liutauras
asked on
Reading System Event Log
Hello, I need to read through the System Event Log, I have the following method:
PDWORD NumberOfRecords= new DWORD;
EVENTLOGRECORD *evRec;
char* buffer= new char[10000];
evRec= (EVENTLOGRECORD*)buffer;
DWORD pnBytesRead;
DWORD pnMinNumberOfBytesNeeded;
DWORD errorCode= 0;
HANDLE hd= OpenEventLog( "comp_name", // pointer to server name
"System" );
// set status
if (hd!= NULL) m_Status= 1;
UpdateData(false);
if (
!ReadEventLog( hd,
EVENTLOG_FORWARDS_READ , // specifies how to read log
0, // number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
// number of bytes required for next
// record
))
errorCode= GetLastError();
delete NumberOfRecords;
delete buffer;
when I execute the code, I'm getting error with code 87, what means invalid parameter. I'm using VStudio 98 under NT SP3
What I'm doing wrong?
PDWORD NumberOfRecords= new DWORD;
EVENTLOGRECORD *evRec;
char* buffer= new char[10000];
evRec= (EVENTLOGRECORD*)buffer;
DWORD pnBytesRead;
DWORD pnMinNumberOfBytesNeeded;
DWORD errorCode= 0;
HANDLE hd= OpenEventLog( "comp_name", // pointer to server name
"System" );
// set status
if (hd!= NULL) m_Status= 1;
UpdateData(false);
if (
!ReadEventLog( hd,
EVENTLOG_FORWARDS_READ , // specifies how to read log
0, // number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
// number of bytes required for next
// record
))
errorCode= GetLastError();
delete NumberOfRecords;
delete buffer;
when I execute the code, I'm getting error with code 87, what means invalid parameter. I'm using VStudio 98 under NT SP3
What I'm doing wrong?
You might get more help if you post the question in the Windows Programming group...
It is a programming question, but...
What does it matter if "hd" is NULL? I don´t know much of it but I think that you are trying to ReadEventLog of a NULL File descriptor, and that is the invalid parameter...
What does it matter if "hd" is NULL? I don´t know much of it but I think that you are trying to ReadEventLog of a NULL File descriptor, and that is the invalid parameter...
ASKER
I'm checking the variable m_Status to be 1 and while debugging, I checked also that hd isn't NULL.
But anyway check your code, because you are not conditioning the ReadEventLog to the value of the file descriptor... After you open the log file, you should use the NULL test to Read or not a register of the file.
You can't read from record 0. You need to get the the oldest record number with GetOldestEventLogRecord().
You also have to get the number of records with GetNumberOfEventLogRecords ().
So the starting point is oldestEventLogRecord - numberOfRecords.
You also have to get the number of records with GetNumberOfEventLogRecords
So the starting point is oldestEventLogRecord - numberOfRecords.
ASKER
This is what I did:
PDWORD NumberOfRecords= new DWORD;
EVENTLOGRECORD *evRec;
char* buffer= new char[10000];
evRec= (EVENTLOGRECORD*)buffer;
DWORD pnBytesRead;
DWORD pnMinNumberOfBytesNeeded;
DWORD errorCode= 0;
DWORD nNumberOfRecords;
DWORD nOldestRecord;
DWORD nStartingPoint;
HANDLE hd= OpenEventLog( "liutas", // pointer to server name
"System" );
if (!hd ) return 1;
GetNumberOfEventLogRecords (hd, &nNumberOfRecords);
GetOldestEventLogRecord(hd , &nOldestRecord);
nStartingPoint= nNumberOfRecords- nOldestRecord;
if (
!::ReadEventLog( hd,
EVENTLOG_FORWARDS_READ , // specifies how to read log
nStartingPoint, //number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
// number of bytes required for next
// record
))
errorCode= GetLastError();
delete NumberOfRecords;
delete buffer;
Though the situation is still the same... :(, I get error 87
PDWORD NumberOfRecords= new DWORD;
EVENTLOGRECORD *evRec;
char* buffer= new char[10000];
evRec= (EVENTLOGRECORD*)buffer;
DWORD pnBytesRead;
DWORD pnMinNumberOfBytesNeeded;
DWORD errorCode= 0;
DWORD nNumberOfRecords;
DWORD nOldestRecord;
DWORD nStartingPoint;
HANDLE hd= OpenEventLog( "liutas", // pointer to server name
"System" );
if (!hd ) return 1;
GetNumberOfEventLogRecords
GetOldestEventLogRecord(hd
nStartingPoint= nNumberOfRecords- nOldestRecord;
if (
!::ReadEventLog( hd,
EVENTLOG_FORWARDS_READ , // specifies how to read log
nStartingPoint, //number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
// number of bytes required for next
// record
))
errorCode= GetLastError();
delete NumberOfRecords;
delete buffer;
Though the situation is still the same... :(, I get error 87
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.