Here is a code I found that notifies if an event has been generated. I
still can't find anything that would actually grab the event and export
it a file which is what I am trying to do
#include <windows.h>
#include <stdio.h>
BOOL notifyChange(LPCTSTR logSource)
{
BOOL bSuccess;
HANDLE hEventLog, hEvent;
DWORD dwWaitResult;
hEventLog = OpenEventLog(NULL, // local machine
logSource); // event log source name
if (hEventLog == NULL)
{
printf("Could not open event log.");
return FALSE;
}
hEvent = CreateEvent(NULL, // default security attributes
FALSE, // no manual reset
FALSE, // create as not signaled
NULL); // no event name
NotifyChangeEventLog(hEventLog, hEvent);
dwWaitResult = WaitForSingleObject(hEvent, INFINITE);
if (dwWaitResult == WAIT_FAILED)
bSuccess = FALSE;
else bSuccess = TRUE;
CloseHandle(hEvent);
CloseEventLog(hEventLog);
return bSuccess;
}
What i am stuck on right now is the "LPCTSTR logSource". Where do I
find the source of the log and how do I pass store it in a LPCTSTR.
Can anyone give me a better suggestion. i am basically trying to grab
any info that is generated by Windows Event logger (event ID, type of
event, message, user, etc) to a text file.
9  1874 
"Jack" <ac*******@hotmail.comwrote in message
news:11*********************@l12g2000cwl.googlegro ups.com...
What i am stuck on right now is the "LPCTSTR logSource". Where do I
find the source of the log and how do I pass store it in a LPCTSTR.
Can anyone give me a better suggestion. i am basically trying to grab
any info that is generated by Windows Event logger (event ID, type of
event, message, user, etc) to a text file.
Go to the Control Panel, select the Administrative Tools icon, and open the
Event Viewer. There you will find the names of the event logs of the system
on which you do that.
That said, many applications just sprinkle their events along with all the
others you find there.
As for the type
LP = (long) pointer
C = constant
T = text
STR = C language character string = null terminated array
So what you need to pass is a pointer to the first of a string of
characters. In an ANSI build, you use 8 bit characters, and in a UNICODE
build 16. That said, one of "Application" or L"Application" may fit the
bill.
Regards,
Will
"William DePalo [MVP VC++]" <wi***********@mvps.orgwrote in message
news:eC*************@TK2MSFTNGP02.phx.gbl...
"Jack" <ac*******@hotmail.comwrote in message
news:11*********************@l12g2000cwl.googlegro ups.com...
>What i am stuck on right now is the "LPCTSTR logSource". Where do I
find the source of the log and how do I pass store it in a LPCTSTR.
Can anyone give me a better suggestion. i am basically trying to grab
any info that is generated by Windows Event logger (event ID, type of
event, message, user, etc) to a text file.
Go to the Control Panel, select the Administrative Tools icon, and open
the Event Viewer. There you will find the names of the event logs of the
system on which you do that.
That said, many applications just sprinkle their events along with all the
others you find there.
As for the type
LP = (long) pointer
C = constant
T = text
STR = C language character string = null terminated array
So what you need to pass is a pointer to the first of a string of
characters. In an ANSI build, you use 8 bit characters, and in a UNICODE
build 16. That said, one of "Application" or L"Application" may fit the
bill.
_T("Application") will -Do The Right Thing- for both ANSI and UNICODE.
>
Regards,
Will
"Ben Voigt" <rb*@nospam.nospamwrote in message
news:uL**************@TK2MSFTNGP04.phx.gbl...
_T("Application") will -Do The Right Thing- for both ANSI and UNICODE.
I know, perhaps you meant to tell the OP.
FWIW: I despise those ugly macros. I, for one, am willing to forego forever
the possibility of running on '9x. With that possibility out of the way, I
can't see a good reason to litter source code with such _stuff_. YMMV.
Regards,
Will
"William DePalo [MVP VC++]" <wi***********@mvps.orgwrote in message
news:O9**************@TK2MSFTNGP04.phx.gbl...
"Ben Voigt" <rb*@nospam.nospamwrote in message
news:uL**************@TK2MSFTNGP04.phx.gbl...
>_T("Application") will -Do The Right Thing- for both ANSI and UNICODE.
I know, perhaps you meant to tell the OP.
FWIW: I despise those ugly macros. I, for one, am willing to forego
forever the possibility of running on '9x. With that possibility out of
the way, I can't see a good reason to litter source code with such
_stuff_. YMMV.
Point taken. But that *ugly macro* is completely general to both ANSI and
UNICODE, is in fact the correct solution anywhere a TSTR is used, and beats
'one of "Application" or L"Application" may fit the bill' any day. If you
don't care about Win9x, you should use L"string" and WSTR and function names
ending in W exclusively and not have any TSTR at all.
>
Regards,
Will
"Ben Voigt" <rb*@nospam.nospamwrote in message
news:%2****************@TK2MSFTNGP03.phx.gbl...
If you don't care about Win9x, you should use L"string" and WSTR and
function names ending in W exclusively and not
have any TSTR at all.
Those macros are anachronisms. I'll have none of them, thanks.
Regards,
Will
Sorry guy, I know this may be frustrating but, i tried what you said
and it didn't work, obviously I am not too familiar with the syntax.
here is what I have:
int main(){
bool test = false;
test = notifyChange("Application");
return 0;
}
BOOL notifyChange(LPCTSTR logSource){
BOOL bSuccess;
HANDLE hEventLog, hEvent;
DWORD dwWaitResult;
hEventLog = OpenEventLog(NULL, // local machine
logSource); // event log source name
if (hEventLog == NULL){
printf("Could not open event log.");
return FALSE;
}
hEvent = CreateEvent(NULL, // default security attributes
FALSE, // no manual reset
FALSE, // create as not signaled
NULL); // no event name
NotifyChangeEventLog(hEventLog, hEvent);
dwWaitResult = WaitForSingleObject(hEvent, INFINITE);
if (dwWaitResult == WAIT_FAILED)
bSuccess = FALSE;
else bSuccess = TRUE;
CloseHandle(hEvent);
CloseEventLog(hEventLog);
return bSuccess;
}
I also tried
test = notifyChange(L"Application");
and
test = notifyChange(_T"Application");
Thanks in advance for your help
J
William DePalo [MVP VC++] wrote:
"Jack" <ac*******@hotmail.comwrote in message
news:11*********************@l12g2000cwl.googlegro ups.com...
What i am stuck on right now is the "LPCTSTR logSource". Where do I
find the source of the log and how do I pass store it in a LPCTSTR.
Can anyone give me a better suggestion. i am basically trying to grab
any info that is generated by Windows Event logger (event ID, type of
event, message, user, etc) to a text file.
Go to the Control Panel, select the Administrative Tools icon, and open the
Event Viewer. There you will find the names of the event logs of the system
on which you do that.
That said, many applications just sprinkle their events along with all the
others you find there.
As for the type
LP = (long) pointer
C = constant
T = text
STR = C language character string = null terminated array
So what you need to pass is a pointer to the first of a string of
characters. In an ANSI build, you use 8 bit characters, and in a UNICODE
build 16. That said, one of "Application" or L"Application" may fit the
bill.
Regards,
Will
"Jack" <ac*******@hotmail.comwrote in message
news:11**********************@j72g2000cwa.googlegr oups.com...
Sorry guy, I know this may be frustrating but, i tried what you said
and it didn't work,
No problem, I'm not frustrated at all. :-)
obviously I am not too familiar with the syntax.
here is what I have:
Well, syntax errors usually manifest themsleves at compile time while
semantic errors are presented at run time. If you receive an error, you need
to post it if you don't understand it.
First you will need to determine which log it is that contains the events
that interests you. Many applications just use the common "Application" log.
Second, you will need to start checking return codes. If you do that and you
don't understand what the code means you can post it here.
Third, you will find and example that demonstrates reading an event log
here: http://msdn.microsoft.com/library/de..._event_log.asp
Fourth, you need to understand how the notification works. When a record is
written to the log, the event you passed to NotifyChangeEventLog() is pulsed
(signalled and then reset). Further there is a cap of one pulse every five
seconds. So it is entirely possible, likely even, that another record is
written to the log before the next pulse. The upshot of that is that you
will "see" one notification even if there are multiple records to be read.
It is for this reason that records have numbers and that the log supports a
seek operation.
Finally, the code sample is your friend.
Regards,
Will
Ok I see that I am going about this all wrong. Here is what actually
want to do: http://groups.google.ca/group/micros...18b1e170bbf6a2
I am looking for a way to write all events that are generated either by
an application or the system (whether is for DNS, DOMAIN CONTROLLERS,
SECURITY ETC.) to a text file. So sort of like my own event viewer. I
need this to be live meaning I don't want to wait every 5 minutes and
then read any changes that have been to the Windows Event Log.
Any ideas on where to start, what to look at, where to look at. I
looked at the sample code and found the Event Notification, but again
as William described it isnot really live.
Thanks
J
William DePalo [MVP VC++] wrote:
"Jack" <ac*******@hotmail.comwrote in message
news:11**********************@j72g2000cwa.googlegr oups.com...
Sorry guy, I know this may be frustrating but, i tried what you said
and it didn't work,
No problem, I'm not frustrated at all. :-)
obviously I am not too familiar with the syntax.
here is what I have:
Well, syntax errors usually manifest themsleves at compile time while
semantic errors are presented at run time. If you receive an error, you need
to post it if you don't understand it.
First you will need to determine which log it is that contains the events
that interests you. Many applications just use the common "Application" log.
Second, you will need to start checking return codes. If you do that and you
don't understand what the code means you can post it here.
Third, you will find and example that demonstrates reading an event log
here:
http://msdn.microsoft.com/library/de..._event_log.asp
Fourth, you need to understand how the notification works. When a record is
written to the log, the event you passed to NotifyChangeEventLog() is pulsed
(signalled and then reset). Further there is a cap of one pulse every five
seconds. So it is entirely possible, likely even, that another record is
written to the log before the next pulse. The upshot of that is that you
will "see" one notification even if there are multiple records to be read.
It is for this reason that records have numbers and that the log supports a
seek operation.
Finally, the code sample is your friend.
Regards,
Will
"Jack" <ac*******@hotmail.comwrote in message
news:11**********************@79g2000cws.googlegro ups.com...
I am looking for a way to write all events that are generated either by
an application or the system (whether is for DNS, DOMAIN CONTROLLERS,
SECURITY ETC.) to a text file. So sort of like my own event viewer. I
need this to be live meaning I don't want to wait every 5 minutes and
then read any changes that have been to the Windows Event Log.
Any ideas on where to start, what to look at, where to look at.
Yeah, build your own operating system. :-)
I looked at the sample code and found the Event Notification, but again
as William described it isnot really live.
No, it's not. It's notification after the fact.
But because it is possible to get the oldest record in a log, to get the
number of records in a log, to seek to anywhere you like in the log, to read
any record in the log and to be notified of the arrival of new records you
could easily create the solution that you want.
On the other hand, if you look at the list of event log functions: http://msdn.microsoft.com/library/de..._event_log.asp
you will find nothing a ready made solution like the one that you want.
Regards,
Will This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Sibyl |
last post by:
Is there any way to get the name of a class without an instance (i.e.,
object of the class)? I am working with log4j, and would like a uniform
way to name loggers without typing in the name of the...
|
by: hokieghal99 |
last post by:
Does anyone know of a keystroke logger that has been written in Python
for Windows machines? I'd like to see such a script and use it as a
point of reference for a real-time backup project that I'm...
|
by: Olli Piepponen |
last post by:
Hi,
I'm having a little problem catching keystrokes under Windows. I did a
little research and found that with mscvrt.getch() one can cath a single
key that is pressed. However this doesn't work...
|
by: Larry Tate |
last post by:
I have had a monstrous time getting any good debugging info out of the .net
platform.
Using ...
..NET Framework 1.1
Windows 2K Server
VB.NET <- is this the problem?
error handling in the...
|
by: CJ Taylor |
last post by:
Hey all,
This is probably a dumb question, but still feeling a little strange from
Labor day festiviities. Anyways,
I want a shared sub, at least something that is easy to call from any one...
| | |
by: Andrew Neillans |
last post by:
Hi all,
First off, I apologise if this is mentioned in a MSDN document
somewhere, but I've searched both MSDN and Google and can't find
anything - so thought I'd post.
Ok, now the problem.
...
|
by: Sean |
last post by:
Here is a code I found that notifies if an event has been generated. I
still can't find anything that would actually grab the event and export
it a file which is what I am trying to do
#include...
|
by: MikalE |
last post by:
I’m using a third-party ActicveX component that has the following description for one of its events:
They mean by this that LocationType is an array of VARIANTS (containing enumeration)
When...
|
by: Solomon_Man |
last post by:
All,
I have a Windows Service application that has database connectivity
and needs the capability to let a user know that there has been a db
failure. What is the proper way to notify a user that...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
