question

YenMingChiu-7791 avatar image
0 Votes"
YenMingChiu-7791 asked SongZhu-MSFT commented

How to enable Winsock Network Event record in Event Viewer by using C++

Hi,

I'm confusing and wondering how to use C++ to change the Windows Event Viewer setting to enable logging Winsock Network Event.
It was disabled by default, and what I wanna try is to write a program to enable it and start recording the Winsock events.

Manually enable is okay, but it seems it doesn't have any Windows API to do this...

Here's what I know so far:
- The path in windows event viewer → Applications and Services Logs/Microsoft/Windows/Winsock Network Event
- The provider name → Microsoft-Windows-Winsock-AFD

Any ideas are all welcome.
Thanks!


windows-apic++
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SongZhu-MSFT avatar image
0 Votes"
SongZhu-MSFT answered SongZhu-MSFT commented

You can use WSAAsyncSelect API and refer to this thread.


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your reply, SongZhu!
I'm learning how to use WSAAsyncSelect API now.

But is there any way to change the Event Viewer setting directly?
The WSAAsyncSelect looks like to use to collecting network packets rather than getting event IDs.

0 Votes 0 ·

Maybe you can refer to the official document to track winsock.


0 Votes 0 ·

I appreciate your help!
Gonna try those suggestions first and find any other method as well.

0 Votes 0 ·
Show more comments