问题描述
我在C#中找到了一个例子,如何向事件查看器添加新的事件。
但是,我需要一个用C ++(而不是.NET)编写的在应用程序部分下创建新事件的示例。
I found an example in C# how to add new Event to the Event Viewer.But, I need an example written in C++ (not .NET) that create new Event to the Event Viewer under the "Application" part.
推荐答案
您可以使用WINAPI中的这三个函数:
You can use these three functions from the WINAPI:
- RegisterEventSource
- ReportEvent
- DeregisterEventSource
这里是一个如何使用这些并在事件日志中正确显示消息的快速示例(为简洁起见,错误处理通常被忽略)。
Here is a quick example of how to use these and to display messages correctly in the event log (error handling mostly ignored for brevity).
从以下 Event_log.mc 文件创建一个包含消息信息的资源:
Create a resource containg message information from the following Event_log.mc file:
;#ifndef _EXAMPLE_EVENT_LOG_MESSAGE_FILE_H_
;#define _EXAMPLE_EVENT_LOG_MESSAGE_FILE_H_
MessageIdTypeDef=DWORD
SeverityNames=(Success=0x0:STATUS_SEVERITY_SUCCESS
Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
Warning=0x2:STATUS_SEVERITY_WARNING
Error=0x3:STATUS_SEVERITY_ERROR
)
LanguageNames=(EnglishUS=0x401:MSG00401
Dutch=0x113:MSG00113
Neutral=0x0000:MSG00000
)
MessageId=0x0 SymbolicName=MSG_INFO_1
Severity=Informational
Facility=Application
Language=Neutral
%1
.
MessageId=0x1 SymbolicName=MSG_WARNING_1
Severity=Warning
Facility=Application
Language=Neutral
%1
.
MessageId=0x2 SymbolicName=MSG_ERROR_1
Severity=Error
Facility=Application
Language=Neutral
%1
.
MessageId=0x3 SymbolicName=MSG_SUCCESS_1
Severity=Success
Facility=Application
Language=Neutral
%1
.
;#endif
建立 .mc 文件和 .res 资源文件我执行了以下操作:
To build the .mc file and .res resource file I executed the following:
mc.exe -A -b -c -h . -r resources Event_log.mc
rc.exe -foresources/Event_log.res resources/Event_log.rc
这将在当前目录中创建一个名为 Event_log.h 的头文件,以及一个包含文件的 resources 目录 Event_log.res ,您必须链接到您的应用程序二进制文件。
This will create a header file called Event_log.h in the current directory and a resources directory containing a file named Event_log.res which you must link in to your application binary.
示例 main .cpp :
#include <windows.h>
#include "Event_log.h"
void install_event_log_source(const std::string& a_name)
{
const std::string key_path("SYSTEM\\CurrentControlSet\\Services\\"
"EventLog\\Application\\" + a_name);
HKEY key;
DWORD last_error = RegCreateKeyEx(HKEY_LOCAL_MACHINE,
key_path.c_str(),
0,
0,
REG_OPTION_NON_VOLATILE,
KEY_SET_VALUE,
0,
&key,
0);
if (ERROR_SUCCESS == last_error)
{
BYTE exe_path[] = "C:\\path\\to\\your\\application.exe";
DWORD last_error;
const DWORD types_supported = EVENTLOG_ERROR_TYPE |
EVENTLOG_WARNING_TYPE |
EVENTLOG_INFORMATION_TYPE;
last_error = RegSetValueEx(key,
"EventMessageFile",
0,
REG_SZ,
exe_path,
sizeof(exe_path));
if (ERROR_SUCCESS == last_error)
{
last_error = RegSetValueEx(key,
"TypesSupported",
0,
REG_DWORD,
(LPBYTE) &types_supported,
sizeof(types_supported));
}
if (ERROR_SUCCESS != last_error)
{
std::cerr << "Failed to install source values: "
<< last_error << "\n";
}
RegCloseKey(key);
}
else
{
std::cerr << "Failed to install source: " << last_error << "\n";
}
}
void log_event_log_message(const std::string& a_msg,
const WORD a_type,
const std::string& a_name)
{
DWORD event_id;
switch (a_type)
{
case EVENTLOG_ERROR_TYPE:
event_id = MSG_ERROR_1;
break;
case EVENTLOG_WARNING_TYPE:
event_id = MSG_WARNING_1;
break;
case EVENTLOG_INFORMATION_TYPE:
event_id = MSG_INFO_1;
break;
default:
std::cerr << "Unrecognised type: " << a_type << "\n";
event_id = MSG_INFO_1;
break;
}
HANDLE h_event_log = RegisterEventSource(0, a_name.c_str());
if (0 == h_event_log)
{
std::cerr << "Failed open source '" << a_name << "': " <<
GetLastError() << "\n";
}
else
{
LPCTSTR message = a_msg.c_str();
if (FALSE == ReportEvent(h_event_log,
a_type,
0,
event_id,
0,
1,
0,
&message,
0))
{
std::cerr << "Failed to write message: " <<
GetLastError() << "\n";
}
DeregisterEventSource(h_event_log);
}
}
void uninstall_event_log_source(const std::string& a_name)
{
const std::string key_path("SYSTEM\\CurrentControlSet\\Services\\"
"EventLog\\Application\\" + a_name);
DWORD last_error = RegDeleteKey(HKEY_LOCAL_MACHINE,
key_path.c_str());
if (ERROR_SUCCESS != last_error)
{
std::cerr << "Failed to uninstall source: " << last_error << "\n";
}
}
int main(int a_argc, char** a_argv)
{
const std::string event_log_source_name("my-test-event-log-source");
install_event_log_source(event_log_source_name);
log_event_log_message("hello, information",
EVENTLOG_INFORMATION_TYPE,
event_log_source_name);
log_event_log_message("hello, error",
EVENTLOG_ERROR_TYPE,
event_log_source_name);
log_event_log_message("hello, warning",
EVENTLOG_WARNING_TYPE,
event_log_source_name);
// Uninstall when your application is being uninstalled.
//uninstall_event_log_source(event_log_source_name);
return 0;
}
希望这有助于但是认为这种方法已被@Cody灰色。
Hope this helps but consider that this approach has been deprecated as stated by @Cody Gray.
这篇关于将事件写入事件查看器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!