程序获取系统日志

程序获取系统日志 系统日志的获取只要用到了2 个函数OpenEv entLog ReadEv entLog。但是读的时候对于中文的处理不是很好，有时候读不到中文或者是乱码。下面的代码是实现读取日志的code，解决了中文读取的问题。 #include "stdafx.h" #include "info_syslog.h" #define BUFFER_SIZE 512 #define BUFFER_SIZE 1024*64 unsigned long lCount = 0; //#define DEFAULT_FILE "C:\\ossec-extracted-evt.log" FILE *fp; int event_record=0; /* Event logging local structure */ typedef struct _os_el { int time_of_last; char *event_name; EVENTLOGRECORD *er; HANDLE h; DWORD record; }os_el; os_el el[3]; int el_last = 0; /** int startEL(char *app, os_el *el) * Starts the event logging for each el */ int startEL(char *app, os_el *el) { /* Opening the event log */ el->h = OpenEventLog(NULL, app); if(!el->h) { return(0); } el->event_name = app; GetOldestEventLogRecord(el->h, &el->record); return(1); } /** char *el_GetCategory(int category_id) * Returns a string related to the category id of the log. */ char *el_GetCategory(int category_id) { char *cat; switch(category_id) { case EVENTLOG_ERROR_TYPE: cat = "错误"; break; case EVENTLOG_WARNING_TYPE: cat = "警告"; break; case EVENTLOG_INFORMATION_TYPE: cat = "信息"; break; case EVENTLOG_AUDIT_SUCCESS: cat = "审核成功"; break; case EVENTLOG_AUDIT_FAILURE: cat = "审核失败"; break; default: cat = "Unknown"; break; } return(cat); } /** int el_getEventDLL(char *evt_name, char *event_sourcename, char *event) * Returns the event. */ int el_getEventDLL(char *evt_name, char *event_sourcename, char *event) { HKEY key; DWORD ret; char keyname[256]; keyname[255] = '\0'; _snprintf(keyname, 254, "System\\CurrentControlSet\\Services\\EventLog\\%s\\%s", evt_name, event_sourcename); /* Opening registry */ if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_ALL_ACCESS, &key) != ERRO...