3.1.4 Message Processing Events and Sequencing Rules
Because the server MUST make access control decisions as part of responding to EventLog Remoting Protocol Version 6.0 requests, the client MUST authenticate to the server. This is the responsibility of the lower-layer protocol, RPC over TCP/IP (as specified in [C706]). The access control decisions affecting the EventLog Remoting Protocol Version 6.0 are made based on the identity conveyed by this lower-layer protocol.
The following sections first provide an informative overview of the message sequences before giving the prescriptive details of processing for each message.
The following table lists the IDL members in opcode order.
Methods in RPC Opnum Order
Method |
Description |
---|---|
Used by a client to create either a push or a pull subscription. Opnum: 0 |
|
Used by a client to request asynchronous delivery of events that are delivered to a subscription. Opnum: 1 |
|
Used for pull subscriptions in which the client polls for events. Opnum: 2 |
|
Used to enable the client to only poll when results are likely. Opnum: 3 |
|
Obtains a CONTEXT_HANDLE_OPERATION_CONTROL handle that can be used to cancel other operations. Opnum: 4 |
|
Used to query one or more channels. It can also be used to query a specific file. Opnum: 5 |
|
Instructs the server to clear a live event log. Opnum: 6 |
|
Instructs the server to create a backup event log at a specified file name. Opnum: 7 |
|
Used by a client to add localized information to a previously created backup event log. Opnum: 8 |
|
Used by a client to get localized descriptive strings for an event. Opnum: 9 |
|
Used by a client to get localized strings for common values of opcodes, tasks, or keywords, as specified in section 3.1.4.31. Opnum: 10 |
|
Used by a client to get the next batch of records from a query result set. Opnum: 11 |
|
Used by a client to move a query cursor within a result set. Opnum: 12 |
|
Used by a client to close context handles opened by other methods in this protocol. Opnum: 13 |
|
Used by a client to cancel another method. Opnum: 14 |
|
Indicates to the server that publisher or channel configuration has been updated. Opnum: 15 |
|
Indicates to the server that publisher or channel configuration is to be removed. Opnum: 16 |
|
Used by a client to get information on a live or backup log. Opnum: 17 |
|
Used by a client to get information on an event log. Opnum: 18 |
|
Used to enumerate the set of available channels. Opnum: 19 |
|
Used by a client to get the configuration for a channel. Opnum: 20 |
|
Used by a client to update the configuration for a live event log. Opnum: 21 |
|
Used by a client to get the list of publishers. Opnum: 22 |
|
Used by a client to get the list of publishers that write events to a particular live event log. Opnum: 23 |
|
Used by a client to open a handle to publisher metadata. It also gets some initial information from the metadata. Opnum: 24 |
|
Used by a client to obtain information from the publisher metadata. Opnum: 25 |
|
Used by a client to obtain a handle for enumerating a publisher's event metadata. Opnum: 26 |
|
Used by a client to get details on a particular possible event, and also returns the next event metadata in the enumeration. Opnum: 27 |
|
Used to obtain a descriptive name of a channel. Opnum: 28 |
All methods MUST NOT throw exceptions. All return values use the NTSTATUS numbering space (as specified in [MS-ERREF] section 2.3) and, in particular, a value of 0x00000000 indicates success, and any other return value indicates an error. For a mapping of Windows NT operating system status error codes to Win32 error codes, see [MSKB-113996]. All error values MUST<8> be treated the same, unless specified otherwise.
Within the sections that follow this one, methods are presented in the order typically implemented to accomplish the following operations:
Subscription
Queries
Log Maintenance
Configuration and Metadata
Message Rendering
Miscellaneous Operations