RE: Using AuthzReportSecurityEvent
From: Chris Stagnaro (anonymous_at_discussions.microsoft.com)
Date: 09/28/04
- Next message: nospam_at_crlf.com: "LogOnUser Fails 1327"
- Previous message: Christian Valentin: "Re: how to decrypt an smime file"
- In reply to: Raghu Malpani: "RE: Using AuthzReportSecurityEvent"
- Next in thread: Raghu Malpani: "RE: Using AuthzReportSecurityEvent"
- Reply: Raghu Malpani: "RE: Using AuthzReportSecurityEvent"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Sep 2004 08:41:37 -0700
Thanks, that gets me past this call.
I get a success from this call, but I still don't get
anything in the security log.
Does something need to change in the message file format?
Thanks,
Chris
>-----Original Message-----
>AuthzReportSecurityEvent takes a var arg list. Instead of
constructing the
>AUDIT_PARAMS struct, you'd have to call
AuthzReportSecurityEvent as follows:
>
> bRet = AuthzReportSecurityEvent
>(nEventType /*nEventType */,
> m_hSecHandle,
> (DWORD) nEventID,
> pSID,
> index,
> APT_String, <Your
String>,
> APT_String, <Your
String>,
> // and so forth
> );
>
>HTH
>
>
>"Chris Stagnaro" wrote:
>
>> The code has gotten pretty hacked up. Here is the
section
>> that builds the AUDIT_PARAM strucutre and calls the
>> AuthzReportSecurityEvent.
>>
>> vector<_bstr_t> vecMsgs;
>>
>> /* ... Code that parses an input string and turns
>> it into the list of strings in vecMsgs
>> left out here. ... */
>>
>> // Code that populates the AUDIT_PARAM array from
vecMsgs
>>
>> long index = 0;
>> AUDIT_PARAM list[20];
>> TCHAR listparms[10][1024];
>>
>> for (int i = 0; i < vecMsgs.size(); ++i)
>> {
>> list[index].Type = APT_String;
>> list[index].Length = sizeof(AUDIT_PARAM);
>> list[index].Flags = 0;
>> ZeroMemory(listparms[i], 1024 * sizeof(TCHAR));
>> wsprintf(listparms[i], vecMsgs[i]);
>> list[index].String = listparms[i];
>>
>> index++;
>> }
>>
>> // Making the API call
>>
>> bRet = AuthzReportSecurityEvent
>> (nEventType /*nEventType */,
>> m_hSecHandle,
>> (DWORD) nEventID,
>> pSID,
>> index,
>> list);
>> Result_Error = GetLastError();
>>
>> Thanks,
>> Chris
>>
>> >-----Original Message-----
>> >Please post your code. Especially, how you are
>> constructing the AUDIT_PARAM
>> >struct.
>> >
>> >"Chris Stagnaro" wrote:
>> >
>> >> I am trying to report Audit Events from our
application
>> into the Security Log
>> >> on Windows Server 2003 using the
>> AuthzReportSecurityEvent Security API. On
>> >> Windows 2000 we were using ReportEvent, which worked
>> because of a bug in the
>> >> API, which has subsequently been fixed.
>> >>
>> >> Currently I am making a call to
>> AuthzReportSecurityEvent with no paramaters
>> >> and it returns a success, however nothing is written
to
>> the security log.
>> >>
>> >> I've tried to also provide a list of paramaters to
this
>> call by passing an
>> >> array of AUDIT_PARAM. However in this case
>> GetLastError returns 87 (The
>> >> parameter is incorrect). I have not been able to
find
>> any example code or
>> >> any documentation that outlines any additional steps
>> that need to be taken to
>> >> actually get this method to work. All I have been
able
>> to find is the basic
>> >> SDK pages that give the syntax for each method call.
>> >>
>> >> Does anyone have an idea what else needs to be done
to
>> make this work? It
>> >> is running as a service and has the necessary audit
>> privilege set already.
>> >>
>> >> Thanks,
>> >> Chris
>> >>
>> >.
>> >
>>
>.
>
- Next message: nospam_at_crlf.com: "LogOnUser Fails 1327"
- Previous message: Christian Valentin: "Re: how to decrypt an smime file"
- In reply to: Raghu Malpani: "RE: Using AuthzReportSecurityEvent"
- Next in thread: Raghu Malpani: "RE: Using AuthzReportSecurityEvent"
- Reply: Raghu Malpani: "RE: Using AuthzReportSecurityEvent"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
