请问系统日志问题
我在做一个提取和分析系统日志与提取系统当前运行的进程信息的东东。
但日前我对这方面的知识匮乏,请高手给我引引路。。。。
系统日志里有什么信息?
如何用编程实现提取和分析?
我能从什么地方获取这方面的知识?
问题点数:30、回复次数:7Top
1 楼guosenjuncs(铁过)回复于 2005-04-04 13:37:55 得分 0
我很急啊。。。。。
先谢了!!!!!
Top
2 楼pepsi1980(这只老鼠不会游泳)回复于 2005-04-05 09:54:46 得分 5
提取和分析系统日志-读取系统日志的源码网上有,vchelp上论坛里面就有。分析靠程序不太好实现吧
提取系统当前运行的进程信息的东东-这个就多了,上vccode或者codeproject上去找,看你想做到哪一步了
Top
3 楼oyljerry(【勇敢的心】→ ㊣提拉米苏√㊣)回复于 2005-04-05 10:41:09 得分 15
HANDLE OpenEventLog(
LPCTSTR lpUNCServerName, // server name
LPCTSTR lpSourceName // file name
);
BOOL ReadEventLog(
HANDLE hEventLog, // handle to event log
DWORD dwReadFlags, // how to read log
DWORD dwRecordOffset, // offset of first record
LPVOID lpBuffer, // buffer for read data
DWORD nNumberOfBytesToRead, // bytes to read
DWORD *pnBytesRead, // number of bytes read
DWORD *pnMinNumberOfBytesNeeded // bytes required
);
BOOL ClearEventLog(
HANDLE hEventLog, // handle to event log
LPCTSTR lpBackupFileName // name of backup file
);
BOOL NotifyChangeEventLog(
HANDLE hEventLog, // handle to event log
HANDLE hEvent // handle to event object
);
Top
4 楼oyljerry(【勇敢的心】→ ㊣提拉米苏√㊣)回复于 2005-04-05 10:42:06 得分 0
HANDLE OpenEventLog(
LPCTSTR lpUNCServerName, // server name
LPCTSTR lpSourceName // file name
);
BOOL ReadEventLog(
HANDLE hEventLog, // handle to event log
DWORD dwReadFlags, // how to read log
DWORD dwRecordOffset, // offset of first record
LPVOID lpBuffer, // buffer for read data
DWORD nNumberOfBytesToRead, // bytes to read
DWORD *pnBytesRead, // number of bytes read
DWORD *pnMinNumberOfBytesNeeded // bytes required
);
BOOL ClearEventLog(
HANDLE hEventLog, // handle to event log
LPCTSTR lpBackupFileName // name of backup file
);
BOOL NotifyChangeEventLog(
HANDLE hEventLog, // handle to event log
HANDLE hEvent // handle to event object
);
Top
5 楼signoft(晴天)回复于 2005-04-05 10:57:38 得分 0
关注,学习Top
6 楼signoft(晴天)回复于 2005-04-05 11:02:16 得分 10
刚刚找到了一个操作系统日志的例子,比较全
希望对楼主有用
http://www.codeproject.com/system/sysevent.aspTop
7 楼guosenjuncs(铁过)回复于 2005-04-06 18:41:38 得分 0
多谢各位,就此结贴。Top
