int process_eventlog(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp,
char **out_source, unsigned short *out_severity, char **out_message,
unsigned long *out_eventid, unsigned char skip_old_data)
{
const char *__function_name = "process_eventlog";
int ret = FAIL;
HANDLE eventlog_handle;
wchar_t *wsource;
zbx_uint64_t i, FirstID, LastID;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:" ZBX_FS_UI64, __function_name, source,
*lastlogsize);
/* From MSDN documentation: */
/* The RecordNumber member of EVENTLOGRECORD contains the record number for the event log record. */
/* The very first record written to an event log is record number 1, and other records are */
/* numbered sequentially. If the record number reaches ULONG_MAX, the next record number will be 0, */
/* not 1; however, you use zero to seek to the record. */
/* */
/* This RecordNumber wraparound is handled simply by using 64bit integer to calculate record */
/* numbers and then converting to DWORD values. */
*out_timestamp = 0;
*out_source = NULL;
*out_severity = 0;
*out_message = NULL;
*out_eventid = 0;
if (NULL == source || '\0' == *source)
{
zabbix_log(LOG_LEVEL_WARNING, "cannot open eventlog with empty name");
return ret;
}
wsource = zbx_utf8_to_unicode(source);
if (SUCCEED != zbx_open_eventlog(wsource, &eventlog_handle, &FirstID, &LastID))
{
zabbix_log(LOG_LEVEL_ERR, "cannot open eventlog '%s': %s", source,
strerror_from_system(GetLastError()));
goto out;
}
if (1 == skip_old_data)
{
*lastlogsize = LastID;
zabbix_log(LOG_LEVEL_DEBUG, "skipping existing data: lastlogsize:" ZBX_FS_UI64, *lastlogsize);
goto finish;
}
/* Having lastlogsize greater than LastID means that there was oldest event record */
/* (FirstID) wraparound. In this case we must also wrap the lastlogsize value. */
if (*lastlogsize > LastID)
*lastlogsize = (DWORD)*lastlogsize;
/* if the lastlogsize is still outside log record interval reset it to the oldest record number, */
/* otherwise set FirstID to the next record after lastlogsize, which is the first event record */
/* to read */
if (*lastlogsize > LastID || *lastlogsize < FirstID)
*lastlogsize = FirstID;
else
FirstID = *lastlogsize + 1;
for (i = FirstID; i <= LastID; i++)
{
/* convert to DWORD to handle possible event record number wraparound */
DWORD dwRecordNumber = (DWORD)i;
if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, dwRecordNumber, out_source,
out_message, out_severity, out_timestamp, out_eventid))
{
/* storing full (not truncated to DWORD) lastlogsize value makes */
/* easier to do event record number calculations during next call */
*lastlogsize = i;
break;
}
}
finish:
zbx_close_eventlog(eventlog_handle);
ret = SUCCEED;
out:
zbx_free(wsource);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
int process_eventlog(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp,
char **out_source, unsigned short *out_severity, char **out_message,
unsigned long *out_eventid, unsigned char skip_old_data)
{
const char *__function_name = "process_eventlog";
int ret = FAIL;
HANDLE eventlog_handle;
wchar_t *wsource;
zbx_uint64_t FirstID, LastID;
register long i;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:" ZBX_FS_UI64,
__function_name, source, *lastlogsize);
*out_timestamp = 0;
*out_source = NULL;
*out_severity = 0;
*out_message = NULL;
*out_eventid = 0;
if (NULL == source || '\0' == *source)
{
zabbix_log(LOG_LEVEL_WARNING, "cannot open eventlog with empty name");
return ret;
}
wsource = zbx_utf8_to_unicode(source);
if (SUCCEED == zbx_open_eventlog(wsource, &eventlog_handle,
&LastID /* number */, &FirstID /* oldest */))
{
LastID += FirstID;
if (1 == skip_old_data)
{
*lastlogsize = LastID - 1;
zabbix_log(LOG_LEVEL_DEBUG, "skipping existing data: lastlogsize:" ZBX_FS_UI64, *lastlogsize);
}
if (*lastlogsize > LastID)
*lastlogsize = FirstID;
else if (*lastlogsize >= FirstID)
FirstID = (long)*lastlogsize + 1;
for (i = (long)FirstID; i < LastID; i++)
{
if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, i, out_source, out_message,
out_severity, out_timestamp, out_eventid))
{
*lastlogsize = i;
break;
}
}
zbx_close_eventlog(eventlog_handle);
ret = SUCCEED;
}
else
zabbix_log(LOG_LEVEL_ERR, "cannot open eventlog '%s': %s", source,
strerror_from_system(GetLastError()));
zbx_free(wsource);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
int process_eventlog(const char *source, zbx_uint64_t *lastlogsize, unsigned long *out_timestamp, char **out_source,
unsigned short *out_severity, char **out_message, unsigned long *out_eventid, unsigned char skip_old_data, void **pcontext)
{
const char *__function_name = "process_eventlog";
int ret = FAIL;
HANDLE eventlog_handle;
long FirstID, LastID;
register long i;
LPTSTR wsource;
OSVERSIONINFO versionInfo;
assert(NULL != lastlogsize);
assert(NULL != out_timestamp);
assert(NULL != out_source);
assert(NULL != out_severity);
assert(NULL != out_message);
assert(NULL != out_eventid);
zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:" ZBX_FS_UI64,
__function_name, source, *lastlogsize);
*out_timestamp = 0;
*out_source = NULL;
*out_severity = 0;
*out_message = NULL;
*out_eventid = 0;
if (NULL == source || '\0' == *source)
{
zabbix_log(LOG_LEVEL_WARNING, "cannot open eventlog with empty name");
return ret;
}
wsource = zbx_utf8_to_unicode(source);
versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&versionInfo);
if (versionInfo.dwMajorVersion >= 6)
{
ret = zbx_get_eventlog_message_xpath(wsource, lastlogsize, out_source, out_message,
out_severity, out_timestamp, out_eventid, skip_old_data, pcontext);
}
else if (SUCCEED == zbx_open_eventlog(wsource, &eventlog_handle, &LastID /* number */, &FirstID /* oldest */))
{
LastID += FirstID;
if (1 == skip_old_data)
{
*lastlogsize = LastID - 1;
zabbix_log(LOG_LEVEL_DEBUG, "skipping existing data: lastlogsize:" ZBX_FS_UI64, *lastlogsize);
}
if (*lastlogsize > LastID)
*lastlogsize = FirstID;
else if (*lastlogsize >= FirstID)
FirstID = (*lastlogsize) + 1;
for (i = FirstID; i < LastID; i++)
{
if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, i, out_source, out_message,
out_severity, out_timestamp, out_eventid))
{
*lastlogsize = i;
break;
}
}
zbx_close_eventlog(eventlog_handle);
ret = SUCCEED;
}
else
zabbix_log(LOG_LEVEL_ERR, "cannot open eventlog '%s': %s", source, strerror_from_system(GetLastError()));
zbx_free(wsource);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
int process_eventlog(const char *source, long *lastlogsize, unsigned long *out_timestamp, char **out_source,
unsigned short *out_severity, char **out_message, unsigned long *out_eventid)
{
const char *__function_name = "process_eventlog";
int ret = FAIL;
HANDLE eventlog_handle;
long FirstID, LastID;
register long i;
LPTSTR wsource;
assert(lastlogsize);
assert(out_timestamp);
assert(out_source);
assert(out_severity);
assert(out_message);
assert(out_eventid);
*out_timestamp = 0;
*out_source = NULL;
*out_severity = 0;
*out_message = NULL;
*out_eventid = 0;
zabbix_log(LOG_LEVEL_DEBUG, "In %s() source:'%s' lastlogsize:%ld",
__function_name, source, *lastlogsize);
if (NULL == source || '\0' == *source)
{
zabbix_log(LOG_LEVEL_WARNING, "Can't open eventlog with empty name");
return ret;
}
wsource = zbx_utf8_to_unicode(source);
if (SUCCEED == zbx_open_eventlog(wsource, &eventlog_handle, &LastID /* number */, &FirstID /* oldest */))
{
LastID += FirstID;
if (*lastlogsize > LastID)
*lastlogsize = FirstID;
else if (*lastlogsize >= FirstID)
FirstID = (*lastlogsize) + 1;
for (i = FirstID; i < LastID; i++)
{
if (SUCCEED == zbx_get_eventlog_message(wsource, eventlog_handle, i, out_source, out_message,
out_severity, out_timestamp, out_eventid))
{
*lastlogsize = i;
break;
}
}
zbx_close_eventlog(eventlog_handle);
ret = SUCCEED;
}
else
zabbix_log(LOG_LEVEL_ERR, "Can't open eventlog '%s' [%s]",
source, strerror_from_system(GetLastError()));
zbx_free(wsource);
zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __function_name, zbx_result_string(ret));
return ret;
}
