stackoom
  简体   繁体   中英

EvtExportLog API is saving eventlog of remote machine in remote PC itself. How can I save it to host PC?

 原文  2020-02-24 09:14:39       c++/ windows/ winapi/ event-log

Question

I have used EvtOpenSession API to create a session to a remote machine's eventlog, then used the session handle to call EvtExportLog API. I need the eventlog file in the host PC(where I am running this application), but this API is dumping the evenlog into the remote machine itself. What should I do to get the eventlog in host PC?

I have tried with a shared path in host PC as well(instead of _T("C:\\Test\\EventLogApplication.evt") I used _T("\\\\ComputerName\\Events\\EventLogApplication.evt"). In this case I am getting an access violation error.

here is the code snippet i used

......

hRemote = EvtOpenSession(EvtRpcLogin, &Credentials, 0, 0);

if (hRemote)    
{

   if (!EvtExportLog(hRemote, _T("Application"), NULL,_T("C:\\Test\\EventLogApplication.evt"), EvtExportLogChannelPath))    
   {
       std::cout << "Error-Code : " << GetLastError() << std::endl;
   }

}

......

1 answers

solution1
 0  2020-03-05 09:59:50

As far as I know, EvtExportLog cannot be used to save eventlog of remote machine to host PC. But for the issue, you can use the workaround.

Beacuse this behavior is by designed since all the operation is based on the RPC server. To save the event logs on local PC, we can create a shared folder on remote PC which save the remote event logs.

Refer: How do you create a file share on a remote system?

After the logs save on remote PC, we can use CopyFile to copy the logs to local PC from the shared folder on the remote PC.

Note: Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: Security resource properties for the existing file are not copied to the new file until Windows 8 and Windows Server 2012.

File attributes for the existing file are copied to the new file. For example, if an existing file has the FILE_ATTRIBUTE_READONLY file attribute, a copy created through a call to CopyFile will also have the FILE_ATTRIBUTE_READONLY file attribute. For more information, see Retrieving and Changing File Attributes.

This function fails with ERROR_ACCESS_DENIED if the destination file already exists and has the FILE_ATTRIBUTE_HIDDEN or FILE_ATTRIBUTE_READONLY attribute set.

When CopyFile is used to copy an encrypted file, it attempts to encrypt the destination file with the keys used in the encryption of the source file. If this cannot be done, this function attempts to encrypt the destination file with default keys. If neither of these methods can be done, CopyFile fails with an ERROR_ENCRYPTION_FAILED error code.

Refer: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-copyfile#remarks

Hope to help you.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Writing file to remote PC Performance profiling on a remote PC Turn off the display on remote PC Canon EDSDK 13.11.10 not saving to host PC CPU usage and Memory status of Remote PC Execute an exe in remote pc - C++ Retrieve the mac address of a remote pc Qt C++ Recieving text data from remote android bluetooth to Windows xp PC Create folders on a remote Windows PC using C++? SetLocalTime causing PC to lag, how can I optimize it?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM