Commandline NT Eventlog writer

This tool allows you to write stuff to the Eventlog. Good for debugging

batch files, running it from your own program. Now with the capabillty to add a resource file to the registry so that the message just shows what you want it to show.

 

The tool has several different parameters,

 

"message"   The Message to write to the log file

[uncpath]   A path to a computer where it will be logged. you can

            set this parameter to the word NULL to use the local

            computer.

[type]            Used for telling what the entry will look like in the

            Event Viewer. It can be a 16-bit integer or one of the

            words below:

            Info  information type

            error error type

            warning     Warning type

            success     audit success type

            fail  audit failure type

[categoryid]      An optional integer that represent the category

[eventid]   An optional integer that represent the event id

[logname]   Source name used in if you leave this parameter blank it

            will used "delphijustin" as the default source

/reg        Registers [logname] with this file. 

NOTE ALL ENTRIES WILL BE UNDER THE APPLICATION LOG.

 

Heres a example that add a message "hello admin" into the Eventlog

 

elwrite "hello admin" info

 

 And here’s how to write to the eventlog and register the logname "mylog"

elwrite "hi there" null info 0 0 mylog /reg

Note: You must use all parameters when registering a logname.

 

            More tools and programs available at

                  www.delphijustin.biz

program ELWrite;
{$RESOURCE ELWrite32.res}
{$APPTYPE Console}

uses
  SysUtils,
  windows,
  Classes;

type TMyEventData=record
MajorV,MinerV:Byte;
tickcount,unsize:dword;
username:array[0..255]of char;
eventid,cate:word;
end;

var hel:thandle;
etype:word;
en:tmyeventdata;
logkey:hkey;
s:string;
dwtypes:dword;
data,logname:array[0..255]of char;
text:array[0..0]of pchar;
begin
en.majorv:=2;
en.minerv:=0;
if paramcount=0 then begin
writeln('Parameters must be in same order as shown');
writeln('Usage: ',ExtractFileName(paramstr(0)),' "message" [uncpath] [type] [categoryid] [eventid] [logname] [/reg]');
writeln('Type can be an 16-bit integer or one of the following names:');
writeln('error    Error type');
writeln('info     Information type(default type used)');
writeln('warning  Warning Type');
writeln('success  Audit Success type');
writeln('fail     Audit Failure type');
writeln('/reg     Registers the [logname] to this file.');
writeln('');
writeln('You can use the word NULL for the [uncpath] if its the local computer');
exitprocess(0);
end;
text[0]:=strpcopy(data,paramstr(1));
en.unsize:=256;getusername(en.username,en.unsize);
if paramstr(6)=''then logname:='delphijustin'else strpcopy(logname,paramstr(6));
if stricomp('/reg',pchar(paramstr(7)))=0then
begin
regcreatekey(HKEY_LOCAL_MACHINE,pchar(
'SYSTEM\CurrentControlSet\Services\Eventlog\Application\'+strpas(logname)),logkey);
s:=paramstr(0);
dwtypes:=31;
if(regsetvalueex(logkey,'EventMessageFile',0,reg_sz,@s[1],length(s)+1)<>error_success)
or(regsetvalueex(logkey,'TypesSupported',0,reg_dword,@dwtypes,4)<>error_success)then
writeln('Failed to register handler');
regclosekey(logkey);
end;
en.cate:=strtointdef(paramstr(4),0);
en.eventid:=strtointdef(paramstr(5),0);
en.tickcount:=gettickcount;
if(paramstr(2)='') or(stricomp('NULL',pchar(paramstr(2)))=0) then
hel:=registereventsource(nil,logname)else
hel:=registereventsource(pchar(paramstr(2)),logname);
if hel=0 then begin
writeln(syserrormessage(getlasterror));
exitprocess(getlasterror);
end;
etype:=strtointdef(paramstr(3), eventlog_information_type);
if stricomp('error',PChar(paramstr(3)))=0then etype:=eventlog_error_type;
if stricomp('warning',PChar(paramstr(3)))=0then etype:=eventlog_warning_type;
if stricomp('success',PChar(paramstr(3)))=0then etype:=eventlog_audit_success;
if stricomp('fail',PChar(paramstr(3)))=0then etype:=eventlog_audit_failure;
setlasterror(0);
if not reportevent(hel,etype,en.eventid,en.cate,nil,1,sizeof(en),@text,@en)then
writeln(syserrormessage(getlasterror))else begin
 writeln('Successfully written to the eventlog');
 deregistereventsource(hel);
 exitprocess(0);
 end;
 deregistereventsource(hel);
 exitprocess(getlasterror);
end.

Published by Justin Roeder

I am an electronics engineer and computer programmer that has autism. I learned by myself

Leave a comment

Your email address will not be published. Required fields are marked *