Monitor Windows event logs with managed C ++

Hosting C ++Monitoring WindowsEvent Log
 
 
With the increasing number of viruses, rogue software, advertising software, and so on, many people are beginning to use registry monitoring programs, which are usually installed when the software tries to modify the registry, A warning window is displayed, prompting you. However, Windows event logs, especially security logs, are often ignored for security issues. Security logs usually record the operations of Windows operating systems and key system applications, such as illegal logon attempts, port scans, and other security-related events.
This article describes how to monitor Windows event logs in applications. Of course, you can also expand the program, such as sending an email to notify users when Event Logs are recorded to a specific event type.
 
 
Use. NET EventLogFor monitoring
The code in this article uses. NET 1.0/1.1 host C ++ syntax, if you are using a later version. NET, you need to set the/clr: oldSyntax compilation option in the Project Properties dialog box, or adjust the following code to conform to the new managed syntax.
The key. NET Type Used for Windows event logs is the Diagnostics: EventLog class.
 
 
1. Define a hosting class and implement the event log notification Handler
The handler (OnNewLogEntry) will be called when the "new event log item" event is triggered. Note the EntryWrittenEventHandler in this example. The following is the sample code:
 
// Sample code used to monitor log entries of new events
_ Gc class NewLogEntryEventHandler
{
Public:
NewLogEntryEventHandler (){}
 
Public:
Void OnNewLogEntry (Object * sender, EntryWrittenEventArgs * e)
{
// Obtain and process recently created items
EventLogEntry * entry = e-> Entry;
}
};
 
 
2. instantiate an EventLog object and set its EnableRaisingEvents attribute to true.
The EventLog: EnableRaisingEvents attribute is a boolean type. It controls whether to trigger an event when the project is added to the log specified by the EventLog object:
 
EventLog * log = new EventLog ("Application ");
Log-> EnableRaisingEvents = true;
 
 
3. Connect the event handler to the "new event log item" Event
First, instantiate the object that defines the event handler (NewLogEntryEventHandler in this example), and then add the event Method (OnNewLogEntry) to the EventLog: EntryWritten event handler list:
 
NewLogEntryEventHandler * handler = new NewLogEntryEventHandler ();
Log-> EntryWritten + =
New EntryWrittenEventHandler (handler, & NewLogEntryEventHandler: OnNewLogEntry );
 
 
4. write code for handling specific events
Let's look at an OnNewLogEntry method,