Re: Regarding Windows Event Log File Parser in JAVA

Jeff Higgins wrote:


a skeletal implementation

public class Win32EventLogParser
{
  public Win32EventLog readEventLog(java.io.ObjectInput in)
  throws java.io.IOException, ClassNotFoundException
  {
    Win32EventLog log = new Win32EventLog();
    log.readExternal(in);
    return log;
  }
}

@SuppressWarnings("unused")
public class Win32EventLog
implements java.io.Externalizable
{
  private static final long serialVersionUID = 1L;
  private Win32EventLogHeader logHeader = new Win32EventLogHeader();
  private java.util.List<Win32EventLogRecord> logRecords =
    new java.util.ArrayList<Win32EventLogRecord>();

  public void readExternal(java.io.ObjectInput in)
  throws java.io.IOException, ClassNotFoundException
  {
    // TODO
  }

  public void writeExternal(java.io.ObjectOutput out)
  throws java.io.IOException
  {
    // TODO
  }
}

@SuppressWarnings("unused")
public class Win32EventLogHeader
implements java.io.Externalizable
{
  private static final long serialVersionUID = 1L;
  public static final Long ELF_LOGFILE_HEADER_DIRTY = 0x0001L;
  public static final Long ELF_LOGFILE_HEADER_WRAP = 0x0002L;
  public static final Long ELF_LOGFILE_LOGFULL_WRITTEN = 0x0004L;
  public static final Long ELF_LOGFILE_ARCHIVE_SET = 0x0008L;

  private Long HeaderSize;
  private Long Signature;
  private Long MajorVersion;
  private Long MinorVersion;
  private Long StartOffset;
  private Long EndOffset;
  private Long CurrentRecordNumber;
  private Long OldestRecordNumber;
  private Long MaxSize;
  private Long Flags;
  private Long Retention;
  private Long EndHeaderSize;

  public static Win32EventLogHeader
readEventLogHeader(java.io.ObjectInputStream in)
  {
    // TODO
    return null;
  }
  public void readExternal(java.io.ObjectInput in)
  throws java.io.IOException, ClassNotFoundException
  {
    // TODO
  }
  public void writeExternal(java.io.ObjectOutput out)
  throws java.io.IOException
  {
    // TODO
  }
}

@SuppressWarnings("unused")
public class Win32EventLogRecord
implements java.io.Externalizable
{
  private static final long serialVersionUID = 1L;
  public static final Long EVENTLOG_ERROR_TYPE = 0x0001L;
  public static final Long EVENTLOG_AUDIT_FAILURE = 0x0010L;
  public static final Long EVENTLOG_AUDIT_SUCCESS = 0x0008L;
  public static final Long EVENTLOG_INFORMATION_TYPE = 0x0004L;
  public static final Long EVENTLOG_WARNING_TYPE = 0x0002L;

  private Long Length;
  private Long Reserved;
  private Long RecordNumber;
  private Long TimeGenerated;
  private Long TimeWritten;
  private Long EventID;
  private Integer EventType;
  private Integer NumStrings;
  private Integer EventCategory;
  private Integer ReservedFlags;
  private Long ClosingRecordNumber;
  private Long StringOffset;
  private Long UserSidLength;
  private Long UserSidOffset;
  private Long DataLength;
  private Long DataOffset;

  public void readExternal(java.io.ObjectInput in) throws
java.io.IOException, ClassNotFoundException
  {
    // TODO
  }

  public void writeExternal(java.io.ObjectOutput out) throws
java.io.IOException
  {
    // TODO
  }
}

@SuppressWarnings("unused")
public class Win32EventLogEOF
implements java.io.Externalizable
{
  private static final long serialVersionUID = 1L;
  private Long RecordSizeBeginning;
  private Long One;
  private Long Two;
  private Long Three;
  private Long Four;
  private Long BeginRecord;
  private Long EndRecord;
  private Long CurrentRecordNumber;
  private Long OldestRecordNumber;
  private Long RecordSizeEnd;

  public void readExternal(java.io.ObjectInput in)
  throws java.io.IOException, ClassNotFoundException
  {
    // TODO
  }

  public void writeExternal(java.io.ObjectOutput out)
  throws java.io.IOException
  {
    // TODO
  }
}