Windows event logs

nessie · Post by **nessie** » Tue May 11, 2004 9:16 am

Does anyone know how to read and write to the windows event logs? I remember seeing something sometime ago, I've tried searching and can find something from beriko, but I'm not quite sure how to implement this.

fweil · Post by **fweil** » Tue May 11, 2004 1:20 pm

Edited with some improvments. I guess this works well. Up to readers to test and give me any feedback.

...

nessie,

ATM I have this but still have an error. This is closed to work well just debugging.

Maybe you can try on your side to debug and finish it. I will be busy for a while.

Rgrds

Code: Select all

#EVENTLOG_TYPE_SYSTEM = "System" 
#EVENTLOG_TYPE_APPLICATION = "Application" 
#EVENTLOG_TYPE_SECURITY = "Security"
#EVENTLOG_SEQUENTIAL_READ = $1
#EVENTLOG_SEEK_READ = $2
#EVENTLOG_FORWARDS_READ = $4 ; If you want to use FORWARDS you will have to use SEEK_READ also
#EVENTLOG_BACKWARDS_READ = $8

#EVENTLOG_ERROR_TYPE = $1; Error event
#EVENTLOG_WARNING_TYPE = $2; Warning event
#EVENTLOG_INFORMATION_TYPE = $4; Information event
#EVENTLOG_AUDIT_SUCCESS = $8; Success Audit event
#EVENTLOG_AUDIT_FAILURE = $10; Failure Audit event

Enumeration  
  #Window_Main
  #Gadget_Panel
  #Gadget_ListIcon_Application
  #Gadget_ListIcon_System
  #Gadget_ListIcon_Security
  #StatusBar
EndEnumeration

Global TimeBias.l

Procedure ParseEvent(*Buffer, RecordNumber.l, BytesRead.l, EventLogType.s)
UTCtime.SYSTEMTIME
LocalTime.SYSTEMTIME
EventRecord.EVENTLOGRECORD
  StrucLen = SizeOf(EVENTLOGRECORD)
  BytePointer = 0
  While BytePointer < BytesRead ;- EvtRecLen
    CopyMemory(*Buffer + BytePointer, EventRecord, StrucLen)
    EvtRecLen = EventRecord\Length
    a$ = PeekS(*Buffer + BytePointer + StrucLen)
    l = Len(a$) + 1
    b$= PeekS(*Buffer + BytePointer + StrucLen + l)
    sEventType.s = ""
    If EventRecord\EventType & #EVENTLOG_ERROR_TYPE
        sEventType = sEventType + "Error event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_WARNING_TYPE
        sEventType = sEventType + "Warning event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_INFORMATION_TYPE
        sEventType = sEventType + "Information event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_SUCCESS
        sEventType = sEventType + "Success Audit event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_FAILURE
        sEventType = sEventType + "Failure Audit event "
    EndIf
    TimeGenerated.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeGenerated - TimeBias)
    TimeWritten.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeWritten - TimeBias)
    If EventRecord\NumStrings > 0
        c$ = ""
        l = 0
        For r = 1 To EventRecord\NumStrings
          c$= PeekS(*Buffer + BytePointer + l + EventRecord\StringOffset)
          Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + c$
          l + Len(c$) + 1
        Next r
      Else
        Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + ""
    EndIf
    Select EventLogType
      Case #EVENTLOG_TYPE_SYSTEM
        AddGadgetItem(#Gadget_ListIcon_System, -1, Result)
      Case #EVENTLOG_TYPE_APPLICATION
        AddGadgetItem(#Gadget_ListIcon_Application, -1, Result)
      Case #EVENTLOG_TYPE_SECURITY
        AddGadgetItem(#Gadget_ListIcon_Security, -1, Result)
    EndSelect
    While WindowEvent()
    Wend
    BytePointer + EvtRecLen
  Wend
EndProcedure

Procedure ReadEvents(ServerName,EventLogType.s)
  EventLogReadFlags = #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_FORWARDS_READ
  EventLogHandle = OpenEventLog_(Servername, EventLogType)
  BufferLength = 65536
  *Buffer = AllocateMemory(BufferLength)
  If EventLogHandle
      EventLogNumberOfRecords=0
      If GetNumberOfEventLogRecords_(EventLogHandle, @EventLogNumberOfRecords)
          rBytesRead=0
          rBytesNeeded=0
          Debug "EventLogNumberOfRecords = " + Str(EventLogNumberOfRecords)
          RecordNumber = 0
          While RecordNumber <= EventLogNumberOfRecords
            If ReadEventLog_(EventLogHandle, #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_BACKWARDS_READ, 0, *Buffer, BufferLength, @BytesRead, @BytesNeeded)
                ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType)
            EndIf
            RecordNumber + 1
          Wend
          CloseEventLog_(EventLogHandle)
          Result = 1
        Else
          Result = 0
      EndIf
    Else
      Result = 0
  EndIf
  FreeMemory(*Buffer)
  ProcedureReturn 0
EndProcedure

Procedure MyWindowCallBack(WindowID.l, Message.l, wParam.l, lParam.l)
  Result.l = #PB_ProcessPureBasicEvents
  Select Message
    Case #WM_PAINT
    Case #PB_EventRepaint
    Case #PB_EventMoveWindow
    Default
  EndSelect
  ProcedureReturn Result  
EndProcedure

;
; Main starts here
;
  GetSystemTime_(SystemTime.SYSTEMTIME)
  GetLocalTime_(LocalTime.SYSTEMTIME)
  TimeBias = Date(SystemTime\wYear, SystemTime\wMonth, SystemTime\wDay, SystemTime\wHour, SystemTime\wMinute, SystemTime\wSecond) - Date(LocalTime\wYear, LocalTime\wMonth, LocalTime\wDay, LocalTime\wHour, LocalTime\wMinute, LocalTime\wSecond)
  Quit = #FALSE
  WindowXSize = 320
  WindowYSize = 240
  If OpenWindow(#Window_Main, 0, 0, WindowXSize, WindowYSize, #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_TitleBar | #PB_Window_ScreenCentered, "MyWindow")
      AddKeyboardShortcut(#Window_Main, #PB_Shortcut_Escape, #PB_Shortcut_Escape)
      If CreateGadgetList(WindowID())
          PanelGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
            AddGadgetItem(#Gadget_Panel, -1, "Applications")
              ListIconGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
            AddGadgetItem(#Gadget_Panel, -1, "System")
              ListIconGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
            AddGadgetItem(#Gadget_Panel, -1, "Security")
              ListIconGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
            For i = #Gadget_ListIcon_Application To #Gadget_ListIcon_Security
              AddGadgetColumn(i, 1, "Source", 120)
              AddGadgetColumn(i, 2, "Type", 120)
              AddGadgetColumn(i, 3, "Generated", 120)
              AddGadgetColumn(i, 4, "Written", 120)
              AddGadgetColumn(i, 5, "Description", 120)
            Next
          CloseGadgetList()
      EndIf
      If CreateStatusBar(#StatusBar, WindowID())
          StatusBarText(#StatusBar, 0, "Loading events ...")
      EndIf
      SetWindowCallback(@MyWindowCallBack())
      ReadEvents(0, #EVENTLOG_TYPE_APPLICATION)
      ReadEvents(0, #EVENTLOG_TYPE_SYSTEM)
      ReadEvents(0, #EVENTLOG_TYPE_SECURITY)
      StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
      Repeat
        Wevent = WaitWindowEvent()
        Select WEvent
          Case #PB_Event_CloseWindow
            Quit = #TRUE
          Case #PB_Event_Menu
            Select EventMenuID()
              Case #PB_Shortcut_Escape
                Quit = #TRUE
            EndSelect
          Case #PB_EventGadget
            Select EventGadgetID()
              Case #Gadget_Panel
                StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
            EndSelect
          Case #WM_SIZE
            WindowXSize = WindowWidth()
            WindowYSize = WindowHeight()
            ResizeGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
            ResizeGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60)
            ResizeGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60)
            ResizeGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60)
        EndSelect
      Until Quit
  EndIf
  TerminateProcess_(GetCurrentProcess_(), 0)
End

fweil · Post by **fweil** » Tue May 11, 2004 6:37 pm

I've made some changes. Code runs well now. Thnx for comments / suggestions.

Rgrds

nessie · Post by **nessie** » Tue May 11, 2004 9:25 pm

Tried it out and it works really well, this has saved me a serious amount of time thanks V much.

Nessie

fweil · Post by **fweil** » Tue May 11, 2004 9:28 pm

Should it be payable ?

I send you my Swift if you agree !

nessie · Post by **nessie** » Tue May 11, 2004 10:54 pm

8O what I meant to say was, erm....the code you supplied was exactly what I was thinking. What were the chances of that !! Amazing.
I may give you a % of what I get for supplying this free app.

fweil · Post by **fweil** » Wed May 12, 2004 7:32 am

it's a deal!

Post by **Dare2** » Wed May 12, 2004 8:51 am

You need an agent, fweil!

As it happens, I'm handy - read the small print and post your acceptance below.

All money is paid to Dare2.
A percentage of 10% (ten percent), less costs incurred by Dare2 in pursuit of these earnings, is paid to fweil. Costs to be determined by Dare2. Payment from Dare2 to fweil will be at times deemed suitable by Dare2.
fweil to pay Dare2 a fixed annual management fee of $US 1,000.00

Actually, no need to read it. It's a standard agreement. Ask Credence Clearwater Revival.

So just post your agreement below.

fweil · Post by **fweil** » Wed May 12, 2004 9:16 am

Dare2,

I just made an update to our agreement and started the ERP skeleton of our company :

Code: Select all

Dare2_Account = Money
Costs = To_Be_Determined_By_Dare2
Fweil_Account = (Dare2_Account - Costs) * 0.1
If Money > 10000
    FWeil_Account - 1000
    Dare2_Account + 1000
EndIf

Anyway, if you expect to make money with this, first don't forget to share code before to share shares.

Rgrds

Post by **Dare2** » Wed May 12, 2004 3:26 pm

lol.

You're a winner. Keep the code coming, you produce some good stuff.

(I produce spaghetti - perhaps we can set up a sideline as a food vendor?)

fweil · Post by **fweil** » Wed May 12, 2004 5:25 pm

Dare2,

RU seeking for spaghetti resellers ? I will pay stock by writing code !

BarryG · Post by **BarryG** » Wed Apr 22, 2020 12:12 pm

Hi all, I've semi-updated the above code to get it running below on modern PCs (Windows 10), but it shows some text in Asian characters, and doesn't look like it's working 100%. Can someone more knowledgeable get it working? Would be appreciated.

Code: Select all

#EVENTLOG_TYPE_SYSTEM = "System"
#EVENTLOG_TYPE_APPLICATION = "Application"
#EVENTLOG_TYPE_SECURITY = "Security"
#EVENTLOG_SEQUENTIAL_READ = $1
#EVENTLOG_SEEK_READ = $2
#EVENTLOG_FORWARDS_READ = $4 ; If you want to use FORWARDS you will have to use SEEK_READ also
#EVENTLOG_BACKWARDS_READ = $8

#EVENTLOG_ERROR_TYPE = $1; Error event
#EVENTLOG_WARNING_TYPE = $2; Warning event
#EVENTLOG_INFORMATION_TYPE = $4; Information event
#EVENTLOG_AUDIT_SUCCESS = $8   ; Success Audit event
#EVENTLOG_AUDIT_FAILURE = $10  ; Failure Audit event

Enumeration 
  #Window_Main
  #Gadget_Panel
  #Gadget_ListIcon_Application
  #Gadget_ListIcon_System
  #Gadget_ListIcon_Security
  #StatusBar
EndEnumeration

Global TimeBias.l

Procedure ParseEvent(*Buffer, RecordNumber.l, BytesRead.l, EventLogType.s)
  UTCtime.SYSTEMTIME
  LocalTime.SYSTEMTIME
  EventRecord.EVENTLOGRECORD
  StrucLen = SizeOf(EVENTLOGRECORD)
  BytePointer = 0
  While BytePointer < BytesRead ;- EvtRecLen
    CopyMemory(*Buffer + BytePointer, EventRecord, StrucLen)
    EvtRecLen = EventRecord\Length
    a$ = PeekS(*Buffer + BytePointer + StrucLen)
    l = Len(a$) + 1
    b$= PeekS(*Buffer + BytePointer + StrucLen + l)
    sEventType.s = ""
    If EventRecord\EventType & #EVENTLOG_ERROR_TYPE
      sEventType = sEventType + "Error event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_WARNING_TYPE
      sEventType = sEventType + "Warning event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_INFORMATION_TYPE
      sEventType = sEventType + "Information event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_SUCCESS
      sEventType = sEventType + "Success Audit event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_FAILURE
      sEventType = sEventType + "Failure Audit event "
    EndIf
    TimeGenerated.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeGenerated - TimeBias)
    TimeWritten.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeWritten - TimeBias)
    If EventRecord\NumStrings > 0
      c$ = ""
      l = 0
      For r = 1 To EventRecord\NumStrings
        c$= PeekS(*Buffer + BytePointer + l + EventRecord\StringOffset)
        Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + c$
        l + Len(c$) + 1
      Next r
    Else
      Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + ""
    EndIf
    Select EventLogType
      Case #EVENTLOG_TYPE_SYSTEM
        AddGadgetItem(#Gadget_ListIcon_System, -1, Result)
      Case #EVENTLOG_TYPE_APPLICATION
        AddGadgetItem(#Gadget_ListIcon_Application, -1, Result)
      Case #EVENTLOG_TYPE_SECURITY
        AddGadgetItem(#Gadget_ListIcon_Security, -1, Result)
    EndSelect
    While WindowEvent()
    Wend
    BytePointer + EvtRecLen
  Wend
EndProcedure

Procedure ReadEvents(ServerName,EventLogType.s)
  EventLogReadFlags = #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_FORWARDS_READ
  EventLogHandle = OpenEventLog_(Servername, EventLogType)
  BufferLength = 65536
  *Buffer = AllocateMemory(BufferLength)
  If EventLogHandle
    EventLogNumberOfRecords=0
    If GetNumberOfEventLogRecords_(EventLogHandle, @EventLogNumberOfRecords)
      rBytesRead=0
      rBytesNeeded=0
      Debug "EventLogNumberOfRecords = " + Str(EventLogNumberOfRecords)
      RecordNumber = 0
      While RecordNumber <= EventLogNumberOfRecords
        If ReadEventLog_(EventLogHandle, #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_BACKWARDS_READ, 0, *Buffer, BufferLength, @BytesRead, @BytesNeeded)
          ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType)
        EndIf
        RecordNumber + 1
      Wend
      CloseEventLog_(EventLogHandle)
      Result = 1
    Else
      Result = 0
    EndIf
  Else
    Result = 0
  EndIf
  FreeMemory(*Buffer)
  ProcedureReturn 0
EndProcedure

Procedure MyWindowCallBack(WindowID.l, Message.l, wParam.l, lParam.l)
  Result.l = #PB_ProcessPureBasicEvents
  Select Message
    Case #WM_PAINT
    Case #PB_Event_Repaint
    Case #PB_Event_MoveWindow
    Default
  EndSelect
  ProcedureReturn Result 
EndProcedure

;
; Main starts here
;
GetSystemTime_(SystemTime.SYSTEMTIME)
GetLocalTime_(LocalTime.SYSTEMTIME)
TimeBias = Date(SystemTime\wYear, SystemTime\wMonth, SystemTime\wDay, SystemTime\wHour, SystemTime\wMinute, SystemTime\wSecond) - Date(LocalTime\wYear, LocalTime\wMonth, LocalTime\wDay, LocalTime\wHour, LocalTime\wMinute, LocalTime\wSecond)
Quit = #False
WindowXSize = 1024
WindowYSize = 768
If OpenWindow(#Window_Main, 0, 0, WindowXSize, WindowYSize, "MyWindow", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_TitleBar | #PB_Window_ScreenCentered)
  AddKeyboardShortcut(#Window_Main, #PB_Shortcut_Escape, #PB_Shortcut_Escape)
  PanelGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
  AddGadgetItem(#Gadget_Panel, -1, "Applications")
  ListIconGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "System")
  ListIconGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "Security")
  ListIconGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  For i = #Gadget_ListIcon_Application To #Gadget_ListIcon_Security
    AddGadgetColumn(i, 1, "Source", 120)
    AddGadgetColumn(i, 2, "Type", 120)
    AddGadgetColumn(i, 3, "Generated", 120)
    AddGadgetColumn(i, 4, "Written", 120)
    AddGadgetColumn(i, 5, "Description", 120)
  Next
  CloseGadgetList()
  If CreateStatusBar(#StatusBar, WindowID(#Window_Main))
    AddStatusBarField(#PB_Ignore)
    StatusBarText(#StatusBar, 0, "Loading events ...")
  EndIf
  SetWindowCallback(@MyWindowCallBack())
  ReadEvents(0, #EVENTLOG_TYPE_APPLICATION)
  ReadEvents(0, #EVENTLOG_TYPE_SYSTEM)
  ReadEvents(0, #EVENTLOG_TYPE_SECURITY)
  StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
  Repeat
    Wevent = WaitWindowEvent()
    Select WEvent
      Case #PB_Event_CloseWindow
        Quit = #True
      Case #PB_Event_Menu
        Select EventMenu()
          Case #PB_Shortcut_Escape
            Quit = #True
        EndSelect
      Case #PB_Event_Gadget
        Select EventGadget()
          Case #Gadget_Panel
            StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
        EndSelect
      Case #WM_SIZE
        WindowXSize = WindowWidth(#Window_Main)
        WindowYSize = WindowHeight(#Window_Main)
        ResizeGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
        ResizeGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60)
    EndSelect
  Until Quit
EndIf
TerminateProcess_(GetCurrentProcess_(), 0)

fryquez · Post by **fryquez** » Wed Apr 22, 2020 1:49 pm

Fixed Unicode.

Code: Select all

#EVENTLOG_TYPE_SYSTEM = "System"
#EVENTLOG_TYPE_APPLICATION = "Application"
#EVENTLOG_TYPE_SECURITY = "Security"
#EVENTLOG_SEQUENTIAL_READ = $1
#EVENTLOG_SEEK_READ = $2
#EVENTLOG_FORWARDS_READ = $4 ; If you want to use FORWARDS you will have to use SEEK_READ also
#EVENTLOG_BACKWARDS_READ = $8

#EVENTLOG_ERROR_TYPE = $1; Error event
#EVENTLOG_WARNING_TYPE = $2; Warning event
#EVENTLOG_INFORMATION_TYPE = $4; Information event
#EVENTLOG_AUDIT_SUCCESS = $8   ; Success Audit event
#EVENTLOG_AUDIT_FAILURE = $10  ; Failure Audit event

Enumeration
  #Window_Main
  #Gadget_Panel
  #Gadget_ListIcon_Application
  #Gadget_ListIcon_System
  #Gadget_ListIcon_Security
  #StatusBar
EndEnumeration

Global TimeBias

Procedure ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType.s)
  UTCtime.SYSTEMTIME
  LocalTime.SYSTEMTIME
  EventRecord.EVENTLOGRECORD
  StrucLen = SizeOf(EVENTLOGRECORD)
  BytePointer = 0
  While BytePointer < BytesRead ;- EvtRecLen
    CopyMemory(*Buffer + BytePointer, EventRecord, StrucLen)
    EvtRecLen = EventRecord\Length
    a$ = PeekS(*Buffer + BytePointer + StrucLen)
    ;l = Len(a$) + 1
    l = (Len(a$) + 1) * SizeOf(Character)
    
    
    b$= PeekS(*Buffer + BytePointer + StrucLen + l)
    sEventType.s = ""
    If EventRecord\EventType & #EVENTLOG_ERROR_TYPE
      sEventType = sEventType + "Error event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_WARNING_TYPE
      sEventType = sEventType + "Warning event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_INFORMATION_TYPE
      sEventType = sEventType + "Information event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_SUCCESS
      sEventType = sEventType + "Success Audit event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_FAILURE
      sEventType = sEventType + "Failure Audit event "
    EndIf
    TimeGenerated.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeGenerated - TimeBias)
    TimeWritten.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeWritten - TimeBias)
    If EventRecord\NumStrings > 0
      c$ = ""
      l = 0
      For r = 1 To EventRecord\NumStrings
        c$= PeekS(*Buffer + BytePointer + l + EventRecord\StringOffset)
        Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + c$
        l + (Len(c$) + 1) * SizeOf(Character)
      Next r
    Else
      Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + ""
    EndIf
    Select EventLogType
      Case #EVENTLOG_TYPE_SYSTEM
        AddGadgetItem(#Gadget_ListIcon_System, -1, Result)
      Case #EVENTLOG_TYPE_APPLICATION
        AddGadgetItem(#Gadget_ListIcon_Application, -1, Result)
      Case #EVENTLOG_TYPE_SECURITY
        AddGadgetItem(#Gadget_ListIcon_Security, -1, Result)
    EndSelect
    While WindowEvent()
    Wend
    BytePointer + EvtRecLen
  Wend
EndProcedure

Procedure ReadEvents(ServerName,EventLogType.s)
  EventLogReadFlags = #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_FORWARDS_READ
  EventLogHandle = OpenEventLog_(Servername, EventLogType)
  BufferLength = 65536
  *Buffer = AllocateMemory(BufferLength)
  If EventLogHandle
    EventLogNumberOfRecords=0
    If GetNumberOfEventLogRecords_(EventLogHandle, @EventLogNumberOfRecords)
      rBytesRead=0
      rBytesNeeded=0
      Debug "EventLogNumberOfRecords = " + Str(EventLogNumberOfRecords)
      RecordNumber = 0
      While RecordNumber <= EventLogNumberOfRecords
        If ReadEventLog_(EventLogHandle, #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_BACKWARDS_READ, 0, *Buffer, BufferLength, @BytesRead, @BytesNeeded)
          ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType)
        EndIf
        RecordNumber + 1
      Wend
      CloseEventLog_(EventLogHandle)
      Result = 1
    Else
      Result = 0
    EndIf
  Else
    Result = 0
  EndIf
  FreeMemory(*Buffer)
  ProcedureReturn 0
EndProcedure

Procedure MyWindowCallBack(WindowID, Message, wParam, lParam)
  Result = #PB_ProcessPureBasicEvents
  Select Message
    Case #WM_PAINT
    Case #PB_Event_Repaint
    Case #PB_Event_MoveWindow
    Default
  EndSelect
  ProcedureReturn Result
EndProcedure

;
; Main starts here
;
GetSystemTime_(SystemTime.SYSTEMTIME)
GetLocalTime_(LocalTime.SYSTEMTIME)
TimeBias = Date(SystemTime\wYear, SystemTime\wMonth, SystemTime\wDay, SystemTime\wHour, SystemTime\wMinute, SystemTime\wSecond) - Date(LocalTime\wYear, LocalTime\wMonth, LocalTime\wDay, LocalTime\wHour, LocalTime\wMinute, LocalTime\wSecond)
Quit = #False
WindowXSize = 1024
WindowYSize = 768
If OpenWindow(#Window_Main, 0, 0, WindowXSize, WindowYSize, "MyWindow", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_TitleBar | #PB_Window_ScreenCentered)
  AddKeyboardShortcut(#Window_Main, #PB_Shortcut_Escape, #PB_Shortcut_Escape)
  PanelGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
  AddGadgetItem(#Gadget_Panel, -1, "Applications")
  ListIconGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "System")
  ListIconGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "Security")
  ListIconGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  For i = #Gadget_ListIcon_Application To #Gadget_ListIcon_Security
    AddGadgetColumn(i, 1, "Source", 120)
    AddGadgetColumn(i, 2, "Type", 120)
    AddGadgetColumn(i, 3, "Generated", 120)
    AddGadgetColumn(i, 4, "Written", 120)
    AddGadgetColumn(i, 5, "Description", 120)
  Next
  CloseGadgetList()
  If CreateStatusBar(#StatusBar, WindowID(#Window_Main))
    AddStatusBarField(#PB_Ignore)
    StatusBarText(#StatusBar, 0, "Loading events ...")
  EndIf
  SetWindowCallback(@MyWindowCallBack())
  ReadEvents(0, #EVENTLOG_TYPE_APPLICATION)
  ReadEvents(0, #EVENTLOG_TYPE_SYSTEM)
  ReadEvents(0, #EVENTLOG_TYPE_SECURITY)
  StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
  Repeat
    Wevent = WaitWindowEvent()
    Select WEvent
      Case #PB_Event_CloseWindow
        Quit = #True
      Case #PB_Event_Menu
        Select EventMenu()
          Case #PB_Shortcut_Escape
            Quit = #True
        EndSelect
      Case #PB_Event_Gadget
        Select EventGadget()
          Case #Gadget_Panel
            StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
        EndSelect
      Case #WM_SIZE
        WindowXSize = WindowWidth(#Window_Main)
        WindowYSize = WindowHeight(#Window_Main)
        ResizeGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
        ResizeGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60)
    EndSelect
  Until Quit
EndIf

Kwai chang caine · Post by **Kwai chang caine** » Thu Apr 23, 2020 8:23 pm

Thanks at all to have create and convert this useful code

Caronte3D · Post by **Caronte3D** » Sat Apr 25, 2020 9:40 am

What are the possible uses for this code

PureBasic Forums - English

Windows event logs

Windows event logs

Re:

Re: Windows event logs

Re: Windows event logs

Re: Windows event logs