logonEvts - Logon Events Extraction Utility

Written for this article. download here.

//filename: logonevts.cpp
//
//written to accompany eventlog article, pulls logon information from the
//Security Event Log.  This was my first excursion into managed c++ and uses
//the old syntax, compile with Vis Toolkit 2003 (/clr).

#using <mscorlib.dll>
#using <System.dll>

using namespace System;
using namespace System::Diagnostics;
using namespace System::Threading;

int main()
{
	int i = 0;

	try
	{
		EventLog* review = new EventLog();
		review->Log = "Security";
		review->MachineName = ".";

		EventLogEntryCollection* reviewEntries = review->Entries;
		review->Close();

		for (i = reviewEntries->Count - 1; i >= 0; i--)
		{
			if ((reviewEntries->Item[i]->EventID > 528 ) &&
					(reviewEntries->Item[i]->EventID < 540) ||
					(reviewEntries->Item[i]->EventID == 681))
			{
				Console::WriteLine("EventID: {0} FAILED Login Attempt at {1}\n{2}",
						__box(reviewEntries->Item[i]->EventID),
						__box(reviewEntries->Item[i]->TimeGenerated),
						reviewEntries->Item[i]->Message );
				Console::WriteLine("Viewing Entry No. {0} of {1}",
						__box(i), __box(reviewEntries->Count));
			} else if (( reviewEntries->Item[i]->EventID == 527 ) ||
					(reviewEntries->Item[i]->EventID == 680))
			{
				Console::WriteLine("EventID: {0} Successful Logon at {1}\n{2}",
						__box(reviewEntries->Item[i]->EventID),
						__box(reviewEntries->Item[i]->TimeGenerated),
						reviewEntries->Item[i]->Message );
				Console::WriteLine("Viewing Entry No. {0} of {1}",
						__box(i), __box(reviewEntries->Count));
			}
		}
	}
	catch (Exception *e)
	{
		Console::WriteLine("problem getting the event logs\n{0}",
				e->Message);
	}
	return 0;
}