如何自己编写代码实现读取Event Log中的内容?

aznarble 2002-05-16 07:09:28
在Windows NT/2000中需要将Application、Security和System这三个种类的系统日志文件(后缀为evt)中的条目导出成文本(tzt)或逗号分隔文本(csv)格式?哪位有比较好的建议和方法,请不吝赐教。
...全文
55 点赞 收藏 3
写回复
3 条回复
切换为时间正序
当前发帖距今超过3年,不再开放新的回复
发表回复
bigdoors 2002-05-17


HANDLE OpenEventLog(
LPCTSTR lpUNCServerName, // server name
LPCTSTR lpSourceName // file name
);

lpUNCServerName取:
NULL //代表本机

lpSourceName取注册表里如下路径
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Event Log\Application\
or System or Security



BOOL ReadEventLog(HANDLE hEventLog, //OpenEventLog返回值
DWORD dwReadFlags,
DWORD dwRecordOffset,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
DWORD *pnBytesRead,
DWORD *pnMinNumberOfBytesNeeded);



void DisplayEvents( )
{
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;

// Open the Application event log.

h = OpenEventLog( NULL, // use local computer
"Application"); // source name
if (h == NULL)
ErrorExit("Could not open the Application event log.");

pevlr = (EVENTLOGRECORD *) &bBuffer;

// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the records
// sequentially until there are no more.

while (ReadEventLog(h, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
// Print the event identifier, type, and source name.
// The source name is just past the end of the
// formal structure.

printf("%02d Event ID: 0x%08X ",
dwThisRecord++, pevlr->EventID);
printf("EventType: %d Source: %s\n",
pevlr->EventType, (LPSTR) ((LPBYTE) pevlr +
sizeof(EVENTLOGRECORD)));

dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)
((LPBYTE) pevlr + pevlr->Length);
}

pevlr = (EVENTLOGRECORD *) &bBuffer;
}

CloseEventLog(h);
}




回复
aznarble 2002-05-16
Help!!
回复
aznarble 2002-05-16
有没有人知道啊,很急。
分还可以再加。而且,我在“文件格式”版问了同样的问题,如果解决一并给分!

http://www.csdn.net/expert/topic/728/728345.xml
回复
相关推荐
发帖
VC/MFC
创建于2007-09-28

1.5w+

社区成员

VC/MFC相关问题讨论
申请成为版主
帖子事件
创建了帖子
2002-05-16 07:09
社区公告

        VC/MFC社区版块或许是CSDN最“古老”的版块了,记忆之中,与CSDN的年龄几乎差不多。随着时间的推移,MFC技术渐渐的偏离了开发主流,若干年之后的今天,当我们面对着微软的这个经典之笔,内心充满着敬意,那些曾经的记忆,可以说代表着二十年前曾经的辉煌……
        向经典致敬,或许是老一代程序员内心里面难以释怀的感受。互联网大行其道的今天,我们期待着MFC技术能够恢复其曾经的辉煌,或许这个期待会永远成为一种“梦想”,或许一切皆有可能……
        我们希望这个版块可以很好的适配Web时代,期待更好的互联网技术能够使得MFC技术框架得以重现活力,……