B4J Question Read Windows Events Logs ?

Erel

Erel

Administrator
Staff member
Licensed User
Start with this:
B4X: 
#AdditionalJar: jna-5.0.0
#AdditionalJar: jna-platform-5.0.0

Sub Process_Globals
   
End Sub

Sub AppStart (Args() As String)
   Dim EventLogIterator As JavaObject
   EventLogIterator.InitializeNewInstance("com.sun.jna.platform.win32.Advapi32Util.EventLogIterator", Array("application"))
   Do While EventLogIterator.RunMethod("hasNext", Null)
       Dim record As JavaObject = EventLogIterator.RunMethod("next", Null)
       Log($"ID: ${record.RunMethod("getEventId", Null)}, type: ${record.RunMethod("getType", Null)}, source: ${record.RunMethod("getSource", Null)}"$)
   Loop
End Sub
You will need to do some work to get the actual information in each of the records.
http://java-native-access.github.io...atform/win32/Advapi32Util.EventLogRecord.html
 
Magma

Magma

Well-Known Member
Licensed User
Excellent...

by the way... i want to read full eventdata... so trying to get the getstrings method... but

getting something like that:
B4X: 
[Ljava.lang.String;@6b3a4a70
the code:
B4X: 
log(record.RunMethod("getStrings", Null))
+As i can understand this loop reads all the events of applications... how can read only the last one or two last... i want to check every 5 secs...
 
Magma

Magma

Well-Known Member
Licensed User
As i am trying...

to read the latest events... i always get none....

But now i think that EventLogIterator.InitializeNewInstance just create on time the events string array... so.. can't get the last error - must always read full events :-(

or no...>? is there a solution or something i loose ?

my code:
B4X: 
#Region Project Attributes
    #MainFormWidth: 600
    #MainFormHeight: 600
#End Region
#AdditionalJar: jna-5.2.0
#AdditionalJar: jna-platform-5.2.0


Sub Process_Globals
    Private fx As JFX
    Private MainForm As Form
    Public timer1 As Timer
    Dim EventLogIterator As JavaObject
End Sub

Sub AppStart (form1 As Form,Args() As String)
    MainForm = form1
    MainForm.show

    timer1.Initialize("timers1",5000)
    timer1.Enabled=True

    EventLogIterator.InitializeNewInstance("com.sun.jna.platform.win32.Advapi32Util.EventLogIterator", Array("application"))
    Do While EventLogIterator.RunMethod("hasNext", Null)
        Dim record As JavaObject = EventLogIterator.RunMethod("next", Null)
        Log($"ID: ${record.RunMethod("getEventId", Null)}, type: ${record.RunMethod("getType", Null)}, source: ${record.RunMethod("getSource", Null)}"$)
        Dim amap() As String=record.RunMethod("getStrings", Null)
    
        For i=0 To amap.length-1
            Log(amap(i))
        Next

    Loop


End Sub

Sub timers1_tick
    timer1.Enabled=False

    Log("read events...")
    'EventLogIterator.InitializeContext  /// That will help if was android... but we are talking about b4j..
    Dim haveanew As Boolean = EventLogIterator.RunMethod("hasNext", Null)
    Log(haveanew)
    If haveanew=True Then
        Dim record As JavaObject = EventLogIterator.RunMethod("next", Null)
        Log($"ID: ${record.RunMethod("getEventId", Null)}, type: ${record.RunMethod("getType", Null)}, source: ${record.RunMethod("getSource", Null)}"$)
        Dim amap() As String=record.RunMethod("getStrings", Null)
    
        For i=0 To amap.length-1
            Log(amap(i))
        Next
    End If

    timer1.Enabled=True

End Sub


'Return true to allow the default exceptions handler to handle the uncaught exception.
Sub Application_Error (Error As Exception, StackTrace As String) As Boolean
    Return True
End Sub
 
Daestrum

Daestrum

Well-Known Member
Licensed User
You could use jshell and run powershell.exe for the info you want
eg,
B4X: 
 sh.Initialize("sh","powershell.exe",Array("-OutputFormat","Text","Invoke-Command","-ScriptBlock","{","Get-EventLog","-LogName","application","-Newest","3","|","Select-Object","-Property","EventID, InstanceId, Message","}"))
 sh.Run(-1)
If you change -Property parameters to * instead of fieldnames you get an output like
EventID : 1534
MachineName : DESKTOP-MUQINOJ
Data : {}
Index : 12213
Category : (0)
CategoryNumber : 0
EntryType : Warning
Message : Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed,
error code is See Tracelogging for error details.


Source : Microsoft-Windows-User Profiles Service
ReplacementStrings : {Unload, {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB}, See Tracelogging for error details}
InstanceId : 1534
TimeGenerated : 21/03/2019 13:17:01
TimeWritten : 21/03/2019 13:17:01
UserName : NT AUTHORITY\SYSTEM
Site :
Container :
Click to expand...
on StdOut
 
Last edited:
You must log in or register to reply here.
Top