2009-01-08 19:13:22 +01:00
/*
Unix SMB / CIFS implementation .
RPC pipe client
Copyright ( C ) Günther Deschner 2009
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
# include "rpcclient.h"
2010-08-06 14:52:58 +02:00
# include "../librpc/gen_ndr/ndr_eventlog.h"
2011-01-11 16:22:55 +01:00
# include "../librpc/gen_ndr/ndr_eventlog_c.h"
2010-08-19 23:15:22 +02:00
# include "rpc_client/init_lsa.h"
2009-01-08 19:13:22 +01:00
static NTSTATUS get_eventlog_handle ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
const char * log ,
struct policy_handle * handle )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-08 19:13:22 +01:00
struct eventlog_OpenUnknown0 unknown0 ;
struct lsa_String logname , servername ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-08 19:13:22 +01:00
unknown0 . unknown0 = 0x005c ;
unknown0 . unknown1 = 0x0001 ;
init_lsa_String ( & logname , log ) ;
init_lsa_String ( & servername , NULL ) ;
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_OpenEventLogW ( b , mem_ctx ,
2009-01-08 19:13:22 +01:00
& unknown0 ,
& logname ,
& servername ,
0x00000001 , /* major */
0x00000001 , /* minor */
2011-01-11 16:22:55 +01:00
handle ,
& result ) ;
2009-01-08 19:13:22 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-11 16:22:55 +01:00
return result ;
2009-01-08 19:13:22 +01:00
}
static NTSTATUS cmd_eventlog_readlog ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2009-01-16 12:18:21 +01:00
NTSTATUS status = NT_STATUS_OK ;
2011-01-11 16:22:55 +01:00
NTSTATUS result = NT_STATUS_OK ;
2009-01-08 19:13:22 +01:00
struct policy_handle handle ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-08 19:13:22 +01:00
uint32_t flags = EVENTLOG_BACKWARDS_READ |
EVENTLOG_SEQUENTIAL_READ ;
uint32_t offset = 0 ;
uint32_t number_of_bytes = 0 ;
2012-12-21 15:52:02 +01:00
uint8_t * data ;
2009-01-08 19:13:22 +01:00
uint32_t sent_size = 0 ;
uint32_t real_size = 0 ;
2009-01-12 16:16:24 +01:00
if ( argc < 2 | | argc > 4 ) {
2009-01-16 12:18:21 +01:00
printf ( " Usage: %s logname [offset] [number_of_bytes] \n " , argv [ 0 ] ) ;
2009-01-08 19:13:22 +01:00
return NT_STATUS_OK ;
}
2009-01-12 16:16:24 +01:00
if ( argc > = 3 ) {
offset = atoi ( argv [ 2 ] ) ;
}
2009-01-16 12:18:21 +01:00
if ( argc > = 4 ) {
number_of_bytes = atoi ( argv [ 3 ] ) ;
}
2009-01-08 19:13:22 +01:00
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2012-12-21 15:52:02 +01:00
data = talloc_array ( mem_ctx , uint8_t , number_of_bytes ) ;
if ( data = = NULL ) {
goto done ;
}
2009-01-16 12:18:21 +01:00
do {
enum ndr_err_code ndr_err ;
DATA_BLOB blob ;
struct EVENTLOGRECORD r ;
uint32_t size = 0 ;
uint32_t pos = 0 ;
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_ReadEventLogW ( b , mem_ctx ,
2009-01-08 19:13:22 +01:00
& handle ,
flags ,
offset ,
number_of_bytes ,
data ,
& sent_size ,
2011-01-11 16:22:55 +01:00
& real_size ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
if ( NT_STATUS_EQUAL ( result , NT_STATUS_BUFFER_TOO_SMALL ) & &
2009-01-12 16:16:24 +01:00
real_size > 0 ) {
2009-01-08 19:13:22 +01:00
number_of_bytes = real_size ;
2012-12-21 15:52:02 +01:00
data = talloc_realloc ( mem_ctx , data , uint8_t , real_size ) ;
if ( data = = NULL ) {
2009-01-16 12:18:21 +01:00
goto done ;
}
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_ReadEventLogW ( b , mem_ctx ,
2009-01-16 12:18:21 +01:00
& handle ,
flags ,
offset ,
number_of_bytes ,
data ,
& sent_size ,
2011-01-11 16:22:55 +01:00
& real_size ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2009-01-08 19:13:22 +01:00
}
2011-01-11 16:22:55 +01:00
if ( ! NT_STATUS_EQUAL ( result , NT_STATUS_END_OF_FILE ) & &
! NT_STATUS_IS_OK ( result ) ) {
2009-01-12 16:16:24 +01:00
goto done ;
2009-01-08 19:13:22 +01:00
}
2009-01-16 12:18:21 +01:00
number_of_bytes = 0 ;
size = IVAL ( data , pos ) ;
2009-01-08 19:13:22 +01:00
2009-01-16 12:18:21 +01:00
while ( size > 0 ) {
2009-01-08 19:13:22 +01:00
2009-01-16 12:18:21 +01:00
blob = data_blob_const ( data + pos , size ) ;
/* dump_data(0, blob.data, blob.length); */
2010-05-10 00:42:06 +02:00
ndr_err = ndr_pull_struct_blob_all ( & blob , mem_ctx , & r ,
2009-01-16 12:18:21 +01:00
( ndr_pull_flags_fn_t ) ndr_pull_EVENTLOGRECORD ) ;
2009-01-08 19:13:22 +01:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2009-01-12 16:16:24 +01:00
status = ndr_map_error2ntstatus ( ndr_err ) ;
goto done ;
2009-01-08 19:13:22 +01:00
}
2009-01-16 12:18:21 +01:00
NDR_PRINT_DEBUG ( EVENTLOGRECORD , & r ) ;
pos + = size ;
if ( pos + 4 > sent_size ) {
break ;
}
size = IVAL ( data , pos ) ;
2009-01-08 19:13:22 +01:00
}
offset + + ;
2009-01-16 12:18:21 +01:00
2011-01-11 16:22:55 +01:00
} while ( NT_STATUS_IS_OK ( result ) ) ;
2009-01-08 19:13:22 +01:00
2009-01-12 16:16:24 +01:00
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_CloseEventLog ( b , mem_ctx , & handle , & result ) ;
2009-01-12 16:16:24 +01:00
2009-01-08 19:13:22 +01:00
return status ;
}
static NTSTATUS cmd_eventlog_numrecords ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-08 19:13:22 +01:00
struct policy_handle handle ;
uint32_t number = 0 ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-08 19:13:22 +01:00
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_GetNumRecords ( b , mem_ctx ,
2009-01-08 19:13:22 +01:00
& handle ,
2011-01-11 16:22:55 +01:00
& number ,
& result ) ;
2009-01-08 19:13:22 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-01-12 16:16:24 +01:00
goto done ;
2009-01-08 19:13:22 +01:00
}
2011-01-11 16:22:55 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2009-01-08 19:13:22 +01:00
printf ( " number of records: %d \n " , number ) ;
2009-01-12 16:16:24 +01:00
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_CloseEventLog ( b , mem_ctx , & handle , & result ) ;
2009-01-12 16:16:24 +01:00
return status ;
2009-01-08 19:13:22 +01:00
}
static NTSTATUS cmd_eventlog_oldestrecord ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-08 19:13:22 +01:00
struct policy_handle handle ;
uint32_t oldest_entry = 0 ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-08 19:13:22 +01:00
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_GetOldestRecord ( b , mem_ctx ,
2009-01-08 19:13:22 +01:00
& handle ,
2011-01-11 16:22:55 +01:00
& oldest_entry ,
& result ) ;
2009-01-08 19:13:22 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2009-01-12 16:16:24 +01:00
goto done ;
2009-01-08 19:13:22 +01:00
}
2011-01-11 16:22:55 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2009-01-08 19:13:22 +01:00
printf ( " oldest entry: %d \n " , oldest_entry ) ;
2009-01-12 16:16:24 +01:00
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_CloseEventLog ( b , mem_ctx , & handle , & result ) ;
2009-01-12 16:16:24 +01:00
return status ;
2009-01-08 19:13:22 +01:00
}
2009-01-20 19:09:53 +01:00
static NTSTATUS cmd_eventlog_reportevent ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-20 19:09:53 +01:00
struct policy_handle handle ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-20 19:09:53 +01:00
uint16_t num_of_strings = 1 ;
uint32_t data_size = 0 ;
struct lsa_String servername ;
struct lsa_String * strings ;
uint8_t * data = NULL ;
uint32_t record_number = 0 ;
time_t time_written = 0 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
strings = talloc_array ( mem_ctx , struct lsa_String , num_of_strings ) ;
if ( ! strings ) {
return NT_STATUS_NO_MEMORY ;
}
init_lsa_String ( & strings [ 0 ] , " test event written by rpcclient \n " ) ;
init_lsa_String ( & servername , NULL ) ;
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_ReportEventW ( b , mem_ctx ,
2009-01-20 19:09:53 +01:00
& handle ,
time ( NULL ) ,
EVENTLOG_INFORMATION_TYPE ,
0 , /* event_category */
0 , /* event_id */
num_of_strings ,
data_size ,
& servername ,
NULL , /* user_sid */
& strings ,
data ,
0 , /* flags */
& record_number ,
2011-01-11 16:22:55 +01:00
& time_written ,
& result ) ;
2009-01-20 19:09:53 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2011-01-11 16:22:55 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2009-01-20 19:09:53 +01:00
printf ( " entry: %d written at %s \n " , record_number ,
http_timestring ( talloc_tos ( ) , time_written ) ) ;
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_CloseEventLog ( b , mem_ctx , & handle , & result ) ;
2009-01-20 19:09:53 +01:00
return status ;
}
2009-01-20 19:26:41 +01:00
static NTSTATUS cmd_eventlog_reporteventsource ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-20 19:26:41 +01:00
struct policy_handle handle ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-20 19:26:41 +01:00
uint16_t num_of_strings = 1 ;
uint32_t data_size = 0 ;
struct lsa_String servername , sourcename ;
struct lsa_String * strings ;
uint8_t * data = NULL ;
uint32_t record_number = 0 ;
time_t time_written = 0 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
strings = talloc_array ( mem_ctx , struct lsa_String , num_of_strings ) ;
if ( ! strings ) {
return NT_STATUS_NO_MEMORY ;
}
init_lsa_String ( & strings [ 0 ] , " test event written by rpcclient \n " ) ;
init_lsa_String ( & servername , NULL ) ;
init_lsa_String ( & sourcename , " rpcclient " ) ;
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_ReportEventAndSourceW ( b , mem_ctx ,
2009-01-20 19:26:41 +01:00
& handle ,
time ( NULL ) ,
EVENTLOG_INFORMATION_TYPE ,
0 , /* event_category */
0 , /* event_id */
& sourcename ,
num_of_strings ,
data_size ,
& servername ,
NULL , /* user_sid */
& strings ,
data ,
0 , /* flags */
& record_number ,
2011-01-11 16:22:55 +01:00
& time_written ,
& result ) ;
2009-01-20 19:26:41 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2011-01-11 16:22:55 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2009-01-20 19:26:41 +01:00
printf ( " entry: %d written at %s \n " , record_number ,
http_timestring ( talloc_tos ( ) , time_written ) ) ;
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_CloseEventLog ( b , mem_ctx , & handle , & result ) ;
2009-01-20 19:26:41 +01:00
return status ;
}
2009-01-20 20:10:16 +01:00
static NTSTATUS cmd_eventlog_registerevsource ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-20 20:10:16 +01:00
struct policy_handle log_handle ;
struct lsa_String module_name , reg_module_name ;
struct eventlog_OpenUnknown0 unknown0 ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-20 20:10:16 +01:00
unknown0 . unknown0 = 0x005c ;
unknown0 . unknown1 = 0x0001 ;
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
init_lsa_String ( & module_name , " rpcclient " ) ;
init_lsa_String ( & reg_module_name , NULL ) ;
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_RegisterEventSourceW ( b , mem_ctx ,
2009-01-20 20:10:16 +01:00
& unknown0 ,
& module_name ,
& reg_module_name ,
1 , /* major_version */
1 , /* minor_version */
2011-01-11 16:22:55 +01:00
& log_handle ,
& result ) ;
2009-01-20 20:10:16 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2011-01-11 16:22:55 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2009-01-20 20:10:16 +01:00
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_DeregisterEventSource ( b , mem_ctx , & log_handle , & result ) ;
2009-01-20 20:10:16 +01:00
return status ;
}
2009-01-20 22:18:29 +01:00
static NTSTATUS cmd_eventlog_backuplog ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-20 22:18:29 +01:00
struct policy_handle handle ;
struct lsa_String backup_filename ;
const char * tmp ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-20 22:18:29 +01:00
if ( argc ! = 3 ) {
printf ( " Usage: %s logname backupname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
tmp = talloc_asprintf ( mem_ctx , " \\ ?? \\ %s " , argv [ 2 ] ) ;
if ( ! tmp ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
init_lsa_String ( & backup_filename , tmp ) ;
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_BackupEventLogW ( b , mem_ctx ,
2009-01-20 22:18:29 +01:00
& handle ,
2011-01-11 16:22:55 +01:00
& backup_filename ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2009-01-20 22:18:29 +01:00
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_CloseEventLog ( b , mem_ctx , & handle , & result ) ;
2009-01-20 22:18:29 +01:00
return status ;
}
2009-01-20 23:01:58 +01:00
static NTSTATUS cmd_eventlog_loginfo ( struct rpc_pipe_client * cli ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
2011-01-11 16:22:55 +01:00
NTSTATUS status , result ;
2009-01-20 23:01:58 +01:00
struct policy_handle handle ;
uint8_t * buffer = NULL ;
uint32_t buf_size = 0 ;
uint32_t bytes_needed = 0 ;
2011-01-11 16:22:55 +01:00
struct dcerpc_binding_handle * b = cli - > binding_handle ;
2009-01-20 23:01:58 +01:00
if ( argc ! = 2 ) {
printf ( " Usage: %s logname \n " , argv [ 0 ] ) ;
return NT_STATUS_OK ;
}
status = get_eventlog_handle ( cli , mem_ctx , argv [ 1 ] , & handle ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2012-12-21 15:58:49 +01:00
buffer = talloc_array ( mem_ctx , uint8_t , bytes_needed ) ;
if ( buffer = = NULL ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_GetLogInformation ( b , mem_ctx ,
2009-01-20 23:01:58 +01:00
& handle ,
0 , /* level */
buffer ,
buf_size ,
2011-01-11 16:22:55 +01:00
& bytes_needed ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
if ( ! NT_STATUS_IS_OK ( result ) & &
! NT_STATUS_EQUAL ( result , NT_STATUS_BUFFER_TOO_SMALL ) ) {
2009-01-20 23:01:58 +01:00
goto done ;
}
buf_size = bytes_needed ;
2012-12-21 15:58:49 +01:00
buffer = talloc_realloc ( mem_ctx , buffer , uint8_t , bytes_needed ) ;
if ( buffer = = NULL ) {
2009-01-20 23:01:58 +01:00
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
2011-01-11 16:22:55 +01:00
status = dcerpc_eventlog_GetLogInformation ( b , mem_ctx ,
2009-01-20 23:01:58 +01:00
& handle ,
0 , /* level */
buffer ,
buf_size ,
2011-01-11 16:22:55 +01:00
& bytes_needed ,
& result ) ;
2009-01-20 23:01:58 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
2011-01-11 16:22:55 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
status = result ;
goto done ;
}
2009-01-20 23:01:58 +01:00
done :
2011-01-11 16:22:55 +01:00
dcerpc_eventlog_CloseEventLog ( b , mem_ctx , & handle , & result ) ;
2009-01-20 23:01:58 +01:00
return status ;
}
2009-01-20 19:09:53 +01:00
2009-01-08 19:13:22 +01:00
struct cmd_set eventlog_commands [ ] = {
{ " EVENTLOG " } ,
2012-01-10 21:53:42 +11:00
{ " eventlog_readlog " , RPC_RTYPE_NTSTATUS , cmd_eventlog_readlog , NULL , & ndr_table_eventlog , NULL , " Read Eventlog " , " " } ,
{ " eventlog_numrecord " , RPC_RTYPE_NTSTATUS , cmd_eventlog_numrecords , NULL , & ndr_table_eventlog , NULL , " Get number of records " , " " } ,
{ " eventlog_oldestrecord " , RPC_RTYPE_NTSTATUS , cmd_eventlog_oldestrecord , NULL , & ndr_table_eventlog , NULL , " Get oldest record " , " " } ,
{ " eventlog_reportevent " , RPC_RTYPE_NTSTATUS , cmd_eventlog_reportevent , NULL , & ndr_table_eventlog , NULL , " Report event " , " " } ,
{ " eventlog_reporteventsource " , RPC_RTYPE_NTSTATUS , cmd_eventlog_reporteventsource , NULL , & ndr_table_eventlog , NULL , " Report event and source " , " " } ,
{ " eventlog_registerevsource " , RPC_RTYPE_NTSTATUS , cmd_eventlog_registerevsource , NULL , & ndr_table_eventlog , NULL , " Register event source " , " " } ,
{ " eventlog_backuplog " , RPC_RTYPE_NTSTATUS , cmd_eventlog_backuplog , NULL , & ndr_table_eventlog , NULL , " Backup Eventlog File " , " " } ,
{ " eventlog_loginfo " , RPC_RTYPE_NTSTATUS , cmd_eventlog_loginfo , NULL , & ndr_table_eventlog , NULL , " Get Eventlog Information " , " " } ,
2009-01-08 19:13:22 +01:00
{ NULL }
} ;