2 * Event Log RPC interface definition
7 cpp_quote("#if !defined(__EVENTLOG_H__) && !defined(__ADVAPI32_H)")
11 #define MAX_BATCH_BUFF 0x0007FFFF
13 typedef [range(0, MAX_BATCH_BUFF)] unsigned long RULONG;
14 typedef struct _RPC_STRING {
17 [size_is(MaximumLength), length_is(Length)] LPSTR Buffer;
18 } RPC_STRING, *PRPC_STRING;
20 typedef /*[context_handle]*/ unsigned long IELF_HANDLE;
21 typedef IELF_HANDLE *PIELF_HANDLE;
22 typedef /*[handle, unique]*/ LPWSTR EVENTLOG_HANDLE_W;
23 typedef /*[handle, unique]*/ LPSTR EVENTLOG_HANDLE_A;
25 typedef struct _RPC_CLIENT_ID {
28 } RPC_CLIENT_ID, *PRPC_CLIENT_ID;
31 uuid(82273FDC-E32A-18C3-3F78-827929DC23EA),
33 pointer_default(unique)
42 NTSTATUS ElfrClearELFW(
44 [in] handle_t BindingHandle,
46 [in] IELF_HANDLE LogHandle,
47 [in, unique] PRPC_UNICODE_STRING BackupFileName);
50 NTSTATUS ElfrBackupELFW(
52 [in] handle_t BindingHandle,
54 [in] IELF_HANDLE LogHandle,
55 [in, unique] PRPC_UNICODE_STRING BackupFileName);
60 [in] handle_t BindingHandle,
62 [in, out] IELF_HANDLE *LogHandle);
65 NTSTATUS ElfrDeregisterEventSource(
67 [in] handle_t BindingHandle,
69 [in, out] IELF_HANDLE *LogHandle);
72 NTSTATUS ElfrNumberOfRecords(
74 [in] handle_t BindingHandle,
76 [in] IELF_HANDLE LogHandle,
77 [out] DWORD *NumberOfRecords);
80 NTSTATUS ElfrOldestRecord(
82 handle_t BindingHandle,
84 [in] IELF_HANDLE LogHandle,
85 [out] DWORD *OldestRecordNumber);
88 NTSTATUS ElfrChangeNotify(
90 [in] handle_t BindingHandle,
92 [in] IELF_HANDLE *LogHandle,
93 [in] RPC_CLIENT_ID ClientId,
99 [in] handle_t BindingHandle,
101 [in] EVENTLOG_HANDLE_W UNCServerName,
102 [in] PRPC_UNICODE_STRING ModuleName,
103 [in] PRPC_UNICODE_STRING RegModuleName,
104 [in] DWORD MajorVersion,
105 [in] DWORD MinorVersion,
106 [out] IELF_HANDLE* LogHandle);
109 NTSTATUS ElfrRegisterEventSourceW(
111 [in] handle_t BindingHandle,
113 [in] EVENTLOG_HANDLE_W UNCServerName,
114 [in] PRPC_UNICODE_STRING ModuleName,
115 [in] PRPC_UNICODE_STRING RegModuleName,
116 [in] DWORD MajorVersion,
117 [in] DWORD MinorVersion,
118 [out] IELF_HANDLE* LogHandle);
121 NTSTATUS ElfrOpenBELW(
123 [in] handle_t BindingHandle,
125 [in] EVENTLOG_HANDLE_W UNCServerName,
126 [in] PRPC_UNICODE_STRING BackupFileName,
127 [in] DWORD MajorVersion,
128 [in] DWORD MinorVersion,
129 [out] IELF_HANDLE* LogHandle);
132 NTSTATUS ElfrReadELW(
134 [in] handle_t BindingHandle,
136 [in] IELF_HANDLE LogHandle,
137 [in] DWORD ReadFlags,
138 [in] DWORD RecordOffset,
139 [in] RULONG NumberOfBytesToRead,
140 [out, size_is(NumberOfBytesToRead)] BYTE *Buffer,
141 [out] DWORD *NumberOfBytesRead,
142 [out] DWORD *MinNumberOfBytesNeeded);
145 NTSTATUS ElfrReportEventW(
147 [in] handle_t BindingHandle,
149 [in] IELF_HANDLE LogHandle,
151 [in] USHORT EventType,
152 [in] USHORT EventCategory,
154 [in, range(0, 256)] USHORT NumStrings,
155 [in, range(0, 61440)] DWORD DataSize,
156 [in] PRPC_UNICODE_STRING ComputerName,
157 [in, unique] PRPC_SID UserSID,
158 [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*],
159 [in, size_is(DataSize), unique] BYTE *Data,
161 [in, out, unique] DWORD *RecordNumber,
162 [in, out, unique] DWORD *TimeWritten);
165 NTSTATUS ElfrClearELFA(
167 [in] handle_t BindingHandle,
169 [in] IELF_HANDLE LogHandle,
170 [in, unique] PRPC_STRING BackupFileName);
173 NTSTATUS ElfrBackupELFA(
175 [in] handle_t BindingHandle,
177 [in] IELF_HANDLE LogHandle,
178 [in, unique] PRPC_STRING BackupFileName);
181 NTSTATUS ElfrOpenELA(
183 [in] handle_t BindingHandle,
185 [in] EVENTLOG_HANDLE_A UNCServerName,
186 [in] PRPC_STRING ModuleName,
187 [in] PRPC_STRING RegModuleName,
188 [in] DWORD MajorVersion,
189 [in] DWORD MinorVersion,
190 [out] IELF_HANDLE* LogHandle);
193 NTSTATUS ElfrRegisterEventSourceA(
195 [in] handle_t BindingHandle,
197 [in] EVENTLOG_HANDLE_A UNCServerName,
198 [in] PRPC_STRING ModuleName,
199 [in] PRPC_STRING RegModuleName,
200 [in] DWORD MajorVersion,
201 [in] DWORD MinorVersion,
202 [out] IELF_HANDLE* LogHandle);
205 NTSTATUS ElfrOpenBELA(
207 [in] handle_t BindingHandle,
209 [in] EVENTLOG_HANDLE_A UNCServerName,
210 [in] PRPC_STRING BackupFileName,
211 [in] DWORD MajorVersion,
212 [in] DWORD MinorVersion,
213 [out] IELF_HANDLE* LogHandle);
216 NTSTATUS ElfrReadELA(
218 [in] handle_t BindingHandle,
220 [in] IELF_HANDLE LogHandle,
221 [in] DWORD ReadFlags,
222 [in] DWORD RecordOffset,
223 [in] RULONG NumberOfBytesToRead,
224 [out, size_is(NumberOfBytesToRead)] BYTE *Buffer,
225 [out] DWORD *NumberOfBytesRead,
226 [out] DWORD *MinNumberOfBytesNeeded);
229 NTSTATUS ElfrReportEventA(
231 [in] handle_t BindingHandle,
233 [in] IELF_HANDLE LogHandle,
235 [in] USHORT EventType,
236 [in] USHORT EventCategory,
238 [in, range(0, 256)] USHORT NumStrings,
239 [in, range(0, 61440)] DWORD DataSize,
240 [in] PRPC_STRING ComputerName,
241 [in, unique] PRPC_SID UserSID,
242 [in, size_is(NumStrings), unique] PRPC_STRING Strings[*],
243 [in, size_is(DataSize), unique] BYTE *Data,
245 [in, out, unique] DWORD *RecordNumber,
246 [in, out, unique] DWORD *TimeWritten);
249 NTSTATUS ElfrRegisterClusterSvc(
251 [in] handle_t BindingHandle
256 NTSTATUS ElfrDeregisterClusterSvc(
258 [in] handle_t BindingHandle
263 NTSTATUS ElfrWriteClusterEvents(
265 [in] handle_t BindingHandle
270 NTSTATUS ElfrGetLogInformation(
272 [in] handle_t BindingHandle,
274 [in] IELF_HANDLE LogHandle,
275 [in] DWORD InfoLevel,
276 [out, size_is(cbBufSize)] BYTE *Buffer,
277 [in, range(0, 1024)] DWORD cbBufSize,
278 [out] DWORD *pcbBytesNeeded);
281 NTSTATUS ElfrFlushEL(
283 [in] handle_t BindingHandle,
285 [in] IELF_HANDLE LogHandle);
288 NTSTATUS ElfrReportEventAndSourceW(
290 [in] handle_t BindingHandle,
292 [in] IELF_HANDLE LogHandle,
294 [in] USHORT EventType,
295 [in] USHORT EventCategory,
297 [in] PRPC_UNICODE_STRING SourceName,
298 [in, range(0, 256)] USHORT NumStrings,
299 [in, range(0, 61440)] DWORD DataSize,
300 [in] PRPC_UNICODE_STRING ComputerName,
301 [in, unique] PRPC_SID UserSID,
302 [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*],
303 [in, size_is(DataSize), unique] BYTE *Data,
305 [in, out, unique] DWORD *RecordNumber,
306 [in, out, unique] DWORD *TimeWritten);