winevt_c 0.7.3 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +55 -0
- data/example/eventlog.rb +5 -1
- data/example/locale.rb +13 -0
- data/example/tailing.rb +7 -1
- data/ext/winevt/winevt.c +7 -0
- data/ext/winevt/winevt_bookmark.c +2 -0
- data/ext/winevt/winevt_c.h +40 -7
- data/ext/winevt/winevt_channel.c +2 -0
- data/ext/winevt/winevt_locale.c +92 -0
- data/ext/winevt/winevt_locale_info.c +68 -0
- data/ext/winevt/winevt_query.c +164 -13
- data/ext/winevt/winevt_session.c +425 -0
- data/ext/winevt/winevt_subscribe.c +173 -15
- data/ext/winevt/winevt_utils.cpp +25 -3
- data/lib/winevt.rb +1 -0
- data/lib/winevt/session.rb +15 -0
- data/lib/winevt/subscribe.rb +5 -2
- data/lib/winevt/version.rb +1 -1
- metadata +7 -2
data/ext/winevt/winevt_utils.cpp
CHANGED
@@ -76,6 +76,28 @@ render_to_rb_str(EVT_HANDLE handle, DWORD flags)
|
|
76
76
|
return result;
|
77
77
|
}
|
78
78
|
|
79
|
+
EVT_HANDLE
|
80
|
+
connect_to_remote(LPWSTR computerName, LPWSTR domain, LPWSTR username, LPWSTR password,
|
81
|
+
EVT_RPC_LOGIN_FLAGS flags)
|
82
|
+
{
|
83
|
+
EVT_HANDLE hRemote = NULL;
|
84
|
+
EVT_RPC_LOGIN Credentials;
|
85
|
+
|
86
|
+
RtlZeroMemory(&Credentials, sizeof(EVT_RPC_LOGIN));
|
87
|
+
|
88
|
+
Credentials.Server = computerName;
|
89
|
+
Credentials.Domain = domain;
|
90
|
+
Credentials.User = username;
|
91
|
+
Credentials.Password = password;
|
92
|
+
Credentials.Flags = flags;
|
93
|
+
|
94
|
+
hRemote = EvtOpenSession(EvtRpcLogin, &Credentials, 0, 0);
|
95
|
+
|
96
|
+
SecureZeroMemory(&Credentials, sizeof(EVT_RPC_LOGIN));
|
97
|
+
|
98
|
+
return hRemote;
|
99
|
+
}
|
100
|
+
|
79
101
|
static std::wstring
|
80
102
|
guid_to_wstr(const GUID& guid)
|
81
103
|
{
|
@@ -433,7 +455,7 @@ cleanup:
|
|
433
455
|
}
|
434
456
|
|
435
457
|
WCHAR*
|
436
|
-
get_description(EVT_HANDLE handle)
|
458
|
+
get_description(EVT_HANDLE handle, LANGID langID, EVT_HANDLE hRemote)
|
437
459
|
{
|
438
460
|
#define BUFSIZE 4096
|
439
461
|
std::vector<WCHAR> buffer(BUFSIZE);
|
@@ -470,10 +492,10 @@ get_description(EVT_HANDLE handle)
|
|
470
492
|
|
471
493
|
// Open publisher metadata
|
472
494
|
hMetadata = EvtOpenPublisherMetadata(
|
473
|
-
|
495
|
+
hRemote,
|
474
496
|
values[0].StringVal,
|
475
497
|
nullptr,
|
476
|
-
MAKELCID(
|
498
|
+
MAKELCID(langID, SORT_DEFAULT),
|
477
499
|
0);
|
478
500
|
if (hMetadata == nullptr) {
|
479
501
|
// When winevt_c cannot open metadata, then give up to obtain
|
data/lib/winevt.rb
CHANGED
@@ -0,0 +1,15 @@
|
|
1
|
+
module Winevt
|
2
|
+
class EventLog
|
3
|
+
class Session
|
4
|
+
alias_method :initialize_raw, :initialize
|
5
|
+
|
6
|
+
def initialize(server, domain = nil, username = nil, password = nil)
|
7
|
+
initialize_raw
|
8
|
+
self.server = server
|
9
|
+
self.domain = domain if domain.is_a?(String)
|
10
|
+
self.username = username if username.is_a?(String)
|
11
|
+
self.password = password if password.is_a?(String)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
data/lib/winevt/subscribe.rb
CHANGED
@@ -3,8 +3,11 @@ module Winevt
|
|
3
3
|
class Subscribe
|
4
4
|
alias_method :subscribe_raw, :subscribe
|
5
5
|
|
6
|
-
def subscribe(path, query, bookmark = nil)
|
7
|
-
if bookmark.is_a?(Winevt::EventLog::Bookmark)
|
6
|
+
def subscribe(path, query, bookmark = nil, session = nil)
|
7
|
+
if bookmark.is_a?(Winevt::EventLog::Bookmark) &&
|
8
|
+
session.is_a?(Winevt::EventLog::Session)
|
9
|
+
subscribe_raw(path, query, bookmark.render, session)
|
10
|
+
elsif bookmark.is_a?(Winevt::EventLog::Bookmark)
|
8
11
|
subscribe_raw(path, query, bookmark.render)
|
9
12
|
else
|
10
13
|
subscribe_raw(path, query)
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: winevt_c
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.9.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hiroshi Hatake
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -121,6 +121,7 @@ files:
|
|
121
121
|
- example/bookmark.rb
|
122
122
|
- example/enumerate_channels.rb
|
123
123
|
- example/eventlog.rb
|
124
|
+
- example/locale.rb
|
124
125
|
- example/rate_limit.rb
|
125
126
|
- example/tailing.rb
|
126
127
|
- ext/winevt/extconf.rb
|
@@ -128,12 +129,16 @@ files:
|
|
128
129
|
- ext/winevt/winevt_bookmark.c
|
129
130
|
- ext/winevt/winevt_c.h
|
130
131
|
- ext/winevt/winevt_channel.c
|
132
|
+
- ext/winevt/winevt_locale.c
|
133
|
+
- ext/winevt/winevt_locale_info.c
|
131
134
|
- ext/winevt/winevt_query.c
|
135
|
+
- ext/winevt/winevt_session.c
|
132
136
|
- ext/winevt/winevt_subscribe.c
|
133
137
|
- ext/winevt/winevt_utils.cpp
|
134
138
|
- lib/winevt.rb
|
135
139
|
- lib/winevt/bookmark.rb
|
136
140
|
- lib/winevt/query.rb
|
141
|
+
- lib/winevt/session.rb
|
137
142
|
- lib/winevt/subscribe.rb
|
138
143
|
- lib/winevt/version.rb
|
139
144
|
- winevt_c.gemspec
|