Solved

How can I write an event to the Security Log?

Posted on 2007-11-30
3
1,031 Views
Last Modified: 2013-12-04
I am developing a VB appilcation (for Windows XP ) which has a feature to generate event logs for troubleshooting purposes.  However, I want the flexibility to decide which event log (app, sys, sec) to add an event to.
Is there a tool, script, or any available method to write to the Security event log?  I do not want or need to modify/delete existing entries; just add new ones (oppose to adding to the application log).
0
Comment
Question by:free4u
  • 2
3 Comments
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 20384128
Please check whether this helps or gives any idea

Private Const EVENTLOG_SUCCESS = &H0

Private Const EVENTLOG_ERROR_TYPE = &H1

Private Const EVENTLOG_WARNING_TYPE = &H2

Private Const EVENTLOG_INFORMATION_TYPE = &H4

Private Const EVENTLOG_AUDIT_SUCCESS = &H8

Private Const EVENTLOG_AUDIT_FAILURE = &H10

Private Const EVENTLOG_SEQUENTIAL_READ = &H1

Private Const EVENTLOG_SEEK_READ = &H2

Private Const EVENTLOG_FORWARDS_READ = &H4

Private Const EVENTLOG_BACKWARDS_READ = &H8

Private Type EVENTLOGRECORD

   Length As Long   ' Length of full record

   Reserved As Long   ' Used by the service

   RecordNumber As Long   ' Absolute record number

   TimeGenerated As Long   ' Seconds since 1-1-1970

   TimeWritten As Long   'Seconds since 1-1-1970

   EventID As Long

   EventType As Integer

   NumStrings As Integer

   EventCategory As Integer

   ReservedFlags As Integer   ' For use with paired events (auditing)

   ClosingRecordNumber As Long   'For use with paired events (auditing)

   StringOffset As Long   ' Offset from beginning of record

   UserSidLength As Long

   UserSidOffset As Long

   DataLength As Long

   DataOffset As Long   ' Offset from beginning of record

End Type

Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long

Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long

Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long

Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long

Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long

Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long

Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long

Private Sub Form_Load()

    

    Dim hEventLog As Long, LogString As String, Ret As Long, ELR As EVENTLOGRECORD

    Dim bBytes(1 To 1024) As Byte

    hEventLog = OpenEventLog(vbNullString, "c:\testlog.bak")

    

    ClearEventLog hEventLog, vbNullString

    

    ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0&

    

    GetNumberOfEventLogRecords hEventLog, Ret

    MsgBox "Events reported: " + CStr(Ret)

    

    GetOldestEventLogRecord hEventLog, Ret

    MsgBox "Oldest event record: " + CStr(Ret)

    

    BackupEventLog hEventLog, "c:\testlog.bak"

    

    CloseEventLog hEventLog

End Sub

Open in new window

0
 
LVL 12

Accepted Solution

by:
jahboite earned 500 total points
ID: 20389195
http://msdn2.microsoft.com/en-us/library/e6t4tk09(VS.80).aspx

I believe that the security event log is for system use only, meaning you can't write to it - the documentation doesn't state this explicitly, so it's worth trying anyway!.  You can register your application as an event source and then write to event logs as well as creating your own event logs.
0
 
LVL 12

Expert Comment

by:jahboite
ID: 20928093
Thanks free4u!  How did it go?  I assume you weren't, in the end, able to write to the security log, but did you manage to write to some log?
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now