Solved

An Urgent Problem With Reading Event Logger

Posted on 1998-05-27
1
470 Views
Last Modified: 2013-12-03
why isn't this program returning the correct EventID code
from the logger and always return 0 even when all events in the logger are with diffrent id  ?
In fact this is very much alike the sample program in the
sdk ?


#include  <stdio.h>
#include "events.hpp"
#include <iostream.h>      

void EventThread::RunThread()
{

      HANDLE h,hEvent;
      EVENTLOGRECORD *m_event;
      BYTE bBuffer[MAX_PATH];
      DWORD dwRead,dwNeeded,cRecords=0,dwThisRecord =0;
      

    h = OpenEventLog(NULL,"Application");
    if (h == NULL)
      {
            cout << "can't open the event logger";
      }

      m_event = (EVENTLOGRECORD*) &bBuffer;

      hEvent = CreateEvent( LPSECURITY_ATTRIBUTES(NULL) ,
                                      FALSE,
                                      FALSE,
                                 "EventHandle");

      if (!GetNumberOfEventLogRecords(h,&cRecords))
            cout << "error . Couldn't read or write ";
      else
            cout << "number of records in the system  event log is :"
                   << cRecords << endl;

      cout << "Waiting for more events \n";
      while(1)
      {
            
            NotifyChangeEventLog(h,hEvent);
            WaitForSingleObject(hEvent,INFINITE);
            {
                  ReadEventLog(h,
                         EVENTLOG_BACKWARDS_READ,
                               0,
                               m_event,
                               sizeof(EVENTLOGRECORD),
                               &dwRead,
                               &dwNeeded);
            

      if (m_event->EventType == EVENTLOG_ERROR_TYPE )
                  {
                        switch (m_event->EventID)
                        {
                        case 4:
                              {
                            cout << " ccc was notified about bad sector on disk ";
                              }
                        default:
                              cout << " A Unknown event was raised ";
                        }
                  }
                        
            m_event = (EVENTLOGRECORD*) &bBuffer;
            }
      }

      CloseEventLog(h);
}


UTL_Status EventThread::StopThread(DWORD number)
{

      // TODO
      return 0;
}



void main()
{

      EventThread* local = new EventThread;
      local->RunThread();

}
0
Comment
Question by:sector
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
mwalsh111097 earned 200 total points
ID: 1404369
If you check the return from the ReadEventLog() function, you will find that it is, in fact, failing.  GetLastError returns 0x57, which indicates an invalid parameter to the function.  When you change the flags to be "EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ" and change the buffer size to be "sizeof(bBuffer)" then everything works as it should.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question