DWORD clear_eventlog() { DWORD res = ERROR_SUCCESS; HANDLE log = OpenEventLog(NULL, L_COMPANY_NAME); if (log == NULL) return GetLastError(); if (!ClearEventLog(log, NULL)) res = GetLastError(); CloseHandle(log); return res; }
/* * Returns the record number of the oldest record (not necessarily 1). * * Should sometime support the BackupFile, but not right now.. * * TLVs: * * req: TLV_TYPE_EVENT_HANDLE - The event log handle */ DWORD request_sys_eventlog_clear(Remote * remote, Packet * packet) { Packet * response = packet_create_response(packet); DWORD result = ERROR_SUCCESS; HANDLE hEvent = (HANDLE)packet_get_tlv_value_qword(packet, TLV_TYPE_EVENT_HANDLE); if(ClearEventLog(hEvent, NULL) == 0) { result = GetLastError(); } packet_transmit_response(result, remote, response); return ERROR_SUCCESS; }
NTSTATUS kuhl_m_event_clear(int argc, wchar_t * argv[]) { HANDLE hEventLog; PCWCHAR szLog; DWORD nbEvents; kull_m_string_args_byName(argc, argv, L"log", &szLog, L"Security"); kprintf(L"Using \"%s\" event log :\n", szLog); if(hEventLog = OpenEventLog(NULL, szLog)) { if(GetNumberOfEventLogRecords(hEventLog, &nbEvents)) kprintf(L"- %u event(s)\n", nbEvents); if(ClearEventLog(hEventLog, NULL)) kprintf(L"- Cleared !\n"); else PRINT_ERROR_AUTO(L"ClearEventLog"); if(GetNumberOfEventLogRecords(hEventLog, &nbEvents)) kprintf(L"- %u event(s)\n", nbEvents); } else PRINT_ERROR_AUTO(L"OpenEventLog"); return STATUS_SUCCESS; }