Solved

Reading System Event Log

Posted on 1998-11-24
7
539 Views
Last Modified: 2013-12-28
Hello, I need to read through the System Event Log, I have the following method:

PDWORD NumberOfRecords= new DWORD;
 EVENTLOGRECORD *evRec;
 char* buffer= new char[10000];
 evRec= (EVENTLOGRECORD*)buffer;
 DWORD pnBytesRead;
 DWORD pnMinNumberOfBytesNeeded;
 DWORD errorCode= 0;


 HANDLE hd= OpenEventLog(  "comp_name",  // pointer to server name
  "System" );

 // set status
    if (hd!= NULL) m_Status= 1;
 UpdateData(false);

 if (
 !ReadEventLog(  hd,
  EVENTLOG_FORWARDS_READ ,   // specifies how to read log
  0,       // number of first record
  buffer,    // address of buffer for read data
  10000,      // number of bytes to read
  &pnBytesRead,    // number of bytes read
  &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
          ))
 errorCode= GetLastError();


 delete NumberOfRecords;
 delete buffer;

when I execute the code, I'm getting error with code 87, what means invalid parameter. I'm using VStudio 98 under NT SP3
What I'm doing wrong?
0
Comment
Question by:liutauras
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 7

Expert Comment

by:BlackMan
ID: 1795058
You might get more help if you post the question in the Windows Programming group...
0
 

Expert Comment

by:avigon
ID: 1795059
It is a programming question, but...
 What does it matter if "hd" is NULL? I don´t  know much of it but I think that you are trying to ReadEventLog of a NULL File descriptor, and that is the invalid parameter...
0
 

Author Comment

by:liutauras
ID: 1795060
I'm checking the variable m_Status to be 1 and while debugging, I checked also that hd isn't NULL.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Expert Comment

by:avigon
ID: 1795061
But anyway check your code, because you are not conditioning the ReadEventLog to the value of the file descriptor... After you open the log file, you should use the NULL test to Read or not a register of the file.
0
 
LVL 15

Expert Comment

by:Tommy Hui
ID: 1795062
You can't read from record 0. You need to get the the oldest record number with GetOldestEventLogRecord().

You also have to get the number of records with GetNumberOfEventLogRecords().

So the starting point is oldestEventLogRecord - numberOfRecords.


0
 

Author Comment

by:liutauras
ID: 1795063
This is what I did:
      PDWORD NumberOfRecords= new DWORD;
      EVENTLOGRECORD *evRec;
      char* buffer= new char[10000];
      evRec= (EVENTLOGRECORD*)buffer;
      DWORD pnBytesRead;      
      DWORD pnMinNumberOfBytesNeeded;
      DWORD errorCode= 0;
      DWORD nNumberOfRecords;
      DWORD nOldestRecord;
      DWORD nStartingPoint;


      HANDLE hd= OpenEventLog(  "liutas",  // pointer to server name
            "System" );

      if (!hd ) return 1;

      GetNumberOfEventLogRecords(hd, &nNumberOfRecords);
      GetOldestEventLogRecord(hd, &nOldestRecord);

      nStartingPoint= nNumberOfRecords- nOldestRecord;

      if (
            !::ReadEventLog(  hd,
            EVENTLOG_FORWARDS_READ ,   // specifies how to read log
            nStartingPoint,            //number of first record
            buffer,                        // address of buffer for read data
            10000,                                    // number of bytes to read
            &pnBytesRead,                        // number of bytes read
            &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
                                             ))
      errorCode= GetLastError();

      delete NumberOfRecords;
      delete buffer;

Though the situation is still the same... :(, I get error 87
0
 
LVL 7

Accepted Solution

by:
BlackMan earned 150 total points
ID: 1795064
Try to add the Sequential-flag to your ReadEventLog command, I think that will solve your problem...
Like this:
if (
!::ReadEventLog(  hd,
EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ ,   // specifies how to read log
nStartingPoint, //number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
   ))

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question