How I can check the event log using API's for windows

Hello:
Sombody knows how I can check de event log, I know there is an API that can do it but I dont know which one is, could some body tell me wich one is and how to use it.

Thanks

http://www.vbforums.com/showthread.p...ight=event+log

I can´t find information about that API, could you send me an example or how to do it?

thanks

neither can I :(

I took it for granted when I saw it was JoshT that had answered :)

I took a look in the good ol All API and found this sample

VB Code:

Private Const EVENTLOG_SUCCESS = &H0
Private Const EVENTLOG_ERROR_TYPE = &H1
Private Const EVENTLOG_WARNING_TYPE = &H2
Private Const EVENTLOG_INFORMATION_TYPE = &H4
Private Const EVENTLOG_AUDIT_SUCCESS = &H8
Private Const EVENTLOG_AUDIT_FAILURE = &H10
Private Const EVENTLOG_SEQUENTIAL_READ = &H1
Private Const EVENTLOG_SEEK_READ = &H2
Private Const EVENTLOG_FORWARDS_READ = &H4
Private Const EVENTLOG_BACKWARDS_READ = &H8
Private Type EVENTLOGRECORD
   Length As Long   ' Length of full record
   Reserved As Long   ' Used by the service
   RecordNumber As Long   ' Absolute record number
   TimeGenerated As Long   ' Seconds since 1-1-1970
   TimeWritten As Long   'Seconds since 1-1-1970
   EventID As Long
   EventType As Integer
   NumStrings As Integer
   EventCategory As Integer
   ReservedFlags As Integer   ' For use with paired events (auditing)
   ClosingRecordNumber As Long   'For use with paired events (auditing)
   StringOffset As Long   ' Offset from beginning of record
   UserSidLength As Long
   UserSidOffset As Long
   DataLength As Long
   DataOffset As Long   ' Offset from beginning of record
End Type
Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long
Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long
Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long
Private Sub Form_Load()
    'KPD-Team 2000
    'URL: [url]http://www.allapi.net/[/url]
    'E-Mail: [email][email protected][/email]
    Dim hEventLog As Long, LogString As String, Ret As Long, ELR As EVENTLOGRECORD
    Dim bBytes(1 To 1024) As Byte
    'Open the event log
    hEventLog = OpenEventLog(vbNullString, "c:\testlog.bak")
    'Clear it, if there's already something in it
    ClearEventLog hEventLog, vbNullString
    'Report a new event
    ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0&
    'Get the number of reported events
    GetNumberOfEventLogRecords hEventLog, Ret
    MsgBox "Events reported: " + CStr(Ret)
    'Get the oldest event record
    GetOldestEventLogRecord hEventLog, Ret
    MsgBox "Oldest event record: " + CStr(Ret)
    'Write the event log to a file
    BackupEventLog hEventLog, "c:\testlog.bak"
    'Close the event log
    CloseEventLog hEventLog
End Sub

could that be of use to you ?

Yeah I found that example too, but I need to check all the events that one user made, this example just make a back up copy of the registry and clean it, to start again. I dont know if you know how to show the events that made an user like the event viewer.

Hi again angel of dark :)

sorry but I do not have any samples for you... I never used this myself so I'm blank :(

COLOR=darkblue]Thanks peet, I don't know if sombody else know how to read de Event log and display it like the event viewer, with thise you can know which events were done by one user.[[/COLOR]