Jump to content

SUBBLOCK

From EDM2

Selection criteria sub-block structure. 

typedef struct _SUBBLOCK {
  ULONG             entry_attribute_ID;
  ULONG             comparison_operator_ID;
  ULONG             comparison_data_length;
  PVOID             comparison_data_ptr;
  struct _SUBBLOCK *next_subblock;
} SUBBLOCK;

typedef SUBBLOCK *PSUBBLOCK;

Note that the comparison_data_ptr can point to either ASCII or UniCode character data. The type of character data is determined by the packet_revision_number parameter of FILTERBLOCK.

entry_attribute_ID (ULONG) - input
The identifier of a field within a log entry.
When character data that is pointed to, the data can be either ASCII or UniCode data. Use the appropriate packet_revision_number to specify the data type.
The field within an entry that will be compared against the target data value that is pointed to by comparison_data_ptr.
May be one of the following values for Error Logging:

LOG_ERROR_DATE                   Date type
LOG_ERROR_TIME                   Time type
LOG_ERROR_ENTRY_ID               Unsigned long integer type
LOG_ERROR_RECORD_TYPE            String type
LOG_ERROR_SEVERITY               Unsigned long integer type
LOG_ERROR_PROCESS_PATHNAME       String type
LOG_ERROR_SOURCE_MODULE_NAME     String type
LOG_ERROR_PROBE_ID               Unsigned long integer type
LOG_ERROR_DMI_VENDOR_TAG         String type
LOG_ERROR_DMI_TAG                String type
LOG_ERROR_DMI_REVISION           String type
LOG_ERROR_MACHINE_TYPE           String type
LOG_ERROR_SERIAL_NUMBER          String type
LOG_ERROR_USER_DATA              String type

comparison_operator_ID (ULONG) - input
The identifier of a comparison operator.
This comparison operator must be valid for the type of log entry data item that was specified by entry_attribute_ID.
May be one of the following values:

LOG_ERROR_EQUAL                  Date, time, string, and unsigned long integer types
LOG_ERROR_NOT_EQUAL              Date, time, string, and unsigned long integer types
LOG_ERROR_GREATER_THAN           Date, time, string, and unsigned long integer types
LOG_ERROR_GREATER_THAN_OR_EQUAL  Date, time, string, and unsigned long integer types
LOG_ERROR_LESS_THAN              Date, time, string, and unsigned long integer types
LOG_ERROR_LESS_THAN_OR_EQUAL     Date, time, string, and unsigned long integer types
LOG_SUBSTRING_MATCH              String type only

comparison_data_length (ULONG) - input
The length of the comparison data.
comparison_data_ptr (PVOID) - input
Pointer to a data item that will be compared against the specified log entry attribute.
Note
The data item is expected to be in the proper format. An example is the date and time attributes, which require data in the format that is maintained in the Log File.
next_subblock (struct _SUBBLOCK *) - input
Pointer to the next sub-block in the chain. A NULL indicate the end of the chain.
Retrieved from "https://www.edm2.com/index.php?title=SUBBLOCK&oldid=54469"