Solved

How to get EVENT LOG RECORD DETAILS.

Posted on 2001-07-04
10
1,088 Views
Last Modified: 2008-02-20
By the below code I can get the event log record.
I want to get the each event log record details.
If I try to get the event log recoded details from the below code, Details of the logrecord get truncated.
Is there anyway to get it.
I know there log event detail is written in dll
The way to do it may --->
GET eventID--> get Dll from the regestry--> load the dll with Loadlibaray then like this....
Is anyone has the code how to get the detail of each log record. If some one can explain me..How I can do this...

Thanks


Option Explicit

Private Const EVENTLOG_SEQUENTIAL_READ As Long = 1
Private Const EVENTLOG_SEEK_READ As Long = 2
Private Const EVENTLOG_FORWARDS_READ As Long = 4
Private Const EVENTLOG_BACKWARDS_READ As Long = 8


Private Type EVENTLOGRECORD
     Length As Long               '  Length of full record
     Reserved As Long             '  Used by the service
     RecordNumber As Long         '  Absolute record number
     TimeGenerated As Long        '  Seconds since 1-1-1970
     TimeWritten As Long          '  Seconds since 1-1-1970
     EventID As Long
     EventType As Integer
     NumStrings As Integer
     EventCategory As Integer
     ReservedFlags As Integer     '  For use with paired events(auditing)
     ClosingRecordNumber As Long  '  For use with paired events(auditing)
     StringOffset As Long         '  Offset from beginning of record
     UserSidLength As Long
     UserSidOffset As Long
     DataLength As Long
     DataOffset As Long           '  Offset from beginning of record
     DataBuffer(1 To 1992) As Byte
End Type


Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, _
         ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, _
         pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long


Private Sub Form_Load()
   Dim r As Long
   Dim hEventLog As Long
   Dim Event1 As EVENTLOGRECORD
   Dim BytesRead As Long
   Dim BytesNeeded As Long
   Dim i As Long
   Dim j As Long
   Dim CT As String
   Dim b As Byte
   Dim c() As Byte
   Dim d As String
   Me.Show
   
   hEventLog = OpenEventLog(vbNullString, "System")
   If hEventLog = 0 Then Exit Sub
   
   Do
      i = i + 1
      r = ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ Or EVENTLOG_SEEK_READ, _
                            i, Event1, 0, BytesRead, BytesNeeded)
      If BytesNeeded < LenB(Event1) Then
         r = ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ Or EVENTLOG_SEEK_READ, i, Event1, BytesNeeded, BytesRead, BytesNeeded)
         CT = ""
         For j = 1 To 100
                b = Event1.DataBuffer(j)
                If b >= 32 And b < 127 Then
                    CT = CT & Chr(b)
                Else
                    CT = CT & " "
          End If
          Next
        ' List1.AddItem Event1.RecordNumber & vbTab & cT
         List1.ListIndex = List1.ListCount - 1
         DoEvents
         Erase c
      End If
   Loop Until r = 0
       
   r = CloseEventLog(hEventLog)
End Sub
0
Comment
Question by:gargjapan
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 43

Accepted Solution

by:
TimCottee earned 125 total points
ID: 6251906
http://www.btinternet.com/~vbadmincode/code/wp0396.zip and http://www.btinternet.com/~vbadmincode/code/quickevents.zip are excellent samples showing how to read the eventlog. I am very dubious about part of your definition for the EVENTLOGRECORD structure. I would guess that the array length in the last element of the structure is too small to return the complete details.
0
 

Author Comment

by:gargjapan
ID: 6305938
I need to get the detail information of each event that written in DLL of each and that dll path is written in regestery.
Is anyone else..can help me out. with these..
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6418439
Greetings, gargjapan!

You've asked 14 questions, but only completed and awarded three of them.  I will update each for you to ensure that you are notified by Email and return to finalize them.

It's time to clean up this topic area and that means taking care of this question. Your options at this point are:
 
1. Award points to the Expert who provided an answer, or who helped you most. Do this by clicking on the "Accept Comment as Answer" button that lies above and to the right of the appropriate expert's name.
 
2. PAQ the question because the information might be useful to others, but was not useful to you. To use this option, you must state why the question is no longer useful to you, and the experts need to let me know if they feel that you're being unfair.
 
3.  Ask Community Support to help split points between participating experts.  Just comment here with details.
 
4.  Delete the question because it is of no value to you or to anyone else.  To use this option, you must state why the question is no longer useful to you, and the experts need to let me know if they feel that you're being unfair.
 
If you elect for option 2, 3 or 4, just post comment with details here and I'll take it from there.  We also request that you review any other open questions you might have and update/close them.  Display all your question history from your Member Profile to view details.
 
PLEASE DO NOT AWARD THE POINTS TO ME.
 
____________________________________________
 
 
 
Hi Experts:
 
In the event that the Asker does not respond, I would very much appreciate your opinions as to which Expert ought to receive points (if any) as a result of this question.  Likewise, you can also suggest that I PAQ or delete the question.
 
Experts, please do not add further "answer" information to this question.  I will be back in about one week to finalize this question.
 
Thank you everyone.
 
Moondancer :)
Community Support Moderator @ Experts Exchange
0
 
LVL 3

Expert Comment

by:modder
ID: 6418511
vbhelper and gargjapan are duplicate accounts. What is more, they both have a tendency to abandon their questions as soon as they have their answer.

Their accounts have been closed. Which leaves these open questions as so many loose ends.

Of the participants I would like to ask, please advise. Did anyone provide enough info to deserve the points? Or should this question be deleted?

Thank you

modder
Community Support
0
 
LVL 43

Expert Comment

by:TimCottee
ID: 6450593
Well as the only non-moderator to participate in this one, I don't really know. The links provided work so you could consider that enough of an answer.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 49

Expert Comment

by:DanRollins
ID: 7095094
Recommended disposition:

    Accept TimCottee's comment(s) as an answer.

DanRollins -- EE database cleanup volunteer
0
 
LVL 10

Expert Comment

by:caraf_g
ID: 7095104
DAN!!!!!!!

WILL YOU PLEASE STOP IT.

I'm getting notifications for each and every bloody question I've ever commented on as modder. Can't you just pass the URL on to Moondancer and let her deal with it?
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 7095147
In the case of the 'Pending Deletes' I'm sure that has been a headache.  Please forgive me.

However, I have been tasked with cleaning up the Visual Basic TA.  I mean 'actually cleaning it up' and not messing around and thinking about it and wishing it were done.  A very effective way to do that is to post a recommendation to Q's that will trigger a notif to a Mod.  It skips one whole step in the process.

If that means that you need to press the delete key a few times in your email program, then so be it.  I don't really like to be yelled at.  So buzz off.

-- Dan

0
 
LVL 10

Expert Comment

by:caraf_g
ID: 7095174
Dan,

I've asked you several times to do something about this. You have never bothered to acknowledge any of my remarks, let alone respond to it.

I do not care for being treated like this, and I have raised this issue with Ian.
0
 

Expert Comment

by:ComTech
ID: 7122299
The modder account has been disabled, by request. caraf_g please email me when possible.

Regards,
ComTech
CS Admin @ EE

comtech@experts-exchange.com

thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now