Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OpenEventLog problems

214 views
Skip to first unread message

Tyeler Quentmeyer

unread,
Aug 3, 1999, 3:00:00 AM8/3/99
to
I'm experiencing problems using the following Microsoft API functions:
HANDLE OpenEventLog (servername, source)
bool ReadEventLog (handle, flags, offset, Buffer, BytesToGet,
BytesRecieved, BytesNeeded)

I think my problem is that OpenEventLog does not return the correct
handle because I am not using the correct source parameter. The MSDN
library says the source should be a null terminated string that
specifies the name of the log file that the returned handle will
reference. When I run the function with the source of my event logs
(D:\winnt\system32\config\sysevent.evt), it does not return a NULL
handle, but when I run GetLastError i get error code 203.

Since I am not recieving the correct handle, the Buffer variable which I
send to ReadEventLog does not contain any EVENTLOGRECORDs. An
EVENTLOGRECORD is 56 bytes large, so any number >= to that should
retrieve at least one EVENTLOGRECORD.

Here is some code that you can play around with:

#include <winbase.h>

{
HANDLE security = OpenEventLog (NULL,
"D:\\WINNT\\system32\\config\\SysEvent.Evt");
cout << "OpenEventLog Error: " << GetLastError() << endl;

unsigned long flags = (EVENTLOG_FORWARDS_READ |
EVENTLOG_SEQUENTIAL_READ);
unsigned long offset = 0, getbytes = 10000;
unsigned long *bytesgot, *bytesneeded;
LPVOID Buf;

bool success = ReadEventLog (security, flags, offset, Buf, getbytes,
&bytesgot, &bytesneeded);
}

Thanx.


Tempelaere Tom

unread,
Aug 6, 1999, 3:00:00 AM8/6/99
to
>I'm experiencing problems using the following Microsoft API functions:
>HANDLE OpenEventLog (servername, source)
>bool ReadEventLog (handle, flags, offset, Buffer, BytesToGet,
>BytesRecieved, BytesNeeded)

Well your not the first. Try this (works on my computer): There's some logic
int here, but it's not too hard to understand:

// BEGIN CODE
HANDLE handle = OpenEventLog(NULL, "Application"); // opens application
log
if(handle == INVALID_HANDLE_VALUE)
{
ProcessError();
return;
}

COleDateTime timeRef = COleDateTime::GetCurrentTime(), *timeComp;
const DWORD MAXLEN = 40000;
BYTE buffer[MAXLEN];
EVENTLOGRECORD* record = (EVENTLOGRECORD*) &buffer;
DWORD bytesRead, bytesToRead;
bool _error = true;
CString appl;
bool found = false;
BOOL timePassed = FALSE;


hile( ReadEventLog(handle,EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ,0
,record,MAXLEN,
&bytesRead,&bytesToRead) && !found && !timePassed)
{
while ((bytesRead>0) && !found && !timePassed)


timeComp = new COleDateTime((time_t) record->TimeGenerated);

if( !(timePassed = ((*timeComp) < timeRef)) )
{
appl = (LPSTR) ((LPBYTE)record+sizeof(EVENTLOGRECORD));
if(found = (appl == "someapp"))
_error = (record->EventType == EVENTLOG_ERROR_TYPE);
}

delete timeComp;

bytesRead -= record->Length;
record = (EVENTLOGRECORD *) ((LPBYTE) record + record->Length);
}

record = (EVENTLOGRECORD *) &buffer;
}

CloseEventLog(handle);
// END CODE


I hope your problems will get solved.
Love y'all, TiTi.

0 new messages