public abstract class WevtapiUtil
extends java.lang.Object
Constructor and Description |
---|
WevtapiUtil() |
Modifier and Type | Method and Description |
---|---|
static java.lang.String |
EvtFormatMessage(Winevt.EVT_HANDLE publisherMetadata,
Winevt.EVT_HANDLE event,
int messageId,
int valueCount,
Winevt.EVT_VARIANT[] values,
int flags)
Formats a message string.
|
static Winevt.EVT_VARIANT |
EvtGetChannelConfigProperty(Winevt.EVT_HANDLE channelHandle,
int propertyId)
Gets the specified channel configuration property.
|
static java.lang.String |
EvtGetExtendedStatus()
Gets a text message that contains the extended error information for the current error.
|
static Memory |
EvtGetPublisherMetadataProperty(Winevt.EVT_HANDLE PublisherMetadata,
int PropertyId,
int Flags)
Gets the specified provider metadata property.
|
static java.lang.String |
EvtNextPublisherId(Winevt.EVT_HANDLE publisherEnum)
Gets the identifier of a provider from the enumerator.
|
static Memory |
EvtRender(Winevt.EVT_HANDLE context,
Winevt.EVT_HANDLE fragment,
int flags,
IntByReference propertyCount)
Renders an XML fragment based on the rendering context that you specify.
|
public static java.lang.String EvtGetExtendedStatus()
public static Memory EvtRender(Winevt.EVT_HANDLE context, Winevt.EVT_HANDLE fragment, int flags, IntByReference propertyCount)
context
- [in] A handle to the rendering context that the Wevtapi.EvtCreateRenderContext(int, java.lang.String[], int)
function returns. This parameter must be set to NULL if the Flags parameter is set to
Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml
or
Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark
.fragment
- [in] A handle to an event or to a bookmark. Set this parameter to a bookmark handle
if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml
;
otherwise, set to an event handle.flags
- [in] A flag that identifies what to render. For example, the entire event or specific
properties of the event. For possible values,see the Winevt.EVT_RENDER_FLAGS
enumeration.propertyCount
- [out] The number of the properties in the Buffer parameter if the Flags parameter is set
to Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues
; otherwise, zero.Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml
or
Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark
. Otherwise, if Flags is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues
,
the buffer contains an array of EVT_VARIANT structures; one for each property specified by the rendering context.
The PropertyCount parameter contains the number of elements in the array. the Kernel32.GetLastError()
function.public static java.lang.String EvtFormatMessage(Winevt.EVT_HANDLE publisherMetadata, Winevt.EVT_HANDLE event, int messageId, int valueCount, Winevt.EVT_VARIANT[] values, int flags)
publisherMetadata
- [in] A handle to the provider's metadata that
the Wevtapi.EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int)
function returns. The handle acts as
a formatting context for the event or message identifier.
You can set this parameter to NULL if the Windows Event Collector service forwarded the event. Forwarded events include a RenderingInfo section that contains the rendered message strings. You can also set this parameter to NULL if the event property that you are formatting is defined in the Winmeta.xml file (for example, if level is set to win:Error). In the latter case, the service uses the Winmeta provider as the formatting context and will format only those message strings that you reference in your event that are defined in the Winmeta.xml file.
event
- [in] A handle to an event. The Flags parameter specifies the message string in
the event that you want to format. This parameter must be NULL if the Flags parameter
is set to EvtFormatMessageId.messageId
- [in] The resource identifier of the message string that you want to format.
To get the resource identifier for a message string, call
the Wevtapi.EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference)
function. Set this parameter only
if the Flags parameter is set to EvtFormatMessageId.valueCount
- [in] The number of values in the Values parameter.values
- [in] An array of insertion values to use when formatting the event's message string.
Typically, you set this parameter to NULL and the function gets the insertion values
from the event data itself. You would use this parameter to override the default
behavior and supply the insertion values to use. For example, you might use this
parameter if you wanted to resolve a SID to a principal name before inserting the value.
To override the insertion values, the Flags parameter must be set to
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageEvent
,
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageXml
, or
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId
, If Flags is set to
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId
, the resource identifier
must identify the event's message string.
flags
- [in] A flag that specifies the message string in the event to format. For possible
values, see the Winevt.EVT_FORMAT_MESSAGE_FLAGS
enumeration.public static Winevt.EVT_VARIANT EvtGetChannelConfigProperty(Winevt.EVT_HANDLE channelHandle, int propertyId)
channelHandle
- [in] A handle to the channel's configuration properties that
the Wevtapi.EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int)
function returns.propertyId
- [in] The identifier of the channel property to retrieve. For a list of property
identifiers, see the Winevt.EVT_CHANNEL_CONFIG_PROPERTY_ID
enumeration.public static java.lang.String EvtNextPublisherId(Winevt.EVT_HANDLE publisherEnum)
publisherEnum
- [in] A handle to the registered providers enumerator that
the Wevtapi.EvtOpenPublisherEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int)
function returns.public static Memory EvtGetPublisherMetadataProperty(Winevt.EVT_HANDLE PublisherMetadata, int PropertyId, int Flags)
PublisherMetadata
- [in] A handle to the metadata that
the Wevtapi.EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int)
function returns.PropertyId
- [in] The identifier of the metadata property to retrieve.
For a list of property identifiers, see
the Winevt.EVT_PUBLISHER_METADATA_PROPERTY_ID
enumeration.Flags
- [in] Reserved. Must be zero.