA(context.Context, *RegisterEventSourceARequest, ...dcerpc.CallOption) (*RegisterEventSourceAResponse, error)
// The ElfrOpenBELA (Opnum 16) method instructs the server to return a handle to a backup
// event log. The caller MUST have permission to read the file containing the backup
// event log for this to succeed.
//
// Note The server has an Access Control List (ACL) that is used to control access
// to the log. The protocol has no methods for reading or setting that ACL.
//
// Return Values: The method returns STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
OpenBackupEventLogA(context.Context, *OpenBackupEventLogARequest, ...dcerpc.CallOption) (*OpenBackupEventLogAResponse, error)
// The ElfrReadELA (Opnum 17) method reads events from the event log; the server transmits
// these events to the client and advances the reader's position within the event log
// associated with the server context handle that is passed in the LogHandle parameter.
// The strings in the returned events MUST be ANSI.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success. The
// method MUST return STATUS_BUFFER_TOO_SMALL (0xC0000023) if the buffer is too small
// to fit even one record. Otherwise, it MUST return any other implementation-based,
// nonzero NTSTATUS value specified in [MS-ERREF].
//
// This is identical to the ElfrReadELW (section 3.1.4.7) method except that the events
// placed in the buffer MUST be ANSI strings rather than [UNICODE] strings.
ReadEventLogA(context.Context, *ReadEventLogARequest, ...dcerpc.CallOption) (*ReadEventLogAResponse, error)
// The ElfrReportEventA (Opnum 18) method writes events to the event log; the server
// receives these events from the client.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This method is identical to the ElfrReportEventW (section 3.1.4.13) method except
// that the string arguments are ANSI strings in this case. Thus, the remarks in ElfrReportEventW
// (section 3.1.4.13) apply to this method as well.
ReportEventA(context.Context, *ReportEventARequest, ...dcerpc.CallOption) (*ReportEventAResponse, error)
// The ElfrGetLogInformation (Opnum 22) method instructs the server to return information
// on an event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success. The
// method MUST return STATUS_BUFFER_TOO_SMALL (0xC0000023) if the buffer is too small
// to fit even one record. Otherwise, it MUST return an implementation-based, nonzero
// NTSTATUS value specified in [MS-ERREF].
GetLogInformation(context.Context, *GetLogInformationRequest, ...dcerpc.CallOption) (*GetLogInformationResponse, error)
// This method<32> instructs the server to write an event to an event log. It differs
// from the other methods for writing an event by specifying the event source at the
// time of the write. The other methods for writing an event required the event source
// to be specified when the handle was opened for write.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// Note If the method is not supported, the RPC transport itself (as opposed to this
// protocol) returns RPC_S_PROCNUM_OUT_OF_RANGE (0x6D1).
//
// This method is almost identical to the ElfrReportEventW (section 3.1.4.13) method
// except that it has a SourceName parameter. The server uses this SourceName parameter
// to log the source into the event instead of retrieving the source name from the LogHandle
// parameter.
ReportEventAndSourceW(context.Context, *ReportEventAndSourceWRequest, ...dcerpc.CallOption) (*ReportEventAndSourceWResponse, error)
// The ElfrReportEventExW (Opnum 25) method<33> writes events to the event log; the
// server receives these events from the client.
//
// Return Values: The method returns STATUS_SUCCESS (0x00000000) on success; otherwise,
// it returns an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
ReportEventExW(context.Context, *ReportEventExWRequest, ...dcerpc.CallOption) (*ReportEventExWResponse, error)
// The ElfrReportEventExA (Opnum 26) method<36> writes events to the event log; the
// server receives these events from the client.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This method is identical to the ElfrReportEventExW (section 3.1.4.16) method except
// that the string arguments are ANSI strings in this case. Thus, the remarks in ElfrReportEventExW
// (section 3.1.4.16) apply to this method as well.
ReportEventExA(context.Context, *ReportEventExARequest, ...dcerpc.CallOption) (*ReportEventExAResponse, error)
// AlterContext alters the client context.
AlterContext(context.Context, ...dcerpc.Option) error
}
eventlog interface.
func NewEventlogClient ¶
type EventlogServer ¶
type EventlogServer interface {
// The ElfrClearELFW (Opnum 0) method instructs the server to clear an event log, and,
// optionally, to back up the event log before the clear operation takes place.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
ClearEventLogW(context.Context, *ClearEventLogWRequest) (*ClearEventLogWResponse, error)
// The ElfrBackupELFW (Opnum 1) method instructs the server to back up the event log
// to a specified file name.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].<25>
BackupEventLogW(context.Context, *BackupEventLogWRequest) (*BackupEventLogWResponse, error)
// The ElfrCloseEL (Opnum 2) method instructs the server to close a handle to the event
// log, freeing resources on the server that maintained an association between the handle
// and the corresponding event log. This handle MUST have been obtained via the ElfrOpenELW
// (section 3.1.4.3) method, the ElfrOpenELA (section 3.1.4.4) method, the ElfrOpenBELW
// (section 3.1.4.1) method, or the ElfrOpenBELA (section 3.1.4.2) method.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
CloseEventLog(context.Context, *CloseEventLogRequest) (*CloseEventLogResponse, error)
// The ElfrDeregisterEventSource (Opnum 3) method instructs the server to close a handle
// to the event log, freeing resources on the server that maintained an association
// between the handle and the corresponding event log. This handle MUST have been obtained
// via the ElfrRegisterEventSourceW (section 3.1.4.5) method or the ElfrRegisterEventSourceA
// (section 3.1.4.6) method.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
DeregisterEventSource(context.Context, *DeregisterEventSourceRequest) (*DeregisterEventSourceResponse, error)
// The ElfrNumberOfRecords (Opnum 4) method instructs the server to report the number
// of records currently in the event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
NumberOfRecords(context.Context, *NumberOfRecordsRequest) (*NumberOfRecordsResponse, error)
// The ElfrOldestRecord (Opnum 5) method instructs the server to report the record number
// of the oldest record in the event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
OldestRecord(context.Context, *OldestRecordRequest) (*OldestRecordResponse, error)
// The ElfrChangeNotify (Opnum 6) method is intended for local use.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; the
// method always returns STATUS_INVALID_HANDLE (0xC0000008) when called remotely. For
// all other errors it MUST return an implementation-based, nonzero NTSTATUS value specified
// in [MS-ERREF].
ChangeNotify(context.Context, *ChangeNotifyRequest) (*ChangeNotifyResponse, error)
// The ElfrOpenELW method instructs the server to return a server context handle to
// a live event log. The caller MUST<18> have permission to read the file that contains
// the event log for this to succeed.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
OpenEventLogW(context.Context, *OpenEventLogWRequest) (*OpenEventLogWResponse, error)
// The ElfrRegisterEventSourceW (Opnum 8) method instructs the server to return a server
// context handle to an event log for writing. The caller MUST have permission to write
// to the file containing the event log for this to succeed. The module name argument
// specifies the event source that is used to determine the relevant event log as specified
// below.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
RegisterEventSourceW(context.Context, *RegisterEventSourceWRequest) (*RegisterEventSourceWResponse, error)
// The ElfrOpenBELW (Opnum 9) method instructs the server to return a handle to a backup
// event log. The caller MUST have permission to read the file containing the backup
// event log for this to succeed.
//
// Note The server has an Access Control List (ACL) that is used to control access
// to the log. The protocol has no methods for reading or setting that ACL.
//
// Return Values: The method MUST return STATUS_SUCCESS on success; otherwise, it MUST
// return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// Note The value of STATUS_SUCCESS is 0x00000000.
OpenBackupEventLogW(context.Context, *OpenBackupEventLogWRequest) (*OpenBackupEventLogWResponse, error)
// The ElfrReadELW (Opnum 10) method reads events from the event log; the server transmits
// these events to the client and advances the reader's position within the event log
// associated with the server context handle that is passed in the LogHandle parameter.
// The strings in the returned event MUST be in [UNICODE].
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success. If
// the method is successful, the read position MUST be adjusted by NumberOfBytesRead.
// The method MUST return STATUS_BUFFER_TOO_SMALL (0xC0000023) if the buffer is too
// small to fit even one record. Otherwise, it MUST return any other implementation-based,
// nonzero NTSTATUS value specified in [MS-ERREF].
ReadEventLogW(context.Context, *ReadEventLogWRequest) (*ReadEventLogWResponse, error)
// The ElfrReportEventW (Opnum 11) method writes events to the event log; the server
// receives these events from the client.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
ReportEventW(context.Context, *ReportEventWRequest) (*ReportEventWResponse, error)
// The ElfrClearELFA (Opnum 12) method instructs the server to clear an event log, and,
// optionally, to back up the event log before the clear operation takes place.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// The ElfrClearELFA and ElfrClearELFW (section 3.1.4.9) methods are identical in functionality.
// The difference between the two methods is that the ElfrClearELFA method specifies
// BackupFileName as an ANSI string. The ElfrClearELFW method specifies BackupFileName
// as a UNICODE string.
ClearEventLogA(context.Context, *ClearEventLogARequest) (*ClearEventLogAResponse, error)
// The ElfrBackupELFA (Opnum 13) method instructs the server to back up the event log
// to a specified file name.<26>
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// ElfrBackupELFA is identical to the ElfrBackupELFW (section 3.1.4.11) method except
// in the following case:
//
// * When BackUpFileName is an ANSI string.
BackupEventLogA(context.Context, *BackupEventLogARequest) (*BackupEventLogAResponse, error)
// The ElfrOpenELA (Opnum 14) method instructs the server to return a server context
// handle to a live event log. For this to succeed, the caller MUST have permission
// to read the file that contains the event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This is identical to the ElfrOpenELW (section 3.1.4.3) method except that the ModuleName,
// RegModuleName, and the UNCServerName are ANSI strings in this case.
OpenEventLogA(context.Context, *OpenEventLogARequest) (*OpenEventLogAResponse, error)
// The ElfrRegisterEventSourceA (Opnum 15) method instructs the server to return a server
// context handle to an event log for writing. The caller MUST have permission to write
// to the file containing the event log for this to succeed. The module name argument
// specifies the event source, which is used to determine the relevant event log, as
// specified in the following sections.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This is identical to the ElfrRegisterEventSourceW (section 3.1.4.5) method except
// that the ModuleName, RegModuleName, and the UNCServerName parameters are ANSI strings
// in this case.
RegisterEventSourceA(context.Context, *RegisterEventSourceARequest) (*RegisterEventSourceAResponse, error)
// The ElfrOpenBELA (Opnum 16) method instructs the server to return a handle to a backup
// event log. The caller MUST have permission to read the file containing the backup
// event log for this to succeed.
//
// Note The server has an Access Control List (ACL) that is used to control access
// to the log. The protocol has no methods for reading or setting that ACL.
//
// Return Values: The method returns STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
OpenBackupEventLogA(context.Context, *OpenBackupEventLogARequest) (*OpenBackupEventLogAResponse, error)
// The ElfrReadELA (Opnum 17) method reads events from the event log; the server transmits
// these events to the client and advances the reader's position within the event log
// associated with the server context handle that is passed in the LogHandle parameter.
// The strings in the returned events MUST be ANSI.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success. The
// method MUST return STATUS_BUFFER_TOO_SMALL (0xC0000023) if the buffer is too small
// to fit even one record. Otherwise, it MUST return any other implementation-based,
// nonzero NTSTATUS value specified in [MS-ERREF].
//
// This is identical to the ElfrReadELW (section 3.1.4.7) method except that the events
// placed in the buffer MUST be ANSI strings rather than [UNICODE] strings.
ReadEventLogA(context.Context, *ReadEventLogARequest) (*ReadEventLogAResponse, error)
// The ElfrReportEventA (Opnum 18) method writes events to the event log; the server
// receives these events from the client.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This method is identical to the ElfrReportEventW (section 3.1.4.13) method except
// that the string arguments are ANSI strings in this case. Thus, the remarks in ElfrReportEventW
// (section 3.1.4.13) apply to this method as well.
ReportEventA(context.Context, *ReportEventARequest) (*ReportEventAResponse, error)
// The ElfrGetLogInformation (Opnum 22) method instructs the server to return information
// on an event log.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success. The
// method MUST return STATUS_BUFFER_TOO_SMALL (0xC0000023) if the buffer is too small
// to fit even one record. Otherwise, it MUST return an implementation-based, nonzero
// NTSTATUS value specified in [MS-ERREF].
GetLogInformation(context.Context, *GetLogInformationRequest) (*GetLogInformationResponse, error)
// This method<32> instructs the server to write an event to an event log. It differs
// from the other methods for writing an event by specifying the event source at the
// time of the write. The other methods for writing an event required the event source
// to be specified when the handle was opened for write.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// Note If the method is not supported, the RPC transport itself (as opposed to this
// protocol) returns RPC_S_PROCNUM_OUT_OF_RANGE (0x6D1).
//
// This method is almost identical to the ElfrReportEventW (section 3.1.4.13) method
// except that it has a SourceName parameter. The server uses this SourceName parameter
// to log the source into the event instead of retrieving the source name from the LogHandle
// parameter.
ReportEventAndSourceW(context.Context, *ReportEventAndSourceWRequest) (*ReportEventAndSourceWResponse, error)
// The ElfrReportEventExW (Opnum 25) method<33> writes events to the event log; the
// server receives these events from the client.
//
// Return Values: The method returns STATUS_SUCCESS (0x00000000) on success; otherwise,
// it returns an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
ReportEventExW(context.Context, *ReportEventExWRequest) (*ReportEventExWResponse, error)
// The ElfrReportEventExA (Opnum 26) method<36> writes events to the event log; the
// server receives these events from the client.
//
// Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise,
// it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].
//
// This method is identical to the ElfrReportEventExW (section 3.1.4.16) method except
// that the string arguments are ANSI strings in this case. Thus, the remarks in ElfrReportEventExW
// (section 3.1.4.16) apply to this method as well.
ReportEventExA(context.Context, *ReportEventExARequest) (*ReportEventExAResponse, error)
}
eventlog server interface.
type GetLogInformationRequest ¶
type GetLogInformationRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// InfoLevel: The level of event log information to return. This MUST be set to zero.
InfoLevel uint32 `idl:"name:InfoLevel" json:"info_level"`
// cbBufSize: The size in bytes of the buffer pointed to by the lpBuffer parameter.
BufferLength uint32 `idl:"name:cbBufSize" json:"buffer_length"`
}
GetLogInformationRequest structure represents the ElfrGetLogInformation operation request
func (*GetLogInformationRequest) MarshalNDR ¶
func (*GetLogInformationRequest) UnmarshalNDR ¶
type GetLogInformationResponse ¶
type GetLogInformationResponse struct {
// lpBuffer: The event log information. This MUST point to either an EVENTLOG_FULL_INFORMATION
// (section 2.2.4) structure or be NULL.
Buffer []byte `idl:"name:lpBuffer;size_is:(cbBufSize)" json:"buffer"`
// pcbBytesNeeded: Number of bytes required for the requested information, regardless
// of if the function succeeds. This parameter MUST NOT be NULL.
BytesNeededLength uint32 `idl:"name:pcbBytesNeeded" json:"bytes_needed_length"`
// Return: The ElfrGetLogInformation return value.
Return int32 `idl:"name:Return" json:"return"`
}
GetLogInformationResponse structure represents the ElfrGetLogInformation operation response
func (*GetLogInformationResponse) MarshalNDR ¶
func (*GetLogInformationResponse) UnmarshalNDR ¶
type Handle ¶
type Handle dcetypes.ContextHandle
Handle structure represents IELF_HANDLE RPC structure.
func (*Handle) ContextHandle ¶
func (o *Handle) ContextHandle() *dcetypes.ContextHandle
type NumberOfRecordsRequest ¶
type NumberOfRecordsRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
}
NumberOfRecordsRequest structure represents the ElfrNumberOfRecords operation request
func (*NumberOfRecordsRequest) MarshalNDR ¶
func (*NumberOfRecordsRequest) UnmarshalNDR ¶
type NumberOfRecordsResponse ¶
type NumberOfRecordsResponse struct {
// NumberOfRecords: Total number of records in the specified event log.
NumberOfRecords uint32 `idl:"name:NumberOfRecords" json:"number_of_records"`
// Return: The ElfrNumberOfRecords return value.
Return int32 `idl:"name:Return" json:"return"`
}
NumberOfRecordsResponse structure represents the ElfrNumberOfRecords operation response
func (*NumberOfRecordsResponse) MarshalNDR ¶
func (*NumberOfRecordsResponse) UnmarshalNDR ¶
type OldestRecordRequest ¶
type OldestRecordRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
}
OldestRecordRequest structure represents the ElfrOldestRecord operation request
func (*OldestRecordRequest) MarshalNDR ¶
func (*OldestRecordRequest) UnmarshalNDR ¶
type OldestRecordResponse ¶
type OldestRecordResponse struct {
// OldestRecordNumber: The number of the oldest record in the specified event log. The
// chronology is based on the time that records are written (not the record generation
// time specified by the event source).
OldestRecordNumber uint32 `idl:"name:OldestRecordNumber" json:"oldest_record_number"`
// Return: The ElfrOldestRecord return value.
Return int32 `idl:"name:Return" json:"return"`
}
OldestRecordResponse structure represents the ElfrOldestRecord operation response
func (*OldestRecordResponse) MarshalNDR ¶
func (*OldestRecordResponse) UnmarshalNDR ¶
type OpenBackupEventLogARequest ¶
type OpenBackupEventLogARequest struct {
// UNCServerName: A server interface handle. A pointer to an ANSI string (see [MSDN-ANSI])
// specifying the server, as specified in section 2.2.7. The client MUST map this string
// to an RPC binding handle, and the server MUST ignore this argument, as specified
// in [C706] sections 4.3.5 and 5.1.5.2.
UNCServerName string `idl:"name:UNCServerName" json:"unc_server_name"`
// BackupFileName: Provides an ANSI string (as specified in section 2.2.12) that points
// to an NT Object Path of the file where the backup event log is located, as specified
// in section 2.2.4.1.
BackupFileName *String `idl:"name:BackupFileName" json:"backup_file_name"`
// MajorVersion: Major version of the client. This value MUST be set to 1.
MajorVersion uint32 `idl:"name:MajorVersion" json:"major_version"`
// MinorVersion: Minor version of the client. This value MUST be set to 1.
MinorVersion uint32 `idl:"name:MinorVersion" json:"minor_version"`
}
OpenBackupEventLogARequest structure represents the ElfrOpenBELA operation request
func (*OpenBackupEventLogARequest) MarshalNDR ¶
func (*OpenBackupEventLogARequest) UnmarshalNDR ¶
type OpenBackupEventLogAResponse ¶
type OpenBackupEventLogAResponse struct {
// LogHandle: Pointer to an event log handle. This parameter is a server context handle,
// as specified in section 2.2.6. This handle MUST be closed by using the ElfrCloseEL
// (section 3.1.4.21) method once the handle is no longer needed. In the case when the
// client cannot call the ElfrCloseEL function, such as the abnormal termination of
// the client, this context handle will be revoked by the server so that there will
// not be any resource leaks.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrOpenBELA return value.
Return int32 `idl:"name:Return" json:"return"`
}
OpenBackupEventLogAResponse structure represents the ElfrOpenBELA operation response
func (*OpenBackupEventLogAResponse) MarshalNDR ¶
func (*OpenBackupEventLogAResponse) UnmarshalNDR ¶
type OpenBackupEventLogWRequest ¶
type OpenBackupEventLogWRequest struct {
// UNCServerName: A server interface handle. A pointer to a Unicode string specifying
// the server, as specified in section 2.2.7. The client MUST map this string to an
// RPC binding handle, and the server MUST ignore this argument. See [C706] sections
// 4.3.5 and 5.1.5.2.
UNCServerName string `idl:"name:UNCServerName" json:"unc_server_name"`
// BackupFileName: Provides a Unicode string (as specified in section 2.2.11) that points
// to an NT Object Path of the file where the backup event log is located, as specified
// in section 2.2.4.1.
BackupFileName *dtyp.UnicodeString `idl:"name:BackupFileName" json:"backup_file_name"`
// MajorVersion: Major version of the client. This value MUST be set to 1.
MajorVersion uint32 `idl:"name:MajorVersion" json:"major_version"`
// MinorVersion: Minor version of the client. This value MUST be set to 1.
MinorVersion uint32 `idl:"name:MinorVersion" json:"minor_version"`
}
OpenBackupEventLogWRequest structure represents the ElfrOpenBELW operation request
func (*OpenBackupEventLogWRequest) MarshalNDR ¶
func (*OpenBackupEventLogWRequest) UnmarshalNDR ¶
type OpenBackupEventLogWResponse ¶
type OpenBackupEventLogWResponse struct {
// LogHandle: Pointer to an event log handle. This parameter is a server context handle,
// as specified in section 2.2.6. This handle MUST be closed using the ElfrCloseEL (Opnum
// 2) (section 3.1.4.21) method once the handle is no longer needed. In the case when
// the client cannot call the ElfrCloseEL function, such as the abnormal termination
// of the client, this context handle will be revoked by the server so that there will
// not be any resource leaks. The processing rule to revoke a context handle that has
// been terminated abnormally is defined in [MS-RPCE] section 3.3.3.2.1.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrOpenBELW return value.
Return int32 `idl:"name:Return" json:"return"`
}
OpenBackupEventLogWResponse structure represents the ElfrOpenBELW operation response
func (*OpenBackupEventLogWResponse) MarshalNDR ¶
func (*OpenBackupEventLogWResponse) UnmarshalNDR ¶
type OpenEventLogARequest ¶
type OpenEventLogARequest struct {
// UNCServerName: A server interface handle. A pointer to an ANSI string (see [MSDN-ANSI])
// specifying the server, as specified in section 2.2.7. The client MUST map this string
// to an RPC binding handle, and the server MUST ignore this argument, as specified
// in [C706] sections 4.3.5 and 5.1.5.2.
UNCServerName string `idl:"name:UNCServerName" json:"unc_server_name"`
// ModuleName: Specifies the event log name, as defined in section 1.8.2 and specified
// in section 2.2.12, for which a handle is needed.
ModuleName *String `idl:"name:ModuleName" json:"module_name"`
// RegModuleName: This parameter MUST be ignored by the server. Clients MUST specify
// an empty string.
RegModuleName *String `idl:"name:RegModuleName" json:"reg_module_name"`
// MajorVersion: Major version of the client. This value MUST be set to 1.
MajorVersion uint32 `idl:"name:MajorVersion" json:"major_version"`
// MinorVersion: Minor version of the client. This value MUST be set to 1.
MinorVersion uint32 `idl:"name:MinorVersion" json:"minor_version"`
}
OpenEventLogARequest structure represents the ElfrOpenELA operation request
func (*OpenEventLogARequest) MarshalNDR ¶
func (*OpenEventLogARequest) UnmarshalNDR ¶
type OpenEventLogAResponse ¶
type OpenEventLogAResponse struct {
// LogHandle: Pointer to an event log handle. This parameter is a server context handle,
// as specified in section 2.2.6. This handle MUST be closed by using the ElfrCloseEL
// (section 3.1.4.21) method once the handle is no longer needed. In the case when the
// client cannot call the ElfrCloseEL function, such as the abnormal termination of
// the client, this context handle will be revoked by the server so that there will
// not be any resource leaks.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrOpenELA return value.
Return int32 `idl:"name:Return" json:"return"`
}
OpenEventLogAResponse structure represents the ElfrOpenELA operation response
func (*OpenEventLogAResponse) MarshalNDR ¶
func (*OpenEventLogAResponse) UnmarshalNDR ¶
type OpenEventLogWRequest ¶
type OpenEventLogWRequest struct {
// UNCServerName: A server interface handle. A pointer to a Unicode string specifying
// the server, as specified in section 2.2.7. The client MUST map this string to an
// RPC binding handle, and the server MUST ignore this argument, as specified in [C706]
// sections 4.3.5 and 5.1.5.2.
UNCServerName string `idl:"name:UNCServerName" json:"unc_server_name"`
// ModuleName: Specifies the event log name, as defined in section 1.8.2 and specified
// in section 2.2.11, for which a handle is needed.
ModuleName *dtyp.UnicodeString `idl:"name:ModuleName" json:"module_name"`
// RegModuleName: This parameter MUST be ignored by the server. Clients MUST specify
// an empty string.
RegModuleName *dtyp.UnicodeString `idl:"name:RegModuleName" json:"reg_module_name"`
// MajorVersion: Major version of the client. This value MUST be set to 1.
MajorVersion uint32 `idl:"name:MajorVersion" json:"major_version"`
// MinorVersion: Minor version of the client. This value MUST be set to 1.
MinorVersion uint32 `idl:"name:MinorVersion" json:"minor_version"`
}
OpenEventLogWRequest structure represents the ElfrOpenELW operation request
func (*OpenEventLogWRequest) MarshalNDR ¶
func (*OpenEventLogWRequest) UnmarshalNDR ¶
type OpenEventLogWResponse ¶
type OpenEventLogWResponse struct {
// LogHandle: Pointer to an event log handle. This parameter is a server context handle,
// as specified in section 2.2.6. This handle MUST be closed by using the ElfrCloseEL
// (section 3.1.4.21) method once the handle is no longer needed. In the case when the
// client cannot call the ElfrCloseEL function such as the abnormal termination of the
// client, this context handle will be revoked by the server so that there will not
// be any resource leaks.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrOpenELW return value.
Return int32 `idl:"name:Return" json:"return"`
}
OpenEventLogWResponse structure represents the ElfrOpenELW operation response
func (*OpenEventLogWResponse) MarshalNDR ¶
func (*OpenEventLogWResponse) UnmarshalNDR ¶
type ReadEventLogARequest ¶
type ReadEventLogARequest struct {
// LogHandle: Handle to an event log to read. This parameter is a server context handle,
// as specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// ReadFlags: The caller MUST specify if the read is to start at a specific record,
// or is to proceed from the last record read. The value MUST be one and only one of
// the following flags.
//
// +-------------------------------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | MEANING |
// | | |
// +-------------------------------------+----------------------------------------------------------------------------------+
// +-------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_SEQUENTIAL_READ 0x00000001 | Read operation proceeds sequentially from the last call to the ElfrReadELA |
// | | (section 3.1.4.8) method or the ElfrReadELW (section 3.1.4.7) method, using this |
// | | handle. This flag cannot be used with EVENTLOG_SEEK_READ. |
// +-------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_SEEK_READ 0x00000002 | Read operation proceeds from the record specified by the RecordOffset parameter. |
// | | This flag cannot be used with EVENTLOG_SEQUENTIAL_READ. |
// +-------------------------------------+----------------------------------------------------------------------------------+
//
// Because the method reads as many records as can fit in the buffer, the caller MUST
// also set one and only one of the following flags to indicate the direction for successive
// read operations.
//
// +------------------------------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | MEANING |
// | | |
// +------------------------------------+----------------------------------------------------------------------------------+
// +------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_FORWARDS_READ 0x00000004 | Log is read in chronological order. This flag cannot be used with |
// | | EVENTLOG_BACKWARDS_READ. |
// +------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_BACKWARDS_READ 0x00000008 | Log is read in reverse chronological order. This flag cannot be used with |
// | | EVENTLOG_FORWARDS_READ. |
// +------------------------------------+----------------------------------------------------------------------------------+
ReadFlags uint32 `idl:"name:ReadFlags" json:"read_flags"`
// RecordOffset: Log entry record number at which the read operation is to start. Each
// event in a log has a record number. This parameter MUST be ignored unless the EVENTLOG_SEEK_READ
// bit is set in the ReadFlags parameter.
RecordOffset uint32 `idl:"name:RecordOffset" json:"record_offset"`
// NumberOfBytesToRead: Size of the buffer in bytes. This is the maximum amount of data
// that can be read.
NumberOfBytesToRead uint32 `idl:"name:NumberOfBytesToRead" json:"number_of_bytes_to_read"`
}
ReadEventLogARequest structure represents the ElfrReadELA operation request
func (*ReadEventLogARequest) MarshalNDR ¶
func (*ReadEventLogARequest) UnmarshalNDR ¶
type ReadEventLogAResponse ¶
type ReadEventLogAResponse struct {
// Buffer: Data read from the event log.
Buffer []byte `idl:"name:Buffer;size_is:(NumberOfBytesToRead)" json:"buffer"`
// NumberOfBytesRead: Number of bytes read by the method.
NumberOfBytesRead uint32 `idl:"name:NumberOfBytesRead" json:"number_of_bytes_read"`
// MinNumberOfBytesNeeded: If the method fails because the buffer is too small to fit
// even a single record, this MUST be set to the minimum number of bytes needed to fit
// the next record. Otherwise, this MUST NOT be set, and MUST be ignored by the caller.
MinNumberOfBytesNeeded uint32 `idl:"name:MinNumberOfBytesNeeded" json:"min_number_of_bytes_needed"`
// Return: The ElfrReadELA return value.
Return int32 `idl:"name:Return" json:"return"`
}
ReadEventLogAResponse structure represents the ElfrReadELA operation response
func (*ReadEventLogAResponse) MarshalNDR ¶
func (*ReadEventLogAResponse) UnmarshalNDR ¶
type ReadEventLogWRequest ¶
type ReadEventLogWRequest struct {
// LogHandle: Handle to an event log to read. This parameter is a server context handle,
// as specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// ReadFlags: The caller MUST specify whether the read is to start at a specific record
// or is to proceed from the last record read. The value MUST include one and only one
// of the following flags.
//
// +-------------------------------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | MEANING |
// | | |
// +-------------------------------------+----------------------------------------------------------------------------------+
// +-------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_SEQUENTIAL_READ 0x00000001 | Read operation proceeds sequentially from the last call to the ElfrReadELW |
// | | (section 3.1.4.7) method or the ElfrReadELA (section 3.1.4.8) method, using this |
// | | handle. This flag MUST NOT be used with EVENTLOG_SEEK_READ. |
// +-------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_SEEK_READ 0x00000002 | Read operation proceeds from the record specified by the RecordOffset parameter. |
// | | This flag MUST NOT be used with EVENTLOG_SEQUENTIAL_READ. |
// +-------------------------------------+----------------------------------------------------------------------------------+
//
// Because the method reads as many records as can fit in the buffer, the caller MUST
// also set one and only one of the following flags to indicate the direction for successive
// read operations.
//
// +------------------------------------+----------------------------------------------------------------------------------+
// | | |
// | VALUE | MEANING |
// | | |
// +------------------------------------+----------------------------------------------------------------------------------+
// +------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_FORWARDS_READ 0x00000004 | Log is read in chronological order. This flag MUST NOT be used with |
// | | EVENTLOG_BACKWARDS_READ. |
// +------------------------------------+----------------------------------------------------------------------------------+
// | EVENTLOG_BACKWARDS_READ 0x00000008 | Log is read in reverse chronological order. This flag MUST NOT be used with |
// | | EVENTLOG_FORWARDS_READ. |
// +------------------------------------+----------------------------------------------------------------------------------+
ReadFlags uint32 `idl:"name:ReadFlags" json:"read_flags"`
// RecordOffset: Log entry record number from which the read operation starts (this
// is not a byte offset but a number). This parameter MUST be ignored unless the EVENTLOG_SEEK_READ
// bit is set in the ReadFlags parameter.
RecordOffset uint32 `idl:"name:RecordOffset" json:"record_offset"`
// NumberOfBytesToRead: Size of the Buffer in bytes. This is the maximum amount of data
// that can be read.
NumberOfBytesToRead uint32 `idl:"name:NumberOfBytesToRead" json:"number_of_bytes_to_read"`
}
ReadEventLogWRequest structure represents the ElfrReadELW operation request
func (*ReadEventLogWRequest) MarshalNDR ¶
func (*ReadEventLogWRequest) UnmarshalNDR ¶
type ReadEventLogWResponse ¶
type ReadEventLogWResponse struct {
// Buffer: The buffer in which to place data read from the event log.
Buffer []byte `idl:"name:Buffer;size_is:(NumberOfBytesToRead)" json:"buffer"`
// NumberOfBytesRead: Pointer to a variable that receives the number of bytes actually
// read by the method.
NumberOfBytesRead uint32 `idl:"name:NumberOfBytesRead" json:"number_of_bytes_read"`
// MinNumberOfBytesNeeded: If the method fails because the buffer is too small to fit
// even a single record, this MUST be set to the minimum number of bytes needed to fit
// the next record. Otherwise, this MUST NOT be set, and MUST be ignored by the caller.
MinNumberOfBytesNeeded uint32 `idl:"name:MinNumberOfBytesNeeded" json:"min_number_of_bytes_needed"`
// Return: The ElfrReadELW return value.
Return int32 `idl:"name:Return" json:"return"`
}
ReadEventLogWResponse structure represents the ElfrReadELW operation response
func (*ReadEventLogWResponse) MarshalNDR ¶
func (*ReadEventLogWResponse) UnmarshalNDR ¶
type RegisterEventSourceARequest ¶
type RegisterEventSourceARequest struct {
// UNCServerName: A server interface handle. A pointer to an ANSI string (see [MSDN-ANSI])
// specifying the server, as specified in section 2.2.7. The client MUST map this string
// to an RPC binding handle, and the server MUST ignore this argument, as specified
// in [C706] sections 4.3.5 and 5.1.5.2.
UNCServerName string `idl:"name:UNCServerName" json:"unc_server_name"`
// ModuleName: Specifies the event source, as defined in section 1.8.3 and specified
// in section 2.2.12, for which a handle is needed.
ModuleName *String `idl:"name:ModuleName" json:"module_name"`
// RegModuleName: This parameter MUST be ignored by the server. Clients MUST specify
// an empty string.
RegModuleName *String `idl:"name:RegModuleName" json:"reg_module_name"`
// MajorVersion: Major version of the client. This value MUST be set to 1.
MajorVersion uint32 `idl:"name:MajorVersion" json:"major_version"`
// MinorVersion: Minor version of the client. This value MUST be set to 1.
MinorVersion uint32 `idl:"name:MinorVersion" json:"minor_version"`
}
RegisterEventSourceARequest structure represents the ElfrRegisterEventSourceA operation request
func (*RegisterEventSourceARequest) MarshalNDR ¶
func (*RegisterEventSourceARequest) UnmarshalNDR ¶
type RegisterEventSourceAResponse ¶
type RegisterEventSourceAResponse struct {
// LogHandle: Pointer to an event log handle. This parameter is a server context handle,
// as specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrRegisterEventSourceA return value.
Return int32 `idl:"name:Return" json:"return"`
}
RegisterEventSourceAResponse structure represents the ElfrRegisterEventSourceA operation response
func (*RegisterEventSourceAResponse) MarshalNDR ¶
func (*RegisterEventSourceAResponse) UnmarshalNDR ¶
type RegisterEventSourceWRequest ¶
type RegisterEventSourceWRequest struct {
// UNCServerName: A server interface handle. A pointer to a Unicode (as specified in
// [MS-DTYP]) string specifying the server, as specified in section 2.2.7. The client
// MUST map this string to an RPC binding handle, and the server MUST ignore this argument,
// as specified in [C706] sections 4.3.5 and 5.1.5.2.
UNCServerName string `idl:"name:UNCServerName" json:"unc_server_name"`
// ModuleName: Specifies the event source, as defined in section 1.8.3 and specified
// in section 2.2.11, for which a handle is needed.
ModuleName *dtyp.UnicodeString `idl:"name:ModuleName" json:"module_name"`
// RegModuleName: This parameter MUST be ignored by the server. Clients MUST specify
// an empty string.
RegModuleName *dtyp.UnicodeString `idl:"name:RegModuleName" json:"reg_module_name"`
// MajorVersion: Major version of the client. This value MUST be set to 1.
MajorVersion uint32 `idl:"name:MajorVersion" json:"major_version"`
// MinorVersion: Minor version of the client. This value MUST be set to 1.
MinorVersion uint32 `idl:"name:MinorVersion" json:"minor_version"`
}
RegisterEventSourceWRequest structure represents the ElfrRegisterEventSourceW operation request
func (*RegisterEventSourceWRequest) MarshalNDR ¶
func (*RegisterEventSourceWRequest) UnmarshalNDR ¶
type RegisterEventSourceWResponse ¶
type RegisterEventSourceWResponse struct {
// LogHandle: Pointer to an event log handle. This parameter is a server context handle,
// as specified in section 2.2.6.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Return: The ElfrRegisterEventSourceW return value.
Return int32 `idl:"name:Return" json:"return"`
}
RegisterEventSourceWResponse structure represents the ElfrRegisterEventSourceW operation response
func (*RegisterEventSourceWResponse) MarshalNDR ¶
func (*RegisterEventSourceWResponse) UnmarshalNDR ¶
type ReportEventARequest ¶
type ReportEventARequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA
// (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Time: Time at which the event was generated by the event source (not the time at
// which the event was). The time MUST be expressed as the number of seconds since 00:00:00
// on January 1, 1970 (UTC).
Time uint32 `idl:"name:Time" json:"time"`
// EventType: Type of the event, as specified in section 2.2.2.
EventType uint16 `idl:"name:EventType" json:"event_type"`
// EventCategory: Event category, as specified in section 1.8.5.
EventCategory uint16 `idl:"name:EventCategory" json:"event_category"`
// EventID: EventID, as specified in section 3.1.1.4.
EventID uint32 `idl:"name:EventID" json:"event_id"`
// NumStrings: Number of strings in the array pointed to by the Strings parameter. A
// value of zero indicates that no strings are present.
StringsLength uint16 `idl:"name:NumStrings" json:"strings_length"`
// DataSize: Number of bytes of event-specific raw binary data to write to the log.
// This binary data is passed in the Data parameter. If no event-specific data is present,
// this parameter MUST be set to zero.
DataSize uint32 `idl:"name:DataSize" json:"data_size"`
// ComputerName: A string to assist in identifying the machine that generated the event.
// In practice, the name of the computer. There are no character restrictions on this
// field's content (for example, a FQDN can be used).<31>
ComputerName *String `idl:"name:ComputerName" json:"computer_name"`
// UserSID: Either NULL or a user SID. If this is NULL, the event is to have a zero
// length UserSid field.
UserSID *dtyp.SID `idl:"name:UserSID;pointer:unique" json:"user_sid"`
// Strings: Specifies strings containing information specific to the event. This parameter
// MUST be a valid pointer. If the NumStrings parameter is zero, this parameter MUST
// be NULL. For example, an event relating to file deletion could use a string to specify
// the path of the file being deleted.
Strings []*String `idl:"name:Strings;size_is:(NumStrings);pointer:unique" json:"strings"`
// Data: Pointer to the buffer that contains the event-specific binary data. This parameter
// MUST be a valid pointer (or NULL), even if the DataSize parameter is 0.
Data []byte `idl:"name:Data;size_is:(DataSize);pointer:unique" json:"data"`
// Flags: Unused. MUST be set to zero when sent and MUST be ignored on receipt.
Flags uint16 `idl:"name:Flags" json:"flags"`
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// TimeWritten: Unused. Can be set to any arbitrary value when sent, and any value sent
// by the client MUST be ignored on receipt by the server.
TimeWritten uint32 `idl:"name:TimeWritten;pointer:unique" json:"time_written"`
}
ReportEventARequest structure represents the ElfrReportEventA operation request
func (*ReportEventARequest) MarshalNDR ¶
func (*ReportEventARequest) UnmarshalNDR ¶
type ReportEventAResponse ¶
type ReportEventAResponse struct {
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// TimeWritten: Unused. Can be set to any arbitrary value when sent, and any value sent
// by the client MUST be ignored on receipt by the server.
TimeWritten uint32 `idl:"name:TimeWritten;pointer:unique" json:"time_written"`
// Return: The ElfrReportEventA return value.
Return int32 `idl:"name:Return" json:"return"`
}
ReportEventAResponse structure represents the ElfrReportEventA operation response
func (*ReportEventAResponse) MarshalNDR ¶
func (*ReportEventAResponse) UnmarshalNDR ¶
type ReportEventAndSourceWRequest ¶
type ReportEventAndSourceWRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA
// (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Time: Time at which the event was generated by the event source (not the time at
// which the event was logged). The time MUST be expressed as the number of seconds
// since 00:00:00 on January 1, 1970 (UTC).
Time uint32 `idl:"name:Time" json:"time"`
// EventType: Type of the event, as specified in section 2.2.2.
EventType uint16 `idl:"name:EventType" json:"event_type"`
// EventCategory: Event category, as specified in section 1.8.5.
EventCategory uint16 `idl:"name:EventCategory" json:"event_category"`
// EventID: EventID, as specified in section 3.1.1.4.
EventID uint32 `idl:"name:EventID" json:"event_id"`
// SourceName: Specifies the name of the event source.
SourceName *dtyp.UnicodeString `idl:"name:SourceName" json:"source_name"`
// NumStrings: Number of strings in the array pointed to by the Strings parameter. If
// no strings are present, this value MUST be set to zero.
StringsLength uint16 `idl:"name:NumStrings" json:"strings_length"`
// DataSize: Number of bytes of event-specific raw binary data to write to the log.
// This binary data is passed in the Data parameter. If no event-specific data is present,
// this parameter MUST be set to zero.
DataSize uint32 `idl:"name:DataSize" json:"data_size"`
// ComputerName: A string to assist in identifying the machine that generated the event.
// In practice, the name of the computer. There are no character restrictions on this
// field's content (for example, a FQDN can be used).
ComputerName *dtyp.UnicodeString `idl:"name:ComputerName" json:"computer_name"`
// UserSID: Either NULL or a user SID. If this is NULL, the event is to have a zero
// length UserSid field.
UserSID *dtyp.SID `idl:"name:UserSID;pointer:unique" json:"user_sid"`
// Strings: Strings containing text information specific to the event. This parameter
// MUST be a valid pointer. If the NumStrings parameter is zero, this parameter MUST
// be NULL. For example, an event relating to file deletion could use a string to specify
// the path of the file being deleted.
Strings []*dtyp.UnicodeString `idl:"name:Strings;size_is:(NumStrings);pointer:unique" json:"strings"`
// Data: Pointer to a buffer that contains binary information specific to the event.
// This parameter MUST be a valid pointer (or NULL), even if the DataSize parameter
// is zero.
Data []byte `idl:"name:Data;size_is:(DataSize);pointer:unique" json:"data"`
// Flags: Unused. MUST be set to zero when sent and MUST be ignored on receipt.
Flags uint16 `idl:"name:Flags" json:"flags"`
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// TimeWritten: Unused. Can be set to any arbitrary value when sent, and any value sent
// by the client MUST be ignored on receipt by the server.
TimeWritten uint32 `idl:"name:TimeWritten;pointer:unique" json:"time_written"`
}
ReportEventAndSourceWRequest structure represents the ElfrReportEventAndSourceW operation request
func (*ReportEventAndSourceWRequest) MarshalNDR ¶
func (*ReportEventAndSourceWRequest) UnmarshalNDR ¶
type ReportEventAndSourceWResponse ¶
type ReportEventAndSourceWResponse struct {
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// TimeWritten: Unused. Can be set to any arbitrary value when sent, and any value sent
// by the client MUST be ignored on receipt by the server.
TimeWritten uint32 `idl:"name:TimeWritten;pointer:unique" json:"time_written"`
// Return: The ElfrReportEventAndSourceW return value.
Return int32 `idl:"name:Return" json:"return"`
}
ReportEventAndSourceWResponse structure represents the ElfrReportEventAndSourceW operation response
func (*ReportEventAndSourceWResponse) MarshalNDR ¶
func (*ReportEventAndSourceWResponse) UnmarshalNDR ¶
type ReportEventExARequest ¶
type ReportEventExARequest struct {
// LogHandle: A handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA
// (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method. A handle received
// from either of those two methods will have the backup flag set, so the server checks
// this flag before calling this method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// TimeGenerated: The time at which the event was generated by the event source. This
// time is represented as a pointer to FILETIME as defined in [MS-DTYP] section 2.3.3.
TimeGenerated *dtyp.Filetime `idl:"name:TimeGenerated" json:"time_generated"`
// EventType: The type of the event, as specified in section 2.2.2.
EventType uint16 `idl:"name:EventType" json:"event_type"`
// EventCategory: The event category, as specified in section 1.8.5.
EventCategory uint16 `idl:"name:EventCategory" json:"event_category"`
// EventID: The EventID, as specified in section 3.1.1.4.
EventID uint32 `idl:"name:EventID" json:"event_id"`
// NumStrings: The number of strings in the array pointed to by the Strings parameter.
// A value of zero indicates that no strings are present.
StringsLength uint16 `idl:"name:NumStrings" json:"strings_length"`
// DataSize: The number of bytes of event-specific raw binary data to write to the log.
// This binary data is passed in the Data parameter. If the DataSize parameter is zero,
// event-specific data MUST NOT be present.
DataSize uint32 `idl:"name:DataSize" json:"data_size"`
// ComputerName: A string to assist in identifying the machine that generated the event.
// In practice, the name of the computer. There are no character restrictions on this
// field's content (for example, a FQDN can be used). The API is not intended to support
// dynamically changing computer names. The ComputerName parameter is cached the first
// time a client calls the API, and SHOULD use that name on subsequent calls until the
// machine is rebooted.
ComputerName *String `idl:"name:ComputerName" json:"computer_name"`
// UserSID: Either NULL or a user SID. If this is NULL, the event is to have a zero
// length UserSid field.
UserSID *dtyp.SID `idl:"name:UserSID;pointer:unique" json:"user_sid"`
// Strings: Specifies strings containing information specific to the event. This parameter
// MUST be a valid pointer. If the NumStrings parameter is zero, this parameter MUST
// be NULL. For example, an event relating to file deletion could use a string to specify
// the path of the file being deleted.
Strings []*String `idl:"name:Strings;size_is:(NumStrings);pointer:unique" json:"strings"`
// Data: A pointer to the buffer that contains the event-specific binary data. This
// parameter MUST be a valid pointer (or NULL), even if the DataSize parameter is zero.
Data []byte `idl:"name:Data;size_is:(DataSize);pointer:unique" json:"data"`
// Flags: Unused. MUST be set to zero when sent and MUST be ignored on receipt.
Flags uint16 `idl:"name:Flags" json:"flags"`
// RecordNumber: Unused. This can be set to any arbitrary value when sent. Any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
}
ReportEventExARequest structure represents the ElfrReportEventExA operation request
func (*ReportEventExARequest) MarshalNDR ¶
func (*ReportEventExARequest) UnmarshalNDR ¶
type ReportEventExAResponse ¶
type ReportEventExAResponse struct {
// RecordNumber: Unused. This can be set to any arbitrary value when sent. Any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// Return: The ElfrReportEventExA return value.
Return int32 `idl:"name:Return" json:"return"`
}
ReportEventExAResponse structure represents the ElfrReportEventExA operation response
func (*ReportEventExAResponse) MarshalNDR ¶
func (*ReportEventExAResponse) UnmarshalNDR ¶
type ReportEventExWRequest ¶
type ReportEventExWRequest struct {
// LogHandle: A handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA
// (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method. A handle received
// from either of those two methods will have the backup flag set, so the server checks
// this flag before calling this method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// TimeGenerated: The time at which the event was generated by the event source. This
// time is represented as a pointer to FILETIME as defined in [MS-DTYP] section 2.3.3.<34>
TimeGenerated *dtyp.Filetime `idl:"name:TimeGenerated" json:"time_generated"`
// EventType: The type of event, as specified in section 2.2.2.
EventType uint16 `idl:"name:EventType" json:"event_type"`
// EventCategory: The event category, as specified in section 1.8.5.
EventCategory uint16 `idl:"name:EventCategory" json:"event_category"`
// EventID: The EventID, as specified in section 3.1.1.4.
EventID uint32 `idl:"name:EventID" json:"event_id"`
// NumStrings: The number of strings in the array pointed to by the Strings parameter.
// A value of zero indicates that no strings are present.
StringsLength uint16 `idl:"name:NumStrings" json:"strings_length"`
// DataSize: The number of bytes of event-specific raw binary data to write to the log.
// This binary data is passed in the Data parameter. If the DataSize parameter is zero,
// event-specific data MUST NOT be present.
DataSize uint32 `idl:"name:DataSize" json:"data_size"`
// ComputerName: A string to assist in identifying the machine that generated the event;
// for example, the name of the computer. There are no character restrictions on this
// field's content (for example, a FQDN can be used). The API is not intended to support
// dynamically changing computer names. The ComputerName parameter is cached the first
// time a client calls the API, and that name used on subsequent calls until the machine
// is rebooted.
ComputerName *dtyp.UnicodeString `idl:"name:ComputerName" json:"computer_name"`
// UserSID: Either NULL or a user SID. If this is NULL, the event is to have a zero
// length UserSid field.
UserSID *dtyp.SID `idl:"name:UserSID;pointer:unique" json:"user_sid"`
// Strings: Specifies the strings containing information specific to the event. This
// parameter MUST be a valid pointer. If the NumStrings parameter is zero, this parameter
// MUST be NULL. For example, an event relating to file deletion could use a string
// to specify the path of the file being deleted.
Strings []*dtyp.UnicodeString `idl:"name:Strings;size_is:(NumStrings);pointer:unique" json:"strings"`
// Data: A pointer to the buffer that contains the event-specific binary data. This
// parameter MUST be a valid pointer (or NULL), even if the DataSize parameter is zero.
Data []byte `idl:"name:Data;size_is:(DataSize);pointer:unique" json:"data"`
// Flags: Unused. MUST be set to zero when sent and MUST be ignored on receipt.
Flags uint16 `idl:"name:Flags" json:"flags"`
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
}
ReportEventExWRequest structure represents the ElfrReportEventExW operation request
func (*ReportEventExWRequest) MarshalNDR ¶
func (*ReportEventExWRequest) UnmarshalNDR ¶
type ReportEventExWResponse ¶
type ReportEventExWResponse struct {
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// Return: The ElfrReportEventExW return value.
Return int32 `idl:"name:Return" json:"return"`
}
ReportEventExWResponse structure represents the ElfrReportEventExW operation response
func (*ReportEventExWResponse) MarshalNDR ¶
func (*ReportEventExWResponse) UnmarshalNDR ¶
type ReportEventWRequest ¶
type ReportEventWRequest struct {
// LogHandle: Handle to an event log. This parameter is a server context handle, as
// specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA
// (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method. A handle received
// from either of those two methods will have the backup flag set, so the server checks
// this flag before calling this method.
Log *Handle `idl:"name:LogHandle" json:"log"`
// Time: Time at which the event was generated by the event source (not the time at
// which the event was logged). The time MUST be expressed as the number of seconds
// since 00:00:00 on January 1, 1970 (UTC).
Time uint32 `idl:"name:Time" json:"time"`
// EventType: Type of the event, as specified in section 2.2.2.
EventType uint16 `idl:"name:EventType" json:"event_type"`
// EventCategory: Event category, as specified in section 1.8.5.
EventCategory uint16 `idl:"name:EventCategory" json:"event_category"`
// EventID: EventID, as specified in section 3.1.1.4.
EventID uint32 `idl:"name:EventID" json:"event_id"`
// NumStrings: Number of strings in the array pointed to by the Strings parameter. A
// value of zero indicates that no strings are present.
StringsLength uint16 `idl:"name:NumStrings" json:"strings_length"`
// DataSize: Number of bytes of event-specific raw binary data to write to the log.
// This binary data is passed in the Data parameter. If the DataSize parameter is zero,
// event-specific data MUST NOT be present.
DataSize uint32 `idl:"name:DataSize" json:"data_size"`
// ComputerName: A string to assist in identifying the machine that generated the event.
// In practice, the name of the computer. There are no character restrictions on this
// field's content (for example, a FQDN can be used). The API is not intended to support
// dynamically changing computer names. The ComputerName parameter SHOULD<27> be cached
// the first time a client calls the API, and SHOULD use that name on subsequent calls
// until the machine is rebooted.
ComputerName *dtyp.UnicodeString `idl:"name:ComputerName" json:"computer_name"`
// UserSID: Either NULL or a user SID. If this is NULL, the event is to have a zero
// length UserSid field.
UserSID *dtyp.SID `idl:"name:UserSID;pointer:unique" json:"user_sid"`
// Strings: Specifies strings containing information specific to the event. This parameter
// MUST be a valid pointer. If the NumStrings parameter is zero, this parameter MUST
// be NULL. For example, an event relating to file deletion could use a string to specify
// the path of the file being deleted.
Strings []*dtyp.UnicodeString `idl:"name:Strings;size_is:(NumStrings);pointer:unique" json:"strings"`
// Data: Pointer to the buffer that contains the event-specific binary data. This parameter
// MUST be a valid pointer (or NULL), even if the DataSize parameter is zero.
Data []byte `idl:"name:Data;size_is:(DataSize);pointer:unique" json:"data"`
// Flags: Unused. MUST be set to zero when sent and MUST be ignored on receipt.
Flags uint16 `idl:"name:Flags" json:"flags"`
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// TimeWritten: Unused. Can be set to any arbitrary value when sent, and any value sent
// by the client MUST be ignored on receipt by the server.
TimeWritten uint32 `idl:"name:TimeWritten;pointer:unique" json:"time_written"`
}
ReportEventWRequest structure represents the ElfrReportEventW operation request
func (*ReportEventWRequest) MarshalNDR ¶
func (*ReportEventWRequest) UnmarshalNDR ¶
type ReportEventWResponse ¶
type ReportEventWResponse struct {
// RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value
// sent by the client MUST be ignored on receipt by the server.
RecordNumber uint32 `idl:"name:RecordNumber;pointer:unique" json:"record_number"`
// TimeWritten: Unused. Can be set to any arbitrary value when sent, and any value sent
// by the client MUST be ignored on receipt by the server.
TimeWritten uint32 `idl:"name:TimeWritten;pointer:unique" json:"time_written"`
// Return: The ElfrReportEventW return value.
Return int32 `idl:"name:Return" json:"return"`
}
ReportEventWResponse structure represents the ElfrReportEventW operation response
func (*ReportEventWResponse) MarshalNDR ¶
func (*ReportEventWResponse) UnmarshalNDR ¶
type String ¶
type String struct {
// Length: The number of bytes (not the number of characters) in the string. This does
// not include the null terminator.
Length uint16 `idl:"name:Length" json:"length"`
// MaximumLength: If the string is the empty string, this MUST be set to zero. Otherwise,
// it MUST be the number of bytes in the string, including the null terminator (that
// is, it MUST be equal to the Length member plus 1).
MaximumLength uint16 `idl:"name:MaximumLength" json:"maximum_length"`
// Buffer: Either a pointer to a buffer containing a null-terminated non-empty ANSI
// string or NULL to indicate an empty string.
Buffer []byte `idl:"name:Buffer;size_is:(MaximumLength)" json:"buffer"`
}
String structure represents RPC_STRING RPC structure.
EventLog Remoting Protocol APIs use the RPC_STRING to specify an ANSI string parameter.
Source Files
Click to show internal directories.
Click to hide internal directories.