Event log c++ sample.

1. Init regedit.
bool InitLog( TCHAR *logName, TCHAR *sourceName, TCHAR *MessageDllName )
    {
        // This number of categories for the event source.
        DWORD dwCategoryNum = 1;

        HKEY hk; 
        DWORD dwData, dwDisp; 
        TCHAR szBuf[MAX_PATH]; 
        size_t cchSize = MAX_PATH;

        // Create the event source as a subkey of the log.

        HRESULT hr = _stprintf_s(szBuf,  //
            _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s"),
            logName, sourceName); 

        if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szBuf, 
            0, NULL, REG_OPTION_NON_VOLATILE,
            KEY_WRITE, NULL, &hk, &dwDisp)) 
        {
            return false ;
        }

        // Set the name of the message file. 

        if (RegSetValueEx(hk,             // subkey handle 
            _T("EventMessageFile"),        // value name 
            0,                         // must be zero 
            REG_EXPAND_SZ,             // value type 
            (LPBYTE) MessageDllName,          // pointer to value data 
            (DWORD) (lstrlen(MessageDllName)+1)*sizeof(TCHAR))) // data size
        {
            RegCloseKey(hk); 
            return false ;
        }

        // Set the supported event types. 

        dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | 
            EVENTLOG_INFORMATION_TYPE; 

        if (RegSetValueEx(hk,      // subkey handle 
            _T("TypesSupported"),  // value name 
            0,                 // must be zero 
            REG_DWORD,         // value type 
            (LPBYTE) &dwData,  // pointer to value data 
            sizeof(DWORD)))    // length of value data 
        {
            RegCloseKey(hk); 
            return false ;
        }

        // Set the category message file and number of categories.

        if (RegSetValueEx(hk,              // subkey handle 
            _T("CategoryMessageFile"),     // value name 
            0,                         // must be zero 
            REG_EXPAND_SZ,             // value type 
            (LPBYTE) MessageDllName,          // pointer to value data 
            (DWORD) (lstrlen(MessageDllName)+1)*sizeof(TCHAR))) // data size
        {
            RegCloseKey(hk); 
            return false ;
        }

        if (RegSetValueEx(hk,            // subkey handle 
            _T("CategoryCount"),         // value name 
            0,                       // must be zero 
            REG_DWORD,               // value type 
            (LPBYTE) &dwCategoryNum, // pointer to value data 
            sizeof(DWORD)))          // length of value data 
        {
            RegCloseKey(hk);
            return false ;
        }

        RegCloseKey(hk);


        //设置按需要覆盖重写日志
        HKEY hKey;  

        hr = _stprintf_s(szBuf,  //
            _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s"),
            logName); 

        if(::RegOpenKeyEx(HKEY_LOCAL_MACHINE, szBuf, NULL, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS)
        {
            DWORD dwRetentionNum = 0;
            if (RegSetValueEx(hKey,            // subkey handle 
                _T("Retention"),         // value name 
                0,                       // must be zero 
                REG_DWORD,               // value type 
                (LPBYTE) &dwRetentionNum, // pointer to value data 
                sizeof(DWORD)))          // length of value data 
            {
                RegCloseKey(hKey);
                return false ;
            }
        }
        RegCloseKey(hKey);


        _tcscpy_s ( m_SourceName, sourceName ) ;


        return true ;
    }

  2. Insert log

    void Log_Event ( DWORD dwEventId, WORD wType, TCHAR *pStr )
    {
        TCHAR* pBuf[1] ;
        pBuf[0] = pStr ;
                
        if ( !m_bInit )
        {
            _tcscpy_s ( m_SourceName, _T("FAIL") ) ;
            dwEventId = 0 ;
        }

        HANDLE hEventSource = RegisterEventSource ( NULL, m_SourceName ) ;
        if ( hEventSource != NULL )
        {
            ReportEvent ( hEventSource, // handle of event source
                wType,  // event type
                0,                    // event category
                dwEventId,                    // event ID
                NULL,                 // current user's SID
                1,                    // strings in lpszStrings
                0,                    // no bytes of raw data
                (LPCTSTR*)pBuf,  // array of error strings
                NULL ) ;              // no raw data

            DeregisterEventSource ( hEventSource ) ;
        }
    }

http://msdn.microsoft.com/en-us/library/aa363680(v=vs.85).aspx

posted on 2014-02-11 15:55  偏爱省略号  阅读(708)  评论(0编辑  收藏  举报

导航