Event Viewer

← →
maya (2003-12-03 12:45) [0]

Кто нибудь пробовал снять в файл и обработать сист журнал? Сервера? Если кто то знает как это сделать с помощью Делфи или где об этом можно почитать - скажите пожалуйста

← →
Бином Ньютоныч (2003-12-03 21:09) [1]

Я пробовал. Прям щас:)
program EventLogRead; {$APPTYPE CONSOLE} { Standard event logs names: Application Security System } uses Windows, SysUtils, DateUtils; type PEventLogRec = ^TEventLogRec; TEventLogRec = packed record Length: DWORD; Reserved: DWORD; RecordNumber: DWORD; TimeGenerated: DWORD; TimeWritten: DWORD; EventID: DWORD; EventType: WORD; NumStrings: WORD; EventCategory: WORD; ReservedFlags: WORD; ClosingRecordNumber: DWORD; StringOffset: DWORD; UserSidLength: DWORD; UserSidOffset: DWORD; DataLength: DWORD; DataOffset: DWORD; DataArray: array[0..0] of Byte; end; var HLog: THandle; FName: string; Index, n: integer; BytesRead, BytesNeeded, BytesAllocated, LastError: Cardinal; P: PEventLogRec; C: Char; BaseFileTime: TFileTime; const EVENTLOG_SEQUENTIAL_READ = 1; EVENTLOG_SEEK_READ = 2; EVENTLOG_FORWARDS_READ = 4; EVENTLOG_BACKWARDS_READ = 8; ReadFlags: Cardinal = EVENTLOG_SEQUENTIAL_READ or EVENTLOG_FORWARDS_READ; procedure LastSysError; var s, s1: string; Err: Cardinal; begin Err:=GetLastError; S:=Format("Error: Code %u"#13#10"%s"#13#10, [Err, SyserrorMessage(Err)]); SetLength(s1, Length(s)); CharToOem(PChar(s), PChar(s1)); WriteConsole(GetStdHandle(STD_ERROR_HANDLE), PChar(s1), Length(s1), BytesRead, nil); Halt(1); end; procedure InitBaseTime; var Dt: TDateTime; St: TSystemTime; begin Dt:=EncodeDateDay(1970, 1); DateTimeToSystemTime(Dt, St); SystemTimeToFileTime(St, BaseFileTime); end; function EventTimeToDateTime(EventTime: Cardinal): string; var Dt: TDateTime; Ft: TFileTime; St: TSystemTime; begin Int64(Ft):=EventTime; Int64(Ft):=Int64(Ft) * 10000000 + Int64(BaseFileTime); FileTimeToLocalFileTime(Ft, Ft); FileTimeToSystemTime(Ft, St); Dt:=SystemTimeToDateTime(St); Result:=DateTimeToStr(Dt); end; begin if ParamCount = 0 then Exit; InitBaseTime; GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), BytesRead); BytesRead:=BytesRead and not ENABLE_LINE_INPUT and not ENABLE_ECHO_INPUT; if not SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), BytesRead) then LastSysError; FName:=ParamStr(1); HLog:=OpenEventLog(nil, PChar(FName)); if HLog = 0 then LastSysError; BytesAllocated:=256; GetMem(P, BytesAllocated); try if ParamCount = 1 then Index:=0 else Index:=StrToInt(ParamStr(2)); if not GetNumberOfEventLogRecords(HLog, BytesRead) then LastSysError; WriteLn(Format("Records count: %d", [BytesRead])); if Index > 0 then begin if not ReadEventLog(HLog, EVENTLOG_SEEK_READ or EVENTLOG_FORWARDS_READ, Index, P, 4, BytesRead, BytesNeeded)then begin LastError:=GetLastError; if (LastError <> 0) and (LastError <> ERROR_INSUFFICIENT_BUFFER) then LastSysError; end; end; WriteLn("N%"#9"Generated"#9#9"Written"#9#9#9"Identifiers"); repeat for n:=0 to 15 do begin ReadEventLog(HLog, ReadFlags, 0, P, 0, BytesRead, BytesNeeded); LastError:=GetLastError; if LastError = ERROR_HANDLE_EOF then Break else if LastError <> ERROR_INSUFFICIENT_BUFFER then LastSysError; if BytesNeeded > BytesAllocated then begin BytesAllocated:=BytesNeeded; ReallocMem(P, BytesAllocated); end; if ReadEventLog(HLog, ReadFlags, 0, P, BytesNeeded, BytesRead, BytesNeeded) then LastError:=0 else LastError:=GetLastError; if LastError = 0 then with P^ do begin WriteLn( Format("%d"#9"%s"#9"%s"#9"%d/%d/%d", [RecordNumber, EventTimeToDateTime(TimeGenerated), EventTimeToDateTime(TimeWritten), EventID, EventType, EventCategory]) ); end else LastSysError; end; if LastError = ERROR_HANDLE_EOF then begin WriteLn("*********End of File*********"); Break; end; Write("Continue(Y/N)?:"); Read(C); WriteLn(C); if (C = "n") or (C = "N") then Break; until false; finally CloseEventLog(HLog); if P <> nil then FreeMem(P); end; end.

Event Viewer Найти похожие ветки