[EVENTLOG]
[reactos.git] / reactos / base / services / eventlog / eventlog.h
1 /*
2 * PROJECT: ReactOS kernel
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: services/eventlog/eventlog.h
5 * PURPOSE: Event logging service
6 * COPYRIGHT: Copyright 2005 Saveliy Tretiakov
7 */
8
9 #ifndef __EVENTLOG_H__
10 #define __EVENTLOG_H__
11
12 #define NDEBUG
13 #define WIN32_NO_STATUS
14
15 #include <stdio.h>
16 #include <windows.h>
17 #include <netevent.h>
18 #include <lpctypes.h>
19 #include <lpcfuncs.h>
20 #include <rtlfuncs.h>
21 #include <obfuncs.h>
22 #include <iofuncs.h>
23 #include <debug.h>
24 #include "eventlogrpc_s.h"
25
26 typedef struct _IO_ERROR_LPC
27 {
28 PORT_MESSAGE Header;
29 IO_ERROR_LOG_MESSAGE Message;
30 } IO_ERROR_LPC, *PIO_ERROR_LPC;
31
32 #define MAJORVER 1
33 #define MINORVER 1
34
35 /*
36 * Our file format will be compatible with NT's
37 */
38 #define LOGFILE_SIGNATURE 0x654c664c
39
40 /*
41 * Flags used in logfile header
42 */
43 #define ELF_LOGFILE_HEADER_DIRTY 1
44 #define ELF_LOGFILE_HEADER_WRAP 2
45 #define ELF_LOGFILE_LOGFULL_WRITTEN 4
46 #define ELF_LOGFILE_ARCHIVE_SET 8
47
48 /* FIXME: MSDN reads that the following two structs are in winnt.h. Are they? */
49 typedef struct _EVENTLOGHEADER
50 {
51 ULONG HeaderSize;
52 ULONG Signature;
53 ULONG MajorVersion;
54 ULONG MinorVersion;
55 ULONG StartOffset;
56 ULONG EndOffset;
57 ULONG CurrentRecordNumber;
58 ULONG OldestRecordNumber;
59 ULONG MaxSize;
60 ULONG Flags;
61 ULONG Retention;
62 ULONG EndHeaderSize;
63 } EVENTLOGHEADER, *PEVENTLOGHEADER;
64
65 typedef struct _EVENTLOGEOF
66 {
67 ULONG RecordSizeBeginning;
68 ULONG Ones;
69 ULONG Twos;
70 ULONG Threes;
71 ULONG Fours;
72 ULONG BeginRecord;
73 ULONG EndRecord;
74 ULONG CurrentRecordNumber;
75 ULONG OldestRecordNumber;
76 ULONG RecordSizeEnd;
77 } EVENTLOGEOF, *PEVENTLOGEOF;
78
79 typedef struct _EVENT_OFFSET_INFO
80 {
81 ULONG EventNumber;
82 ULONG EventOffset;
83 } EVENT_OFFSET_INFO, *PEVENT_OFFSET_INFO;
84
85 typedef struct _LOGFILE
86 {
87 HANDLE hFile;
88 EVENTLOGHEADER Header;
89 WCHAR *LogName;
90 WCHAR *FileName;
91 RTL_RESOURCE Lock;
92 PEVENT_OFFSET_INFO OffsetInfo;
93 ULONG OffsetInfoSize;
94 ULONG OffsetInfoNext;
95 LIST_ENTRY ListEntry;
96 } LOGFILE, *PLOGFILE;
97
98 typedef struct _EVENTSOURCE
99 {
100 LIST_ENTRY EventSourceListEntry;
101 PLOGFILE LogFile;
102 WCHAR szName[1];
103 } EVENTSOURCE, *PEVENTSOURCE;
104
105 typedef struct _LOGHANDLE
106 {
107 LIST_ENTRY LogHandleListEntry;
108 PEVENTSOURCE EventSource;
109 PLOGFILE LogFile;
110 ULONG CurrentRecord;
111 WCHAR szName[1];
112 } LOGHANDLE, *PLOGHANDLE;
113
114 /* file.c */
115 VOID LogfListInitialize(VOID);
116
117 PLOGFILE LogfListHead(VOID);
118
119 INT LogfListItemCount(VOID);
120
121 PLOGFILE LogfListItemByIndex(INT Index);
122
123 PLOGFILE LogfListItemByName(WCHAR * Name);
124
125 INT LogfListItemIndexByName(WCHAR * Name);
126
127 VOID LogfListAddItem(PLOGFILE Item);
128
129 VOID LogfListRemoveItem(PLOGFILE Item);
130
131 DWORD LogfReadEvent(PLOGFILE LogFile,
132 DWORD Flags,
133 DWORD * RecordNumber,
134 DWORD BufSize,
135 PBYTE Buffer,
136 DWORD * BytesRead,
137 DWORD * BytesNeeded,
138 BOOL Ansi);
139
140 BOOL LogfWriteData(PLOGFILE LogFile,
141 DWORD BufSize,
142 PBYTE Buffer);
143
144 NTSTATUS
145 LogfClearFile(PLOGFILE LogFile,
146 PUNICODE_STRING BackupFileName);
147
148 NTSTATUS
149 LogfBackupFile(PLOGFILE LogFile,
150 PUNICODE_STRING BackupFileName);
151
152 PLOGFILE LogfCreate(WCHAR * LogName,
153 WCHAR * FileName);
154
155 VOID LogfClose(PLOGFILE LogFile);
156
157 VOID LogfCloseAll(VOID);
158
159 BOOL LogfInitializeNew(PLOGFILE LogFile);
160
161 BOOL LogfInitializeExisting(PLOGFILE LogFile);
162
163 DWORD LogfGetOldestRecord(PLOGFILE LogFile);
164
165 DWORD LogfGetCurrentRecord(PLOGFILE LogFile);
166
167 ULONG LogfOffsetByNumber(PLOGFILE LogFile,
168 DWORD RecordNumber);
169
170 BOOL LogfAddOffsetInformation(PLOGFILE LogFile,
171 ULONG ulNumber,
172 ULONG ulOffset);
173
174 BOOL LogfDeleteOffsetInformation(PLOGFILE LogFile,
175 ULONG ulNumber);
176
177 PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
178 DWORD dwRecordNumber,
179 WORD wType,
180 WORD wCategory,
181 DWORD dwEventId,
182 LPCWSTR SourceName,
183 LPCWSTR ComputerName,
184 DWORD dwSidLength,
185 PSID lpUserSid,
186 WORD wNumStrings,
187 WCHAR * lpStrings,
188 DWORD dwDataSize,
189 LPVOID lpRawData);
190
191 VOID
192 LogfReportEvent(WORD wType,
193 WORD wCategory,
194 DWORD dwEventId,
195 WORD wNumStrings,
196 WCHAR *lpStrings,
197 DWORD dwDataSize,
198 LPVOID lpRawData);
199
200 /* eventlog.c */
201 extern HANDLE MyHeap;
202
203 VOID PRINT_HEADER(PEVENTLOGHEADER header);
204
205 VOID PRINT_RECORD(PEVENTLOGRECORD pRec);
206
207 VOID EventTimeToSystemTime(DWORD EventTime,
208 SYSTEMTIME * SystemTime);
209
210 VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime,
211 DWORD * pEventTime);
212
213 /* eventsource.c */
214 VOID InitEventSourceList(VOID);
215
216 BOOL
217 LoadEventSources(HKEY hKey,
218 PLOGFILE pLogFile);
219
220 PEVENTSOURCE
221 GetEventSourceByName(LPCWSTR Name);
222
223
224 /* logport.c */
225 NTSTATUS WINAPI PortThreadRoutine(PVOID Param);
226
227 NTSTATUS InitLogPort(VOID);
228
229 NTSTATUS ProcessPortMessage(VOID);
230
231 /* rpc.c */
232 DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter);
233
234 static __inline void LogfFreeRecord(LPVOID Rec)
235 {
236 HeapFree(MyHeap, 0, Rec);
237 }
238
239 #endif /* __EVENTLOG_H__ */