怎样对Windows系统日志文件进行读写啊?请各位帮帮忙,发表一下见解
解决方案 »
- 终于知道现在的科技为什么没上古时代发达了!仓颉为什么把这个“人”作为第一个字造出来?
- Access数据库的写入和读出的一个小问题
- 用Winsock做UDP服务端,如何获取接收到的UDP包的IP地址?
- 请问了:
- 初学者的问题
- VC版的弟兄,请你支持
- void G_fsort(int& number);
- 怎么得到alt + del + ctrl后出现的屏幕的图片文件
- 关于gethostbyaddr()函数!!!
- 高分求菜单,无源码有思路就行
- 我有2个bmp的图片,如何使用Picture控件,当鼠标一碰到1个图片,第一图片就消失,并显示第2个图片?
- MessageBox("……?", "提问:",MB_ICONQUESTION|MB_YESNO),返回值是否,分别怎么表示?
日志读取可以参考以下链接所提及的内容
http://www.codeproject.com/system/sysevent.asp
呵呵,偶就在研究这些东东,头大着呢。。
{
HANDLE hEvent;
EVENTLOGRECORD *pEventLogRecord;
BYTE bBuffer[1024*32];
DWORD dwRead;
DWORD dwNeeded;
DWORD dwThisRecord;
DWORD dwTotal;
PSID pSid;
SID_NAME_USE SNU;
TCHAR szName[256];
TCHAR szDomain[256];
DWORD dwName;
DWORD dwDomain;
FILETIME FileTime;
FILETIME LocalFileTime;
SYSTEMTIME SysTime;
__int64 lgTemp;
__int64 SecsTo1970; dwName = 256;
dwDomain = 256;
SecsTo1970 = 116444736000000000; __try
{
hEvent = OpenEventLog(NULL,szLog);
if(hEvent == NULL)
{
printf("OpenEventLog for %s Error: %d\n",szLog,GetLastError());
__leave;
} printf("\t\t=== Event Log ===\n\n");
printf("%s:\n",szLog); pEventLogRecord = (PEVENTLOGRECORD)bBuffer;
GetOldestEventLogRecord(hEvent,&dwThisRecord); while(ReadEventLog(hEvent,EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0,pEventLogRecord,1024*32,&dwRead,&dwNeeded))
{
while(dwRead > 0)
{
if(dwType == 0 || dwType == pEventLogRecord->EventType)
{
printf("\nRecord Number:\t%d\t",pEventLogRecord->RecordNumber);
printf("Type:\t");
switch(pEventLogRecord->EventType)
{
case EVENTLOG_ERROR_TYPE:
printf("%s","Error\n");
break;
case EVENTLOG_WARNING_TYPE:
printf("%s","Warning\n");
break;
case EVENTLOG_INFORMATION_TYPE:
printf("%s","Information\n");
break;
default:
printf("\n");
break;
}
printf("Event ID:\t%d\t",(short)pEventLogRecord->EventID);
printf("Source:\t%s\n",(TCHAR*)pEventLogRecord+sizeof(EVENTLOGRECORD));
lgTemp = Int32x32To64(pEventLogRecord->TimeGenerated,10000000) + SecsTo1970;
FileTime.dwLowDateTime = (DWORD) lgTemp;
FileTime.dwHighDateTime = (DWORD)(lgTemp >> 32);
FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
FileTimeToSystemTime(&LocalFileTime, &SysTime);
printf("Time Generated: %02d-%02d-%02d %02d:%02d:%02d\n",
SysTime.wMonth,SysTime.wDay,SysTime.wYear,
SysTime.wHour,SysTime.wMinute,SysTime.wSecond); lgTemp = Int32x32To64(pEventLogRecord->TimeWritten,10000000) + SecsTo1970;
FileTime.dwLowDateTime = (DWORD) lgTemp;
FileTime.dwHighDateTime = (DWORD)(lgTemp >> 32);
FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
FileTimeToSystemTime(&LocalFileTime, &SysTime);
printf("Time Written: %02d-%02d-%02d %02d:%02d:%02d\n",
SysTime.wMonth,SysTime.wDay,SysTime.wYear,
SysTime.wHour,SysTime.wMinute,SysTime.wSecond); pSid = (PSID)((TCHAR*)pEventLogRecord + pEventLogRecord->UserSidOffset);
if(LookupAccountSid(NULL,pSid,szName,&dwName,szDomain,&dwDomain,&SNU) != 0)
{
printf("User: %s\n",szName);
}
else
{
printf("User: (None)\n");
}
printf("Description:\t%s\n",(TCHAR*)pEventLogRecord + pEventLogRecord->StringOffset);
}
dwRead -= pEventLogRecord->Length;
pEventLogRecord = (PEVENTLOGRECORD)((TCHAR*)pEventLogRecord + pEventLogRecord->Length);
}
pEventLogRecord = (PEVENTLOGRECORD)bBuffer;
} if(dwType == 0)
{
if(GetNumberOfEventLogRecords(hEvent,&dwTotal) == 0)
{
printf("GetNumberOfEventLogRecords Error: %d\n",GetLastError());
}
else
{
printf("\nTotal %s : %d\n",szLog,dwTotal);
}
}
}
__finally
{
if(hEvent != NULL)
{
CloseEventLog(hEvent);
}
}
return TRUE;
}
调用:
Event("Security",EVENTLOG_WARNING_TYPE);
Event("Security",EVENTLOG_INFORMATION_TYPE);
Event("Security",EVENTLOG_ERROR_TYPE);
Event("Security",0);
系统的和应用的类似!