With the growing number of viruses, rogue software, adware, and so on, many people are starting to use registry monitors, which typically pop up a warning window to prompt the user when the software tries to modify the registry. However, where security issues are often overlooked is the Windows event log-especially the security log, which typically records the operations of the Windows operating system and critical system applications, such as attempts to log on illegally, port scans, and other security-related events.
This article demonstrates how to monitor the Windows event log in your application, and, of course, expands the program, such as sending an e-mail notification to the user when the event log is logged to a specific event type.
with. NET EventLogfor monitoring The code in this article uses the. NET 1.0/1.1 managed C + + syntax, and if you are using a later version of. NET, you need to set the/clr:oldsyntax compilation option in the Engineering Properties dialog box, or adjust the following code to conform to the new managed syntax.
Key to the Windows event log. NET type is the Diagnostics::eventlog class.
1,Define a managed class and implement an event log notification handler
The handler (Onnewlogentry) is invoked when the new event log entry event is raised, and note the Entrywritteneventhandler here, here is the sample code:
Sample code for monitoring new event log Entries
__gc class Newlogentryeventhandler
{
Public
Newlogentryeventhandler () {}
Public
void Onnewlogentry (object* sender, entrywritteneventargs* e)
{
//Gets and processes the most recently created item
eventlogentry* entry = e->entry;
}
};
2,Instantiate a EventLog object and set its EnableRaisingEvents property to True
Property Eventlog::enableraisingevents is a Boolean type that controls whether an event is raised when the item is added to the log specified by the EventLog object:
eventlog* log = new EventLog ("Application");
Log->enableraisingevents = true;
3,To connect an event handler to the new event log entry event
First, instantiate the object that defines the event handler (in this case, Newlogentryeventhandler), and then add the event method (Onnewlogentry) to the Eventlog::entrywritten list of event handlers:
newlogentryeventhandler* handler = new Newlogentryeventhandler ();
Log->entrywritten =
New Entrywritteneventhandler (Handler,&newlogentryeventhandler::onnewlogentry);
4,Write code for the handling of a specific event
Looking back on a onnewlogentry method,
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
