Provided by: libevt-dev_20160107-1_amd64 
NAME
libevt.h — Library to access the Windows Event Log (EVT) format
LIBRARY
library “libevt”
SYNOPSIS
#include <libevt.h>
Support functions
const char *
libevt_get_version(void);
int
libevt_get_access_flags_read(void);
int
libevt_get_codepage(int *codepage, libevt_error_t **error);
int
libevt_set_codepage(int codepage, libevt_error_t **error);
int
libevt_check_file_signature(const char *filename, libevt_error_t **error);
Available when compiled with wide character string support:
int
libevt_check_file_signature_wide(const wchar_t *filename, libevt_error_t **error);
Available when compiled with libbfio support:
int
libevt_check_file_signature_file_io_handle(libbfio_handle_t *file_io_handle, libevt_error_t **error);
Notify functions
void
libevt_notify_set_verbose(int verbose);
int
libevt_notify_set_stream(FILE *stream, libevt_error_t **error);
int
libevt_notify_stream_open(const char *filename, libevt_error_t **error);
int
libevt_notify_stream_close(libevt_error_t **error);
Error functions
void
libevt_error_free(libevt_error_t **error);
int
libevt_error_fprint(libevt_error_t *error, FILE *stream);
int
libevt_error_sprint(libevt_error_t *error, char *string, size_t size);
int
libevt_error_backtrace_fprint(libevt_error_t *error, FILE *stream);
int
libevt_error_backtrace_sprint(libevt_error_t *error, char *string, size_t size);
File functions
int
libevt_file_initialize(libevt_file_t **file, libevt_error_t **error);
int
libevt_file_free(libevt_file_t **file, libevt_error_t **error);
int
libevt_file_signal_abort(libevt_file_t *file, libevt_error_t **error);
int
libevt_file_open(libevt_file_t *file, const char *filename, int access_flags, libevt_error_t **error);
int
libevt_file_close(libevt_file_t *file, libevt_error_t **error);
int
libevt_file_is_corrupted(libevt_file_t *file, libevt_error_t **error);
int
libevt_file_get_ascii_codepage(libevt_file_t *file, int *ascii_codepage, libevt_error_t **error);
int
libevt_file_set_ascii_codepage(libevt_file_t *file, int ascii_codepage, libevt_error_t **error);
int
libevt_file_get_version(libevt_file_t*file,uint32_t*major_version,uint32_t*minor_version,libevt_error_t**error);
int
libevt_file_get_flags(libevt_file_t *file, uint32_t *flags, libevt_error_t **error);
int
libevt_file_get_number_of_records(libevt_file_t *file, int *number_of_records, libevt_error_t **error);
int
libevt_file_get_record(libevt_file_t*file,intrecord_index,libevt_record_t**record,libevt_error_t**error);
int
libevt_file_get_number_of_recovered_records(libevt_file_t*file,int*number_of_records,libevt_error_t**error);
int
libevt_file_get_recovered_record(libevt_file_t*file,intrecord_index,libevt_record_t*recordl,ibevt_error_t*error);
Available when compiled with wide character string support:
int
libevt_file_open_wide(libevt_file_t*file,constwchar_t*filename,int access_flags, libevt_error_t **error);
Available when compiled with libbfio support:
int
libevt_file_open_file_io_handle(libevt_file_tfilel,ibbfio_handle_tfile_io_handleia,nctcess_flaglsi,bevt_error*_terror);
Record functions
int
libevt_record_free(libevt_record_t **record, libevt_error_t **error);
int
libevt_record_get_offset(libevt_record_t *record, off64_t *offset, libevt_error_t **error);
int
libevt_record_get_identifier(libevt_record_t *record, uint32_t *identifier, libevt_error_t **error);
int
libevt_record_get_creation_time(libevt_record_t*record, uint32_t *creation_time, libevt_error_t **error);
int
libevt_record_get_written_time(libevt_record_t *record, uint32_t *written_time, libevt_error_t **error);
int
libevt_record_get_event_identifier(libevt_record_t*record,uint32_t*event_identifier,libevt_error_t**error);
int
libevt_record_get_event_type(libevt_record_t *record, uint16_t *event_type, libevt_error_t **error);
int
libevt_record_get_event_category(libevt_record_t*record,uint16_t*event_category, libevt_error_t **error);
int
libevt_record_get_utf8_source_name_size(libevt_record_t*record,size_t*utf8_string_size,libevt_error_t**error);
int
libevt_record_get_utf8_source_name(libevt_record*_tecorudi,nt8*_ttf8_strinsgi,zeu_tf8_string_sizel,ibevt_error_t*error);
int
libevt_record_get_utf16_source_name_size(libevt_record_t*record,size_t*utf16_string_sizel,ibevt_error_t*error);
int
libevt_record_get_utf16_source_name(libevt_recor*dr_tcouridn,t16*_ttf16_strinsgi,zeu_tf16_string_sizlei,bevt_error*_terror);
int
libevt_record_get_utf8_computer_name_size(libevt_record_t*record,size_t*utf8_string_sizel,ibevt_error_t*error);
int
libevt_record_get_utf8_computer_name(libevt_record*_tecorudi,nt8*_ttf8_strinsgi,zeu_tf8_string_sizlei,bevt_error*_terror);
int
libevt_record_get_utf16_computer_name_size(libevt_record_t*records,ize_tutf16_string_sizel,ibevt_error_t*error);
int
libevt_record_get_utf16_computer_name(libevt_recor*dr_tcouridn,t1*6u_tf16_strisnigz,eu_tf16_string_sizlei,bevt_error*_terror);
int
libevt_record_get_utf8_user_security_identifier_size(libevt_record*_tecorsdi,z*eu_tf8_string_silzieb,evt_erro*r*_trror);
int
libevt_record_get_utf8_user_security_identifier(libevt_reco*rrde_utoirn*dtu,8t_t8_strsiinzuget,_t8_string_silzieb,evt_erro*r*_trror);
int
libevt_record_get_utf16_user_security_identifier_size(libevt_recor*dr_tcosridz*,eu_tf16_string_silzieb,evt_erro*r*_trror);
int
libevt_record_get_utf16_user_security_identifier(libevt_rec*orredcu_itrndt*,1u6t_t16_strsiiunztgef,_t6_string_sliizbee,vt_err*o*re_tror);
int
libevt_record_get_number_of_strings(libevt_record_t *record,int*number_of_strings,libevt_error_t**error);
int
libevt_record_get_utf8_string_size(libevt_record*_tecoridns,ttring_indexs,ize_tutf8_string_sizel,ibevt_error_t*error);
int
libevt_record_get_utf8_string(libevt_record*_tecorisdnt,tring_indeuxi,nt8*_ttf8_strinsgi,zuet_t8_string_silzieb,evt_erro*r*_trror);
int
libevt_record_get_utf16_string_size(libevt_record*_tecorisdnt,tring_indesxi,ze_tutf16_string_sizel,ibevt_error_t*error);
int
libevt_record_get_utf16_string(libevt_record*_tecosritdnr,ting_indueixn,t1*6u_tf16_strisnigzu,et_t16_string_silzieb,evt_erro*r*_trror);
int
libevt_record_get_data_size(libevt_record_t *record, size_t *data_size, libevt_error_t **error);
int
libevt_record_get_data(libevt_record_t *record, uint8_t *data, size_t data_size, libevt_error_t **error);
DESCRIPTION
The libevt_get_version() function is used to retrieve the library version.
RETURN VALUES
Most of the functions return NULL or -1 on error, dependent on the return type. For the actual return
values see "libevt.h".
ENVIRONMENT
None
FILES
None libevt allows to be compiled with wide character support (wchar_t).
To compile libevt with wide character support use: ./configure --enable-wide-character-type=yes
or define: _UNICODE
or UNICODE
during compilation.
LIBEVT_WIDE_CHARACTER_TYPE
in libevt/features.h can be used to determine if libevt was compiled with wide character support.
BUGS
Please report bugs of any kind on the project issue tracker: https://github.com/libyal/libevt/issues
AUTHOR
These man pages are generated from "libevt.h".
COPYRIGHT
Copyright (C) 2011-2016, Joachim Metz <joachim.metz@gmail.com>.
This is free software; see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
SEE ALSO
the libevt.h include file
libevt January 5, 2015 libevt(3)