home *** CD-ROM | disk | FTP | other *** search
- {*******************************************************}
- { }
- { MiTeC System Information Component }
- { Windows NT Event Log Enumeration }
- { version 8.3 for Delphi 5,6,7 }
- { }
- { Copyright ⌐ 1997,2003 Michal Mutl }
- { }
- {*******************************************************}
-
- {$INCLUDE MITEC_DEF.INC}
-
-
- unit MiTeC_EventLogNT;
-
- interface
-
- uses Windows, Classes, SysUtils;
-
- const
- BUFFER_SIZE = 4096;
-
- // Defines for the READ flags for Eventlogging
- EVENTLOG_SEQUENTIAL_READ = $0001;
- EVENTLOG_SEEK_READ = $0002;
- EVENTLOG_FORWARDS_READ = $0004;
- EVENTLOG_BACKWARDS_READ = $0008;
-
- // The types of events that can be logged.
-
- EVENTLOG_SUCCESS = $0000;
- EVENTLOG_ERROR_TYPE = $0001;
- EVENTLOG_WARNING_TYPE = $0002;
- EVENTLOG_INFORMATION_TYPE = $0004;
- EVENTLOG_AUDIT_SUCCESS = $0008;
- EVENTLOG_AUDIT_FAILURE = $0010;
-
-
- // Defines for the WRITE flags used by Auditing for paired events
- // These are not implemented in Product 1
-
- EVENTLOG_START_PAIRED_EVENT = $0001;
- EVENTLOG_END_PAIRED_EVENT = $0002;
- EVENTLOG_END_ALL_PAIRED_EVENTS = $0004;
- EVENTLOG_PAIRED_EVENT_ACTIVE = $0008;
- EVENTLOG_PAIRED_EVENT_INACTIVE = $0010;
-
- type
- PSID = Pointer;
-
- _EVENTLOGRECORD = record
- Length: DWORD;
- Reserved: DWORD;
- RecordNumber: DWORD;
- TimeGenerated: DWORD;
- TimeWritten: DWORD;
- EventID: DWORD;
- EventType: WORD;
- NumStrings: WORD;
- EventCategory: WORD;
- ReservedFlags: WORD;
- ClosingRecordNumber: DWORD;
- StringOffset: DWORD;
- UserSidLength: DWORD;
- UserSidOffset: DWORD;
- DataLength: DWORD;
- DataOffset: DWORD;
- {SourceName: PChar;
- Computername: PChar;
- UserSid: PSID;
- Strings: PChar;
- Data: PChar;
- Pad: PChar;
- Length: DWORD;}
- end;
-
- PEVENTLOGRECORD = ^EVENTLOGRECORD;
- EVENTLOGRECORD = _EVENTLOGRECORD;
-
- TEventLogType = (elApplication, elSystem, elSecurity);
-
- TEventType = (etError, etWarning, etInformation, etAuditSuccess, etAuditFailure);
-
- PLogRecord = ^TLogRecord;
- TLogRecord = record
- EventType: TEventType;
- DateTime: TDateTime;
- Source: string;
- Category: string;
- EventID: Cardinal;
- Username: string;
- Domain: string;
- Computer: string;
- Description: string;
- BinaryData: string;
- CharData: string;
- end;
-
- TEventLog = class(TPersistent)
- private
- FType: TEventLogType;
- FRecords: TStringList;
- FMachine: string;
-
- procedure RetrieveLog(AMachine: string; AType: TEventLogType);
- procedure FreeList(var AList: TStringList);
-
- function GetRecCount: DWORD;
- function GetRecord(Index: DWORD): PLogRecord;
- public
- constructor Create;
- destructor Destroy; override;
- procedure Refresh;
-
- property Machine: string read FMachine write FMachine;
- property LogType: TEventLogType read FType write FType;
- property RecordCount: DWORD read GetRecCount;
- property LogRecords[Index: DWORD]: PLogRecord read GetRecord;
- end;
-
- const
- EventLogTypes: array[elApplication..elSecurity] of string = ('Application', 'System', 'Security');
- EventTypes: array[etError..etAuditFailure] of string = ('Error', 'Warning', 'Information', 'AuditSuccess', 'AuditFailure');
-
- rkEventLog = {HKEY_LOCAL_MACHINE\}'SYSTEM\CurrentControlSet\Services\EventLog';
-
- rvEventMessageFile = 'EventMessageFile'; // Path to the message resource file that contains the event format strings.
- rvTypesSupported = 'TypesSupported'; //The types of events this source can generate.
- rvCategoryMessageFile = 'CategoryMessageFile'; //Path to the message resource file that has the descriptive strings for the source categories.
- rvCategoryCount = 'CategoryCount'; // The number of categories described in the CategoryMessageFile.
- rvParameterMessageFile = 'ParameterMessageFile'; //Insert parameter descriptive strings.
-
-
- implementation
-
-
