logonEvts - Logon Events Extraction Utility
Written for this article. download here.
//filename: logonevts.cpp // //written to accompany eventlog article, pulls logon information from the //Security Event Log. This was my first excursion into managed c++ and uses //the old syntax, compile with Vis Toolkit 2003 (/clr). #using <mscorlib.dll> #using <System.dll> using namespace System; using namespace System::Diagnostics; using namespace System::Threading; int main() { int i = 0; try { EventLog* review = new EventLog(); review->Log = "Security"; review->MachineName = "."; EventLogEntryCollection* reviewEntries = review->Entries; review->Close(); for (i = reviewEntries->Count - 1; i >= 0; i--) { if ((reviewEntries->Item[i]->EventID > 528 ) && (reviewEntries->Item[i]->EventID < 540) || (reviewEntries->Item[i]->EventID == 681)) { Console::WriteLine("EventID: {0} FAILED Login Attempt at {1}\n{2}", __box(reviewEntries->Item[i]->EventID), __box(reviewEntries->Item[i]->TimeGenerated), reviewEntries->Item[i]->Message ); Console::WriteLine("Viewing Entry No. {0} of {1}", __box(i), __box(reviewEntries->Count)); } else if (( reviewEntries->Item[i]->EventID == 527 ) || (reviewEntries->Item[i]->EventID == 680)) { Console::WriteLine("EventID: {0} Successful Logon at {1}\n{2}", __box(reviewEntries->Item[i]->EventID), __box(reviewEntries->Item[i]->TimeGenerated), reviewEntries->Item[i]->Message ); Console::WriteLine("Viewing Entry No. {0} of {1}", __box(i), __box(reviewEntries->Count)); } } } catch (Exception *e) { Console::WriteLine("problem getting the event logs\n{0}", e->Message); } return 0; }