If you go to http://www.btinternet.com/~vbadmincode/winnt.htm#Event Log there are a number of example for reading/writing to the NT event log

Have a look at the NT Event log examples here:
http://www.netfokus.dk/vbadmincode/winnt.htm
Lots of good examples there.

Dhaest, neither of those lkinks works.

the netfokis.dk link comes back as Page Not Found,  and the btinternet.com link takes me to

http://www.btopenworld.com/default

???

Microsoft provides a dll "advapi32.dll" that wraps all the functionality required to deal with the event log in the API exported by this DLL.

- BackupEventLog: Saves the specified event log to a backup file.
- ClearEventLog: Clears the specified event log, and optionally saves the current copy of the logfile to a backup file.
- CloseEventLog: Closes a read handle to the specified event log.
- DeregisterEventSource: Closes a write handle to the specified event log.
- GetEventLogInformation: Retrieves information about the specified event log.
- GetNumberOfEventLogRecords: Retrieves the number of records in the specified event log.
- GetOldestEventLogRecord: Retrieves the absolute record number of the oldest record in the specified event log.
- NotifyChangeEventLog: Enables an application to receive notification when an event is written to the specified event logfile.
- OpenBackupEventLog: Opens a handle to a backup event log.
- OpenEventLog: Opens a handle to an event log.
- ReadEventLog: Reads a whole number of entries from the specified event log.
- RegisterEventSource: Retrieves a registered handle to an event log.
- ReportEvent: Writes an entry at the end of the specified event log.
They are documented in: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/event_logging_functions.asp

There are some examples on how to use these API calls in VB, and here are the links:
http://www.winnetmag.com/Articles/Index.cfm?ArticleID=2829&pg=3
http://archive.devx.com/premier/mgznarch/vbpj/1996/03mar96/wprogcol.pdf

emadat...yes, I have gotten that far, but I need the specifics on ReadEventLog.  In particular, the VALUES for the CONSTANTS:EVENTLOG_SEEK_READ, EVENTLOG_SEQUENTIAL_READ, EVENTLOG_FORWARDS_READ, EVENTLOG_BACKWARDS_READ.

They are identified in MSDN, but the VALUES are not specified, anywhere.

and in fact, both of the last two links, while helpful, make reference to these CONSTANTS without supplying the VALUES.  and without those constants, the code will NEVER compile.

AW

it also turns out the when the VB 6 app writes to the Event Log, using App.LogEvent, it ALWAYS uses the fixed SOURCE "VBRuntime", and ALWAYS uses the Fixed EventID of 1.

I have NO CONTROL over how the events are being wriiten to the Event log, I simply need a way to be able to READ the events that were written.

I have discovered the with .NET, reading from the Event Log is ALMOST trivial, but at this point, becuase of other system constraints that are also out of my control, I doubt the a .NET solution is acceptable at the moment.  I really need a VB ^ solution, and preferably one that does not involve $$$ (there is a Toolkit from Desaware, for working with the NT Event Log, but I am not is a position to spend $$ - customer contraints in a government contract situation precludes that possibility, as well as sever time constraints).

AW

I hope this will help you:

Private Const EVENTLOG_SUCCESS = &H0
Private Const EVENTLOG_ERROR_TYPE = &H1
Private Const EVENTLOG_WARNING_TYPE = &H2
Private Const EVENTLOG_INFORMATION_TYPE = &H4
Private Const EVENTLOG_AUDIT_SUCCESS = &H8
Private Const EVENTLOG_AUDIT_FAILURE = &H10
Private Const EVENTLOG_SEQUENTIAL_READ = &H1
Private Const EVENTLOG_SEEK_READ = &H2
Private Const EVENTLOG_FORWARDS_READ = &H4
Private Const EVENTLOG_BACKWARDS_READ = &H8

Private Type EVENTLOGRECORD
   Length As Long   ' Length of full record
   Reserved As Long   ' Used by the service
   RecordNumber As Long   ' Absolute record number
   TimeGenerated As Long   ' Seconds since 1-1-1970
   TimeWritten As Long   'Seconds since 1-1-1970
   EventID As Long
   EventType As Integer
   NumStrings As Integer
   EventCategory As Integer
   ReservedFlags As Integer   ' For use with paired events (auditing)
   ClosingRecordNumber As Long   'For use with paired events (auditing)
   StringOffset As Long   ' Offset from beginning of record
   UserSidLength As Long
   UserSidOffset As Long
   DataLength As Long
   DataOffset As Long   ' Offset from beginning of record
End Type

Try this

EDDYKT---that helps a lot, though I think I will try to get the .NET solution accepted (seems we may be able to keep the customer somewhat shielded from the Test tools that we develop - this reading of the event log is to facilitate some automated testing of part of a much larger system that we are developing).  But you did get me the values of the relevant constants, and the while code you showed DOES read the event log, I was not able to then retrieve the actual text of the Event Entry itself (all of the fields in the EVENTLOGRECORD are ALL numbers). Overall the .NET solution is MUCH MUCH cleaner.

but you get the points.  and Thank you.

thank you again...

AW

>>Overall the .NET solution is MUCH MUCH cleaner.


I believe so but you have to load the .NET framework to system  8-<