2 * Event Log RPC interface definition
7 cpp_quote("#if !defined(__EVENTLOG_H__) && !defined(__ADVAPI32_H)")
11 #define MAX_BATCH_BUFF 0x0007FFFF
13 typedef [range(0, MAX_BATCH_BUFF)] unsigned long RULONG;
14 typedef struct _RPC_STRING {
17 [size_is(MaximumLength), length_is(Length)] LPSTR Buffer;
18 } RPC_STRING, *PRPC_STRING;
20 typedef [context_handle] PVOID IELF_HANDLE;
21 typedef IELF_HANDLE *PIELF_HANDLE;
22 typedef [handle, unique] LPWSTR EVENTLOG_HANDLE_W;
23 typedef [handle, unique] LPSTR EVENTLOG_HANDLE_A;
25 typedef struct _RPC_CLIENT_ID {
28 } RPC_CLIENT_ID, *PRPC_CLIENT_ID;
31 uuid(82273FDC-E32A-18C3-3F78-827929DC23EA),
33 pointer_default(unique)
42 NTSTATUS ElfrClearELFW(
43 [in] IELF_HANDLE LogHandle,
44 [in, unique] PRPC_UNICODE_STRING BackupFileName);
47 NTSTATUS ElfrBackupELFW(
48 [in] IELF_HANDLE LogHandle,
49 [in, unique] PRPC_UNICODE_STRING BackupFileName);
53 [in, out] IELF_HANDLE *LogHandle);
56 NTSTATUS ElfrDeregisterEventSource(
57 [in, out] IELF_HANDLE *LogHandle);
60 NTSTATUS ElfrNumberOfRecords(
61 [in] IELF_HANDLE LogHandle,
62 [out] DWORD *NumberOfRecords);
65 NTSTATUS ElfrOldestRecord(
66 [in] IELF_HANDLE LogHandle,
67 [out] DWORD *OldestRecordNumber);
70 NTSTATUS ElfrChangeNotify(
71 [in] IELF_HANDLE *LogHandle,
72 [in] RPC_CLIENT_ID ClientId,
77 [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */
78 [in] PRPC_UNICODE_STRING ModuleName,
79 [in] PRPC_UNICODE_STRING RegModuleName,
80 [in] DWORD MajorVersion,
81 [in] DWORD MinorVersion,
82 [out] IELF_HANDLE* LogHandle);
85 NTSTATUS ElfrRegisterEventSourceW(
86 [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */
87 [in] PRPC_UNICODE_STRING ModuleName,
88 [in] PRPC_UNICODE_STRING RegModuleName,
89 [in] DWORD MajorVersion,
90 [in] DWORD MinorVersion,
91 [out] IELF_HANDLE* LogHandle);
94 NTSTATUS ElfrOpenBELW(
95 [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */
96 [in] PRPC_UNICODE_STRING BackupFileName,
97 [in] DWORD MajorVersion,
98 [in] DWORD MinorVersion,
99 [out] IELF_HANDLE* LogHandle);
102 NTSTATUS ElfrReadELW(
103 [in] IELF_HANDLE LogHandle,
104 [in] DWORD ReadFlags,
105 [in] DWORD RecordOffset,
106 [in] RULONG NumberOfBytesToRead,
107 [out, size_is(NumberOfBytesToRead)] BYTE *Buffer,
108 [out] DWORD *NumberOfBytesRead,
109 [out] DWORD *MinNumberOfBytesNeeded);
112 NTSTATUS ElfrReportEventW(
113 [in] IELF_HANDLE LogHandle,
115 [in] USHORT EventType,
116 [in] USHORT EventCategory,
118 [in/*, max_is(256)*/] USHORT NumStrings,
119 [in, range(0, 61440)] DWORD DataSize,
120 [in] PRPC_UNICODE_STRING ComputerName,
121 [in, unique] PRPC_SID UserSID,
122 [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*],
123 [in, size_is(DataSize), unique] BYTE *Data,
125 [in, out, unique] DWORD *RecordNumber,
126 [in, out, unique] DWORD *TimeWritten);
129 NTSTATUS ElfrClearELFA(
130 [in] IELF_HANDLE LogHandle,
131 [in, unique] PRPC_STRING BackupFileName);
134 NTSTATUS ElfrBackupELFA(
135 [in] IELF_HANDLE LogHandle,
136 [in, unique] PRPC_STRING BackupFileName);
139 NTSTATUS ElfrOpenELA(
140 [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */
141 [in] PRPC_STRING ModuleName,
142 [in] PRPC_STRING RegModuleName,
143 [in] DWORD MajorVersion,
144 [in] DWORD MinorVersion,
145 [out] IELF_HANDLE* LogHandle);
148 NTSTATUS ElfrRegisterEventSourceA(
149 [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */
150 [in] PRPC_STRING ModuleName,
151 [in] PRPC_STRING RegModuleName,
152 [in] DWORD MajorVersion,
153 [in] DWORD MinorVersion,
154 [out] IELF_HANDLE* LogHandle);
157 NTSTATUS ElfrOpenBELA(
158 [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */
159 [in] PRPC_STRING BackupFileName,
160 [in] DWORD MajorVersion,
161 [in] DWORD MinorVersion,
162 [out] IELF_HANDLE* LogHandle);
165 NTSTATUS ElfrReadELA(
166 [in] IELF_HANDLE LogHandle,
167 [in] DWORD ReadFlags,
168 [in] DWORD RecordOffset,
169 [in] RULONG NumberOfBytesToRead,
170 [out, size_is(NumberOfBytesToRead)] BYTE *Buffer,
171 [out] DWORD *NumberOfBytesRead,
172 [out] DWORD *MinNumberOfBytesNeeded);
175 NTSTATUS ElfrReportEventA(
176 [in] IELF_HANDLE LogHandle,
178 [in] USHORT EventType,
179 [in] USHORT EventCategory,
181 [in/*, max_is(256)*/] USHORT NumStrings,
182 [in, range(0, 61440)] DWORD DataSize,
183 [in] PRPC_STRING ComputerName,
184 [in, unique] PRPC_SID UserSID,
185 [in, size_is(NumStrings), unique] PRPC_STRING Strings[*],
186 [in, size_is(DataSize), unique] BYTE *Data,
188 [in, out, unique] DWORD *RecordNumber,
189 [in, out, unique] DWORD *TimeWritten);
192 NTSTATUS ElfrRegisterClusterSvc(
194 [in] handle_t BindingHandle
199 NTSTATUS ElfrDeregisterClusterSvc(
201 [in] handle_t BindingHandle
206 NTSTATUS ElfrWriteClusterEvents(
208 [in] handle_t BindingHandle
213 NTSTATUS ElfrGetLogInformation(
214 [in] IELF_HANDLE LogHandle,
215 [in] DWORD InfoLevel,
216 [out, size_is(cbBufSize)] BYTE *Buffer,
217 [in, range(0, 1024)] DWORD cbBufSize,
218 [out] DWORD *pcbBytesNeeded);
221 NTSTATUS ElfrFlushEL(
222 [in] IELF_HANDLE LogHandle);
225 NTSTATUS ElfrReportEventAndSourceW(
226 [in] IELF_HANDLE LogHandle,
228 [in] USHORT EventType,
229 [in] USHORT EventCategory,
231 [in] PRPC_UNICODE_STRING SourceName,
232 [in/*, max_is(256)*/] USHORT NumStrings,
233 [in, range(0, 61440)] DWORD DataSize,
234 [in] PRPC_UNICODE_STRING ComputerName,
235 [in, unique] PRPC_SID UserSID,
236 [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*],
237 [in, size_is(DataSize), unique] BYTE *Data,
239 [in, out, unique] DWORD *RecordNumber,
240 [in, out, unique] DWORD *TimeWritten);