Compartir a través de


3.1.4.14 ElfrReportEventA (Opnum 18)

The ElfrReportEventA (Opnum 18) method writes events to the event log; the server receives these events from the client.

 NTSTATUS ElfrReportEventA(
   [in] IELF_HANDLE LogHandle,
   [in] unsigned long Time,
   [in] unsigned short EventType,
   [in] unsigned short EventCategory,
   [in] unsigned long EventID,
   [in, range(0, 256)] unsigned short NumStrings,
   [in, range(0, 61440)] unsigned long DataSize,
   [in] PRPC_STRING ComputerName,
   [in, unique] PRPC_SID UserSID,
   [in, size_is(NumStrings), unique] 
     PRPC_STRING Strings[*],
   [in, size_is(DataSize), unique] 
     unsigned char* Data,
   [in] unsigned short Flags,
   [in, out, unique] unsigned long* RecordNumber,
   [in, out, unique] unsigned long* TimeWritten
 );

LogHandle: Handle to an event log. This parameter is a server context handle, as specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.

Time: Time at which the event was generated by the event source (not the time at which the event was). The time MUST be expressed as the number of seconds since 00:00:00 on January 1, 1970 (UTC).

EventType: Type of the event, as specified in section 2.2.2.

EventCategory: Event category, as specified in section 1.8.5.

EventID: EventID, as specified in section 3.1.1.4.

NumStrings: Number of strings in the array pointed to by the Strings parameter. A value of zero indicates that no strings are present.

DataSize: Number of bytes of event-specific raw binary data to write to the log. This binary data is passed in the Data parameter. If no event-specific data is present, this parameter MUST be set to zero.

ComputerName: A string to assist in identifying the machine that generated the event. In practice, the name of the computer. There are no character restrictions on this field's content (for example, a FQDN can be used).<31>

UserSID: Either NULL or a user SID. If this is NULL, the event is to have a zero length UserSid field.

Strings: Specifies strings containing information specific to the event. This parameter MUST be a valid pointer. If the NumStrings parameter is zero, this parameter MUST be NULL. For example, an event relating to file deletion could use a string to specify the path of the file being deleted.

Data: Pointer to the buffer that contains the event-specific binary data. This parameter MUST be a valid pointer (or NULL), even if the DataSize parameter is 0.

Flags: Unused. MUST be set to zero when sent and MUST be ignored on receipt.

RecordNumber: Unused. Can be set to any arbitrary value when sent, and any value sent by the client MUST be ignored on receipt by the server.

TimeWritten: Unused. Can be set to any arbitrary value when sent, and any value sent by the client MUST be ignored on receipt by the server.

Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise, it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].

This method is identical to the ElfrReportEventW (section 3.1.4.13) method except that the string arguments are ANSI strings in this case. Thus, the remarks in ElfrReportEventW (section 3.1.4.13) apply to this method as well.