DWORD
clear_eventlog()
{
DWORD res = ERROR_SUCCESS;
HANDLE log = OpenEventLog(NULL, L_COMPANY_NAME);
if (log == NULL)
return GetLastError();
if (!ClearEventLog(log, NULL))
res = GetLastError();
CloseHandle(log);
return res;
}
/*
* Returns the record number of the oldest record (not necessarily 1).
*
* Should sometime support the BackupFile, but not right now..
*
* TLVs:
*
* req: TLV_TYPE_EVENT_HANDLE - The event log handle
*/
DWORD request_sys_eventlog_clear(Remote * remote, Packet * packet)
{
Packet * response = packet_create_response(packet);
DWORD result = ERROR_SUCCESS;
HANDLE hEvent = (HANDLE)packet_get_tlv_value_qword(packet, TLV_TYPE_EVENT_HANDLE);
if(ClearEventLog(hEvent, NULL) == 0) {
result = GetLastError();
}
packet_transmit_response(result, remote, response);
return ERROR_SUCCESS;
}
NTSTATUS kuhl_m_event_clear(int argc, wchar_t * argv[])
{
HANDLE hEventLog;
PCWCHAR szLog;
DWORD nbEvents;
kull_m_string_args_byName(argc, argv, L"log", &szLog, L"Security");
kprintf(L"Using \"%s\" event log :\n", szLog);
if(hEventLog = OpenEventLog(NULL, szLog))
{
if(GetNumberOfEventLogRecords(hEventLog, &nbEvents))
kprintf(L"- %u event(s)\n", nbEvents);
if(ClearEventLog(hEventLog, NULL))
kprintf(L"- Cleared !\n");
else PRINT_ERROR_AUTO(L"ClearEventLog");
if(GetNumberOfEventLogRecords(hEventLog, &nbEvents))
kprintf(L"- %u event(s)\n", nbEvents);
}
else PRINT_ERROR_AUTO(L"OpenEventLog");
return STATUS_SUCCESS;
}
