Package com.sun.jna.platform.win32

Class WevtapiUtil

java.lang.Object

com.sun.jna.platform.win32.WevtapiUtil

public abstract class WevtapiUtil
extends Object

Wevtapi Utilities Class

Author:

Minoru Sakamoto

Constructor Summary

Constructors

Constructor	Description
WevtapiUtil()

Method Summary

Modifier and Type	Method	Description
static String	EvtFormatMessage(Winevt.EVT_HANDLE publisherMetadata, Winevt.EVT_HANDLE event, int messageId, int valueCount, Winevt.EVT_VARIANT[] values, int flags)	Formats a message string.
static Winevt.EVT_VARIANT	EvtGetChannelConfigProperty(Winevt.EVT_HANDLE channelHandle, int propertyId)	Gets the specified channel configuration property.
static String	EvtGetExtendedStatus()	Gets a text message that contains the extended error information for the current error.
static Memory	EvtGetPublisherMetadataProperty(Winevt.EVT_HANDLE PublisherMetadata, int PropertyId, int Flags)	Gets the specified provider metadata property.
static String	EvtNextPublisherId(Winevt.EVT_HANDLE publisherEnum)	Gets the identifier of a provider from the enumerator.
static Memory	EvtRender(Winevt.EVT_HANDLE context, Winevt.EVT_HANDLE fragment, int flags, IntByReference propertyCount)	Renders an XML fragment based on the rendering context that you specify.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WevtapiUtil

public WevtapiUtil()

Method Detail

EvtGetExtendedStatus

public static String EvtGetExtendedStatus()

Gets a text message that contains the extended error information for the current error.

Returns:

error information text

EvtRender

public static Memory EvtRender(Winevt.EVT_HANDLE context,
                               Winevt.EVT_HANDLE fragment,
                               int flags,
                               IntByReference propertyCount)

Renders an XML fragment based on the rendering context that you specify.

Parameters:

context - [in] A handle to the rendering context that the Wevtapi.EvtCreateRenderContext(int, java.lang.String[], int) function returns. This parameter must be set to NULL if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml or Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark.

fragment - [in] A handle to an event or to a bookmark. Set this parameter to a bookmark handle if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml; otherwise, set to an event handle.

flags - [in] A flag that identifies what to render. For example, the entire event or specific properties of the event. For possible values,see the Winevt.EVT_RENDER_FLAGS enumeration.

propertyCount - [out] The number of the properties in the Buffer parameter if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues; otherwise, zero.

Returns:

A caller-allocated buffer that will receive the rendered output. The contents is a null-terminated Unicode string if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml or Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark. Otherwise, if Flags is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues, the buffer contains an array of EVT_VARIANT structures; one for each property specified by the rendering context. The PropertyCount parameter contains the number of elements in the array. the Kernel32.GetLastError() function.

EvtFormatMessage

public static String EvtFormatMessage(Winevt.EVT_HANDLE publisherMetadata,
                                      Winevt.EVT_HANDLE event,
                                      int messageId,
                                      int valueCount,
                                      Winevt.EVT_VARIANT[] values,
                                      int flags)

Formats a message string.

Parameters:

publisherMetadata - [in] A handle to the provider's metadata that the Wevtapi.EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int) function returns. The handle acts as a formatting context for the event or message identifier.

You can set this parameter to NULL if the Windows Event Collector service forwarded the event. Forwarded events include a RenderingInfo section that contains the rendered message strings. You can also set this parameter to NULL if the event property that you are formatting is defined in the Winmeta.xml file (for example, if level is set to win:Error). In the latter case, the service uses the Winmeta provider as the formatting context and will format only those message strings that you reference in your event that are defined in the Winmeta.xml file.

event - [in] A handle to an event. The Flags parameter specifies the message string in the event that you want to format. This parameter must be NULL if the Flags parameter is set to EvtFormatMessageId.

messageId - [in] The resource identifier of the message string that you want to format. To get the resource identifier for a message string, call the Wevtapi.EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference) function. Set this parameter only if the Flags parameter is set to EvtFormatMessageId.

valueCount - [in] The number of values in the Values parameter.

values - [in] An array of insertion values to use when formatting the event's message string. Typically, you set this parameter to NULL and the function gets the insertion values from the event data itself. You would use this parameter to override the default behavior and supply the insertion values to use. For example, you might use this parameter if you wanted to resolve a SID to a principal name before inserting the value.

To override the insertion values, the Flags parameter must be set to Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageEvent, Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageXml, or Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId, If Flags is set to Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId, the resource identifier must identify the event's message string.

flags - [in] A flag that specifies the message string in the event to format. For possible values, see the Winevt.EVT_FORMAT_MESSAGE_FLAGS enumeration.

Returns:

Formatted message string

EvtGetChannelConfigProperty

public static Winevt.EVT_VARIANT EvtGetChannelConfigProperty(Winevt.EVT_HANDLE channelHandle,
                                                             int propertyId)

Gets the specified channel configuration property.

Parameters:

channelHandle - [in] A handle to the channel's configuration properties that the Wevtapi.EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int) function returns.

propertyId - [in] The identifier of the channel property to retrieve. For a list of property identifiers, see the Winevt.EVT_CHANNEL_CONFIG_PROPERTY_ID enumeration.

Returns:

EVT_VARIANT(already reading from native memory)

EvtNextPublisherId

public static String EvtNextPublisherId(Winevt.EVT_HANDLE publisherEnum)

Gets the identifier of a provider from the enumerator.

Parameters:

publisherEnum - [in] A handle to the registered providers enumerator that the Wevtapi.EvtOpenPublisherEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int) function returns.

Returns:

The name of the registered provider.

EvtGetPublisherMetadataProperty

public static Memory EvtGetPublisherMetadataProperty(Winevt.EVT_HANDLE PublisherMetadata,
                                                     int PropertyId,
                                                     int Flags)

Gets the specified provider metadata property.

Parameters:

PublisherMetadata - [in] A handle to the metadata that the Wevtapi.EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int) function returns.

PropertyId - [in] The identifier of the metadata property to retrieve. For a list of property identifiers, see the Winevt.EVT_PUBLISHER_METADATA_PROPERTY_ID enumeration.

Flags - [in] Reserved. Must be zero.

Returns:

A caller-allocated buffer that will receive the metadata property. The buffer contains an EVT_VARIANT object.