diff options
-rw-r--r-- | docs/log/README | 3 | ||||
-rw-r--r-- | include/wolf/log.h | 2 | ||||
-rw-r--r-- | src/log.c | 46 | ||||
-rw-r--r-- | src/wolfmsg.mc | 12 | ||||
-rw-r--r-- | tests/log/test_log.c | 2 |
5 files changed, 53 insertions, 12 deletions
diff --git a/docs/log/README b/docs/log/README index 0fa8acd..1d705e5 100644 --- a/docs/log/README +++ b/docs/log/README @@ -44,3 +44,6 @@ log4cplus is the only library to handle the current user SID. log4cplus adds the event source to the registry. .NET at least cares to install a dummy message DLL with a %1's in them. + +Good articles: +- http://www.codeproject.com/KB/dotnet/evtvwr.aspx diff --git a/include/wolf/log.h b/include/wolf/log.h index 1a81083..18b0a08 100644 --- a/include/wolf/log.h +++ b/include/wolf/log.h @@ -203,12 +203,14 @@ void wolf_log_openlogtosyslog( const char *ident, * Open a channel to the Windows event logger. * * @param server name of the server to log to, NULL if local computer + * @param log name of the log, usually this should be 'Application' * @param source name of the event log source * @param level one out of wolf_log_level_t, the minimal level which * should be logged into the event log * */ void wolf_log_openlogtoeventlog( const char *server, + const char *log, const char *source, wolf_log_level_t level ); #endif /* defined HAVE_EVENTLOG */ @@ -17,8 +17,8 @@ #include "log.h" -#include "port/stdio.h" /* for vsnprintf */ -#include "port/string.h" /* for strcmp, strerror_r */ +#include "port/stdio.h" /* for vsnprintf, snprintf */ +#include "port/string.h" /* for strcmp, strerror_r, strlen */ #include "port/time.h" /* for localtime_r, strftime, time * time_t, struct tm */ @@ -350,6 +350,7 @@ static int syslog_options; static HANDLE event_source = 0; static int eventlog_level; static const char *eventlog_server; +static const char *eventlog_log; static const char *eventlog_source; static PSID sid = NULL; #endif /* defined HAVE_EVENTLOG */ @@ -392,7 +393,34 @@ void wolf_log_openlogtosyslog( const char *ident, #if defined HAVE_EVENTLOG -PSID get_current_sid( void ) { +static void registry_set_expandable_string( HKEY h, TCHAR *name, TCHAR *value ) { + RegSetValueEx( h, name, 0, REG_EXPAND_SZ, (LPBYTE)value, strlen( value ) ); +} + +static void registry_set_word( HKEY h, TCHAR *name, DWORD value ) { + RegSetValueEx( h, name, 0, REG_DWORD, (LPBYTE)&value, sizeof( DWORD ) ); +} + +static void register_event_source( const char *log, const char *source ) { + char key[256]; + HKEY h = 0; + DWORD disposition; + + /* compose the registry key and simply overwrite the values there, we know */ + snprintf( key, 256, "SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s", log, source ); + RegCreateKeyEx( HKEY_LOCAL_MACHINE, key, 0, NULL, REG_OPTION_NON_VOLATILE, + KEY_SET_VALUE, NULL, &h, &disposition ); + + /* make sure not to have hard-coded pathes here, otherwise remote + * event logging will not work! */ + registry_set_expandable_string( h, "EventMessageFile", "%SystemRoot%\\System32\\wolfmsg.dll" ); + registry_set_expandable_string( h, "CategoryMessageFile", "%SystemRoot%\\System32\\wolfmsg.dll" ); + registry_set_word( h, "TypesSupported", (DWORD)7 ); + registry_set_word( h, "CategoryCount", (DWORD)2 ); + RegCloseKey( h ); +} + +static PSID get_current_sid( void ) { HANDLE process = NULL; HANDLE token = NULL; DWORD token_user_size = 0; @@ -456,12 +484,20 @@ PSID get_current_sid( void ) { } void wolf_log_openlogtoeventlog( const char *server, + const char *log, const char *source, wolf_log_level_t level ) { eventlog_server = server; + eventlog_log = log; eventlog_source = source; eventlog_level = level; + /* fiddle in the registry and register the location of the + * message DLL, how many categories we define and what types + * of events we are supporting + */ + register_event_source( log, source ); + /* for logging the user of the process into the event log */ sid = get_current_sid( ); @@ -597,8 +633,8 @@ void WOLF_LOG( wolf_log_level_t level, const char *format, ... ) { if( !ReportEvent( event_source, /* event source handle */ wolf_log_level_to_eventlog_type( level ), - 0, /* TODO: event category */ - 0, /* TODO: event identifier */ + 0x0FFF0001L
, /* event category */ + 0xCFFF0100L
, /* event identifier */ sid, /* the security identifier */ 2, /* at the moment only one string */ 0, /* no binary raw data */ diff --git a/src/wolfmsg.mc b/src/wolfmsg.mc index bfe6518..0ef6c04 100644 --- a/src/wolfmsg.mc +++ b/src/wolfmsg.mc @@ -1,11 +1,5 @@ ;// messages file for wolf messages -;// the type used in the event id constants generated -;// (32=bit wide at least, we wan't to user those ids -;// also in the Unix code, so defining it to something -;// POSIXish) -MessageIdTypedef = uint32_t - ;// event log severity levels (severity bits) SeverityNames = ( Success = 0x0 : STATUS_SEVERITY_SUCCESS @@ -32,12 +26,16 @@ LanguageNames = ( ;// by one. MessageId = 0x1 +Facility = Application +Severity = Success SymbolicName = WOLF_CATEGORY_1 Language = English Wolf Category 1 . MessageId = 0x2 +Facility = Application +Severity = Success SymbolicName = WOLF_CATEGORY_2 Language = English Wolf Category 2 @@ -45,6 +43,8 @@ Wolf Category 2 ;// event messages from here +MessageIdTypedef = DWORD + MessageId = 0x100 Severity = Error Facility = Application diff --git a/tests/log/test_log.c b/tests/log/test_log.c index 2e2a28a..121f257 100644 --- a/tests/log/test_log.c +++ b/tests/log/test_log.c @@ -10,7 +10,7 @@ int main( void ) { WOLF_LOG_SYSLOG_DEFAULT_OPTIONS ); #endif #if defined WOLF_LOG_HAVE_EVENTLOG - wolf_log_openlogtoeventlog( NULL, "wolf_log_test", WOLF_LOG_NOTICE ); + wolf_log_openlogtoeventlog( NULL, "Application", "wolf_log_test", WOLF_LOG_NOTICE ); #endif WOLF_LOG( WOLF_LOG_NOTICE, "Started the logger" ); |