PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Windows event logs

https://www.purebasic.fr/english/viewtopic.php?t=10850

Page 1 of 2

Windows event logs

Posted: Tue May 11, 2004 9:16 am
by nessie
Does anyone know how to read and write to the windows event logs? I remember seeing something sometime ago, I've tried searching and can find something from beriko, but I'm not quite sure how to implement this.

Posted: Tue May 11, 2004 1:20 pm
by fweil
Edited with some improvments. I guess this works well. Up to readers to test and give me any feedback.

...

nessie,

ATM I have this but still have an error. This is closed to work well just debugging.

Maybe you can try on your side to debug and finish it. I will be busy for a while.

Rgrds

Code: Select all

#EVENTLOG_TYPE_SYSTEM = "System" 
#EVENTLOG_TYPE_APPLICATION = "Application" 
#EVENTLOG_TYPE_SECURITY = "Security"
#EVENTLOG_SEQUENTIAL_READ = $1
#EVENTLOG_SEEK_READ = $2
#EVENTLOG_FORWARDS_READ = $4 ; If you want to use FORWARDS you will have to use SEEK_READ also
#EVENTLOG_BACKWARDS_READ = $8

#EVENTLOG_ERROR_TYPE = $1; Error event
#EVENTLOG_WARNING_TYPE = $2; Warning event
#EVENTLOG_INFORMATION_TYPE = $4; Information event
#EVENTLOG_AUDIT_SUCCESS = $8; Success Audit event
#EVENTLOG_AUDIT_FAILURE = $10; Failure Audit event

Enumeration  
  #Window_Main
  #Gadget_Panel
  #Gadget_ListIcon_Application
  #Gadget_ListIcon_System
  #Gadget_ListIcon_Security
  #StatusBar
EndEnumeration

Global TimeBias.l

Procedure ParseEvent(*Buffer, RecordNumber.l, BytesRead.l, EventLogType.s)
UTCtime.SYSTEMTIME
LocalTime.SYSTEMTIME
EventRecord.EVENTLOGRECORD
  StrucLen = SizeOf(EVENTLOGRECORD)
  BytePointer = 0
  While BytePointer < BytesRead ;- EvtRecLen
    CopyMemory(*Buffer + BytePointer, EventRecord, StrucLen)
    EvtRecLen = EventRecord\Length
    a$ = PeekS(*Buffer + BytePointer + StrucLen)
    l = Len(a$) + 1
    b$= PeekS(*Buffer + BytePointer + StrucLen + l)
    sEventType.s = ""
    If EventRecord\EventType & #EVENTLOG_ERROR_TYPE
        sEventType = sEventType + "Error event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_WARNING_TYPE
        sEventType = sEventType + "Warning event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_INFORMATION_TYPE
        sEventType = sEventType + "Information event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_SUCCESS
        sEventType = sEventType + "Success Audit event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_FAILURE
        sEventType = sEventType + "Failure Audit event "
    EndIf
    TimeGenerated.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeGenerated - TimeBias)
    TimeWritten.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeWritten - TimeBias)
    If EventRecord\NumStrings > 0
        c$ = ""
        l = 0
        For r = 1 To EventRecord\NumStrings
          c$= PeekS(*Buffer + BytePointer + l + EventRecord\StringOffset)
          Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + c$
          l + Len(c$) + 1
        Next r
      Else
        Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + ""
    EndIf
    Select EventLogType
      Case #EVENTLOG_TYPE_SYSTEM
        AddGadgetItem(#Gadget_ListIcon_System, -1, Result)
      Case #EVENTLOG_TYPE_APPLICATION
        AddGadgetItem(#Gadget_ListIcon_Application, -1, Result)
      Case #EVENTLOG_TYPE_SECURITY
        AddGadgetItem(#Gadget_ListIcon_Security, -1, Result)
    EndSelect
    While WindowEvent()
    Wend
    BytePointer + EvtRecLen
  Wend
EndProcedure

Procedure ReadEvents(ServerName,EventLogType.s)
  EventLogReadFlags = #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_FORWARDS_READ
  EventLogHandle = OpenEventLog_(Servername, EventLogType)
  BufferLength = 65536
  *Buffer = AllocateMemory(BufferLength)
  If EventLogHandle
      EventLogNumberOfRecords=0
      If GetNumberOfEventLogRecords_(EventLogHandle, @EventLogNumberOfRecords)
          rBytesRead=0
          rBytesNeeded=0
          Debug "EventLogNumberOfRecords = " + Str(EventLogNumberOfRecords)
          RecordNumber = 0
          While RecordNumber <= EventLogNumberOfRecords
            If ReadEventLog_(EventLogHandle, #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_BACKWARDS_READ, 0, *Buffer, BufferLength, @BytesRead, @BytesNeeded)
                ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType)
            EndIf
            RecordNumber + 1
          Wend
          CloseEventLog_(EventLogHandle)
          Result = 1
        Else
          Result = 0
      EndIf
    Else
      Result = 0
  EndIf
  FreeMemory(*Buffer)
  ProcedureReturn 0
EndProcedure

Procedure MyWindowCallBack(WindowID.l, Message.l, wParam.l, lParam.l)
  Result.l = #PB_ProcessPureBasicEvents
  Select Message
    Case #WM_PAINT
    Case #PB_EventRepaint
    Case #PB_EventMoveWindow
    Default
  EndSelect
  ProcedureReturn Result  
EndProcedure

;
; Main starts here
;
  GetSystemTime_(SystemTime.SYSTEMTIME)
  GetLocalTime_(LocalTime.SYSTEMTIME)
  TimeBias = Date(SystemTime\wYear, SystemTime\wMonth, SystemTime\wDay, SystemTime\wHour, SystemTime\wMinute, SystemTime\wSecond) - Date(LocalTime\wYear, LocalTime\wMonth, LocalTime\wDay, LocalTime\wHour, LocalTime\wMinute, LocalTime\wSecond)
  Quit = #FALSE
  WindowXSize = 320
  WindowYSize = 240
  If OpenWindow(#Window_Main, 0, 0, WindowXSize, WindowYSize, #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_TitleBar | #PB_Window_ScreenCentered, "MyWindow")
      AddKeyboardShortcut(#Window_Main, #PB_Shortcut_Escape, #PB_Shortcut_Escape)
      If CreateGadgetList(WindowID())
          PanelGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
            AddGadgetItem(#Gadget_Panel, -1, "Applications")
              ListIconGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
            AddGadgetItem(#Gadget_Panel, -1, "System")
              ListIconGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
            AddGadgetItem(#Gadget_Panel, -1, "Security")
              ListIconGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
            For i = #Gadget_ListIcon_Application To #Gadget_ListIcon_Security
              AddGadgetColumn(i, 1, "Source", 120)
              AddGadgetColumn(i, 2, "Type", 120)
              AddGadgetColumn(i, 3, "Generated", 120)
              AddGadgetColumn(i, 4, "Written", 120)
              AddGadgetColumn(i, 5, "Description", 120)
            Next
          CloseGadgetList()
      EndIf
      If CreateStatusBar(#StatusBar, WindowID())
          StatusBarText(#StatusBar, 0, "Loading events ...")
      EndIf
      SetWindowCallback(@MyWindowCallBack())
      ReadEvents(0, #EVENTLOG_TYPE_APPLICATION)
      ReadEvents(0, #EVENTLOG_TYPE_SYSTEM)
      ReadEvents(0, #EVENTLOG_TYPE_SECURITY)
      StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
      Repeat
        Wevent = WaitWindowEvent()
        Select WEvent
          Case #PB_Event_CloseWindow
            Quit = #TRUE
          Case #PB_Event_Menu
            Select EventMenuID()
              Case #PB_Shortcut_Escape
                Quit = #TRUE
            EndSelect
          Case #PB_EventGadget
            Select EventGadgetID()
              Case #Gadget_Panel
                StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
            EndSelect
          Case #WM_SIZE
            WindowXSize = WindowWidth()
            WindowYSize = WindowHeight()
            ResizeGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
            ResizeGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60)
            ResizeGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60)
            ResizeGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60)
        EndSelect
      Until Quit
  EndIf
  TerminateProcess_(GetCurrentProcess_(), 0)
End

Posted: Tue May 11, 2004 6:37 pm
by fweil
I've made some changes. Code runs well now. Thnx for comments / suggestions.

Rgrds

Posted: Tue May 11, 2004 9:25 pm
by nessie
Tried it out and it works really well, this has saved me a serious amount of time thanks V much. :D

Nessie

Posted: Tue May 11, 2004 9:28 pm
by fweil
Should it be payable ?

I send you my Swift if you agree !

8)

Posted: Tue May 11, 2004 10:54 pm
by nessie
8O what I meant to say was, erm....the code you supplied was exactly what I was thinking. What were the chances of that !! Amazing.
I may give you a % of what I get for supplying this free app.

Posted: Wed May 12, 2004 7:32 am
by fweil
it's a deal!
8)

Posted: Wed May 12, 2004 8:51 am
by Dare2
You need an agent, fweil!

As it happens, I'm handy - read the small print and post your acceptance below.
All money is paid to Dare2.
A percentage of 10% (ten percent), less costs incurred by Dare2 in pursuit of these earnings, is paid to fweil. Costs to be determined by Dare2. Payment from Dare2 to fweil will be at times deemed suitable by Dare2.
fweil to pay Dare2 a fixed annual management fee of $US 1,000.00
Actually, no need to read it. It's a standard agreement. Ask Credence Clearwater Revival. :) So just post your agreement below.

Posted: Wed May 12, 2004 9:16 am
by fweil
Dare2,

I just made an update to our agreement and started the ERP skeleton of our company :

Code: Select all

Dare2_Account = Money
Costs = To_Be_Determined_By_Dare2
Fweil_Account = (Dare2_Account - Costs) * 0.1
If Money > 10000
    FWeil_Account - 1000
    Dare2_Account + 1000
EndIf
Anyway, if you expect to make money with this, first don't forget to share code before to share shares.

Rgrds

Posted: Wed May 12, 2004 3:26 pm
by Dare2
lol. :lol:

You're a winner. Keep the code coming, you produce some good stuff.

(I produce spaghetti - perhaps we can set up a sideline as a food vendor?)

Posted: Wed May 12, 2004 5:25 pm
by fweil
Dare2,

RU seeking for spaghetti resellers ? I will pay stock by writing code !

Re:

Posted: Wed Apr 22, 2020 12:12 pm
by BarryG
Hi all, I've semi-updated the above code to get it running below on modern PCs (Windows 10), but it shows some text in Asian characters, and doesn't look like it's working 100%. Can someone more knowledgeable get it working? Would be appreciated.

Code: Select all

#EVENTLOG_TYPE_SYSTEM = "System"
#EVENTLOG_TYPE_APPLICATION = "Application"
#EVENTLOG_TYPE_SECURITY = "Security"
#EVENTLOG_SEQUENTIAL_READ = $1
#EVENTLOG_SEEK_READ = $2
#EVENTLOG_FORWARDS_READ = $4 ; If you want to use FORWARDS you will have to use SEEK_READ also
#EVENTLOG_BACKWARDS_READ = $8

#EVENTLOG_ERROR_TYPE = $1; Error event
#EVENTLOG_WARNING_TYPE = $2; Warning event
#EVENTLOG_INFORMATION_TYPE = $4; Information event
#EVENTLOG_AUDIT_SUCCESS = $8   ; Success Audit event
#EVENTLOG_AUDIT_FAILURE = $10  ; Failure Audit event

Enumeration 
  #Window_Main
  #Gadget_Panel
  #Gadget_ListIcon_Application
  #Gadget_ListIcon_System
  #Gadget_ListIcon_Security
  #StatusBar
EndEnumeration

Global TimeBias.l

Procedure ParseEvent(*Buffer, RecordNumber.l, BytesRead.l, EventLogType.s)
  UTCtime.SYSTEMTIME
  LocalTime.SYSTEMTIME
  EventRecord.EVENTLOGRECORD
  StrucLen = SizeOf(EVENTLOGRECORD)
  BytePointer = 0
  While BytePointer < BytesRead ;- EvtRecLen
    CopyMemory(*Buffer + BytePointer, EventRecord, StrucLen)
    EvtRecLen = EventRecord\Length
    a$ = PeekS(*Buffer + BytePointer + StrucLen)
    l = Len(a$) + 1
    b$= PeekS(*Buffer + BytePointer + StrucLen + l)
    sEventType.s = ""
    If EventRecord\EventType & #EVENTLOG_ERROR_TYPE
      sEventType = sEventType + "Error event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_WARNING_TYPE
      sEventType = sEventType + "Warning event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_INFORMATION_TYPE
      sEventType = sEventType + "Information event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_SUCCESS
      sEventType = sEventType + "Success Audit event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_FAILURE
      sEventType = sEventType + "Failure Audit event "
    EndIf
    TimeGenerated.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeGenerated - TimeBias)
    TimeWritten.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeWritten - TimeBias)
    If EventRecord\NumStrings > 0
      c$ = ""
      l = 0
      For r = 1 To EventRecord\NumStrings
        c$= PeekS(*Buffer + BytePointer + l + EventRecord\StringOffset)
        Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + c$
        l + Len(c$) + 1
      Next r
    Else
      Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + ""
    EndIf
    Select EventLogType
      Case #EVENTLOG_TYPE_SYSTEM
        AddGadgetItem(#Gadget_ListIcon_System, -1, Result)
      Case #EVENTLOG_TYPE_APPLICATION
        AddGadgetItem(#Gadget_ListIcon_Application, -1, Result)
      Case #EVENTLOG_TYPE_SECURITY
        AddGadgetItem(#Gadget_ListIcon_Security, -1, Result)
    EndSelect
    While WindowEvent()
    Wend
    BytePointer + EvtRecLen
  Wend
EndProcedure

Procedure ReadEvents(ServerName,EventLogType.s)
  EventLogReadFlags = #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_FORWARDS_READ
  EventLogHandle = OpenEventLog_(Servername, EventLogType)
  BufferLength = 65536
  *Buffer = AllocateMemory(BufferLength)
  If EventLogHandle
    EventLogNumberOfRecords=0
    If GetNumberOfEventLogRecords_(EventLogHandle, @EventLogNumberOfRecords)
      rBytesRead=0
      rBytesNeeded=0
      Debug "EventLogNumberOfRecords = " + Str(EventLogNumberOfRecords)
      RecordNumber = 0
      While RecordNumber <= EventLogNumberOfRecords
        If ReadEventLog_(EventLogHandle, #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_BACKWARDS_READ, 0, *Buffer, BufferLength, @BytesRead, @BytesNeeded)
          ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType)
        EndIf
        RecordNumber + 1
      Wend
      CloseEventLog_(EventLogHandle)
      Result = 1
    Else
      Result = 0
    EndIf
  Else
    Result = 0
  EndIf
  FreeMemory(*Buffer)
  ProcedureReturn 0
EndProcedure

Procedure MyWindowCallBack(WindowID.l, Message.l, wParam.l, lParam.l)
  Result.l = #PB_ProcessPureBasicEvents
  Select Message
    Case #WM_PAINT
    Case #PB_Event_Repaint
    Case #PB_Event_MoveWindow
    Default
  EndSelect
  ProcedureReturn Result 
EndProcedure

;
; Main starts here
;
GetSystemTime_(SystemTime.SYSTEMTIME)
GetLocalTime_(LocalTime.SYSTEMTIME)
TimeBias = Date(SystemTime\wYear, SystemTime\wMonth, SystemTime\wDay, SystemTime\wHour, SystemTime\wMinute, SystemTime\wSecond) - Date(LocalTime\wYear, LocalTime\wMonth, LocalTime\wDay, LocalTime\wHour, LocalTime\wMinute, LocalTime\wSecond)
Quit = #False
WindowXSize = 1024
WindowYSize = 768
If OpenWindow(#Window_Main, 0, 0, WindowXSize, WindowYSize, "MyWindow", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_TitleBar | #PB_Window_ScreenCentered)
  AddKeyboardShortcut(#Window_Main, #PB_Shortcut_Escape, #PB_Shortcut_Escape)
  PanelGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
  AddGadgetItem(#Gadget_Panel, -1, "Applications")
  ListIconGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "System")
  ListIconGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "Security")
  ListIconGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  For i = #Gadget_ListIcon_Application To #Gadget_ListIcon_Security
    AddGadgetColumn(i, 1, "Source", 120)
    AddGadgetColumn(i, 2, "Type", 120)
    AddGadgetColumn(i, 3, "Generated", 120)
    AddGadgetColumn(i, 4, "Written", 120)
    AddGadgetColumn(i, 5, "Description", 120)
  Next
  CloseGadgetList()
  If CreateStatusBar(#StatusBar, WindowID(#Window_Main))
    AddStatusBarField(#PB_Ignore)
    StatusBarText(#StatusBar, 0, "Loading events ...")
  EndIf
  SetWindowCallback(@MyWindowCallBack())
  ReadEvents(0, #EVENTLOG_TYPE_APPLICATION)
  ReadEvents(0, #EVENTLOG_TYPE_SYSTEM)
  ReadEvents(0, #EVENTLOG_TYPE_SECURITY)
  StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
  Repeat
    Wevent = WaitWindowEvent()
    Select WEvent
      Case #PB_Event_CloseWindow
        Quit = #True
      Case #PB_Event_Menu
        Select EventMenu()
          Case #PB_Shortcut_Escape
            Quit = #True
        EndSelect
      Case #PB_Event_Gadget
        Select EventGadget()
          Case #Gadget_Panel
            StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
        EndSelect
      Case #WM_SIZE
        WindowXSize = WindowWidth(#Window_Main)
        WindowYSize = WindowHeight(#Window_Main)
        ResizeGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
        ResizeGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60)
    EndSelect
  Until Quit
EndIf
TerminateProcess_(GetCurrentProcess_(), 0)

Re: Windows event logs

Posted: Wed Apr 22, 2020 1:49 pm
by fryquez
Fixed Unicode.

Code: Select all

#EVENTLOG_TYPE_SYSTEM = "System"
#EVENTLOG_TYPE_APPLICATION = "Application"
#EVENTLOG_TYPE_SECURITY = "Security"
#EVENTLOG_SEQUENTIAL_READ = $1
#EVENTLOG_SEEK_READ = $2
#EVENTLOG_FORWARDS_READ = $4 ; If you want to use FORWARDS you will have to use SEEK_READ also
#EVENTLOG_BACKWARDS_READ = $8

#EVENTLOG_ERROR_TYPE = $1; Error event
#EVENTLOG_WARNING_TYPE = $2; Warning event
#EVENTLOG_INFORMATION_TYPE = $4; Information event
#EVENTLOG_AUDIT_SUCCESS = $8   ; Success Audit event
#EVENTLOG_AUDIT_FAILURE = $10  ; Failure Audit event

Enumeration
  #Window_Main
  #Gadget_Panel
  #Gadget_ListIcon_Application
  #Gadget_ListIcon_System
  #Gadget_ListIcon_Security
  #StatusBar
EndEnumeration

Global TimeBias

Procedure ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType.s)
  UTCtime.SYSTEMTIME
  LocalTime.SYSTEMTIME
  EventRecord.EVENTLOGRECORD
  StrucLen = SizeOf(EVENTLOGRECORD)
  BytePointer = 0
  While BytePointer < BytesRead ;- EvtRecLen
    CopyMemory(*Buffer + BytePointer, EventRecord, StrucLen)
    EvtRecLen = EventRecord\Length
    a$ = PeekS(*Buffer + BytePointer + StrucLen)
    ;l = Len(a$) + 1
    l = (Len(a$) + 1) * SizeOf(Character)
    
    
    b$= PeekS(*Buffer + BytePointer + StrucLen + l)
    sEventType.s = ""
    If EventRecord\EventType & #EVENTLOG_ERROR_TYPE
      sEventType = sEventType + "Error event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_WARNING_TYPE
      sEventType = sEventType + "Warning event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_INFORMATION_TYPE
      sEventType = sEventType + "Information event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_SUCCESS
      sEventType = sEventType + "Success Audit event "
    EndIf
    If EventRecord\EventType & #EVENTLOG_AUDIT_FAILURE
      sEventType = sEventType + "Failure Audit event "
    EndIf
    TimeGenerated.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeGenerated - TimeBias)
    TimeWritten.s = FormatDate("%YYYY/%mm/%dd %hh:%ii:%ss ", EventRecord\TimeWritten - TimeBias)
    If EventRecord\NumStrings > 0
      c$ = ""
      l = 0
      For r = 1 To EventRecord\NumStrings
        c$= PeekS(*Buffer + BytePointer + l + EventRecord\StringOffset)
        Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + c$
        l + (Len(c$) + 1) * SizeOf(Character)
      Next r
    Else
      Result.s = b$ + Chr(10) + a$ + Chr(10) + sEventType + Chr(10) + TimeGenerated + Chr(10) + TimeWritten + Chr(10) + ""
    EndIf
    Select EventLogType
      Case #EVENTLOG_TYPE_SYSTEM
        AddGadgetItem(#Gadget_ListIcon_System, -1, Result)
      Case #EVENTLOG_TYPE_APPLICATION
        AddGadgetItem(#Gadget_ListIcon_Application, -1, Result)
      Case #EVENTLOG_TYPE_SECURITY
        AddGadgetItem(#Gadget_ListIcon_Security, -1, Result)
    EndSelect
    While WindowEvent()
    Wend
    BytePointer + EvtRecLen
  Wend
EndProcedure

Procedure ReadEvents(ServerName,EventLogType.s)
  EventLogReadFlags = #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_FORWARDS_READ
  EventLogHandle = OpenEventLog_(Servername, EventLogType)
  BufferLength = 65536
  *Buffer = AllocateMemory(BufferLength)
  If EventLogHandle
    EventLogNumberOfRecords=0
    If GetNumberOfEventLogRecords_(EventLogHandle, @EventLogNumberOfRecords)
      rBytesRead=0
      rBytesNeeded=0
      Debug "EventLogNumberOfRecords = " + Str(EventLogNumberOfRecords)
      RecordNumber = 0
      While RecordNumber <= EventLogNumberOfRecords
        If ReadEventLog_(EventLogHandle, #EVENTLOG_SEQUENTIAL_READ | #EVENTLOG_BACKWARDS_READ, 0, *Buffer, BufferLength, @BytesRead, @BytesNeeded)
          ParseEvent(*Buffer, RecordNumber, BytesRead, EventLogType)
        EndIf
        RecordNumber + 1
      Wend
      CloseEventLog_(EventLogHandle)
      Result = 1
    Else
      Result = 0
    EndIf
  Else
    Result = 0
  EndIf
  FreeMemory(*Buffer)
  ProcedureReturn 0
EndProcedure

Procedure MyWindowCallBack(WindowID, Message, wParam, lParam)
  Result = #PB_ProcessPureBasicEvents
  Select Message
    Case #WM_PAINT
    Case #PB_Event_Repaint
    Case #PB_Event_MoveWindow
    Default
  EndSelect
  ProcedureReturn Result
EndProcedure

;
; Main starts here
;
GetSystemTime_(SystemTime.SYSTEMTIME)
GetLocalTime_(LocalTime.SYSTEMTIME)
TimeBias = Date(SystemTime\wYear, SystemTime\wMonth, SystemTime\wDay, SystemTime\wHour, SystemTime\wMinute, SystemTime\wSecond) - Date(LocalTime\wYear, LocalTime\wMonth, LocalTime\wDay, LocalTime\wHour, LocalTime\wMinute, LocalTime\wSecond)
Quit = #False
WindowXSize = 1024
WindowYSize = 768
If OpenWindow(#Window_Main, 0, 0, WindowXSize, WindowYSize, "MyWindow", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_TitleBar | #PB_Window_ScreenCentered)
  AddKeyboardShortcut(#Window_Main, #PB_Shortcut_Escape, #PB_Shortcut_Escape)
  PanelGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
  AddGadgetItem(#Gadget_Panel, -1, "Applications")
  ListIconGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "System")
  ListIconGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  AddGadgetItem(#Gadget_Panel, -1, "Security")
  ListIconGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60, "Computer", 120)
  For i = #Gadget_ListIcon_Application To #Gadget_ListIcon_Security
    AddGadgetColumn(i, 1, "Source", 120)
    AddGadgetColumn(i, 2, "Type", 120)
    AddGadgetColumn(i, 3, "Generated", 120)
    AddGadgetColumn(i, 4, "Written", 120)
    AddGadgetColumn(i, 5, "Description", 120)
  Next
  CloseGadgetList()
  If CreateStatusBar(#StatusBar, WindowID(#Window_Main))
    AddStatusBarField(#PB_Ignore)
    StatusBarText(#StatusBar, 0, "Loading events ...")
  EndIf
  SetWindowCallback(@MyWindowCallBack())
  ReadEvents(0, #EVENTLOG_TYPE_APPLICATION)
  ReadEvents(0, #EVENTLOG_TYPE_SYSTEM)
  ReadEvents(0, #EVENTLOG_TYPE_SECURITY)
  StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
  Repeat
    Wevent = WaitWindowEvent()
    Select WEvent
      Case #PB_Event_CloseWindow
        Quit = #True
      Case #PB_Event_Menu
        Select EventMenu()
          Case #PB_Shortcut_Escape
            Quit = #True
        EndSelect
      Case #PB_Event_Gadget
        Select EventGadget()
          Case #Gadget_Panel
            StatusBarText(#StatusBar, 0, Str(CountGadgetItems(#Gadget_ListIcon_Application)) + " items")
        EndSelect
      Case #WM_SIZE
        WindowXSize = WindowWidth(#Window_Main)
        WindowYSize = WindowHeight(#Window_Main)
        ResizeGadget(#Gadget_Panel, 10, 10, WindowXSize - 20, WindowYSize - 30)
        ResizeGadget(#Gadget_ListIcon_Application, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_System, 10, 10, WindowXSize - 30, WindowYSize - 60)
        ResizeGadget(#Gadget_ListIcon_Security, 10, 10, WindowXSize - 30, WindowYSize - 60)
    EndSelect
  Until Quit
EndIf

Re: Windows event logs

Posted: Thu Apr 23, 2020 8:23 pm
by Kwai chang caine
Thanks at all to have create and convert this useful code 8)

Re: Windows event logs

Posted: Sat Apr 25, 2020 9:40 am
by Caronte3D
What are the possible uses for this code :?:
All times are UTC+01:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited