📄 jvqnteventlog.pas
字号:
{******************************************************************************}
{* WARNING: JEDI VCL To CLX Converter generated unit. *}
{* Manual modifications will be lost on next release. *}
{******************************************************************************}
{-----------------------------------------------------------------------------
The contents of this file are subject to the Mozilla Public License
Version 1.1 (the "License"); you may not Use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/MPL-1.1.html
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either expressed or implied. See the License for
the specific language governing rights and limitations under the License.
The Original Code is: JvEventLog.PAS, released on 2002-09-02.
The Initial Developer of the Original Code is Fernando Silva [fernando dott silva att myrealbox dott com]
Portions created by Fernando Silva are Copyright (C) 2002 Fernando Silva.
All Rights Reserved.
Contributor(s):
You may retrieve the latest version of this file at the Project JEDI's JVCL home page,
located at http://jvcl.sourceforge.net
Known Issues:
-----------------------------------------------------------------------------}
// $Id: JvQNTEventLog.pas,v 1.16 2005/02/06 14:06:14 asnepvangers Exp $
unit JvQNTEventLog;
{$I jvcl.inc}
{$I windowsonly.inc}
interface
uses
{$IFDEF MSWINDOWS}
Windows,
{$ENDIF MSWINDOWS}
Classes, SysUtils,
JvQComponent;
type
TNotifyChangeEventLog = class;
TJvNTEventLogRecord = class;
TJvNTEventLog = class(TJvComponent)
private
FLogHandle: THandle;
FLog: string;
FServer: string;
FSource: string;
FActive: Boolean;
FLastError: Cardinal;
FOnChange: TNotifyEvent;
FNotifyThread: TNotifyChangeEventLog;
FEventRecord: TJvNTEventLogRecord;
procedure SetActive(Value: Boolean);
procedure SetServer(const Value: string);
procedure SetSource(const Value: string);
procedure SetLog(const Value: string);
function GetEventCount: Cardinal;
procedure SeekRecord(N: Cardinal);
public
constructor Create(AOwner: TComponent); override;
destructor Destroy; override;
procedure Open;
procedure Close;
procedure First;
procedure Last;
function Eof: Boolean;
procedure Next;
procedure Seek(N: Cardinal);
procedure ReadEventLogs(AStrings: TStrings);
property EventCount: Cardinal read GetEventCount;
property EventRecord: TJvNTEventLogRecord read FEventRecord;
published
property Server: string read FServer write SetServer;
property Source: string read FSource write SetSource;
property Log: string read FLog write SetLog;
property Active: Boolean read FActive write SetActive;
property OnChange: TNotifyEvent read FOnChange write FOnChange;
end;
TNotifyChangeEventLog = class(TThread)
private
FEventLog: TJvNTEventLog;
FEventHandle: THandle;
procedure DoChange;
protected
procedure Execute; override;
public
constructor Create(AOwner: TComponent);
end;
TJvNTEventLogRecord = class(TObject)
private
FEventLog: TJvNTEventLog;
FCurrentRecord: Pointer;
FOwner: TComponent;
function GetRecordNumber: Cardinal;
function GetDateTime: TDateTime;
function GetID: DWORD;
function GetType: string;
function GetStringCount: DWORD;
function GetCategory: Cardinal;
function GetSource: string;
function GetComputer: string;
function GetSID: PSID;
function GetString(Index: Cardinal): string;
function GetMessageText: string;
function GetUsername: string;
public
constructor Create(AOwner: TComponent);
property RecordNumber: Cardinal read GetRecordNumber;
property DateTime: TDateTime read GetDateTime;
property EventType: string read GetType;
property Category: Cardinal read GetCategory;
property Source: string read GetSource;
property Computer: string read GetComputer;
property ID: DWORD read GetID;
property StringCount: DWORD read GetStringCount;
property SID: PSID read GetSID;
property EventString[Index: Cardinal]: string read GetString;
property MessageText: string read GetMessageText;
property UserName: string read GetUsername;
property Owner: TComponent read FOwner;
end;
implementation
uses
{$IFDEF UNITVERSIONING}
JclUnitVersioning,
{$ENDIF UNITVERSIONING}
Registry,
JvQResources;
const
EVENTLOG_SEQUENTIAL_READ = $0001;
EVENTLOG_SEEK_READ = $0002;
EVENTLOG_FORWARDS_READ = $0004;
EVENTLOG_BACKWARDS_READ = $0008;
cEventLogBaseKey = 'SYSTEM\CurrentControlSet\Services\EventLog';
type
PEventLogRecord = ^TEventLogRecord;
TEventLogRecord = packed record
Length: DWORD; // Length of full record
Reserved: DWORD; // Used by the service
RecordNumber: DWORD; // Absolute record number
TimeGenerated: DWORD; // Seconds since 1-1-1970
TimeWritten: DWORD; // Seconds since 1-1-1970
EventID: DWORD;
EventType: WORD;
NumStrings: WORD;
EventCategory: WORD;
ReservedFlags: WORD; // For Use with paired events (auditing)
ClosingRecordNumber: DWORD; // For Use with paired events (auditing)
StringOffset: DWORD; // Offset from beginning of record
UserSidLength: DWORD;
UserSidOffset: DWORD;
DataLength: DWORD;
DataOffset: DWORD; // Offset from beginning of record
end;
//=== { TJvNTEventLog } ======================================================
constructor TJvNTEventLog.Create(AOwner: TComponent);
begin
inherited Create(AOwner);
FLog := '';
FSource := '';
FOnChange := nil;
FNotifyThread := nil;
FEventRecord := TJvNTEventLogRecord.Create(Self);
end;
destructor TJvNTEventLog.Destroy;
begin
Close;
FEventRecord.Free;
inherited Destroy;
end;
procedure TJvNTEventLog.SetActive(Value: Boolean);
begin
if Value <> FActive then
if csDesigning in ComponentState then
FActive := Value
else
if Value then
Open
else
Close;
end;
procedure TJvNTEventLog.SetServer(const Value: string);
var
OldActive: Boolean;
begin
if FServer <> Value then
begin
OldActive := Active;
Active := False;
FServer := Value;
Active := OldActive;
end
end;
procedure TJvNTEventLog.SetSource(const Value: string);
var
OldActive: Boolean;
begin
if FSource <> Value then
begin
OldActive := Active;
Active := False;
FSource := Value;
Active := OldActive;
end
end;
procedure TJvNTEventLog.SetLog(const Value: string);
var
OldActive: Boolean;
begin
if FLog <> Value then
begin
OldActive := Active;
Active := False;
FLog := Value;
Active := OldActive;
end
end;
function TJvNTEventLog.GetEventCount: Cardinal;
begin
if Active then
GetNumberOfEventLogRecords(FLogHandle, Result)
else
Result := 0;
end;
procedure TJvNTEventLog.Open;
begin
if Source <> '' then
begin
FLogHandle := OpenEventLog(PChar(Server), PChar(Source));
if FLogHandle = 0 then
RaiseLastOSError;
FNotifyThread := TNotifyChangeEventLog.Create(Self);
FActive := True;
end;
end;
procedure TJvNTEventLog.Close;
begin
if FLogHandle <> 0 then
begin
FNotifyThread.Terminate;
CloseEventLog(FLogHandle);
FLogHandle := 0
end;
ReallocMem(FEventRecord.FCurrentRecord, 0);
FActive := False;
end;
procedure TJvNTEventLog.First;
begin
SeekRecord(0);
end;
procedure TJvNTEventLog.Last;
begin
SeekRecord(GetEventCount - 1);
end;
function TJvNTEventLog.Eof: Boolean;
begin
Result := (EventRecord.FCurrentRecord = nil) or (EventRecord.RecordNumber = GetEventCount) or
(FLastError = ERROR_HANDLE_EOF);
end;
procedure TJvNTEventLog.Next;
var
BytesRead, BytesNeeded, Flags: DWORD;
Dummy: Char;
begin
Flags := EVENTLOG_SEQUENTIAL_READ;
Flags := Flags or EVENTLOG_FORWARDS_READ;
ReadEventLog(FLogHandle, Flags, 0, @Dummy, 0, BytesRead, BytesNeeded);
FLastError := GetLastError;
if FLastError = ERROR_INSUFFICIENT_BUFFER then
begin
ReallocMem(FEventRecord.FCurrentRecord, BytesNeeded);
if not ReadEventLog(FLogHandle, Flags, 0, FEventRecord.FCurrentRecord, BytesNeeded, BytesRead, BytesNeeded) then
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -