Windows event log [SOLVED]
Posted: Sun Jul 27, 2008 4:43 am
Does anybody know how to write a string to the windows event log?
no matter why the actual version did not include
this anymore, the code from the 3.94 is fully 4.x compatible.
try to extract your needs:
Code: Select all
;
; NT LOG Lib for Purebasic
;
;-----------------------------------------------------------------------------
; (c) 2004-2005 Siegfried Rings
;
; This library is free software; you can redistribute it and/or
; modify it under the terms of the GNU Lesser General Public
; License as published by the Free Software Foundation; either
; version 2.1 of the License, Or (at your option) any later version.
;
; This library is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY Or FITNESS For A PARTICULAR PURPOSE. See the GNU
; Lesser General Public License For more details.
;-----------------------------------------------------------------------------
; The types of events that can be logged.
#EVENTLOG_SUCCESS = 0
#EVENTLOG_ERROR_TYPE = 1
#EVENTLOG_WARNING_TYPE = 2
#EVENTLOG_INFORMATION_TYPE = 4
#EVENTLOG_AUDIT_SUCCESS = 8
#EVENTLOG_AUDIT_FAILURE = $10
; Defines For the Read flags For Eventlogging
#EVENTLOG_SEQUENTIAL_READ = $1
#EVENTLOG_SEEK_READ = $2
#EVENTLOG_FORWARDS_READ = $4
#EVENTLOG_BACKWARDS_READ = $8
Global Record
Global MaxLogs
Global glbEVENTLOG_APP_NAME.s
Global glbcomputer.s
Global Mem1
; Global LOG.EVENTLOGRECORD
ProcedureDLL WriteLog(EVENTLOG_APP_NAME.s,EventMessage.s,Type,computer.s);Write a Record into the Log
wNumStrings.w=0 ;did not work
lpString=@EventMessage.s
lprawdata=@EventMessage.s
rawdata=Len(EventMessage.s)
lLogAPIRetVal.l = RegisterEventSource_(computer.s, EVENTLOG_APP_NAME.s)
If lLogAPIRetVal <> 0
Debug lLogAPIRetVal
; ClearError()
;lReturnX = ReportEvent_(lLogAPIRetVal,wdummy1 , wdummy2, 0, SI,wdummy4, 0, @EventMessage.s,0)
lReturnX = ReportEvent_(lLogAPIRetVal,#EVENTLOG_INFORMATION_TYPE ,0, CMessageTyp, 0,wNumStrings, rawdata, lparray,lprawdata)
;wNumStrings=1
;lReturnX = ReportEvent_(lLogAPIRetVal,#EVENTLOG_ERROR_TYPE,0, Type, 0,wNumStrings, 0, lpString,0)
DeregisterEventSource_(lLogAPIRetVal)
If lReturnX=0
MessageRequester("Info","Fehler " + Chr(13)+Chr(10)+GetErrorDLL() ,0)
Else
;MessageRequester("Info","Okay",0)
EndIf
EndIf
EndProcedure
ProcedureDLL GetLogs(EVENTLOG_APP_NAME.s,computer.s);Get count of logs
LogHandle=OpenEventLog_(computer.s,EVENTLOG_APP_NAME.s)
If LogHandle
Result=GetNumberOfEventLogRecords_(LogHandle,@anzahl.l)
CloseEventLog_(LogHandle)
EndIf
ProcedureReturn Anzahl
EndProcedure
ProcedureDLL ReadLog(Record1,EVENTLOG_APP_NAME.s,computer.s);Read a specific Log
LogHandle=OpenEventLog_(computer.s,EVENTLOG_APP_NAME.s)
If LogHandle
pcbBytesNeeded=5000 ;SizeOf(EVENTLOGRECORD)
If Mem1=0
Mem1=GlobalAlloc_(#GMEM_FIXED,pcbBytesNeeded)
EndIf
ReadEventLog_(LogHandle,#EVENTLOG_FORWARDS_READ|#EVENTLOG_SEEK_READ ,Record1,Mem1,pcbBytesNeeded,@byteswritten,@neededBytes)
;GlobalFree_(Buffer)
CloseEventLog_(LogHandle)
EndIf
EndProcedure
ProcedureDLL ClearLogs(EVENTLOG_APP_NAME.s,computer.s);Delete all Logs
LogHandle=OpenEventLog_(@computer.s,@EVENTLOG_APP_NAME.s)
If LogHandle
ClearEventLog_(Loghandle,0)
CloseEventLog_(LogHandle)
EndIf
EndProcedure
ProcedureDLL ExamineLogs(EVENTLOG_APP_NAME.s,computer.s);Examine LOG's
Record=1
MaxLogs=GetLogs(EVENTLOG_APP_NAME.s,"")
glbEVENTLOG_APP_NAME=EVENTLOG_APP_NAME.s
glbcomputer.s=computer.s
EndProcedure
ProcedureDLL NextLogs();Try to get next LogRecord (Null i EOF)
If Record<MaxLogs
Record+1
ReadLog(Record,glbEVENTLOG_APP_NAME.s,glbcomputer.s)
ProcedureReturn Record
Else
ProcedureReturn 0
EndIf
EndProcedure
ProcedureDLL Log_End();Releases memory at end
If Mem1<>0
GlobalFree_(Mem1)
EndIf
EndProcedure
; Structure EVENTLOGRECORD
; Length.l
; Reserved.l
; RecordNumber.l
; TimeGenerated.l
; TimeWritten.l
; EventID.l
; EventType.w
; NumStrings.w
; EventCategory.w
; ReservedFlags.w
; ClosingRecordNumber.l
; StringOffset.l
; UserSidLength.l
; UserSidOffset.l
; DataLength.l
; DataOffset.l
; EndStructure
ProcedureDLL GetLogTime();Get Time in seconds, elapsed from 1970
If Mem1
ProcedureReturn PeekL(Mem1+12)
EndIf
EndProcedure
ProcedureDLL GetLogEventID();Get an ID
If Mem1
ProcedureReturn PeekL(Mem1+20)
EndIf
EndProcedure
ProcedureDLL GetLogType();Get the Type of Log-entry
If Mem1
ProcedureReturn PeekL(Mem1+24)
EndIf
EndProcedure
ProcedureDLL.s GetLogSourceName();Get the Name of the registered Source(File) which generates the error
If Mem1
;Debug PeekL(Mem1)
ProcedureReturn PeekS(Mem1+56)
EndIf
EndProcedure
ProcedureDLL.s GetLogComputerName();Get the Computername which write the log
If Mem1
ProcedureReturn PeekS(Mem1+57+Len(PeekS(Mem1+56)))
EndIf
EndProcedure
ProcedureDLL.s GetLogString();Get a detailed LogDescription
If Mem1
anz=PeekW(Mem1+26)
sAdr=Mem1+PeekL(Mem1+36);Stringadresse
sdummy.s=""
For I=1 To anz
sdummy2.s=PeekS(sadr)
sdummy.s=sdummy.s + sdummy2.s
sadr=sadr+Len(sdummy2.s)+1
Next I
ProcedureReturn sdummy.s
EndIf
EndProcedure
ProcedureDLL GetLogData(Bufferadress.l); If thee is a DataBlock, you get back the Len of Data and the Datin the specific Adress
If Mem1
anzahl=PeekL(Mem1+48);Datalength
If anzahl>0 And Bufferadress>0
CopyMemory(Mem1+PeekL(Mem1+52),Bufferadress,anzahl)
EndIf
EndIf
ProcedureReturn Anzahl
EndProcedure
CMessageTyp=$1003
computer.s="ringsnb"
computer.s=""
EVENTLOG_APP_NAME.s="SR_DEBUG"
EventMessage.s="Aber Hallo !"+Hex(Random(100))
WriteLog(EVENTLOG_APP_NAME.s,EventMessage.s,CMessageTyp,computer)
anzahl=GetLogs(EVENTLOG_APP_NAME.s,"")
Debug anzahl
For I=1 To anzahl
ReadLog(I,EVENTLOG_APP_NAME.s,"")
Debug GetLogSourceName()
Debug GetLogComputerName()
;Debug GetlogeventID()
;Debug GetLogString()
Next i
;ClearLogs(EVENTLOG_APP_NAME.s,"")
;Debug GetLogs(EVENTLOG_APP_NAME.s,"")