以下为我的程序
int main(array<System::String^>^ args)
{
//后台运行
HWND hwnd;
hwnd = FindWindow("ConsoleWindowClass", NULL);
if (hwnd) {
ShowWindow(hwnd, SW_SHOWNORMAL);
}
EventLog^ log = gcnew EventLog();
//绑定应用日志
log->Log = ("Application");
EventLogEntryCollection^ myApp = log->Entries;
int AppNum = myApp->Count;
//绑定安全日志
log->Log = ("Security");
EventLogEntryCollection^ mySec = log->Entries;
int SecuNum = mySec->Count;
//绑定系统日志
log->Log = ("System");
EventLogEntryCollection^ mySys = log->Entries;
int SysNum = mySys->Count;
while (1)
{
//获取当前应用日志
log->Log = ("Application");
EventLogEntryCollection^ myApplication = log->Entries;
if (myApplication->Count > AppNum)
{
analysis1(myApplication, AppNum);
AppNum++;
}
else if (myApplication->Count < AppNum)
{
for each (EventLogEntry^ var in myApplication)
{
analysis2(var);
}
AppNum = myApplication->Count;
}
//获取当前安全日志
log->Log = ("Security");
EventLogEntryCollection^ mySecurity = log->Entries;
if (mySecurity->Count > SecuNum)
{
analysis1(mySecurity, SecuNum);
SecuNum++;
}
else if (mySecurity->Count < SecuNum)
{
for each (EventLogEntry^ var in mySecurity)
{
analysis2(var);
}
SecuNum = mySecurity->Count;
}
//获取当前系统日志
log->Log = ("System");
EventLogEntryCollection^ mySystem = log->Entries;
if (mySystem->Count > SysNum) //如有新日志,则按序输出
{
analysis1(mySystem, SysNum);
SysNum++;
}
else if (mySystem->Count < SysNum) //表示日志以重置
{
for each (EventLogEntry^ var in mySystem)
{
analysis2(var);
}
SysNum = mySystem->Count;
}
}
return 0;
}
//解析相关的内容以及JSON封包
void analysis1(EventLogEntryCollection^ log, int n) {
string type, time, sou, user, machine, cat, msg;
int id;
//判断查找的内容是否为空
//判断级别是否为空
if (!log[n]->EntryType.ToString()) {
type = "";
}
else {
const char* EntryType = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->EntryType.ToString())).ToPointer();
type = EntryType;
}
//判断事件是否为空
if (!log[n]->TimeWritten.ToString()) {
time = "";
}
else {
const char* TimeWritten = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->TimeWritten.ToString())).ToPointer();
time = TimeWritten;
}
//判断来源是否为空
if (!log[n]->Source) {
sou = "";
}
else {
const char* Source = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->Source)).ToPointer();
sou = Source;
}
//判断用户是否为空
if (!log[n]->UserName) {
user = "";
}
else {
const char* UserName = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->UserName)).ToPointer();
user = UserName;
}
//判断计算机名是否为空
if (!log[n]->MachineName) {
machine = "";
}
else {
const char* MachineName = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->MachineName)).ToPointer();
machine = MachineName;
}
//判断任务类别是否为空
if (!log[n]->CategoryNumber.ToString()) {
cat = "";
}
else {
const char* Category = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->CategoryNumber.ToString())).ToPointer();
cat = Category;
}
//判断内容是否为空
if (!log[n]->Message) {
msg = "";
}
else {
const char* Message = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->Message)).ToPointer();
msg = Message;
}
//判断事件ID是否为空
if (!log[n]->EventID) {
id = NULL;
}
else {
id = log[n]->EventID;
}
StringBuffer buffer;
Writer<StringBuffer> Log(buffer);
Log.StartObject();
Log.Key("EntryType");
Log.String(type.c_str());
Log.Key("TimeWritten");
Log.String(time.c_str());
Log.Key("Source");
Log.String(sou.c_str());
Log.Key("EventID");
Log.Int(id);
Log.String("Category");
Log.Key(cat.c_str());
Log.String("UserName");
Log.Key(user.c_str());
Log.String("MachineName");
Log.Key(machine.c_str());
Log.String("Message");
Log.Key(msg.c_str());
Log.EndObject();
string LogData = buffer.GetString();
client(LogData.c_str());
}
//日志重置后解析相关的内容以及JSON封包
void analysis2(EventLogEntry^ log) {
string type, time, sou, user, machine, cat, msg;
int id;
//判断查找的内容是否为空
//判断级别是否为空
if (!log->EntryType.ToString()) {
type = "";
}
else {
const char* EntryType = (const char*)(Marshal::StringToCoTaskMemAnsi(log->EntryType.ToString())).ToPointer();
type = EntryType;
}
//判断事件是否为空
if (!log->TimeWritten.ToString()) {
time = "";
}
else {
const char* TimeWritten = (const char*)(Marshal::StringToCoTaskMemAnsi(log->TimeWritten.ToString())).ToPointer();
time = TimeWritten;
}
//判断来源是否为空
if (!log->Source) {
sou = "";
}
else {
const char* Source = (const char*)(Marshal::StringToCoTaskMemAnsi(log->Source)).ToPointer();
sou = Source;
}
//判断用户是否为空
if (!log->UserName) {
user = "";
}
else {
const char* UserName = (const char*)(Marshal::StringToCoTaskMemAnsi(log->UserName)).ToPointer();
user = UserName;
}
//判断计算机名是否为空
if (!log->MachineName) {
machine = "";
}
else {
const char* MachineName = (const char*)(Marshal::StringToCoTaskMemAnsi(log->MachineName)).ToPointer();
machine = MachineName;
}
//判断任务类别是否为空
if (!log->CategoryNumber.ToString()) {
cat = "";
}
else {
const char* Category = (const char*)(Marshal::StringToCoTaskMemAnsi(log->CategoryNumber.ToString())).ToPointer();
cat = Category;
}
//判断内容是否为空
if (!log->Message) {
msg = "";
}
else {
const char* Message = (const char*)(Marshal::StringToCoTaskMemAnsi(log->Message)).ToPointer();
msg = Message;
}
//判断事件ID是否为空
if (!log->EventID) {
id = NULL;
}
else {
id = log->EventID;
}
StringBuffer buffer;
Writer<StringBuffer> Log(buffer);
Log.StartObject();
Log.Key("EntryType");
Log.String(type.c_str());
Log.Key("TimeWritten");
Log.String(time.c_str());
Log.Key("Source");
Log.String(sou.c_str());
Log.Key("EventID");
Log.Int(id);
Log.String("Category");
Log.Key(cat.c_str());
Log.String("UserName");
Log.Key(user.c_str());
Log.String("MachineName");
Log.Key(machine.c_str());
Log.String("Message");
Log.Key(msg.c_str());
Log.EndObject();
string LogData = buffer.GetString();
client(LogData.c_str());
}
在运行此程序时如果系统日志的属性设置为按需要覆盖事件(旧事件优先),如下图:
一旦日志很多,在运行analysis1函数查找内容时,会出现数值越界的问题,如下图:
原因是按需覆盖是删一条加一条,在执行analysis1函数查找内容的时候,日志突然发生覆盖事件,而且是一大片删除旧日志,导致这个时候的下标改变了(感觉运行速率太好了也不行),使得程序崩溃
有什么好的解决办法吗?崩溃重置程序的话也可以