(SIGAR-190) add category to EventLogRecord

This commit is contained in:
Doug MacEachern 2009-11-09 16:17:37 -08:00
parent b1352e2f76
commit 3e4a408f74
2 changed files with 83 additions and 11 deletions

View File

@ -69,7 +69,7 @@ static HANDLE win32_get_pointer(JNIEnv *env, jobject obj)
return h; return h;
} }
static int get_messagefile_dll(LPWSTR app, LPWSTR source, LPWSTR dllfile) static int get_messagefile_dll(LPWSTR app, LPWSTR source, LPWSTR entry, LPWSTR dllfile)
{ {
HKEY hk; HKEY hk;
WCHAR buf[MAX_MSG_LENGTH]; WCHAR buf[MAX_MSG_LENGTH];
@ -87,7 +87,7 @@ static int get_messagefile_dll(LPWSTR app, LPWSTR source, LPWSTR dllfile)
return rc; return rc;
} }
rc = RegQueryValueEx(hk, L"EventMessageFile", NULL, &type, rc = RegQueryValueEx(hk, entry, NULL, &type,
(LPBYTE)buf, &data); (LPBYTE)buf, &data);
if (rc) { if (rc) {
RegCloseKey(hk); RegCloseKey(hk);
@ -102,7 +102,9 @@ static int get_messagefile_dll(LPWSTR app, LPWSTR source, LPWSTR dllfile)
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
static int get_formatted_message(EVENTLOGRECORD *pevlr, LPWSTR dllfile, static int get_formatted_message(EVENTLOGRECORD *pevlr,
DWORD id,
LPWSTR dllfile,
LPWSTR msg) LPWSTR msg)
{ {
LPVOID msgbuf = NULL; LPVOID msgbuf = NULL;
@ -121,11 +123,13 @@ static int get_formatted_message(EVENTLOGRECORD *pevlr, LPWSTR dllfile,
} }
memset(insert_strs, '\0', sizeof(insert_strs)); memset(insert_strs, '\0', sizeof(insert_strs));
if (pevlr) {
ptr = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset); ptr = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset);
for (i = 0; i < pevlr->NumStrings && i < max; i++) { for (i = 0; i < pevlr->NumStrings && i < max; i++) {
insert_strs[i] = ptr; insert_strs[i] = ptr;
ptr += wcslen(ptr) + 1; ptr += wcslen(ptr) + 1;
} }
}
ptr = wcstok(msgdll, FILESEP); ptr = wcstok(msgdll, FILESEP);
while (ptr) { while (ptr) {
@ -136,7 +140,7 @@ static int get_formatted_message(EVENTLOGRECORD *pevlr, LPWSTR dllfile,
if (hlib) { if (hlib) {
FormatMessage(flags, FormatMessage(flags,
hlib, hlib,
pevlr->EventID, id,
MAKELANGID(LANG_NEUTRAL, SUBLANG_ENGLISH_US), MAKELANGID(LANG_NEUTRAL, SUBLANG_ENGLISH_US),
(LPWSTR) &msgbuf, (LPWSTR) &msgbuf,
sizeof(msgbuf), //min bytes w/ FORMAT_MESSAGE_ALLOCATE_BUFFER sizeof(msgbuf), //min bytes w/ FORMAT_MESSAGE_ALLOCATE_BUFFER
@ -161,6 +165,29 @@ static int get_formatted_message(EVENTLOGRECORD *pevlr, LPWSTR dllfile,
} }
} }
static int get_formatted_event_message(EVENTLOGRECORD *pevlr, LPWSTR name, LPWSTR source, LPWSTR msg)
{
WCHAR dllfile[MAX_MSG_LENGTH];
if (get_messagefile_dll(name, source, L"EventMessageFile", dllfile) != ERROR_SUCCESS) {
return !ERROR_SUCCESS;
}
return get_formatted_message(pevlr, pevlr->EventID, dllfile, msg);
}
static int get_formatted_event_category(EVENTLOGRECORD *pevlr, LPWSTR name, LPWSTR source, LPWSTR msg)
{
WCHAR dllfile[MAX_MSG_LENGTH];
if (get_messagefile_dll(name, source, L"CategoryMessageFile", dllfile) != ERROR_SUCCESS) {
return !ERROR_SUCCESS;
}
return get_formatted_message(NULL, pevlr->EventCategory, dllfile, msg);
}
JNIEXPORT void SIGAR_JNI(win32_EventLog_openlog) JNIEXPORT void SIGAR_JNI(win32_EventLog_openlog)
(JNIEnv *env, jobject obj, jstring lpSourceName) (JNIEnv *env, jobject obj, jstring lpSourceName)
{ {
@ -229,7 +256,6 @@ JNIEXPORT jobject SIGAR_JNI(win32_EventLog_readlog)
{ {
EVENTLOGRECORD *pevlr; EVENTLOGRECORD *pevlr;
BYTE buffer[8192]; BYTE buffer[8192];
WCHAR dllfile[MAX_MSG_LENGTH];
WCHAR msg[MAX_MSG_LENGTH]; WCHAR msg[MAX_MSG_LENGTH];
DWORD dwRead, dwNeeded; DWORD dwRead, dwNeeded;
LPWSTR source, machineName; LPWSTR source, machineName;
@ -239,6 +265,7 @@ JNIEXPORT jobject SIGAR_JNI(win32_EventLog_readlog)
jfieldID id; jfieldID id;
jstring value; jstring value;
LPWSTR name; LPWSTR name;
BOOL has_category = FALSE; /* 1.6.x compat */
h = win32_get_pointer(env, obj); h = win32_get_pointer(env, obj);
@ -283,6 +310,18 @@ JNIEXPORT jobject SIGAR_JNI(win32_EventLog_readlog)
id = JENV->GetFieldID(env, cls, "eventType", "S"); id = JENV->GetFieldID(env, cls, "eventType", "S");
JENV->SetShortField(env, obj, id, pevlr->EventType); JENV->SetShortField(env, obj, id, pevlr->EventType);
if (!JENV->ExceptionOccurred(env)) { /* careful not to clear any existing exception */
id = JENV->GetFieldID(env, cls, "category", "S");
if (JENV->ExceptionOccurred(env)) {
/* older version of sigar.jar being used with sigar.dll */
JENV->ExceptionClear(env);
}
else {
has_category = TRUE;
JENV->SetShortField(env, obj, id, pevlr->EventCategory);
}
}
/* Extract string data from the end of the structure. Lame. */ /* Extract string data from the end of the structure. Lame. */
source = (LPWSTR)((LPBYTE)pevlr + sizeof(EVENTLOGRECORD)); source = (LPWSTR)((LPBYTE)pevlr + sizeof(EVENTLOGRECORD));
@ -292,8 +331,7 @@ JNIEXPORT jobject SIGAR_JNI(win32_EventLog_readlog)
/* Get the formatted message */ /* Get the formatted message */
if ((pevlr->NumStrings > 0) && if ((pevlr->NumStrings > 0) &&
(get_messagefile_dll(name, source, dllfile) == ERROR_SUCCESS) && (get_formatted_event_message(pevlr, name, source, msg) == ERROR_SUCCESS))
(get_formatted_message(pevlr, dllfile, msg) == ERROR_SUCCESS))
{ {
UNICODE_SetStringField("message", msg); UNICODE_SetStringField("message", msg);
} }
@ -301,6 +339,14 @@ JNIEXPORT jobject SIGAR_JNI(win32_EventLog_readlog)
LPWSTR tmp = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset); LPWSTR tmp = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset);
UNICODE_SetStringField("message", tmp); UNICODE_SetStringField("message", tmp);
} }
/* Get the formatted category */
if (has_category &&
(get_formatted_event_category(pevlr, name, source, msg) == ERROR_SUCCESS))
{
UNICODE_SetStringField("categoryString", msg);
}
JENV->ReleaseStringChars(env, jname, name); JENV->ReleaseStringChars(env, jname, name);
/* Increment up to the machine name. */ /* Increment up to the machine name. */

View File

@ -31,7 +31,9 @@ public class EventLogRecord {
long eventId; long eventId;
short eventType; short eventType;
short category;
String categoryString;
String source; String source;
String computerName; String computerName;
String user; String user;
@ -112,6 +114,29 @@ public class EventLogRecord {
} }
} }
/**
* Get the category for this event.
* The meaning of this value depends on the event source.
*/
public short getCategory() {
return this.category;
}
/**
* Get the formatted string for the category.
*/
public String getCategoryString() {
if (this.categoryString != null) {
return this.categoryString.trim();
}
if (this.category == 0) {
return "None";
}
else {
return "(" + this.category + ")";
}
}
/** /**
* Get the application which triggered the event * Get the application which triggered the event
*/ */
@ -157,6 +182,7 @@ public class EventLogRecord {
"[" + new Date(getTimeGenerated() * 1000) + "] " + "[" + new Date(getTimeGenerated() * 1000) + "] " +
"[" + getEventTypeString() + "] " + "[" + getEventTypeString() + "] " +
"[" + getSource() + "] " + "[" + getSource() + "] " +
"[" + getCategoryString() + "] " +
getMessage(); getMessage();
} }
} }