def test_EvtRpcRegisterLogQuery_EvtRpcQueryNext(self):
dce, rpctransport = self.connect()
request = even6.EvtRpcRegisterLogQuery()
request['Path'] = 'Security\x00'
request['Query'] = '*\x00'
request['Flags'] = even6.EvtQueryChannelName | even6.EvtReadNewestToOldest
request.dump()
resp = dce.request(request)
resp.dump()
log_handle = resp['Handle']
request = even6.EvtRpcQueryNext()
request['LogQuery'] = log_handle
request['NumRequestedRecords'] = 5
request['TimeOutEnd'] = 1000
request['Flags'] = 0
request.dump()
resp = dce.request(request)
resp.dump()
for i in xrange(resp['NumActualRecords']):
event_offset = resp['EventDataIndices'][i]['Data']
event_size = resp['EventDataSizes'][i]['Data']
event = resp['ResultBuffer'][event_offset:event_offset + event_size]
def query(self, path, query):
req = even6.EvtRpcRegisterLogQuery()
req['Path'] = path + '\x00'
req['Query'] = query + '\x00'
req['Flags'] = even6.EvtQueryChannelName | even6.EvtReadOldestToNewest
resp = self.dce.request(req)
handle = resp['Handle']
return Result(self, handle)
def test_EvtRpcRegisterLogQuery_EvtRpcQueryNext(self):
dce, rpctransport = self.connect(2)
request = even6.EvtRpcRegisterLogQuery()
request['Path'] = 'Security\x00'
request['Query'] = '*\x00'
request['Flags'] = even6.EvtQueryChannelName | even6.EvtReadNewestToOldest
request.dump()
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
return