[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Reading System Event Log

Posted on 1998-11-24
7
Medium Priority
?
555 Views
Last Modified: 2013-12-28
Hello, I need to read through the System Event Log, I have the following method:

PDWORD NumberOfRecords= new DWORD;
 EVENTLOGRECORD *evRec;
 char* buffer= new char[10000];
 evRec= (EVENTLOGRECORD*)buffer;
 DWORD pnBytesRead;
 DWORD pnMinNumberOfBytesNeeded;
 DWORD errorCode= 0;


 HANDLE hd= OpenEventLog(  "comp_name",  // pointer to server name
  "System" );

 // set status
    if (hd!= NULL) m_Status= 1;
 UpdateData(false);

 if (
 !ReadEventLog(  hd,
  EVENTLOG_FORWARDS_READ ,   // specifies how to read log
  0,       // number of first record
  buffer,    // address of buffer for read data
  10000,      // number of bytes to read
  &pnBytesRead,    // number of bytes read
  &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
          ))
 errorCode= GetLastError();


 delete NumberOfRecords;
 delete buffer;

when I execute the code, I'm getting error with code 87, what means invalid parameter. I'm using VStudio 98 under NT SP3
What I'm doing wrong?
0
Comment
Question by:liutauras
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 7

Expert Comment

by:BlackMan
ID: 1795058
You might get more help if you post the question in the Windows Programming group...
0
 

Expert Comment

by:avigon
ID: 1795059
It is a programming question, but...
 What does it matter if "hd" is NULL? I don´t  know much of it but I think that you are trying to ReadEventLog of a NULL File descriptor, and that is the invalid parameter...
0
 

Author Comment

by:liutauras
ID: 1795060
I'm checking the variable m_Status to be 1 and while debugging, I checked also that hd isn't NULL.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Expert Comment

by:avigon
ID: 1795061
But anyway check your code, because you are not conditioning the ReadEventLog to the value of the file descriptor... After you open the log file, you should use the NULL test to Read or not a register of the file.
0
 
LVL 15

Expert Comment

by:Tommy Hui
ID: 1795062
You can't read from record 0. You need to get the the oldest record number with GetOldestEventLogRecord().

You also have to get the number of records with GetNumberOfEventLogRecords().

So the starting point is oldestEventLogRecord - numberOfRecords.


0
 

Author Comment

by:liutauras
ID: 1795063
This is what I did:
      PDWORD NumberOfRecords= new DWORD;
      EVENTLOGRECORD *evRec;
      char* buffer= new char[10000];
      evRec= (EVENTLOGRECORD*)buffer;
      DWORD pnBytesRead;      
      DWORD pnMinNumberOfBytesNeeded;
      DWORD errorCode= 0;
      DWORD nNumberOfRecords;
      DWORD nOldestRecord;
      DWORD nStartingPoint;


      HANDLE hd= OpenEventLog(  "liutas",  // pointer to server name
            "System" );

      if (!hd ) return 1;

      GetNumberOfEventLogRecords(hd, &nNumberOfRecords);
      GetOldestEventLogRecord(hd, &nOldestRecord);

      nStartingPoint= nNumberOfRecords- nOldestRecord;

      if (
            !::ReadEventLog(  hd,
            EVENTLOG_FORWARDS_READ ,   // specifies how to read log
            nStartingPoint,            //number of first record
            buffer,                        // address of buffer for read data
            10000,                                    // number of bytes to read
            &pnBytesRead,                        // number of bytes read
            &pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
                                             ))
      errorCode= GetLastError();

      delete NumberOfRecords;
      delete buffer;

Though the situation is still the same... :(, I get error 87
0
 
LVL 7

Accepted Solution

by:
BlackMan earned 600 total points
ID: 1795064
Try to add the Sequential-flag to your ReadEventLog command, I think that will solve your problem...
Like this:
if (
!::ReadEventLog(  hd,
EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ ,   // specifies how to read log
nStartingPoint, //number of first record
buffer, // address of buffer for read data
10000, // number of bytes to read
&pnBytesRead, // number of bytes read
&pnMinNumberOfBytesNeeded
                               // number of bytes required for next
                               // record
   ))

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an update to some code that someone else posted on Experts Exchange. It is an alternate approach, I think a little easier to use, & makes sure that things like the Task Bar will update.
This article provides a step by step guide (with screenshots) showing how to create a new local (test) Administrator user profile in Windows 10 for troubleshooting purposes, and then how to remove it.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question