How can I write an event to the Security Log?

Posted on 2007-11-30
Last Modified: 2013-12-04
I am developing a VB appilcation (for Windows XP ) which has a feature to generate event logs for troubleshooting purposes.  However, I want the flexibility to decide which event log (app, sys, sec) to add an event to.
Is there a tool, script, or any available method to write to the Security event log?  I do not want or need to modify/delete existing entries; just add new ones (oppose to adding to the application log).
Question by:free4u
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 20384128
Please check whether this helps or gives any idea

Private Const EVENTLOG_SUCCESS = &H0
Private Const EVENTLOG_SEEK_READ = &H2
   Length As Long   ' Length of full record
   Reserved As Long   ' Used by the service
   RecordNumber As Long   ' Absolute record number
   TimeGenerated As Long   ' Seconds since 1-1-1970
   TimeWritten As Long   'Seconds since 1-1-1970
   EventID As Long
   EventType As Integer
   NumStrings As Integer
   EventCategory As Integer
   ReservedFlags As Integer   ' For use with paired events (auditing)
   ClosingRecordNumber As Long   'For use with paired events (auditing)
   StringOffset As Long   ' Offset from beginning of record
   UserSidLength As Long
   UserSidOffset As Long
   DataLength As Long
   DataOffset As Long   ' Offset from beginning of record
End Type
Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long
Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long
Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long
Private Sub Form_Load()
    Dim hEventLog As Long, LogString As String, Ret As Long, ELR As EVENTLOGRECORD
    Dim bBytes(1 To 1024) As Byte
    hEventLog = OpenEventLog(vbNullString, "c:\testlog.bak")
    ClearEventLog hEventLog, vbNullString
    ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0&
    GetNumberOfEventLogRecords hEventLog, Ret
    MsgBox "Events reported: " + CStr(Ret)
    GetOldestEventLogRecord hEventLog, Ret
    MsgBox "Oldest event record: " + CStr(Ret)
    BackupEventLog hEventLog, "c:\testlog.bak"
    CloseEventLog hEventLog
End Sub

Open in new window

LVL 12

Accepted Solution

jahboite earned 500 total points
ID: 20389195

I believe that the security event log is for system use only, meaning you can't write to it - the documentation doesn't state this explicitly, so it's worth trying anyway!.  You can register your application as an event source and then write to event logs as well as creating your own event logs.
LVL 12

Expert Comment

ID: 20928093
Thanks free4u!  How did it go?  I assume you weren't, in the end, able to write to the security log, but did you manage to write to some log?

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question