Shulou(Shulou.com)06/02 Report--

How to analyze the C++ program to monitor Windows event logs, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can get something.

Mainly describes how to use the C++ program to monitor the Windows event log, but also can expand the program, such as when the event log is recorded to a specific event type, notify the user by email.

.net 1.0plus 1.1 managed C++ program, if you are using a later version of .NET, you need to set the / clr:oldSyntax compilation option in the Project Properties dialog box, or adjust the following code to conform to the new managed syntax. The key .NET type for Windows event logs is the Diagnostics::EventLog class.

1. Define a managed class and implement the event log notification handler

The handler (OnNewLogEntry) is called when the New event Log entry event is raised, and notice the EntryWrittenEventHandler here. Here is the sample code:

_ _ gc class NewLogEntryEventHandler {public: NewLogEntryEventHandler () {} public: void OnNewLogEntry (Object* sender, EntryWrittenEventArgs* e) {/ / get and process the recently created item EventLogEntry* eentry = e-> Entry;}}

2. Instantiate an EventLog object and set its EnableRaisingEvents property to true

The property EventLog::EnableRaisingEvents is a Boolean type that controls whether an event is raised when a project is added to the log specified by the EventLog object:

EventLog* log = new EventLog ("Application"); log- > EnableRaisingEvents = true

3. Connect the event handler to the New event Log entry event

First, instantiate the object that defines the event handler (in this case, NewLogEntryEventHandler), and then add the event method (OnNewLogEntry) to the list of event handlers in EventLog::EntryWritten:

NewLogEntryEventHandler* handler = new NewLogEntryEventHandler (); log- > EntryWritten + = new EntryWrittenEventHandler (handler,&NewLogEntryEventHandler::OnNewLogEntry)

4. Write code for handling specific events

Looking back at an OnNewLogEntry method, you can see that the EntryWrittenEventArgs object passed to the event handler has a member named EventLogEntry, which contains details about the record project, specifically the following properties:

MachineName-- the name of the computer system on which the event log was created.

Source-- creates an event source or program source for this event.

Message-- users can read this text value in the event Viewer, which describes the logged event.

Event Type-- this value (which represents EventLogEntryType) is an enumeration value that represents the type of event logged: information (default), warning, error, audit success, audit failure.

Event ID-- is the number specific to the event program.

Data-- this value is usually used to store binary information-- such as memory dumps-- and is event-related.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.