gargjapan
asked on
How to get EVENT LOG RECORD DETAILS.
By the below code I can get the event log record.
I want to get the each event log record details.
If I try to get the event log recoded details from the below code, Details of the logrecord get truncated.
Is there anyway to get it.
I know there log event detail is written in dll
The way to do it may --->
GET eventID--> get Dll from the regestry--> load the dll with Loadlibaray then like this....
Is anyone has the code how to get the detail of each log record. If some one can explain me..How I can do this...
Thanks
Option Explicit
Private Const EVENTLOG_SEQUENTIAL_READ As Long = 1
Private Const EVENTLOG_SEEK_READ As Long = 2
Private Const EVENTLOG_FORWARDS_READ As Long = 4
Private Const EVENTLOG_BACKWARDS_READ As Long = 8
Private Type EVENTLOGRECORD
Length As Long ' Length of full record
Reserved As Long ' Used by the service
RecordNumber As Long ' Absolute record number
TimeGenerated As Long ' Seconds since 1-1-1970
TimeWritten As Long ' Seconds since 1-1-1970
EventID As Long
EventType As Integer
NumStrings As Integer
EventCategory As Integer
ReservedFlags As Integer ' For use with paired events(auditing)
ClosingRecordNumber As Long ' For use with paired events(auditing)
StringOffset As Long ' Offset from beginning of record
UserSidLength As Long
UserSidOffset As Long
DataLength As Long
DataOffset As Long ' Offset from beginning of record
DataBuffer(1 To 1992) As Byte
End Type
Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, _
ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, _
pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Sub Form_Load()
Dim r As Long
Dim hEventLog As Long
Dim Event1 As EVENTLOGRECORD
Dim BytesRead As Long
Dim BytesNeeded As Long
Dim i As Long
Dim j As Long
Dim CT As String
Dim b As Byte
Dim c() As Byte
Dim d As String
Me.Show
hEventLog = OpenEventLog(vbNullString, "System")
If hEventLog = 0 Then Exit Sub
Do
i = i + 1
r = ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ Or EVENTLOG_SEEK_READ, _
i, Event1, 0, BytesRead, BytesNeeded)
If BytesNeeded < LenB(Event1) Then
r = ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ Or EVENTLOG_SEEK_READ, i, Event1, BytesNeeded, BytesRead, BytesNeeded)
CT = ""
For j = 1 To 100
b = Event1.DataBuffer(j)
If b >= 32 And b < 127 Then
CT = CT & Chr(b)
Else
CT = CT & " "
End If
Next
' List1.AddItem Event1.RecordNumber & vbTab & cT
List1.ListIndex = List1.ListCount - 1
DoEvents
Erase c
End If
Loop Until r = 0
r = CloseEventLog(hEventLog)
End Sub
I want to get the each event log record details.
If I try to get the event log recoded details from the below code, Details of the logrecord get truncated.
Is there anyway to get it.
I know there log event detail is written in dll
The way to do it may --->
GET eventID--> get Dll from the regestry--> load the dll with Loadlibaray then like this....
Is anyone has the code how to get the detail of each log record. If some one can explain me..How I can do this...
Thanks
Option Explicit
Private Const EVENTLOG_SEQUENTIAL_READ As Long = 1
Private Const EVENTLOG_SEEK_READ As Long = 2
Private Const EVENTLOG_FORWARDS_READ As Long = 4
Private Const EVENTLOG_BACKWARDS_READ As Long = 8
Private Type EVENTLOGRECORD
Length As Long ' Length of full record
Reserved As Long ' Used by the service
RecordNumber As Long ' Absolute record number
TimeGenerated As Long ' Seconds since 1-1-1970
TimeWritten As Long ' Seconds since 1-1-1970
EventID As Long
EventType As Integer
NumStrings As Integer
EventCategory As Integer
ReservedFlags As Integer ' For use with paired events(auditing)
ClosingRecordNumber As Long ' For use with paired events(auditing)
StringOffset As Long ' Offset from beginning of record
UserSidLength As Long
UserSidOffset As Long
DataLength As Long
DataOffset As Long ' Offset from beginning of record
DataBuffer(1 To 1992) As Byte
End Type
Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, _
ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, _
pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function GetLastError Lib "kernel32" () As Long
Private Sub Form_Load()
Dim r As Long
Dim hEventLog As Long
Dim Event1 As EVENTLOGRECORD
Dim BytesRead As Long
Dim BytesNeeded As Long
Dim i As Long
Dim j As Long
Dim CT As String
Dim b As Byte
Dim c() As Byte
Dim d As String
Me.Show
hEventLog = OpenEventLog(vbNullString,
If hEventLog = 0 Then Exit Sub
Do
i = i + 1
r = ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ Or EVENTLOG_SEEK_READ, _
i, Event1, 0, BytesRead, BytesNeeded)
If BytesNeeded < LenB(Event1) Then
r = ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ Or EVENTLOG_SEEK_READ, i, Event1, BytesNeeded, BytesRead, BytesNeeded)
CT = ""
For j = 1 To 100
b = Event1.DataBuffer(j)
If b >= 32 And b < 127 Then
CT = CT & Chr(b)
Else
CT = CT & " "
End If
Next
' List1.AddItem Event1.RecordNumber & vbTab & cT
List1.ListIndex = List1.ListCount - 1
DoEvents
Erase c
End If
Loop Until r = 0
r = CloseEventLog(hEventLog)
End Sub
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Greetings, gargjapan!
You've asked 14 questions, but only completed and awarded three of them. I will update each for you to ensure that you are notified by Email and return to finalize them.
It's time to clean up this topic area and that means taking care of this question. Your options at this point are:
1. Award points to the Expert who provided an answer, or who helped you most. Do this by clicking on the "Accept Comment as Answer" button that lies above and to the right of the appropriate expert's name.
2. PAQ the question because the information might be useful to others, but was not useful to you. To use this option, you must state why the question is no longer useful to you, and the experts need to let me know if they feel that you're being unfair.
3. Ask Community Support to help split points between participating experts. Just comment here with details.
4. Delete the question because it is of no value to you or to anyone else. To use this option, you must state why the question is no longer useful to you, and the experts need to let me know if they feel that you're being unfair.
If you elect for option 2, 3 or 4, just post comment with details here and I'll take it from there. We also request that you review any other open questions you might have and update/close them. Display all your question history from your Member Profile to view details.
PLEASE DO NOT AWARD THE POINTS TO ME.
__________________________ __________ ________
Hi Experts:
In the event that the Asker does not respond, I would very much appreciate your opinions as to which Expert ought to receive points (if any) as a result of this question. Likewise, you can also suggest that I PAQ or delete the question.
Experts, please do not add further "answer" information to this question. I will be back in about one week to finalize this question.
Thank you everyone.
Moondancer :)
Community Support Moderator @ Experts Exchange
You've asked 14 questions, but only completed and awarded three of them. I will update each for you to ensure that you are notified by Email and return to finalize them.
It's time to clean up this topic area and that means taking care of this question. Your options at this point are:
1. Award points to the Expert who provided an answer, or who helped you most. Do this by clicking on the "Accept Comment as Answer" button that lies above and to the right of the appropriate expert's name.
2. PAQ the question because the information might be useful to others, but was not useful to you. To use this option, you must state why the question is no longer useful to you, and the experts need to let me know if they feel that you're being unfair.
3. Ask Community Support to help split points between participating experts. Just comment here with details.
4. Delete the question because it is of no value to you or to anyone else. To use this option, you must state why the question is no longer useful to you, and the experts need to let me know if they feel that you're being unfair.
If you elect for option 2, 3 or 4, just post comment with details here and I'll take it from there. We also request that you review any other open questions you might have and update/close them. Display all your question history from your Member Profile to view details.
PLEASE DO NOT AWARD THE POINTS TO ME.
__________________________
Hi Experts:
In the event that the Asker does not respond, I would very much appreciate your opinions as to which Expert ought to receive points (if any) as a result of this question. Likewise, you can also suggest that I PAQ or delete the question.
Experts, please do not add further "answer" information to this question. I will be back in about one week to finalize this question.
Thank you everyone.
Moondancer :)
Community Support Moderator @ Experts Exchange
vbhelper and gargjapan are duplicate accounts. What is more, they both have a tendency to abandon their questions as soon as they have their answer.
Their accounts have been closed. Which leaves these open questions as so many loose ends.
Of the participants I would like to ask, please advise. Did anyone provide enough info to deserve the points? Or should this question be deleted?
Thank you
modder
Community Support
Their accounts have been closed. Which leaves these open questions as so many loose ends.
Of the participants I would like to ask, please advise. Did anyone provide enough info to deserve the points? Or should this question be deleted?
Thank you
modder
Community Support
Well as the only non-moderator to participate in this one, I don't really know. The links provided work so you could consider that enough of an answer.
Recommended disposition:
Accept TimCottee's comment(s) as an answer.
DanRollins -- EE database cleanup volunteer
Accept TimCottee's comment(s) as an answer.
DanRollins -- EE database cleanup volunteer
DAN!!!!!!!
WILL YOU PLEASE STOP IT.
I'm getting notifications for each and every bloody question I've ever commented on as modder. Can't you just pass the URL on to Moondancer and let her deal with it?
WILL YOU PLEASE STOP IT.
I'm getting notifications for each and every bloody question I've ever commented on as modder. Can't you just pass the URL on to Moondancer and let her deal with it?
In the case of the 'Pending Deletes' I'm sure that has been a headache. Please forgive me.
However, I have been tasked with cleaning up the Visual Basic TA. I mean 'actually cleaning it up' and not messing around and thinking about it and wishing it were done. A very effective way to do that is to post a recommendation to Q's that will trigger a notif to a Mod. It skips one whole step in the process.
If that means that you need to press the delete key a few times in your email program, then so be it. I don't really like to be yelled at. So buzz off.
-- Dan
However, I have been tasked with cleaning up the Visual Basic TA. I mean 'actually cleaning it up' and not messing around and thinking about it and wishing it were done. A very effective way to do that is to post a recommendation to Q's that will trigger a notif to a Mod. It skips one whole step in the process.
If that means that you need to press the delete key a few times in your email program, then so be it. I don't really like to be yelled at. So buzz off.
-- Dan
Dan,
I've asked you several times to do something about this. You have never bothered to acknowledge any of my remarks, let alone respond to it.
I do not care for being treated like this, and I have raised this issue with Ian.
I've asked you several times to do something about this. You have never bothered to acknowledge any of my remarks, let alone respond to it.
I do not care for being treated like this, and I have raised this issue with Ian.
The modder account has been disabled, by request. caraf_g please email me when possible.
Regards,
ComTech
CS Admin @ EE
comtech@experts-exchange.c om
thanks
Regards,
ComTech
CS Admin @ EE
comtech@experts-exchange.c
thanks
ASKER
Is anyone else..can help me out. with these..