如何读写WINDOWS 2000的日志
2010-08-22 20:47:27 来源:WEB开发网三.写日志的方法.
//vc
BOOL syslog(DWORD dwID,char*str,WORD wType)//参数:事件id;事件附加信息;事件类型
{
HANDLE hd=RegisterEventSource(NULL,"CMCard");//指定/打开事件源
char* buff[1];
buff[0]=str;
int i;
if(hd){
i=ReportEvent(hd,wType,0,dwID,NULL,1,0,(LPCTSTR*)buff,NULL);//写日志
DeregisterEventSource(hd);//关闭事件源
if(i)return TRUE;
}
return FALSE;
}
''vb
Private Declare Function ReportEvent Lib "advapi32" Alias "ReportEventA" (ByVal hEventLog As Long, _
ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, ByVal lpUserSid As Long, _
ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As Any, lpRawData As Any) As Long
''注意这个声明,与api text viewer的是不同的.注意As Any的妙用.
Function sysLog(byval lngID as long,byval strMsg As String,byval lngType as long) As Boolean
Dim hd As Long
Dim ret As Integer
hd = RegisterEventSource("", "CMCard")
If hd <> 0 Then
ret = ReportEvent(hd, lngType, 0, lngID, 0&, 1, 0, strMsg, 0)
DeregisterEventSource hd
End If
If ret <> 0 Then
sysLog = True
Else: sysLog = False
End If
End Function
四 .读日志的例子.
void CEventDlg::OnButton3()
{//参考http://www.codeproject.com/system/sysevent.asp
HANDLE hdle;
EVENTLOGRECORD *ptr;
BYTE buff[4096];
DWORD read_len, next_len;
ptr=(EVENTLOGRECORD *)&buff;
hdle=OpenEventLog("", "Application");// System
if (hdle==NULL)
{
MessageBox("打开日志失败");
}
else
{
long mRet;
char lpszSourceName[255]={0};
char lpszComputerName[255]={0};
unsigned uStepOfString;
char* pStrings;
char szExpandedString[1024]={0};
while(ReadEventLog(hdle,EVENTLOG_FORWARDS_READ|EVENTLOG_SEQUENTIAL_READ,
1,ptr,sizeof(buff),&read_len,&next_len))
{
mRet=ptr->EventID;//事件id
mRet=ptr->EventType;//事件类型
mRet=ptr->TimeWritten;//
mRet=ptr->NumStrings;//
mRet=ptr->Length;//
mRet=sizeof(EVENTLOGRECORD);
strcpy(lpszSourceName, (LPTSTR)((LPBYTE)ptr +mRet));//事件源
mRet+= strlen(lpszSourceName) + 1;
strcpy(lpszComputerName, (LPTSTR)((LPBYTE)ptr + mRet));//机器名
mRet+= strlen(lpszComputerName) + 1;
if(ptr->UserSidLength>0){;}//
mRet=ptr->DataOffset-ptr->StringOffset;
if(mRet>0)//事件描述
{
pStrings=new char[mRet];
memcpy(pStrings,(LPBYTE)ptr+ptr->StringOffset,mRet);
uStepOfString=0;
for(int x=0;x<ptr->NumStrings;x++)
{
if(x==0)
{
strcpy(szExpandedString, (TCHAR *)pStrings + uStepOfString);
if(x<(UINT)ptr->NumStrings - 1)strcat(szExpandedString, ",");
}
else strcat(szExpandedString, pStrings + uStepOfString);
uStepOfString = strlen(pStrings + uStepOfString) + 1;
}
delete [] pStrings;
}
MessageBox(lpszSourceName,szExpandedString);
}
CloseEventLog(hdle);
}
}
更多精彩
赞助商链接