Event log c++ sample.
1. Init regedit.
bool InitLog( TCHAR *logName, TCHAR *sourceName, TCHAR *MessageDllName )
{ // This number of categories for the event source. DWORD dwCategoryNum = 1; HKEY hk; DWORD dwData, dwDisp; TCHAR szBuf[MAX_PATH]; size_t cchSize = MAX_PATH; // Create the event source as a subkey of the log. HRESULT hr = _stprintf_s(szBuf, // _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s"), logName, sourceName); if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szBuf, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hk, &dwDisp)) { return false ; } // Set the name of the message file. if (RegSetValueEx(hk, // subkey handle _T("EventMessageFile"), // value name 0, // must be zero REG_EXPAND_SZ, // value type (LPBYTE) MessageDllName, // pointer to value data (DWORD) (lstrlen(MessageDllName)+1)*sizeof(TCHAR))) // data size { RegCloseKey(hk); return false ; } // Set the supported event types. dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE; if (RegSetValueEx(hk, // subkey handle _T("TypesSupported"), // value name 0, // must be zero REG_DWORD, // value type (LPBYTE) &dwData, // pointer to value data sizeof(DWORD))) // length of value data { RegCloseKey(hk); return false ; } // Set the category message file and number of categories. if (RegSetValueEx(hk, // subkey handle _T("CategoryMessageFile"), // value name 0, // must be zero REG_EXPAND_SZ, // value type (LPBYTE) MessageDllName, // pointer to value data (DWORD) (lstrlen(MessageDllName)+1)*sizeof(TCHAR))) // data size { RegCloseKey(hk); return false ; } if (RegSetValueEx(hk, // subkey handle _T("CategoryCount"), // value name 0, // must be zero REG_DWORD, // value type (LPBYTE) &dwCategoryNum, // pointer to value data sizeof(DWORD))) // length of value data { RegCloseKey(hk); return false ; } RegCloseKey(hk); //设置按需要覆盖重写日志 HKEY hKey; hr = _stprintf_s(szBuf, // _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s"), logName); if(::RegOpenKeyEx(HKEY_LOCAL_MACHINE, szBuf, NULL, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) { DWORD dwRetentionNum = 0; if (RegSetValueEx(hKey, // subkey handle _T("Retention"), // value name 0, // must be zero REG_DWORD, // value type (LPBYTE) &dwRetentionNum, // pointer to value data sizeof(DWORD))) // length of value data { RegCloseKey(hKey); return false ; } } RegCloseKey(hKey); _tcscpy_s ( m_SourceName, sourceName ) ; return true ; }
2. Insert log
void Log_Event ( DWORD dwEventId, WORD wType, TCHAR *pStr ) { TCHAR* pBuf[1] ; pBuf[0] = pStr ; if ( !m_bInit ) { _tcscpy_s ( m_SourceName, _T("FAIL") ) ; dwEventId = 0 ; } HANDLE hEventSource = RegisterEventSource ( NULL, m_SourceName ) ; if ( hEventSource != NULL ) { ReportEvent ( hEventSource, // handle of event source wType, // event type 0, // event category dwEventId, // event ID NULL, // current user's SID 1, // strings in lpszStrings 0, // no bytes of raw data (LPCTSTR*)pBuf, // array of error strings NULL ) ; // no raw data DeregisterEventSource ( hEventSource ) ; } }
http://msdn.microsoft.com/en-us/library/aa363680(v=vs.85).aspx