Windows EventLog 
Author Message
 Windows EventLog

I am just starting to write a Dolphin wrapper for the above Windows
(XP/2000/NT) facility but, as is usual, I find that my header file
information is too far out of date to contain the required constants.

Could some kind soul have a look in the header file for the Windows AdvApi
dll (possibly in windows.h or winnt.h if there is no such file as advapi.h)
and post the values of any constants that are of the format EVENTLOG_*.
There may be others needed but that should be enough at the moment.

If there is any interest I will, of course, make the Dolphin wrapper
available.

TIA
Ian



Mon, 07 Feb 2005 23:29:17 GMT  
 Windows EventLog
Ian,
    see below for details fron WINNT.h

#define EVENTLOG_SEQUENTIAL_READ        0X0001
#define EVENTLOG_SEEK_READ              0X0002
#define EVENTLOG_FORWARDS_READ          0X0004
#define EVENTLOG_BACKWARDS_READ         0X0008

//
// The types of events that can be logged.
//
#define EVENTLOG_SUCCESS                0X0000
#define EVENTLOG_ERROR_TYPE             0x0001
#define EVENTLOG_WARNING_TYPE           0x0002
#define EVENTLOG_INFORMATION_TYPE       0x0004
#define EVENTLOG_AUDIT_SUCCESS          0x0008
#define EVENTLOG_AUDIT_FAILURE          0x0010

//
// Defines for the WRITE flags used by Auditing for paired events
// These are not implemented in Product 1
//

#define EVENTLOG_START_PAIRED_EVENT    0x0001
#define EVENTLOG_END_PAIRED_EVENT      0x0002
#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004
#define EVENTLOG_PAIRED_EVENT_ACTIVE   0x0008
#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010

//
// Structure that defines the header of the Eventlog record. This is the
// fixed-sized portion before all the variable-length strings, binary
// data and pad bytes.
//
// TimeGenerated is the time it was generated at the client.
// TimeWritten is the time it was put into the log at the server end.
//

typedef struct _EVENTLOGRECORD {
    DWORD  Length;        // Length of full record
    DWORD  Reserved;      // Used by the service
    DWORD  RecordNumber;  // Absolute record number
    DWORD  TimeGenerated; // Seconds since 1-1-1970
    DWORD  TimeWritten;   // Seconds since 1-1-1970
    DWORD  EventID;
    WORD   EventType;
    WORD   NumStrings;
    WORD   EventCategory;
    WORD   ReservedFlags; // For use with paired events (auditing)
    DWORD  ClosingRecordNumber; // For use with paired events (auditing)
    DWORD  StringOffset;  // Offset from beginning of record
    DWORD  UserSidLength;
    DWORD  UserSidOffset;
    DWORD  DataLength;
    DWORD  DataOffset;    // Offset from beginning of record
    //
    // Then follow:
    //
    // WCHAR SourceName[]
    // WCHAR Computername[]
    // SID   UserSid
    // WCHAR Strings[]
    // BYTE  Data[]
    // CHAR  Pad[]
    // DWORD Length;
    //

Quote:
} EVENTLOGRECORD, *PEVENTLOGRECORD;

//SS: start of changes to support clustering
//SS: ideally the
#define MAXLOGICALLOGNAMESIZE   256

#pragma warning(disable : 4200)
typedef struct _EVENTSFORLOGFILE{
 DWORD   ulSize;
    WCHAR     szLogicalLogFile[MAXLOGICALLOGNAMESIZE];        //name of the
logical file-security/application/system
    DWORD   ulNumRecords;
 EVENTLOGRECORD  pEventLogRecords[];

Quote:
}EVENTSFORLOGFILE, *PEVENTSFORLOGFILE;

Ron
Quote:

>I am just starting to write a Dolphin wrapper for the above Windows
>(XP/2000/NT) facility but, as is usual, I find that my header file
>information is too far out of date to contain the required constants.

>Could some kind soul have a look in the header file for the Windows AdvApi
>dll (possibly in windows.h or winnt.h if there is no such file as advapi.h)
>and post the values of any constants that are of the format EVENTLOG_*.
>There may be others needed but that should be enough at the moment.

>If there is any interest I will, of course, make the Dolphin wrapper
>available.

>TIA
>Ian



Tue, 08 Feb 2005 04:17:05 GMT  
 Windows EventLog
Ron,

Thanks, that's just what I needed.

Ian



Tue, 08 Feb 2005 05:48:34 GMT  
 Windows EventLog


Quote:
> I am just starting to write a Dolphin wrapper for the above Windows
> (XP/2000/NT) facility ...

SessionManager>>logEvent:type: (and convenience wrappers #logSuccessEvent:,
#logWarningEvent:, and #logErrorEvent:) provides generic capabilities for
writing to the event log, so I assume you want to do this in order to be
able to query events from the log?

Quote:
>...but, as is usual, I find that my header file
> information is too far out of date to contain the required constants.

You can download an uptodate set by visiting:

http://www.microsoft.com/msdownload/platformsdk/sdkupdate/

The download is quite large, so if you are not on broadband it may take
several hours.

Regards

Blair



Tue, 08 Feb 2005 17:52:09 GMT  
 Windows EventLog
Blair,

Quote:
> SessionManager>>logEvent:type: (and convenience wrappers
#logSuccessEvent:,
> #logWarningEvent:, and #logErrorEvent:) provides generic capabilities for
> writing to the event log,

Ahh, I'd missed those. I checked AdvApiLibrary for exposed methods to read
the event log (which, as you surmised, is what I want to do) and when I
didn't find them assumed there was no support at all.  Thanks for the
pointer.

Ian



Wed, 09 Feb 2005 05:50:18 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. Possible to Read/Write Eventlog entries into Windows NT Eve

2. Possible to Read/Write Eventlog entries into Windows NT Eventlog?

3. Win32 Eventlog extension

4. Win32 EventLog

5. Tcl and NT Eventlog?

6. ANNOUNCE: Helga - ODBC,CGI,Tcl,Windows NT,Windows 95,MS Windows

7. Multiple windows in Windows

8. Windows EXE targeters List! (REALBasic for Windows)

9. Using Windows DLLs NOT Created in Clarion for Windows

10. VA 4.02 Windows within windows functionality

11. Windows 2K vs Windows NT

12. Moving from Windows 98 to Windows 2000

 

 
Powered by phpBB® Forum Software