Results 1 to 7 of 7

Thread: How I can check the event log using API's for windows

  1. May 5th, 2003, 04:42 PM #1
    angel of dark
    angel of dark is offline

    Thread Starter
    Lively Member angel of dark's Avatar
    Join Date
    Dec 2002
    Location
    Leon guanajuato Mexico
    Posts
    74

    How I can check the event log using API's for windows

    Hello:
    Sombody knows how I can check de event log, I know there is an API that can do it but I dont know which one is, could some body tell me wich one is and how to use it.

    Thanks
    al peor programador hasta el HELLO WORLD le marca error.....

    event to the worst programmer the Hello world marks him error..
    Reply With Quote Reply With Quote
  2. May 5th, 2003, 04:47 PM #2
    peet
    peet is offline
    -= B u g S l a y e r =- peet's Avatar
    Join Date
    Aug 2000
    Posts
    9,629
    http://www.vbforums.com/showthread.p...ight=event+log
    -= a peet post =-
    Reply With Quote Reply With Quote
  3. May 5th, 2003, 05:44 PM #3
    angel of dark
    angel of dark is offline

    Thread Starter
    Lively Member angel of dark's Avatar
    Join Date
    Dec 2002
    Location
    Leon guanajuato Mexico
    Posts
    74
    I can´t find information about that API, could you send me an example or how to do it?

    thanks
    al peor programador hasta el HELLO WORLD le marca error.....

    event to the worst programmer the Hello world marks him error..
    Reply With Quote Reply With Quote
  4. May 5th, 2003, 07:39 PM #4
    peet
    peet is offline
    -= B u g S l a y e r =- peet's Avatar
    Join Date
    Aug 2000
    Posts
    9,629
    neither can I

    I took it for granted when I saw it was JoshT that had answered

    I took a look in the good ol All API and found this sample

    VB Code:
    1. Private Const EVENTLOG_SUCCESS = &H0

    2. Private Const EVENTLOG_ERROR_TYPE = &H1

    3. Private Const EVENTLOG_WARNING_TYPE = &H2

    4. Private Const EVENTLOG_INFORMATION_TYPE = &H4

    5. Private Const EVENTLOG_AUDIT_SUCCESS = &H8

    6. Private Const EVENTLOG_AUDIT_FAILURE = &H10

    7. Private Const EVENTLOG_SEQUENTIAL_READ = &H1

    8. Private Const EVENTLOG_SEEK_READ = &H2

    9. Private Const EVENTLOG_FORWARDS_READ = &H4

    10. Private Const EVENTLOG_BACKWARDS_READ = &H8

    11. Private Type EVENTLOGRECORD

    12.    Length As Long   ' Length of full record

    13.    Reserved As Long   ' Used by the service

    14.    RecordNumber As Long   ' Absolute record number

    15.    TimeGenerated As Long   ' Seconds since 1-1-1970

    16.    TimeWritten As Long   'Seconds since 1-1-1970

    17.    EventID As Long

    18.    EventType As Integer

    19.    NumStrings As Integer

    20.    EventCategory As Integer

    21.    ReservedFlags As Integer   ' For use with paired events (auditing)

    22.    ClosingRecordNumber As Long   'For use with paired events (auditing)

    23.    StringOffset As Long   ' Offset from beginning of record

    24.    UserSidLength As Long

    25.    UserSidOffset As Long

    26.    DataLength As Long

    27.    DataOffset As Long   ' Offset from beginning of record

    28. End Type

    29. Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long

    30. Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long

    31. Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long

    32. Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long

    33. Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long

    34. Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long

    35. Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long

    36. Private Sub Form_Load()

    37.     'KPD-Team 2000

    38.     'URL: [url]http://www.allapi.net/[/url]

    39.     'E-Mail: [email][email protected][/email]

    40.     Dim hEventLog As Long, LogString As String, Ret As Long, ELR As EVENTLOGRECORD

    41.     Dim bBytes(1 To 1024) As Byte

    42.     'Open the event log

    43.     hEventLog = OpenEventLog(vbNullString, "c:\testlog.bak")

    44.     'Clear it, if there's already something in it

    45.     ClearEventLog hEventLog, vbNullString

    46.     'Report a new event

    47.     ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0&

    48.     'Get the number of reported events

    49.     GetNumberOfEventLogRecords hEventLog, Ret

    50.     MsgBox "Events reported: " + CStr(Ret)

    51.     'Get the oldest event record

    52.     GetOldestEventLogRecord hEventLog, Ret

    53.     MsgBox "Oldest event record: " + CStr(Ret)

    54.     'Write the event log to a file

    55.     BackupEventLog hEventLog, "c:\testlog.bak"

    56.     'Close the event log

    57.     CloseEventLog hEventLog

    58. End Sub

    could that be of use to you ?
    -= a peet post =-
    Reply With Quote Reply With Quote
  6. May 5th, 2003, 08:11 PM #5
    angel of dark
    angel of dark is offline

    Thread Starter
    Lively Member angel of dark's Avatar
    Join Date
    Dec 2002
    Location
    Leon guanajuato Mexico
    Posts
    74
    Yeah I found that example too, but I need to check all the events that one user made, this example just make a back up copy of the registry and clean it, to start again. I dont know if you know how to show the events that made an user like the event viewer.
    Last edited by angel of dark; May 6th, 2003 at 01:45 AM.
    al peor programador hasta el HELLO WORLD le marca error.....

    event to the worst programmer the Hello world marks him error..
    Reply With Quote Reply With Quote
  7. May 6th, 2003, 02:15 AM #6
    peet
    peet is offline
    -= B u g S l a y e r =- peet's Avatar
    Join Date
    Aug 2000
    Posts
    9,629
    Hi again angel of dark

    sorry but I do not have any samples for you... I never used this myself so I'm blank
    -= a peet post =-
    Reply With Quote Reply With Quote
  8. May 6th, 2003, 10:02 AM #7
    angel of dark
    angel of dark is offline

    Thread Starter
    Lively Member angel of dark's Avatar
    Join Date
    Dec 2002
    Location
    Leon guanajuato Mexico
    Posts
    74
    COLOR=darkblue]Thanks peet, I don't know if sombody else know how to read de Event log and display it like the event viewer, with thise you can know which events were done by one user.[[/COLOR]
    al peor programador hasta el HELLO WORLD le marca error.....

    event to the worst programmer the Hello world marks him error..
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width