C++ 将事件写入事件查看器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8559222/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Write an Event to the Event viewer
提问by Moti
I found an example in C# how to add new Event to the Event Viewer. But, I need an example written in C++ (not .NET) that create new Event to the Event Viewer under the "Application" part.
我在 C# 中找到了一个如何向事件查看器添加新事件的示例。但是,我需要一个用 C++(不是 .NET)编写的示例,它在“应用程序”部分下为事件查看器创建新事件。
回答by hmjd
You can use these three functions from the WINAPI:
您可以使用 WINAPI 中的这三个函数:
Here is a quick example of how to use these and to display messages correctly in the event log (error handling mostly ignored for brevity).
这是如何使用这些以及如何在事件日志中正确显示消息的快速示例(为简洁起见,错误处理通常被忽略)。
Create a resource containg message information from the following Event_log.mcfile:
从以下Event_log.mc文件创建一个包含消息信息的资源:
;#ifndef _EXAMPLE_EVENT_LOG_MESSAGE_FILE_H_
;#define _EXAMPLE_EVENT_LOG_MESSAGE_FILE_H_
MessageIdTypeDef=DWORD
SeverityNames=(Success=0x0:STATUS_SEVERITY_SUCCESS
Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
Warning=0x2:STATUS_SEVERITY_WARNING
Error=0x3:STATUS_SEVERITY_ERROR
)
LanguageNames=(EnglishUS=0x401:MSG00401
Dutch=0x113:MSG00113
Neutral=0x0000:MSG00000
)
MessageId=0x0 SymbolicName=MSG_INFO_1
Severity=Informational
Facility=Application
Language=Neutral
%1
.
MessageId=0x1 SymbolicName=MSG_WARNING_1
Severity=Warning
Facility=Application
Language=Neutral
%1
.
MessageId=0x2 SymbolicName=MSG_ERROR_1
Severity=Error
Facility=Application
Language=Neutral
%1
.
MessageId=0x3 SymbolicName=MSG_SUCCESS_1
Severity=Success
Facility=Application
Language=Neutral
%1
.
;#endif
To build the .mcfile and .resresource file I executed the following:
要构建.mc文件和.res资源文件,我执行了以下操作:
mc.exe -A -b -c -h . -r resources Event_log.mc
rc.exe -foresources/Event_log.res resources/Event_log.rc
This will create a header file called Event_log.hin the current directory and a resourcesdirectory containing a file named Event_log.reswhich you must link in to your application binary.
这将创建一个Event_log.h在当前目录中调用的头文件和一个resources包含一个文件的目录Event_log.res,您必须将其链接到您的应用程序二进制文件。
Example main.cpp:
示例main.cpp:
#include <windows.h>
#include "Event_log.h"
void install_event_log_source(const std::string& a_name)
{
const std::string key_path("SYSTEM\CurrentControlSet\Services\"
"EventLog\Application\" + a_name);
HKEY key;
DWORD last_error = RegCreateKeyEx(HKEY_LOCAL_MACHINE,
key_path.c_str(),
0,
0,
REG_OPTION_NON_VOLATILE,
KEY_SET_VALUE,
0,
&key,
0);
if (ERROR_SUCCESS == last_error)
{
BYTE exe_path[] = "C:\path\to\your\application.exe";
DWORD last_error;
const DWORD types_supported = EVENTLOG_ERROR_TYPE |
EVENTLOG_WARNING_TYPE |
EVENTLOG_INFORMATION_TYPE;
last_error = RegSetValueEx(key,
"EventMessageFile",
0,
REG_SZ,
exe_path,
sizeof(exe_path));
if (ERROR_SUCCESS == last_error)
{
last_error = RegSetValueEx(key,
"TypesSupported",
0,
REG_DWORD,
(LPBYTE) &types_supported,
sizeof(types_supported));
}
if (ERROR_SUCCESS != last_error)
{
std::cerr << "Failed to install source values: "
<< last_error << "\n";
}
RegCloseKey(key);
}
else
{
std::cerr << "Failed to install source: " << last_error << "\n";
}
}
void log_event_log_message(const std::string& a_msg,
const WORD a_type,
const std::string& a_name)
{
DWORD event_id;
switch (a_type)
{
case EVENTLOG_ERROR_TYPE:
event_id = MSG_ERROR_1;
break;
case EVENTLOG_WARNING_TYPE:
event_id = MSG_WARNING_1;
break;
case EVENTLOG_INFORMATION_TYPE:
event_id = MSG_INFO_1;
break;
default:
std::cerr << "Unrecognised type: " << a_type << "\n";
event_id = MSG_INFO_1;
break;
}
HANDLE h_event_log = RegisterEventSource(0, a_name.c_str());
if (0 == h_event_log)
{
std::cerr << "Failed open source '" << a_name << "': " <<
GetLastError() << "\n";
}
else
{
LPCTSTR message = a_msg.c_str();
if (FALSE == ReportEvent(h_event_log,
a_type,
0,
event_id,
0,
1,
0,
&message,
0))
{
std::cerr << "Failed to write message: " <<
GetLastError() << "\n";
}
DeregisterEventSource(h_event_log);
}
}
void uninstall_event_log_source(const std::string& a_name)
{
const std::string key_path("SYSTEM\CurrentControlSet\Services\"
"EventLog\Application\" + a_name);
DWORD last_error = RegDeleteKey(HKEY_LOCAL_MACHINE,
key_path.c_str());
if (ERROR_SUCCESS != last_error)
{
std::cerr << "Failed to uninstall source: " << last_error << "\n";
}
}
int main(int a_argc, char** a_argv)
{
const std::string event_log_source_name("my-test-event-log-source");
install_event_log_source(event_log_source_name);
log_event_log_message("hello, information",
EVENTLOG_INFORMATION_TYPE,
event_log_source_name);
log_event_log_message("hello, error",
EVENTLOG_ERROR_TYPE,
event_log_source_name);
log_event_log_message("hello, warning",
EVENTLOG_WARNING_TYPE,
event_log_source_name);
// Uninstall when your application is being uninstalled.
//uninstall_event_log_source(event_log_source_name);
return 0;
}
Hope this helps but consider that this approach has been deprecated as stated by @Cody Gray.
希望这会有所帮助,但考虑到这种方法已被@Cody Gray 所述弃用。
回答by Cody Gray
You're looking for the documentation on the Windows Event Log API. You'll need to call the native Win32 API functions, rather than use the .NET Framework's wrappers, since you're writing in unmanaged C++.
您正在寻找有关Windows 事件日志 API的文档。您需要调用本机 Win32 API 函数,而不是使用 .NET Framework 的包装器,因为您使用非托管 C++ 编写。
If you're targeting operating systems prior to Windows Vista (XP, Server 2003, etc.), you'll need to use the older Event Logging APIinstead.
如果您的目标是 Windows Vista 之前的操作系统(XP、Server 2003 等),则需要改用较旧的Event Logging API。
