Log files are part of the operating system, so there must be an application programming interface (API) to support logging
Instance:
HANDLE h;
if ((h = RegisterEventSource (Null,text ("metalive")) = = NULL)
{
return FALSE;
}
Const char* PS = "PSZS1PSZS2PSZS3";
WORD Wtype=eventlog_error_type;//eventlog_information_type;
DWORD dwid=5001;
int ISTR = 1;
BOOL BRet;
DWORD DWORD;
if (h)
{
Bret=::reportevent (H,
Wtype,
0,
Dwid,
NULL,//SID
ISTR,
0,
&ps,
NULL);
Dword=::getlasterror ();
}
//
Windows xp-based computers record events in the following three logs:
1. Application Log
The application log contains events logged by the program. For example, a database program might log file errors in the application log. Write to Application
Events in the log are determined by the software program developer.
2. Security log
The security log records events such as valid and invalid logon attempts, and events related to resource usage, such as creating, opening, or deleting files. For example
When logon auditing is enabled, an event is logged in the security log whenever a user attempts to log on to the computer. You must use the Administrator
Or as a member of the Administrators group, you can open, use, and specify which events are logged in the security log.
3. System Log
The system log contains events logged by the Windows XP system components. For example, if a driver could not be loaded during startup, the
An event is logged in the system log. Windows XP proactively determines which events are logged by system components.
In this article, we focus on the first Class Application log, which describes how to write a eventlog. Windows uses ReportEvent to report application messages.
Here is a simple introduction to this function.
HANDLE heventlog, |
Handle returned by RegisterEventSource |
WORD wtype, |
Type of event to log |
WORD wcategory, |
Types of events |
DWORD dweventid, |
Event indication |
psid lpusersid, |
User security label (optional) |
WORD wnumstrings, |
String number of messages |
DWORD dwdatasize, |
The size of binary data in bytes |
LPCTSTR *lpstrings, |
The message itself |
lpvoid Lprawdata |
Binary data |
); |
|
Parameters
Heventlog
Event flag. This is the handle returned by RegisterEventSource. The type of the
Wtype
event. Can be one of the following:
value meaning
eventlog_error_type ERROR event
eventlog_warning_type WARNING Event
eventlog_information_type Information Event
eventlog_audit_success SUCCESS AUDIT event
Eventlog_audit_ failure Failure Audit Event
Wcategory
Indicates the type of message. This place is defined by the source itself and can be any value.
Dweventid
Event identification. According to my understanding, here's the logo in use, will be the source to explain the specific meaning. For example: 2001 means file open error, and so on.
Therefore, to set the full event log, you need to register an interpreted service in the system. The example program does not design this service, and
the reader can refer to another VB program. The
Lpusersid
points to the user security label. This parameter can be null when a security label is not required. The
Wnumstrings
The number of string groups in the array that the given lpstrings points to. 0 indicates that there are currently no string groups.
dwDataSize
gives the size, in bytes, of the data that will be written to the Evenet log. If this argument is 0, there is currently no event data. The
Lpstrings
points to a buffer, which is an array of 0-terminated strings that will be added to the message. Even if the dwDataSize parameter is 0,
This parameter must also be a valid pointer (or NULL). Each string in the array is a maximum of 32K bytes. The
Lprawdata
points to a buffer containing binary data. The item must be a valid pointer (or NULL) even if the dwDataSize parameter is 0.
Return Values
If execution succeeds, returns a value other than 0, indicating that the event entry has been written to the log.
If execution is unsuccessful, return 0.