关于日志操作可以利用WMI实现(参考:http://www.vbcode.com/asp/showsn.asp?theID=10486)也可以利用advapi32.dll中的函数实现(参考: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/event_logging_functions.asp),下面是备份的例子:Private Const EVENTLOG_SUCCESS = &H0 Private Const EVENTLOG_ERROR_TYPE = &H1 Private Const EVENTLOG_WARNING_TYPE = &H2 Private Const EVENTLOG_INFORMATION_TYPE = &H4 Private Const EVENTLOG_AUDIT_SUCCESS = &H8 Private Const EVENTLOG_AUDIT_FAILURE = &H10 Private Const EVENTLOG_SEQUENTIAL_READ = &H1 Private Const EVENTLOG_SEEK_READ = &H2 Private Const EVENTLOG_FORWARDS_READ = &H4 Private Const EVENTLOG_BACKWARDS_READ = &H8 Private Type EVENTLOGRECORD Length As Long ' Length of full record Reserved As Long ' Used by the service RecordNumber As Long ' Absolute record number TimeGenerated As Long ' Seconds since 1-1-1970 TimeWritten As Long 'Seconds since 1-1-1970 EventID As Long EventType As Integer NumStrings As Integer EventCategory As Integer ReservedFlags As Integer ' For use with paired events (auditing) ClosingRecordNumber As Long 'For use with paired events (auditing) StringOffset As Long ' Offset from beginning of record UserSidLength As Long UserSidOffset As Long DataLength As Long DataOffset As Long ' Offset from beginning of record End Type Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long Private Sub Form_Load() 'KPD-Team 2000 'URL: http://www.allapi.net/ 'E-Mail: [email protected] Dim hEventLog As Long, LogString As String, Ret As Long, ELR As EVENTLOGRECORD Dim bBytes(1 To 1024) As Byte 'Open the event log hEventLog = OpenEventLog(vbNullString, "c:\testlog.bak") 'Clear it, if there's already something in it ClearEventLog hEventLog, vbNullString 'Report a new event ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0& 'Get the number of reported events GetNumberOfEventLogRecords hEventLog, Ret MsgBox "Events reported: " + CStr(Ret) 'Get the oldest event record GetOldestEventLogRecord hEventLog, Ret MsgBox "Oldest event record: " + CStr(Ret) 'Write the event log to a file BackupEventLog hEventLog, "c:\testlog.bak" 'Close the event log CloseEventLog hEventLog End Sub
Private Const EVENTLOG_ERROR_TYPE = &H1
Private Const EVENTLOG_WARNING_TYPE = &H2
Private Const EVENTLOG_INFORMATION_TYPE = &H4
Private Const EVENTLOG_AUDIT_SUCCESS = &H8
Private Const EVENTLOG_AUDIT_FAILURE = &H10
Private Const EVENTLOG_SEQUENTIAL_READ = &H1
Private Const EVENTLOG_SEEK_READ = &H2
Private Const EVENTLOG_FORWARDS_READ = &H4
Private Const EVENTLOG_BACKWARDS_READ = &H8
Private Type EVENTLOGRECORD
Length As Long ' Length of full record
Reserved As Long ' Used by the service
RecordNumber As Long ' Absolute record number
TimeGenerated As Long ' Seconds since 1-1-1970
TimeWritten As Long 'Seconds since 1-1-1970
EventID As Long
EventType As Integer
NumStrings As Integer
EventCategory As Integer
ReservedFlags As Integer ' For use with paired events (auditing)
ClosingRecordNumber As Long 'For use with paired events (auditing)
StringOffset As Long ' Offset from beginning of record
UserSidLength As Long
UserSidOffset As Long
DataLength As Long
DataOffset As Long ' Offset from beginning of record
End Type
Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long
Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long
Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long
Private Sub Form_Load()
'KPD-Team 2000
'URL: http://www.allapi.net/
'E-Mail: [email protected]
Dim hEventLog As Long, LogString As String, Ret As Long, ELR As EVENTLOGRECORD
Dim bBytes(1 To 1024) As Byte
'Open the event log
hEventLog = OpenEventLog(vbNullString, "c:\testlog.bak")
'Clear it, if there's already something in it
ClearEventLog hEventLog, vbNullString
'Report a new event
ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0&
'Get the number of reported events
GetNumberOfEventLogRecords hEventLog, Ret
MsgBox "Events reported: " + CStr(Ret)
'Get the oldest event record
GetOldestEventLogRecord hEventLog, Ret
MsgBox "Oldest event record: " + CStr(Ret)
'Write the event log to a file
BackupEventLog hEventLog, "c:\testlog.bak"
'Close the event log
CloseEventLog hEventLog
End Sub
下面的例子是个简单的读操作~