当前位置: 文江博客话题详情

如何使用 c++ 读取远程计算机的 EventViewer 日志?

发布于 2025-01-12 01:51:26 字数 4856 浏览 1 评论 0原文

它即将从远程计算机收集事件查看器的日志。到目前为止我已经尝试过事件日志记录 api。虽然,它可以从本地主机读取日志,但无法从远程计算机读取日志。

HANDLE OpenEventLogA(
  [in] LPCSTR lpUNCServerName,
  [in] LPCSTR lpSourceName
);

使用这个,我尝试通过在 UNCServerName 的位置提及远程计算机的 ip 地址来打开事件日志。但是,它不起作用。下面是代码,到目前为止我已经尝试过。

#include <windows.h>
#include <stdio.h>
#include <bits/stdc++.h>  
#include <winbase.h>
#include<string.h>
#include <iostream>  
#include<vector>

#define BUFFER_SIZE 1024*200
#define MAX_TIMESTAMP_LEN       23 + 1 
#define MAX_WORD_LEN       1000 

using namespace std;


struct SearchRecord {
    string type;
    string time;
    string source;
    string eid;

};
void FillEventRecordDetails(std::vector<SearchRecord*> *searchRecordResult)
{

    HANDLE h;
    int i=1,j=0;
    EVENTLOGRECORD *pevlr;
    BYTE bBuffer[BUFFER_SIZE];
    DWORD dwRead, dwNeeded, dwRecord,dwThisRecord;

    // Open the Application event log.
    h = OpenEventLog(//ip address//,    
             "Application");   
    if (h == NULL)
    {
        cout<<GetLastError();
    }
    cout<<"HANDLE:"<<h;
    pevlr = (EVENTLOGRECORD *) &bBuffer;
    GetOldestEventLogRecord(h, &dwThisRecord);
    cout<<"Record Number:"<<dwThisRecord;
    GetNumberOfEventLogRecords(h, &dwRecord);
    cout<<"\n New:"<<dwRecord+dwThisRecord;
    while (ReadEventLog(h, EVENTLOG_SEEK_READ|               
                EVENTLOG_FORWARDS_READ , 
                dwThisRecord,            
                pevlr,        
                BUFFER_SIZE,  
                &dwRead,      
                &dwNeeded))   
    {   
        
        while (dwRead > 0 )
        {
            
            //TYPE
            string type;
            switch(pevlr->EventType)
            {
                case EVENTLOG_ERROR_TYPE:
                   type = "ERROR";
                    break;
                case EVENTLOG_WARNING_TYPE:
                    type = "WARNING";
                    break;
                case EVENTLOG_INFORMATION_TYPE:
                    type = "INFORMATION";
                    break;
                case EVENTLOG_AUDIT_SUCCESS:
                    type = "AUDIT_SUCCESS";
                    break;
                case EVENTLOG_AUDIT_FAILURE:
                    type = "AUDIT_FAILURE";
                    break;
                default:
                    type = "Unknown";
                    break;
            }

            //TIME
            DWORD Time = ((PEVENTLOGRECORD)pevlr)->TimeGenerated ;
            ULONGLONG ullTimeStamp = 0;
            ULONGLONG SecsTo1970 = 116444736000000000;
            SYSTEMTIME st;
            FILETIME ft, ftLocal;
            ullTimeStamp = Int32x32To64(Time, 10000000) + SecsTo1970;
            ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
            ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);   
            FileTimeToLocalFileTime(&ft, &ftLocal);
            FileTimeToSystemTime(&ftLocal, &st);   
            ostringstream mon1 , day1 ,year1,hour1,min1,sec1,mil1; 
            mon1 << st.wMonth ;day1 << st.wDay ;year1 << st.wYear ;hour1 << st.wHour ;min1 << st.wMinute ;sec1 << st.wSecond ;mil1 <<st.wMilliseconds;
            string mon = mon1.str();string day = day1.str();string year = year1.str();string hour = hour1.str();string min = min1.str();string sec = sec1.str();
            string mil=mil1.str();
            string time = day+"-"+mon+"-"+year+" "+hour+":"+min+":"+sec+":"+mil;

            int id = ((PEVENTLOGRECORD)pevlr)->EventID & 0xFFFF;
            ostringstream temp;
            temp << id;
            string eid = temp.str();  


            string source =  (LPSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD));


            SearchRecord *pRecord = new SearchRecord();
            pRecord->type = type;
            pRecord->time = time;
            pRecord->eid = eid;
            pRecord->source = source;
            searchRecordResult->push_back(pRecord);
            cout<<i;  
            cout<<" Type:"<<type;
            cout<<" Time:"<<time;
            cout<<" Event Id:"<<id;
            cout<<" source:"<<source;
            cout<<"\n";
            i++;
            dwRead -= pevlr->Length;
            pevlr = (EVENTLOGRECORD *)
                ((LPBYTE) pevlr + pevlr->Length);

        }
        dwThisRecord+=i;
        pevlr = (EVENTLOGRECORD *) &bBuffer;
    }

    CloseEventLog(h);

}
int main()
{  
    vector<SearchRecord*> searchRecordResult ;
    FillEventRecordDetails(&searchRecordResult);
}

有没有办法使用 C++ 代码从远程计算机读取日志?

提前致谢。

原文

It is about to collect logs of event viewer from the remote machine.I have tried Event Logging api so far. Though,It works well by reading logs from the localhost,was failed to read from remote machine.

HANDLE OpenEventLogA(
  [in] LPCSTR lpUNCServerName,
  [in] LPCSTR lpSourceName
);

Using this,I have tried to open event logs by mentioning ipaddress of remote machine in the place of UNCServerName.But,it doesn't work.Below is the code,I've tried so far.

#include <windows.h>
#include <stdio.h>
#include <bits/stdc++.h>  
#include <winbase.h>
#include<string.h>
#include <iostream>  
#include<vector>

#define BUFFER_SIZE 1024*200
#define MAX_TIMESTAMP_LEN       23 + 1 
#define MAX_WORD_LEN       1000 

using namespace std;


struct SearchRecord {
    string type;
    string time;
    string source;
    string eid;

};
void FillEventRecordDetails(std::vector<SearchRecord*> *searchRecordResult)
{

    HANDLE h;
    int i=1,j=0;
    EVENTLOGRECORD *pevlr;
    BYTE bBuffer[BUFFER_SIZE];
    DWORD dwRead, dwNeeded, dwRecord,dwThisRecord;

    // Open the Application event log.
    h = OpenEventLog(//ip address//,    
             "Application");   
    if (h == NULL)
    {
        cout<<GetLastError();
    }
    cout<<"HANDLE:"<<h;
    pevlr = (EVENTLOGRECORD *) &bBuffer;
    GetOldestEventLogRecord(h, &dwThisRecord);
    cout<<"Record Number:"<<dwThisRecord;
    GetNumberOfEventLogRecords(h, &dwRecord);
    cout<<"\n New:"<<dwRecord+dwThisRecord;
    while (ReadEventLog(h, EVENTLOG_SEEK_READ|               
                EVENTLOG_FORWARDS_READ , 
                dwThisRecord,            
                pevlr,        
                BUFFER_SIZE,  
                &dwRead,      
                &dwNeeded))   
    {   
        
        while (dwRead > 0 )
        {
            
            //TYPE
            string type;
            switch(pevlr->EventType)
            {
                case EVENTLOG_ERROR_TYPE:
                   type = "ERROR";
                    break;
                case EVENTLOG_WARNING_TYPE:
                    type = "WARNING";
                    break;
                case EVENTLOG_INFORMATION_TYPE:
                    type = "INFORMATION";
                    break;
                case EVENTLOG_AUDIT_SUCCESS:
                    type = "AUDIT_SUCCESS";
                    break;
                case EVENTLOG_AUDIT_FAILURE:
                    type = "AUDIT_FAILURE";
                    break;
                default:
                    type = "Unknown";
                    break;
            }

            //TIME
            DWORD Time = ((PEVENTLOGRECORD)pevlr)->TimeGenerated ;
            ULONGLONG ullTimeStamp = 0;
            ULONGLONG SecsTo1970 = 116444736000000000;
            SYSTEMTIME st;
            FILETIME ft, ftLocal;
            ullTimeStamp = Int32x32To64(Time, 10000000) + SecsTo1970;
            ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
            ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);   
            FileTimeToLocalFileTime(&ft, &ftLocal);
            FileTimeToSystemTime(&ftLocal, &st);   
            ostringstream mon1 , day1 ,year1,hour1,min1,sec1,mil1; 
            mon1 << st.wMonth ;day1 << st.wDay ;year1 << st.wYear ;hour1 << st.wHour ;min1 << st.wMinute ;sec1 << st.wSecond ;mil1 <<st.wMilliseconds;
            string mon = mon1.str();string day = day1.str();string year = year1.str();string hour = hour1.str();string min = min1.str();string sec = sec1.str();
            string mil=mil1.str();
            string time = day+"-"+mon+"-"+year+" "+hour+":"+min+":"+sec+":"+mil;

            int id = ((PEVENTLOGRECORD)pevlr)->EventID & 0xFFFF;
            ostringstream temp;
            temp << id;
            string eid = temp.str();  


            string source =  (LPSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD));


            SearchRecord *pRecord = new SearchRecord();
            pRecord->type = type;
            pRecord->time = time;
            pRecord->eid = eid;
            pRecord->source = source;
            searchRecordResult->push_back(pRecord);
            cout<<i;  
            cout<<" Type:"<<type;
            cout<<" Time:"<<time;
            cout<<" Event Id:"<<id;
            cout<<" source:"<<source;
            cout<<"\n";
            i++;
            dwRead -= pevlr->Length;
            pevlr = (EVENTLOGRECORD *)
                ((LPBYTE) pevlr + pevlr->Length);

        }
        dwThisRecord+=i;
        pevlr = (EVENTLOGRECORD *) &bBuffer;
    }

    CloseEventLog(h);

}
int main()
{  
    vector<SearchRecord*> searchRecordResult ;
    FillEventRecordDetails(&searchRecordResult);
}

Is there any way to read logs from remote machine using c++ code?

Thanks in advance.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

关于作者

旧情别恋

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

燃烧我的卡路李先生

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

∞梦里开花

文章 0 评论 0

qq_IklFPL

文章 0 评论 0

迷途知返

文章 0 评论 0

深海不蓝

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文