I've got some code found here for accessing the event logs.
It relies on the Windows API call OpenEventLog.
I use it to monitor event logs on a few servers and alert me via E-Mail to anything screwy going on.
It seems like OpenEventLog can only work with the basic event files (System, Application, Security, etc.).
If I try to open Microsoft-Windows-Backup.evtx, for example (so I can see how my backups are running), I get the apparently typical result of a handle to the Application log being returned (this is apparently by design, if the event file you request can't be opened, you get the Applicant event log instead, which seems pretty crazy but I digress).
I found some posts pointing to dead links for an open source library, and I've found links to Python library calls.
Any tips/pointers would be helpful.
Thanks in advance.
Accessing event logs other than System/Applicant/etc.
Re: Accessing event logs other than System/Applicant/etc.
Maybe someone could point me in the right direction on using functions such that these:
https://docs.microsoft.com/en-us/window ... evtopenlog
When I attempt to use EvtOpenLog by appending a "_" to the function, PureBasic tells me EvtOpenLog_ is not a function...
I thought I could access Windows functions by appending a "_" to their names? Perhaps EvtOpenLog isn't actually part of the API, do I have to import it somehow?
Or not doable?
TIA.
https://docs.microsoft.com/en-us/window ... evtopenlog
When I attempt to use EvtOpenLog by appending a "_" to the function, PureBasic tells me EvtOpenLog_ is not a function...
I thought I could access Windows functions by appending a "_" to their names? Perhaps EvtOpenLog isn't actually part of the API, do I have to import it somehow?
Or not doable?
TIA.
Re: Accessing event logs other than System/Applicant/etc.
I know this is a late reply (I was searching for eventlog code); but....pthien wrote:When I attempt to use EvtOpenLog by appending a "_" to the function, PureBasic tells me EvtOpenLog_ is not a function...
I thought I could access Windows functions by appending a "_" to their names?
No, that is not how the windows api works.
Fred (& crew) have "pre-imported" a lot of the more common api functions, and that's how you can tell them apart from purebasic's internal functions.
You'll need to use prototypes, OpenLlibrary() and GetFunction() *or* use Import/EndImport.
Re: Accessing event logs other than System/Applicant/etc.
As it turns out, I was going about this incorrectly.
I think I need to open those additional event logs with OpenBackupEventLog_.
For example, Microsoft-Windows-Backup.evtx, which exists in \Windows\System32\winevt\Logs, if I copy that to a temporary file like "test.evtx," I can then open the temporary file with OpenBackupEventLog_.
I'm not able to directly open Microsoft-Windows-Backup.evtx, but I did find instructions for modifying the registry that might allow me to directly open the files I need to.
It is a back-burner project, my monitoring app is working well enough for now.
I think I need to open those additional event logs with OpenBackupEventLog_.
For example, Microsoft-Windows-Backup.evtx, which exists in \Windows\System32\winevt\Logs, if I copy that to a temporary file like "test.evtx," I can then open the temporary file with OpenBackupEventLog_.
I'm not able to directly open Microsoft-Windows-Backup.evtx, but I did find instructions for modifying the registry that might allow me to directly open the files I need to.
It is a back-burner project, my monitoring app is working well enough for now.