Question about using samba to retrieve event log remotely.
wgao at packetmotion.com
Tue Feb 13 20:16:54 GMT 2007
I know this mailing list is for developer, but I didn't found any other
list good for ask coding questions.
My question is: In order to retrieve event log from a remote Windows
2000/2003 server, what I need to do?
I know samba-tng provide some APIs for event log reading, but since
samba-tng is kind of out of date, and it based on old code of samba,
will not support 2003. I had to implement base on samba 3.024 by myself.
What I did is:
1: cli_full_connection to establish the connection to server by NTLM.
2: cli_rpc_pipe_open_noauth to open rpc pipe to eventlog
3: eventlog_io_q_open_eventlog to initial input buffer
4: rpc_api_pipe_req to request the rpc pipe to eventlog
5: eventlog_io_r_open_eventlog to open eventlog on remote server.
Now, on last step, I'm getting error on Windows 2003 server, even it
works fine on Windows 2000 server. I was thought if
cli_rpc_pipe_open_noauth give the problem, but after trace into
rpcclient, looks like even create domain user using noauth rpc pipe, I
think it may be fine.
Since this is my first time to use samba API, I'm not familiar with
samba code yet, any hint will be highly appreciated.
Thanks a lot
More information about the samba-technical