[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Reading System Event Log

Posted on 1998-11-24
7
Medium Priority
?
553 Views
Last Modified: 2013-12-28
Hello, I need to read through the System Event Log, I have the following method:

PDWORD NumberOfRecords= new DWORD;
 EVENTLOGRECORD *evRec;
 char* buffer= new char[10000];
 evRec= (EVENTLOGRECORD*)buffer;
 DWORD pnBytesRead;
 DWORD pnMinNumberOfBytesNeeded;
 DWORD errorCode= 0;


 HANDLE hd= OpenEventLog(  "comp_name",  // pointer to server name
  "System" );

 // set status
    if (hd!= NULL) m_Status= 1;
 UpdateData(false);

 if (
 !ReadEventLog(  hd,
  EVENTLOG_FORWARDS_READ ,   // specifies how to read log
  0,       // number of first record
  buffer,    // address of buffer for read data
  10000,      // number of bytes to read
  &pnBytesRead,    // number of bytes read
  &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
          ))
 errorCode= GetLastError();


 delete NumberOfRecords;
 delete buffer;

when I execute the code, I'm getting error with code 87, what means invalid parameter. I'm using VStudio 98 under NT SP3
What I'm doing wrong?
0
Comment
Question by:liutauras
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 7

Expert Comment

by:BlackMan
ID: 1795058
You might get more help if you post the question in the Windows Programming group...
0
 

Expert Comment

by:avigon
ID: 1795059
It is a programming question, but...
 What does it matter if "hd" is NULL? I don´t  know much of it but I think that you are trying to ReadEventLog of a NULL File descriptor, and that is the invalid parameter...
0
 

Author Comment

by:liutauras
ID: 1795060
I'm checking the variable m_Status to be 1 and while debugging, I checked also that hd isn't NULL.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Expert Comment

by:avigon
ID: 1795061
But anyway check your code, because you are not conditioning the ReadEventLog to the value of the file descriptor... After you open the log file, you should use the NULL test to Read or not a register of the file.
0
 
LVL 15

Expert Comment

by:Tommy Hui
ID: 1795062
You can't read from record 0. You need to get the the oldest record number with GetOldestEventLogRecord().

You also have to get the number of records with GetNumberOfEventLogRecords().

So the starting point is oldestEventLogRecord - numberOfRecords.


0
 

Author Comment

by:liutauras
ID: 1795063
This is what I did:
      PDWORD NumberOfRecords= new DWORD;
      EVENTLOGRECORD *evRec;
      char* buffer= new char[10000];
      evRec= (EVENTLOGRECORD*)buffer;
      DWORD pnBytesRead;      
      DWORD pnMinNumberOfBytesNeeded;
      DWORD errorCode= 0;
      DWORD nNumberOfRecords;
      DWORD nOldestRecord;
      DWORD nStartingPoint;


      HANDLE hd= OpenEventLog(  "liutas",  // pointer to server name
            "System" );

      if (!hd ) return 1;

      GetNumberOfEventLogRecords(hd, &nNumberOfRecords);
      GetOldestEventLogRecord(hd, &nOldestRecord);

      nStartingPoint= nNumberOfRecords- nOldestRecord;

      if (
            !::ReadEventLog(  hd,
            EVENTLOG_FORWARDS_READ ,   // specifies how to read log
            nStartingPoint,            //number of first record
            buffer,                        // address of buffer for read data
            10000,                                    // number of bytes to read
            &pnBytesRead,                        // number of bytes read
            &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
                                             ))
      errorCode= GetLastError();

      delete NumberOfRecords;
      delete buffer;

Though the situation is still the same... :(, I get error 87
0
 
LVL 7

Accepted Solution

by:
BlackMan earned 600 total points
ID: 1795064
Try to add the Sequential-flag to your ReadEventLog command, I think that will solve your problem...
Like this:
if (
!::ReadEventLog(  hd,
EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ ,   // specifies how to read log
nStartingPoint, //number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
   ))

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question