7,763
社区成员
发帖
与我相关
我的任务
分享求ReadEventLog的用法和例子
有没有人能给个用VB操作系统日志的例子啊?比如读取,备份之类的。最好不要用第三方的软件之类来读取哈。我看了下可以用ReadEventLog函数来读取但具体怎么操作不是太清楚。如果能给个ReadEventLog的用法介绍也可以。麻烦了,谢谢大家。
...全文
请发表友善的回复…
发表回复
布衣散人 2010-11-17
- 打赏
- 举报
你参考修改就是了,这么懒
dllzt 2010-11-17
- 打赏
- 举报
我是要把日志读出来存为TXT哈。楼上的没看明白读来来有啥用。
booksoon 2010-11-17
- 打赏
- 举报
Private Const EVENTLOG_SUCCESS = &H0
Private Const EVENTLOG_ERROR_TYPE = &H1
Private Const EVENTLOG_WARNING_TYPE = &H2
Private Const EVENTLOG_INFORMATION_TYPE = &H4
Private Const EVENTLOG_AUDIT_SUCCESS = &H8
Private Const EVENTLOG_AUDIT_FAILURE = &H10
Private Const EVENTLOG_SEQUENTIAL_READ = &H1
Private Const EVENTLOG_SEEK_READ = &H2
Private Const EVENTLOG_FORWARDS_READ = &H4
Private Const EVENTLOG_BACKWARDS_READ = &H8
Private Type EVENTLOGRECORD
Length As Long ' Length of full record
Reserved As Long ' Used by the service
RecordNumber As Long ' Absolute record number
TimeGenerated As Long ' Seconds since 1-1-1970
TimeWritten As Long 'Seconds since 1-1-1970
EventID As Long
EventType As Integer
NumStrings As Integer
EventCategory As Integer
ReservedFlags As Integer ' For use with paired events (auditing)
ClosingRecordNumber As Long 'For use with paired events (auditing)
StringOffset As Long ' Offset from beginning of record
UserSidLength As Long
UserSidOffset As Long
DataLength As Long
DataOffset As Long ' Offset from beginning of record
End Type
Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long
Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long
Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long
Private Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long
Private Sub Form_Load()
Dim hEventLog As Long
Dim LogString As String
Dim Ret As Long
Dim ELR As EVENTLOGRECORD
Dim bBytes(1 To 1024) As Byte
Dim l_lngBytesRead As Long
Dim l_lngBytesNeeded As Long
'Open the event log
hEventLog = OpenEventLog(vbNullString, "System")
'Report a new event
ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0&
'Get the number of reported events
GetNumberOfEventLogRecords hEventLog, Ret
MsgBox "Events reported: " + CStr(Ret)
'Read the event log
While (ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ, EVENTLOG_SEQUENTIAL_READ, ELR, ByVal 1024, l_lngBytesRead, l_lngBytesNeeded))
'display event
Wend
'Close the event log
CloseEventLog hEventLog
End Sub
孤独剑_LPZ 2010-11-17
- 打赏
- 举报
调用api,代码自己写,先搜搜
Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long
......
OpenEventLog(NULL,szLog);
//打开时间日志记录;
GetOldestEventLogRecord(hEvent,&dwThisRecord);
//获得最新的日志信息,以便继续查找;
ReadEventLog(hEvent,EVENTLOG_FORWARDS_READ │ EVENTLOG_SEQUENTIAL_READ,
0,pEventLogRecord,1024*32,&dwRead,&dwNeeded)
//读取日志信息;
LookupAccountSid(NULL,pSid,szName,&dwName,szDomain,&dwDomain,&SNU);
//获取账户的SID,以便获得账户的用户名称;
GetNumberOfEventLogRecords(hEvent,&dwTotal);
//获得事件日志的总数;
CloseEventLog(hEvent);
//不要忘记关闭事件句柄;
Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long
......
OpenEventLog(NULL,szLog);
//打开时间日志记录;
GetOldestEventLogRecord(hEvent,&dwThisRecord);
//获得最新的日志信息,以便继续查找;
ReadEventLog(hEvent,EVENTLOG_FORWARDS_READ │ EVENTLOG_SEQUENTIAL_READ,
0,pEventLogRecord,1024*32,&dwRead,&dwNeeded)
//读取日志信息;
LookupAccountSid(NULL,pSid,szName,&dwName,szDomain,&dwDomain,&SNU);
//获取账户的SID,以便获得账户的用户名称;
GetNumberOfEventLogRecords(hEvent,&dwTotal);
//获得事件日志的总数;
CloseEventLog(hEvent);
//不要忘记关闭事件句柄;
赵4老师 2010-11-17
- 打赏
- 举报
dbcontrols 2010-11-17
- 打赏
- 举报
While (ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ, EVENTLOG_SEQUENTIAL_READ, ELR, ByVal 1024, l_lngBytesRead, l_lngBytesNeeded))
'display event
Text1.Text = Text1.Text & ELR.EventType
Text1.Text = Text1.Text & ELR.ClosingRecordNumber
Text1.Text = Text1.Text & ELR.DataLength
Text1.Text = Text1.Text & ELR.DataOffset
Text1.Text = Text1.Text & ELR.EventCategory
Wend
[Quote=引用 5 楼 dllzt 的回复:]
不是懒,是对这个函数不了解哈。正在看用法
[/Quote]
djvfe 2010-11-17
- 打赏
- 举报
dllzt 2010-11-17
- 打赏
- 举报
不是懒,是对这个函数不了解哈。正在看用法
