Solved

Reading System Event Log

Posted on 1998-11-24
7
530 Views
Last Modified: 2013-12-28
Hello, I need to read through the System Event Log, I have the following method:

PDWORD NumberOfRecords= new DWORD;
 EVENTLOGRECORD *evRec;
 char* buffer= new char[10000];
 evRec= (EVENTLOGRECORD*)buffer;
 DWORD pnBytesRead;
 DWORD pnMinNumberOfBytesNeeded;
 DWORD errorCode= 0;


 HANDLE hd= OpenEventLog(  "comp_name",  // pointer to server name
  "System" );

 // set status
    if (hd!= NULL) m_Status= 1;
 UpdateData(false);

 if (
 !ReadEventLog(  hd,
  EVENTLOG_FORWARDS_READ ,   // specifies how to read log
  0,       // number of first record
  buffer,    // address of buffer for read data
  10000,      // number of bytes to read
  &pnBytesRead,    // number of bytes read
  &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
          ))
 errorCode= GetLastError();


 delete NumberOfRecords;
 delete buffer;

when I execute the code, I'm getting error with code 87, what means invalid parameter. I'm using VStudio 98 under NT SP3
What I'm doing wrong?
0
Comment
Question by:liutauras
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 7

Expert Comment

by:BlackMan
ID: 1795058
You might get more help if you post the question in the Windows Programming group...
0
 

Expert Comment

by:avigon
ID: 1795059
It is a programming question, but...
 What does it matter if "hd" is NULL? I don´t  know much of it but I think that you are trying to ReadEventLog of a NULL File descriptor, and that is the invalid parameter...
0
 

Author Comment

by:liutauras
ID: 1795060
I'm checking the variable m_Status to be 1 and while debugging, I checked also that hd isn't NULL.
0
Are your end users making ugly email signatures?

Have you left it up to your end users to create their own email signatures? Are they forgetting to add the company logo or using garish font colors? Take control and ensure all users have the same email signature.

 

Expert Comment

by:avigon
ID: 1795061
But anyway check your code, because you are not conditioning the ReadEventLog to the value of the file descriptor... After you open the log file, you should use the NULL test to Read or not a register of the file.
0
 
LVL 15

Expert Comment

by:Tommy Hui
ID: 1795062
You can't read from record 0. You need to get the the oldest record number with GetOldestEventLogRecord().

You also have to get the number of records with GetNumberOfEventLogRecords().

So the starting point is oldestEventLogRecord - numberOfRecords.


0
 

Author Comment

by:liutauras
ID: 1795063
This is what I did:
      PDWORD NumberOfRecords= new DWORD;
      EVENTLOGRECORD *evRec;
      char* buffer= new char[10000];
      evRec= (EVENTLOGRECORD*)buffer;
      DWORD pnBytesRead;      
      DWORD pnMinNumberOfBytesNeeded;
      DWORD errorCode= 0;
      DWORD nNumberOfRecords;
      DWORD nOldestRecord;
      DWORD nStartingPoint;


      HANDLE hd= OpenEventLog(  "liutas",  // pointer to server name
            "System" );

      if (!hd ) return 1;

      GetNumberOfEventLogRecords(hd, &nNumberOfRecords);
      GetOldestEventLogRecord(hd, &nOldestRecord);

      nStartingPoint= nNumberOfRecords- nOldestRecord;

      if (
            !::ReadEventLog(  hd,
            EVENTLOG_FORWARDS_READ ,   // specifies how to read log
            nStartingPoint,            //number of first record
            buffer,                        // address of buffer for read data
            10000,                                    // number of bytes to read
            &pnBytesRead,                        // number of bytes read
            &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
                                             ))
      errorCode= GetLastError();

      delete NumberOfRecords;
      delete buffer;

Though the situation is still the same... :(, I get error 87
0
 
LVL 7

Accepted Solution

by:
BlackMan earned 150 total points
ID: 1795064
Try to add the Sequential-flag to your ReadEventLog command, I think that will solve your problem...
Like this:
if (
!::ReadEventLog(  hd,
EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ ,   // specifies how to read log
nStartingPoint, //number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
   ))

0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now