Need help with Windows eventlog (Winlogon event ID 812)
22 views
Skip to first unread message
Christian Schima
Jan 7, 2024, 4:54:04 PMJan 7
to Java Native Access
I want to read Windows events from
Winlogon
with ID 812 on my local machine using current version of JNA.
I can see the desired events in Windows eventlog viewer filtering for protocol "Microsoft-Windows-Winlogon/Operational" and
event ID 812.
My Java code (running as local administrator) with JNA does not find the desired events:
public void test() {
String serverName = null; // null means the local machine
String protocol = "Microsoft-Windows-Winlogon";
EventLogIterator eli = new EventLogIterator(serverName, protocol, WinNT.EVENTLOG_BACKWARDS_READ);
Iterable<EventLogRecord> iterable = () -> eli.iterator();
List<EventLogRecord> events = StreamSupport.stream(iterable.spliterator(), false)
.filter(elr -> 812 == elr.getInstanceId())
.collect(Collectors.toList());
System.out.println("Found records: " + events.size());
}
Hint: same result when using: protocol = "Microsoft-Windows-Winlogon/Operational";
Mark Rotteveel
Jan 8, 2024, 4:44:43 AMJan 8
to jna-...@googlegroups.com
Looking at the Javadoc[1], and given this seems to be a system event,
and the deprecation comment on getEventId(), shouldn't you use
getStatusCode() instead of getInstanceId()?
To be clear: I have never used this part of JNA, I'm just making a
suggestion that I would try if I had to debug this.
Mark
[1]:
http://java-native-access.github.io/jna/5.14.0/javadoc/com/sun/jna/platform/win32/Advapi32Util.EventLogRecord.html
On 07/01/2024 22:54, Christian Schima wrote:
> I want to read Windows events from Winlogon with ID 812 on my local
> machine using current version of JNA.
>
> I can see the desired events in Windows eventlog viewer filtering for
> protocol "Microsoft-Windows-Winlogon/Operational" and event ID 812.
>
> My Java code (running as local administrator) with JNA does not find the
> desired events:
>
> publicvoidtest(){
>
> String serverName= null; // null means the local machine
Mark Rotteveel
and the deprecation comment on getEventId(), shouldn't you use
getStatusCode() instead of getInstanceId()?
To be clear: I have never used this part of JNA, I'm just making a
suggestion that I would try if I had to debug this.
Mark
[1]:
http://java-native-access.github.io/jna/5.14.0/javadoc/com/sun/jna/platform/win32/Advapi32Util.EventLogRecord.html
On 07/01/2024 22:54, Christian Schima wrote:
> I want to read Windows events from Winlogon with ID 812 on my local
> machine using current version of JNA.
>
> I can see the desired events in Windows eventlog viewer filtering for
> protocol "Microsoft-Windows-Winlogon/Operational" and event ID 812.
>
> My Java code (running as local administrator) with JNA does not find the
> desired events:
>
> publicvoidtest(){
>
>
> String protocol= "Microsoft-Windows-Winlogon";
>
> EventLogIterator eli= newEventLogIterator(serverName, protocol,
> WinNT.EVENTLOG_BACKWARDS_READ);
>
> Iterable<EventLogRecord> iterable= () -> eli.iterator();
> String protocol= "Microsoft-Windows-Winlogon";
>
> EventLogIterator eli= newEventLogIterator(serverName, protocol,
> WinNT.EVENTLOG_BACKWARDS_READ);
>
>
> List<EventLogRecord> events=
> StreamSupport.stream(iterable.spliterator(), false)
>
> .filter(elr-> 812 == elr.getInstanceId())
> List<EventLogRecord> events=
> StreamSupport.stream(iterable.spliterator(), false)
>
>
> .collect(Collectors.toList());
>
> System.out.println("Found records: "+ events.size());
>
> }
>
>
> Hint: same result when using: protocol=
> "Microsoft-Windows-Winlogon/Operational";
--
> .collect(Collectors.toList());
>
> System.out.println("Found records: "+ events.size());
>
> }
>
>
> Hint: same result when using: protocol=
> "Microsoft-Windows-Winlogon/Operational";
Mark Rotteveel
Reply all
Reply to author
Forward
0 new messages