int process_eventlog(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp, char **out_source, unsigned short *out_severity, char **out_message, unsigned long *out_eventid, unsigned char skip_old_data) { const char *__function_name = "process_eventlog"; int ret = FAIL; HANDLE eventlog_handle; wchar_t *wsource; zbx_uint64_t i, FirstID, LastID; zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:" ZBX_FS_UI64, __function_name, source, *lastlogsize); /* From MSDN documentation: */ /* The RecordNumber member of EVENTLOGRECORD contains the record number for the event log record. */ /* The very first record written to an event log is record number 1, and other records are */ /* numbered sequentially. If the record number reaches ULONG_MAX, the next record number will be 0, */ /* not 1; however, you use zero to seek to the record. */ /* */ /* This RecordNumber wraparound is handled simply by using 64bit integer to calculate record */ /* numbers and then converting to DWORD values. */ *out_timestamp = 0; *out_source = NULL; *out_severity = 0; *out_message = NULL; *out_eventid = 0; if (NULL == source || '\0' == *source) { zabbix_log(LOG_LEVEL_WARNING, "cannot open eventlog with empty name"); return ret; } wsource = zbx_utf8_to_unicode(source); if (SUCCEED != zbx_open_eventlog(wsource, &eventlog_handle, &FirstID, &LastID)) { zabbix_log(LOG_LEVEL_ERR, "cannot open eventlog '%s': %s", source, strerror_from_system(GetLastError())); goto out; } if (1 == skip_old_data) { *lastlogsize = LastID; zabbix_log(LOG_LEVEL_DEBUG, "skipping existing data: lastlogsize:" ZBX_FS_UI64, *lastlogsize); goto finish; } /* Having lastlogsize greater than LastID means that there was oldest event record */ /* (FirstID) wraparound. In this case we must also wrap the lastlogsize value. */ if (*lastlogsize > LastID) *lastlogsize = (DWORD)*lastlogsize; /* if the lastlogsize is still outside log record interval reset it to the oldest record number, */ /* otherwise set FirstID to the next record after lastlogsize, which is the first event record */ /* to read */ if (*lastlogsize > LastID || *lastlogsize < FirstID) *lastlogsize = FirstID; else FirstID = *lastlogsize + 1; for (i = FirstID; i <= LastID; i++) { /* convert to DWORD to handle possible event record number wraparound */ DWORD dwRecordNumber = (DWORD)i; if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, dwRecordNumber, out_source, out_message, out_severity, out_timestamp, out_eventid)) { /* storing full (not truncated to DWORD) lastlogsize value makes */ /* easier to do event record number calculations during next call */ *lastlogsize = i; break; } } finish: zbx_close_eventlog(eventlog_handle); ret = SUCCEED; out: zbx_free(wsource); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret)); return ret; }
int process_eventlog(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp, char **out_source, unsigned short *out_severity, char **out_message, unsigned long *out_eventid, unsigned char skip_old_data) { const char *__function_name = "process_eventlog"; int ret = FAIL; HANDLE eventlog_handle; wchar_t *wsource; zbx_uint64_t FirstID, LastID; register long i; zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:" ZBX_FS_UI64, __function_name, source, *lastlogsize); *out_timestamp = 0; *out_source = NULL; *out_severity = 0; *out_message = NULL; *out_eventid = 0; if (NULL == source || '\0' == *source) { zabbix_log(LOG_LEVEL_WARNING, "cannot open eventlog with empty name"); return ret; } wsource = zbx_utf8_to_unicode(source); if (SUCCEED == zbx_open_eventlog(wsource, &eventlog_handle, &LastID /* number */, &FirstID /* oldest */)) { LastID += FirstID; if (1 == skip_old_data) { *lastlogsize = LastID - 1; zabbix_log(LOG_LEVEL_DEBUG, "skipping existing data: lastlogsize:" ZBX_FS_UI64, *lastlogsize); } if (*lastlogsize > LastID) *lastlogsize = FirstID; else if (*lastlogsize >= FirstID) FirstID = (long)*lastlogsize + 1; for (i = (long)FirstID; i < LastID; i++) { if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, i, out_source, out_message, out_severity, out_timestamp, out_eventid)) { *lastlogsize = i; break; } } zbx_close_eventlog(eventlog_handle); ret = SUCCEED; } else zabbix_log(LOG_LEVEL_ERR, "cannot open eventlog '%s': %s", source, strerror_from_system(GetLastError())); zbx_free(wsource); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret)); return ret; }
int process_eventlog(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp, char **out_source, unsigned short *out_severity, char **out_message, unsigned long *out_eventid, unsigned char skip_old_data, void **pcontext) { const char *__function_name = "process_eventlog"; int ret = FAIL; HANDLE eventlog_handle; long FirstID, LastID; register long i; LPTSTR wsource; OSVERSIONINFO versionInfo; assert(NULL != lastlogsize); assert(NULL != out_timestamp); assert(NULL != out_source); assert(NULL != out_severity); assert(NULL != out_message); assert(NULL != out_eventid); zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:" ZBX_FS_UI64, __function_name, source, *lastlogsize); *out_timestamp = 0; *out_source = NULL; *out_severity = 0; *out_message = NULL; *out_eventid = 0; if (NULL == source || '\0' == *source) { zabbix_log(LOG_LEVEL_WARNING, "cannot open eventlog with empty name"); return ret; } wsource = zbx_utf8_to_unicode(source); versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&versionInfo); if (versionInfo.dwMajorVersion >= 6) { ret = zbx_get_eventlog_message_xpath(wsource, lastlogsize, out_source, out_message, out_severity, out_timestamp, out_eventid, skip_old_data, pcontext); } else if (SUCCEED == zbx_open_eventlog(wsource, &eventlog_handle, &LastID /* number */, &FirstID /* oldest */)) { LastID += FirstID; if (1 == skip_old_data) { *lastlogsize = LastID - 1; zabbix_log(LOG_LEVEL_DEBUG, "skipping existing data: lastlogsize:" ZBX_FS_UI64, *lastlogsize); } if (*lastlogsize > LastID) *lastlogsize = FirstID; else if (*lastlogsize >= FirstID) FirstID = (*lastlogsize) + 1; for (i = FirstID; i < LastID; i++) { if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, i, out_source, out_message, out_severity, out_timestamp, out_eventid)) { *lastlogsize = i; break; } } zbx_close_eventlog(eventlog_handle); ret = SUCCEED; } else zabbix_log(LOG_LEVEL_ERR, "cannot open eventlog '%s': %s", source, strerror_from_system(GetLastError())); zbx_free(wsource); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret)); return ret; }
int process_eventlog(const char *source, long *lastlogsize, unsigned long *out_timestamp, char **out_source, unsigned short *out_severity, char **out_message, unsigned long *out_eventid) { const char *__function_name = "process_eventlog"; int ret = FAIL; HANDLE eventlog_handle; long FirstID, LastID; register long i; LPTSTR wsource; assert(lastlogsize); assert(out_timestamp); assert(out_source); assert(out_severity); assert(out_message); assert(out_eventid); *out_timestamp = 0; *out_source = NULL; *out_severity = 0; *out_message = NULL; *out_eventid = 0; zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:%ld", __function_name, source, *lastlogsize); if (NULL == source || '\0' == *source) { zabbix_log(LOG_LEVEL_WARNING, "Can't open eventlog with empty name"); return ret; } wsource = zbx_utf8_to_unicode(source); if (SUCCEED == zbx_open_eventlog(wsource, &eventlog_handle, &LastID /* number */, &FirstID /* oldest */)) { LastID += FirstID; if (*lastlogsize > LastID) *lastlogsize = FirstID; else if (*lastlogsize >= FirstID) FirstID = (*lastlogsize) + 1; for (i = FirstID; i < LastID; i++) { if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, i, out_source, out_message, out_severity, out_timestamp, out_eventid)) { *lastlogsize = i; break; } } zbx_close_eventlog(eventlog_handle); ret = SUCCEED; } else zabbix_log(LOG_LEVEL_ERR, "Can't open eventlog '%s' [%s]", source, strerror_from_system(GetLastError())); zbx_free(wsource); zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret)); return ret; }