Man page - libevt(3)
Packages contains this manual
Manual
libevt (3) Library Functions Manual libevt (3)
NAME
libevt.h â Library to access the Windows Event Log (EVT) format
SYNOPSIS
#include <libevt.h>
Support functions
const char *
libevt_get_version ( void );
int
libevt_get_access_flags_read ( void );
int
libevt_get_codepage ( int *codepage , libevt_error_t **error );
int
libevt_set_codepage ( int codepage , libevt_error_t **error );
int
libevt_check_file_signature ( const char *filename , libevt_error_t **error );
Available when compiled with wide character string support:
int
libevt_check_file_signature_wide ( const wchar_t *filename , libevt_error_t **error );
Available when compiled with libbfio support:
int
libevt_check_file_signature_file_io_handle ( libbfio_handle_t *file_io_handle , libevt_error_t **error );
Notify functions
void
libevt_notify_set_verbose ( int verbose );
int
libevt_notify_set_stream ( FILE *stream , libevt_error_t **error );
int
libevt_notify_stream_open ( const char *filename , libevt_error_t **error );
int
libevt_notify_stream_close ( libevt_error_t **error );
Error functions
void
libevt_error_free ( libevt_error_t **error );
int
libevt_error_fprint ( libevt_error_t *error , FILE *stream );
int
libevt_error_sprint ( libevt_error_t *error , char *string , size_t size );
int
libevt_error_backtrace_fprint ( libevt_error_t *error , FILE *stream );
int
libevt_error_backtrace_sprint ( libevt_error_t *error , char *string , size_t size );
File functions
int
libevt_file_initialize ( libevt_file_t **file , libevt_error_t **error );
int
libevt_file_free ( libevt_file_t **file , libevt_error_t **error );
int
libevt_file_signal_abort ( libevt_file_t *file , libevt_error_t **error );
int
libevt_file_open ( libevt_file_t *file , const char *filename , int access_flags , libevt_error_t **error );
int
libevt_file_close ( libevt_file_t *file , libevt_error_t **error );
int
libevt_file_is_corrupted ( libevt_file_t *file , libevt_error_t **error );
int
libevt_file_get_ascii_codepage ( libevt_file_t *file , int *ascii_codepage , libevt_error_t **error );
int
libevt_file_set_ascii_codepage ( libevt_file_t *file , int ascii_codepage , libevt_error_t **error );
int
libevt_file_get_format_version ( libevt_file_t *file , uint32_t *major_format_version , uint32_t *minor_format_version , libevt_error_t **error );
int
libevt_file_get_flags ( libevt_file_t *file , uint32_t *flags , libevt_error_t **error );
int
libevt_file_get_number_of_records ( libevt_file_t *file , int *number_of_records , libevt_error_t **error );
int
libevt_file_get_record_by_index ( libevt_file_t *file , int record_index , libevt_record_t **record , libevt_error_t **error );
int
libevt_file_get_number_of_recovered_records ( libevt_file_t *file , int *number_of_records , libevt_error_t **error );
int
libevt_file_get_recovered_record_by_index ( libevt_file_t *file , int record_index , libevt_record_t **record , libevt_error_t **error );
Available when compiled with wide character string support:
int
libevt_file_open_wide ( libevt_file_t *file , const wchar_t *filename , int access_flags , libevt_error_t **error );
Available when compiled with libbfio support:
int
libevt_file_open_file_io_handle ( libevt_file_t *file , libbfio_handle_t *file_io_handle , int access_flags , libevt_error_t **error );
File functions - deprecated
int
libevt_file_get_recovered_record ( libevt_file_t *file , int record_index , libevt_record_t **record , libevt_error_t **error );
Record functions
int
libevt_record_free ( libevt_record_t **record , libevt_error_t **error );
int
libevt_record_get_offset ( libevt_record_t *record , off64_t *offset , libevt_error_t **error );
int
libevt_record_get_identifier ( libevt_record_t *record , uint32_t *identifier , libevt_error_t **error );
int
libevt_record_get_creation_time ( libevt_record_t *record , uint32_t *posix_time , libevt_error_t **error );
int
libevt_record_get_written_time ( libevt_record_t *record , uint32_t *posix_time , libevt_error_t **error );
int
libevt_record_get_event_identifier ( libevt_record_t *record , uint32_t *event_identifier , libevt_error_t **error );
int
libevt_record_get_event_type ( libevt_record_t *record , uint16_t *event_type , libevt_error_t **error );
int
libevt_record_get_event_category ( libevt_record_t *record , uint16_t *event_category , libevt_error_t **error );
int
libevt_record_get_utf8_source_name_size ( libevt_record_t *record , size_t *utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf8_source_name ( libevt_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_source_name_size ( libevt_record_t *record , size_t *utf16_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_source_name ( libevt_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevt_error_t **error );
int
libevt_record_get_utf8_computer_name_size ( libevt_record_t *record , size_t *utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf8_computer_name ( libevt_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_computer_name_size ( libevt_record_t *record , size_t *utf16_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_computer_name ( libevt_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevt_error_t **error );
int
libevt_record_get_utf8_user_security_identifier_size ( libevt_record_t *record , size_t *utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf8_user_security_identifier ( libevt_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_user_security_identifier_size ( libevt_record_t *record , size_t *utf16_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_user_security_identifier ( libevt_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevt_error_t **error );
int
libevt_record_get_number_of_strings ( libevt_record_t *record , int *number_of_strings , libevt_error_t **error );
int
libevt_record_get_utf8_string_size ( libevt_record_t *record , int string_index , size_t *utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf8_string ( libevt_record_t *record , int string_index , uint8_t *utf8_string , size_t utf8_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_string_size ( libevt_record_t *record , int string_index , size_t *utf16_string_size , libevt_error_t **error );
int
libevt_record_get_utf16_string ( libevt_record_t *record , int string_index , uint16_t *utf16_string , size_t utf16_string_size , libevt_error_t **error );
int
libevt_record_get_data_size ( libevt_record_t *record , size_t *data_size , libevt_error_t **error );
int
libevt_record_get_data ( libevt_record_t *record , uint8_t *data , size_t data_size , libevt_error_t **error );
DESCRIPTION
The libevt_get_version () function is used to retrieve the library version.
RETURN VALUES
Most of the functions return NULL or -1 on error, dependent on the return type. For the actual return values see "libevt.h".
ENVIRONMENT
None
FILES
None
NOTES
libevt can be compiled with wide character support (wchar_t).
To compile
libevt with wide character support use:
./configure
--enable-wide-character-type=yes
or define:
_UNICODE
or
UNICODE
during compilation.
LIBEVT_WIDE_CHARACTER_TYPE
in libevt/features.h can be used to determine if libevt was
compiled with wide character support.
BUGS
Please report bugs of any kind on the project issue tracker: https://github.com/libyal/libevt/issues
AUTHOR
These man pages are generated from "libevt.h".
COPYRIGHT
Copyright (C) 2011-2020, Joachim Metz <joachim.metz@gmail.com>.
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
SEE ALSO
the libevt.h include file libevt April 22, 2019 libevt (3)