B4J Question Read Windows Events Logs ?

Magma · Mar 21, 2019

Hi there...

is there a way to read windows events logs ?

Thanks in advance

Erel · Mar 21, 2019

Start with this:

B4X:

#AdditionalJar: jna-5.0.0
#AdditionalJar: jna-platform-5.0.0

Sub Process_Globals
   
End Sub

Sub AppStart (Args() As String)
   Dim EventLogIterator As JavaObject
   EventLogIterator.InitializeNewInstance("com.sun.jna.platform.win32.Advapi32Util.EventLogIterator", Array("application"))
   Do While EventLogIterator.RunMethod("hasNext", Null)
       Dim record As JavaObject = EventLogIterator.RunMethod("next", Null)
       Log($"ID: ${record.RunMethod("getEventId", Null)}, type: ${record.RunMethod("getType", Null)}, source: ${record.RunMethod("getSource", Null)}"$)
   Loop
End Sub

You will need to do some work to get the actual information in each of the records.
http://java-native-access.github.io...atform/win32/Advapi32Util.EventLogRecord.html

Magma · Mar 21, 2019

Excellent...

by the way... i want to read full eventdata... so trying to get the getstrings method... but

getting something like that:

B4X:

[Ljava.lang.String;@6b3a4a70

the code:

B4X:

log(record.RunMethod("getStrings", Null))

+As i can understand this loop reads all the events of applications... how can read only the last one or two last... i want to check every 5 secs...

DonManfred · Mar 21, 2019

Magma said:
getting something like that

it is an array (or list) of strings.

Magma · Mar 21, 2019

Yes it is (array of strings)...

Magma · Mar 21, 2019

As i am trying...

to read the latest events... i always get none....

But now i think that EventLogIterator.InitializeNewInstance just create on time the events string array... so.. can't get the last error - must always read full events :-(

or no...>? is there a solution or something i loose ?

my code:

B4X:

#Region Project Attributes
    #MainFormWidth: 600
    #MainFormHeight: 600
#End Region
#AdditionalJar: jna-5.2.0
#AdditionalJar: jna-platform-5.2.0


Sub Process_Globals
    Private fx As JFX
    Private MainForm As Form
    Public timer1 As Timer
    Dim EventLogIterator As JavaObject
End Sub

Sub AppStart (form1 As Form,Args() As String)
    MainForm = form1
    MainForm.show

    timer1.Initialize("timers1",5000)
    timer1.Enabled=True

    EventLogIterator.InitializeNewInstance("com.sun.jna.platform.win32.Advapi32Util.EventLogIterator", Array("application"))
    Do While EventLogIterator.RunMethod("hasNext", Null)
        Dim record As JavaObject = EventLogIterator.RunMethod("next", Null)
        Log($"ID: ${record.RunMethod("getEventId", Null)}, type: ${record.RunMethod("getType", Null)}, source: ${record.RunMethod("getSource", Null)}"$)
        Dim amap() As String=record.RunMethod("getStrings", Null)
    
        For i=0 To amap.length-1
            Log(amap(i))
        Next

    Loop


End Sub

Sub timers1_tick
    timer1.Enabled=False

    Log("read events...")
    'EventLogIterator.InitializeContext  /// That will help if was android... but we are talking about b4j..
    Dim haveanew As Boolean = EventLogIterator.RunMethod("hasNext", Null)
    Log(haveanew)
    If haveanew=True Then
        Dim record As JavaObject = EventLogIterator.RunMethod("next", Null)
        Log($"ID: ${record.RunMethod("getEventId", Null)}, type: ${record.RunMethod("getType", Null)}, source: ${record.RunMethod("getSource", Null)}"$)
        Dim amap() As String=record.RunMethod("getStrings", Null)
    
        For i=0 To amap.length-1
            Log(amap(i))
        Next
    End If

    timer1.Enabled=True

End Sub


'Return true to allow the default exceptions handler to handle the uncaught exception.
Sub Application_Error (Error As Exception, StackTrace As String) As Boolean
    Return True
End Sub

Daestrum · Mar 21, 2019

You could use jshell and run powershell.exe for the info you want
eg,

B4X:

 sh.Initialize("sh","powershell.exe",Array("-OutputFormat","Text","Invoke-Command","-ScriptBlock","{","Get-EventLog","-LogName","application","-Newest","3","|","Select-Object","-Property","EventID, InstanceId, Message","}"))
 sh.Run(-1)

If you change -Property parameters to * instead of fieldnames you get an output like

EventID : 1534
MachineName : DESKTOP-MUQINOJ
Data : {}
Index : 12213
Category : (0)
CategoryNumber : 0
EntryType : Warning
Message : Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed,
error code is See Tracelogging for error details.

Source : Microsoft-Windows-User Profiles Service
ReplacementStrings : {Unload, {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB}, See Tracelogging for error details}
InstanceId : 1534
TimeGenerated : 21/03/2019 13:17:01
TimeWritten : 21/03/2019 13:17:01
UserName : NT AUTHORITY\SYSTEM
Site :
Container :

on StdOut

Magma · Mar 21, 2019

@Daestrum it is a solution... hopping that jna was talking better at windows events logs...

Magma · Mar 21, 2019

+powershell is too slow...

Magma · Mar 21, 2019

if it is with shell - that is better:

B4X:

wevtutil qe Application /c:1 /f:text /rd:true

rd: reverse date/time
c: num of events (1 at example)
qe query --> Application here at exmple

B4J Question Read Windows Events Logs ?

Magma

Well-Known Member

Erel

Administrator

Magma

Well-Known Member

DonManfred

Expert

Magma

Well-Known Member

Magma

Well-Known Member

Daestrum

Well-Known Member

Magma

Well-Known Member

Magma

Well-Known Member

Magma

Well-Known Member

Similar Threads