warlogwin32nteventhandler.cpp

ftpserver very good sample

#include "StdAfx.h"
#include <stdio.h>
#include <stdlib.h>
#include <strstream>

#ifndef WAR_INCLUDED_TCHAR_H
#   define WAR_INCLUDED_TCHAR_H
#   include <tchar.h>
#endif

#include "WarLogWin32NtEventHandler.h"   // class implemented
#include "WarPath.h"
#include "WarLog.h"

using namespace std;

/////////////////////////////// PUBLIC ///////////////////////////////////////

const DWORD WarLogWin32NtEventHandler::msEventMap [WARLOG_INVALID] = 
{
    0, //  WARLOG_DEBUG,
    EVENTLOG_ERROR_TYPE, //  WARLOG_ERROR,   
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_FILEACC,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_INOUT,
    EVENTLOG_WARNING_TYPE, //  WARLOG_SECURITY,
    EVENTLOG_WARNING_TYPE, //  WARLOG_WARNINGS,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_SYSTEM,
    0, //  WARLOG_SOCKET,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_SNDFILE,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_RCVFILE,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_CREDIR,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_DELDIR,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_DELFILE,
    EVENTLOG_AUDIT_SUCCESS, //  WARLOG_LOGIN,
    EVENTLOG_AUDIT_SUCCESS, //  WARLOG_LOGOUT,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_CREACC,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_DELACC,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_CHGACC,
    0, //  WARLOG_CPS,
    EVENTLOG_INFORMATION_TYPE, //  WARLOG_INFO,
    0, //  WARLOG_THREADS,
    0, //  WARLOG_FILES,
    EVENTLOG_INFORMATION_TYPE //  WARLOG_NETWORK,
};


//============================= LIFECYCLE ====================================

WarLogWin32NtEventHandler::WarLogWin32NtEventHandler(
    const war_ccstr_t tag,
    const str_t name)
    : WarLogEventHandler(tag),
    mEventlogHandle(NULL),
    mhKey(NULL)
{
    str_t module_name = name;
    war_syspath_t prog_path = _pgmptr, module_name_buf, tmp_buf;
    
    if (module_name == NULL)
    {
        tmp_buf = prog_path;
        if (!tmp_buf.GetExtension().IsEmpty())
            tmp_buf.CutAtLastCh('.');
        module_name_buf = tmp_buf.GetFilename().GetPath();
        module_name = (str_t)module_name_buf.GetPath();
        if (!module_name || !*module_name)
            module_name = (str_t)_T("WarLogWin32NtEventHandler");
    }

    TCHAR szKey[256];
    mhKey = NULL;
    _tcscpy(szKey, _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\"));
    _tcscat(szKey, module_name);
    if (::RegCreateKey(HKEY_LOCAL_MACHINE, szKey, &mhKey) != ERROR_SUCCESS) {
        return;
    }

    // Add the Event ID message-file name to the 'EventMessageFile' subkey.
    ::RegSetValueEx(mhKey,
                    _T("EventMessageFile"),
                    0,
                    REG_EXPAND_SZ, 
                    (CONST BYTE*)prog_path.GetPath(),
                    prog_path.GetLength() + 1);     

    // Set the supported types flags.
    DWORD dwData = EVENTLOG_AUDIT_SUCCESS 
        | EVENTLOG_ERROR_TYPE 
        | EVENTLOG_WARNING_TYPE 
        | EVENTLOG_INFORMATION_TYPE
        | EVENTLOG_SUCCESS;

    ::RegSetValueEx(mhKey,
                    _T("TypesSupported"),
                    0,
                    REG_DWORD,
                    (CONST BYTE*)&dwData,
                     sizeof(DWORD));

    mEventlogHandle = RegisterEventSource(NULL, module_name);

}// WarLogWin32NtEventHandler


WarLogWin32NtEventHandler::~WarLogWin32NtEventHandler()
{
    if (mEventlogHandle)
        ::DeregisterEventSource(mEventlogHandle);

    ::RegCloseKey(mhKey);
}// ~WarLogWin32NtEventHandler


//============================= OPERATORS ====================================

//============================= OPERATIONS ===================================
//============================= ACCESS     ===================================
//============================= INQUIRY    ===================================
/////////////////////////////// PROTECTED  ///////////////////////////////////

war_uint32_t WarLogWin32NtEventHandler::GetDefaultEventMask()
{
    war_uint32_t mask = 0;
    
    WARLOG_SET(mask, WARLOG_ERROR, 1);
    WARLOG_SET(mask, WARLOG_SECURITY, 1);
    WARLOG_SET(mask, WARLOG_WARNINGS, 1);
    WARLOG_SET(mask, WARLOG_SYSTEM, 1);
    WARLOG_SET(mask, WARLOG_INFO, 1);    
    return mask;
}

void WarLogWin32NtEventHandler::OnEvent(WarLogEvent& logEvent)
{
    if (!mEventlogHandle)
        return;

    if ((logEvent.mType < 0) || (logEvent.mType >= WARLOG_INVALID))
        return;

    DWORD event_type = msEventMap[logEvent.mType];
    if (!event_type)
        return; // Not suitable for the event log

    WarCollector<TCHAR> msg;

    msg << _T("Type: ") 
        << WarLog::sTypeString[logEvent.mType]
        << war_endl;

    msg << _T("Time: ") << logEvent.mTime.FormatLT("%c ") << war_endl;

    if (logEvent.mError)
        msg << _T("Error: ") << logEvent.mError.Explain() << war_endl;

    if (!logEvent.mCallingFunc.empty())
        msg << _T("Source: " )<< logEvent.mCallingFunc << war_endl;

	if (logEvent.mIdentifier.HaveLogIdentifier())
	{
		std::string log_identifier;
		logEvent.mIdentifier.GetLogIdentifier(log_identifier);
		msg << _T("Identifier: ") << log_identifier << war_endl;
	}

    msg << _T("======================================================")
        << war_endl
        << logEvent.mMessage
        << war_endl;
  
    const TCHAR* ps[1];
    ps[0] = msg.GetValue().c_str();

    ::ReportEvent(mEventlogHandle,
        event_type,
        0,
        1,
        NULL, // sid
        1,
        0,
        ps,
        NULL);
}

/////////////////////////////// PRIVATE    ///////////////////////////////////