Developers may often need to retrieve the windows event messages to diagnose system problems and predict future issues. How to retrieve event logs programmatically for the given source such as System, Security, Hardware events, etc. ? Don’t know how to do? Don’t worry? MiTec’s System Information Management Suite’s component helps to retrieve event messages quickly and with less code. we will learn how to use use the TMiTec_EventLog, component in this blog post.
Platforms: Windows.
Installation Steps:
You can easily install this Component Suite from GetIt Package Manager. The steps are as follows.
- Navigate In RAD Studio IDE->Tools->GetIt Package Manager->select Components in Categories->Components->Trail -MiTec system Information Component Suite 14.3 and click Install Button.
- Read the license and Click Agree All. An Information dialog saying ‘Requires a restart of RAD studio at the end of the process. Do you want to proceed? click yes and continue.
- It will download the plugin and installs it. Once installed Click Restart now.
How to run the Demo app:
- Navigate to the System Information Management Suite trails setup, Demos folder which is installed during Get It installation e.g) C:UsersDocumentsEmbarcaderoStudio21.0CatalogRepositoryMiTeC-14.3DemosDelphi12
- Open the ELView project in RAD studio 10.4.1 Compile and Run the application.
- This Demo App shows how to retrieve event logs programmatically for the given source and details of the particular event message.
Components used in MSIC ELView Demo App:
- TMiTeC_EventLog: Retrieves Windows Event Log messages for given source.
- TComboBox to list the Event Source category such as System, Security, Hardware events.
- TEdit to provide the filter text which helps to filter user preferred the event log messages
- TListView to list the event log messages for a particular source.
- TButton’s to save and refresh.
Implementation Details:
- An instance is created EL of TMiTeC_EventLog, and source event source containers is retrieved by looping the ContainerCount property. Use OnReadEventLog to update the application message caption for each 1000 event messages.
- SourceFilter property helps filter the text within the event log messages. Set this property with TEdit Text value.
- On changing the combo box, list the event logs by looping the RecordCount, For each record of TLogRecord type provides the EventType, DateTime, Source, Category, EventID, Username, Domain, Computer, Description, BinaryData, CharData values.
- You can provide the Username, Password, DomainName for connecting to remote machine for the new WinEvt API.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
procedure TForm1.cbChange(Sender: TObject); var i: Integer; h: Boolean; begin Memo.Lines.Clear; if cb.ItemIndex=-1 then Exit; bAction.Caption:='Cancel'; bAction.OnClick:=cmCancel; bLoad.Enabled:=False; bSave.Enabled:=False; cb.Enabled:=False; eFilter.Enabled:=False; lv.Enabled:=False; Memo.Enabled:=False; FCancel:=False; Screen.Cursor:=crHourglass; try et:=GetTickCount64; EL.SourceFilter:=eFilter.Text; EL.SourceName:=cb.Text; h:=True; FCancel:=False; Caption:=Format('EventLog Viewer - %d records / %1.2f s',[EL.RecordCount,(GetTickCount64-et)/1000]); with lv.Items do begin BeginUpdate; try Clear; Update; for i:=0 to EL.RecordCount-1 do with Add do begin Caption:=DatetimeToStr(EL.Records[i].DateTime); SubItems.Add(EL.Records[i].Source); SubItems.Add(IntToStr(EL.Records[i].EventID)); SubItems.Add(EL.Records[i].Category); SubItems.Add(EL.Records[i].Computer); SubItems.Add(EL.Records[i].Description); ImageIndex:=Integer(EL.Records[i].EventType); end; finally EndUpdate; end; end; finally EL.Clear; bAction.Caption:='Refresh'; bAction.OnClick:=cmRefresh; bLoad.Enabled:=True; bSave.Enabled:=True; cb.Enabled:=True; eFilter.Enabled:=True; lv.Enabled:=True; Memo.Enabled:=True; Screen.Cursor:=crDefault; end; lv.SetFocus; end; |
- Show the selected items subitem in the Memo text.
1 2 3 4 5 |
procedure TForm1.lvSelectItem(Sender: TObject; Item: TListItem; Selected: Boolean); begin Memo.Lines.Text:=Item.SubItems[Item.SubItems.Count-1]; end; |
It’s really that simple to retrieve event logs and its event log message details from various event source in your application. Use this MiTeC component suite and get the job done quickly.
Design. Code. Compile. Deploy.
Start Free Trial Upgrade Today
Free Delphi Community Edition Free C++Builder Community Edition