#include "stdafx.h"
#include
#include
#include
#pragma comment(lib, "wevtapi.lib")
#include
#include
#include
#include
#include
#include
#include
#include
const DWORD BUFFER_SIZE = 40960;
std::unique_ptr
void ReadEventLog(const std::string& logName)
{
HANDLE eventLog = OpenEventLogA(nullptr, logName.c_str());
if (eventLog == nullptr)
{
std::cout << "Failed to open event log: " << logName << std::endl;
return;
}
DWORD bytesRead;
DWORD totalBytes;
if (!ReadEventLog(eventLog, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buffer.get(),
BUFFER_SIZE, &bytesRead, &totalBytes))
{
std::cout << "Failed to read event log: " << logName << std::endl;
CloseEventLog(eventLog);
return;
}
BYTE* bufferPtr = buffer.get();
DWORD eventsRead = 0;
DWORD eventOffset = 0;
while (bytesRead > 0)
{
EVENTLOGRECORD* eventRecord = reinterpret_cast
std::string eventSource(reinterpret_cast
std::string eventDescription(reinterpret_cast
std::cout << "Event ID: " << eventRecord->EventID << std::endl;
std::cout << "Event Source: " << eventSource << std::endl;
std::cout << "Event Description: " << eventDescription << std::endl;
eventOffset += eventRecord->Length;
bytesRead -= eventRecord->Length;
eventsRead++;
}
//遍历日志
//end遍历日志
CloseEventLog(eventLog);
std::cout << "Read " << eventsRead << " events from the " << logName << " log." << std::endl;
}
/*日志遍历处理*/
int main()
{
#if 0
SyslogMonitor kk;
kk.read("Application");
kk.read("System");
kk.read("Security");
#else
ReadEventLog("Application");
std::cout << "========================" << std::endl;
ReadEventLog("System");
std::cout << "========================" << std::endl;
ReadEventLog("Security");
#endif
getchar();
return 0;
}