Question about using samba to retrieve event log remotely.

Wei Gao wgao at
Tue Feb 13 20:16:54 GMT 2007

Hi There,


I know this mailing list is for developer, but I didn't found any other
list good for ask coding questions.


My question is: In order to retrieve event log from a remote Windows
2000/2003 server, what I need to do?


I know samba-tng provide some APIs for event log reading, but since
samba-tng is kind of out of date, and it based on old code of samba,
will not support 2003. I had to implement base on samba 3.024 by myself.


What I did is:

1: cli_full_connection to establish the connection to server by NTLM.

2: cli_rpc_pipe_open_noauth to open rpc pipe to eventlog

3: eventlog_io_q_open_eventlog to initial input buffer

4: rpc_api_pipe_req to request the rpc pipe to eventlog

5: eventlog_io_r_open_eventlog to open eventlog on remote server.


Now, on last step, I'm getting error on Windows 2003 server, even it
works fine on Windows 2000 server. I was thought if
cli_rpc_pipe_open_noauth give the problem, but after trace into
rpcclient, looks like even create domain user using noauth rpc pipe, I
think it may be fine.


Since this is my first time to use samba API, I'm not familiar with
samba code yet, any hint will be highly appreciated.


Thanks a lot



More information about the samba-technical mailing list