3.1.4.4 ElfrOpenELA (Opnum 14)

  • Article

The ElfrOpenELA (Opnum 14) method instructs the server to return a server context handle to a live event log. For this to succeed, the caller MUST have permission to read the file that contains the event log.

 NTSTATUS ElfrOpenELA(
   [in] EVENTLOG_HANDLE_A UNCServerName,
   [in] PRPC_STRING ModuleName,
   [in] PRPC_STRING RegModuleName,
   [in] unsigned long MajorVersion,
   [in] unsigned long MinorVersion,
   [out] IELF_HANDLE* LogHandle
 );

UNCServerName: A server interface handle. A pointer to an ANSI string (see [MSDN-ANSI]) specifying the server, as specified in section 2.2.7. The client MUST map this string to an RPC binding handle, and the server MUST ignore this argument, as specified in [C706] sections 4.3.5 and 5.1.5.2.

ModuleName: Specifies the event log name, as defined in section 1.8.2 and specified in section 2.2.12, for which a handle is needed.

RegModuleName: This parameter MUST be ignored by the server. Clients MUST specify an empty string.

MajorVersion: Major version of the client. This value MUST be set to 1.

MinorVersion: Minor version of the client. This value MUST be set to 1.

LogHandle: Pointer to an event log handle. This parameter is a server context handle, as specified in section 2.2.6. This handle MUST be closed by using the ElfrCloseEL (section 3.1.4.21) method once the handle is no longer needed. In the case when the client cannot call the ElfrCloseEL function, such as the abnormal termination of the client, this context handle will be revoked by the server so that there will not be any resource leaks.

Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise, it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].

This is identical to the ElfrOpenELW (section 3.1.4.3) method except that the ModuleName, RegModuleName, and the UNCServerName are ANSI strings in this case.