Solved

Event Logger Poblem

Posted on 1998-12-28
6
384 Views
Last Modified: 2013-12-03
I have a problem with this program.
For some resone it returns some EventID that are correct and some that are not. ( realy invalid values that dosn't make sense at all ). What might be the problem ????

      EVENTLOGRECORD *event;
      BYTE* bBuffer;
      DWORD uRead,uNeeded,cRecords = 0;
      HANDLE m_hHandle = 0;

      m_hHandle = OpenEventLog(NULL,"System");
    if (m_hHandle == 0)
            return;

      ReadEventLog(m_hHandle,
                         EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
                        0,
                        event,
                        0,
                        &uRead,
                        &uNeeded);
      

      bBuffer = new BYTE[uNeeded];

      event = reinterpret_cast<EVENTLOGRECORD*>(&bBuffer);

      while( event->EventID != 20032 )
      {

             ReadEventLog(m_hHandle,
                                    EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
                                    0,
                                    event,
                                    uNeeded,
                                    &uRead,
                                    &uNeeded);
      
            switch (event->EventID)
            {
                  case 4 :
                        printf("error 4\n");
                        break;
                  case 7024:
                        printf("error 7024\n");
                        break;
                  default:
                        break;

            }
            
            event = reinterpret_cast<EVENTLOGRECORD*>(&bBuffer);

      }

      CloseEventLog(m_hHandle);
      delete bBuffer;
}
0
Comment
Question by:sector
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 6

Accepted Solution

by:
stsanz earned 110 total points
ID: 1417752
Your allocation method is a bit odd.
First, event pointer must not be NULL before the first call of ReadEventLog, even if nNumberOfBytesToRead is 0 (see ReadEventLog online help)
Secondly, you allocate a bBuffer for a uNeeded size that is valid only for the first call, and never reallocate it.

Try with the following piece of code :

{
EVENTLOGRECORD*  event;
DWORD  uRead,uNeeded,cRecords = 0;
HANDLE  m_hHandle = 0;
BOOL  bRes ;
DWORD  dwError ;
DWORD  dwBufSize = 4096 ;

m_hHandle = OpenEventLog(NULL,"System");
if (m_hHandle == 0)
  return ;

printf("Event log opened\n") ;

event = (EVENTLOGRECORD*)new BYTE[dwBufSize] ;

while (TRUE)
{
bRes = ReadEventLog(m_hHandle,
  EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
  0,
  event,
  dwBufSize,
  &uRead,
  &uNeeded);

if (!bRes)
  {
  dwError = GetLastError();
  if (dwError != ERROR_INSUFFICIENT_BUFFER)
    {
    CloseEventLog(m_hHandle);
    delete event ;
    }

  // Buffer is not long enough : reallocate
  delete event ;
  event = (EVENTLOGRECORD*)new BYTE[uNeeded] ;
  break ;
  }

switch (event->EventID)
  {
  case 4 :
    printf("error 4\n");
    break;
  case 7024:
    printf("error 7024\n");
    break;
  default:
    printf("Default case\n") ;
    break;
  }
}
}

Hope this helps.
0
 
LVL 6

Expert Comment

by:stsanz
ID: 1417753
Sorry, I have forgotten a return statement in :

if (dwError != ERROR_INSUFFICIENT_BUFFER)
    {
    CloseEventLog(m_hHandle);
    delete event ;
    return ;
    }

0
 

Author Comment

by:sector
ID: 1417754
The buffer is always empty.
I still don't get the event ID as shown in the Event Viewe.
For some reason only the eventID 20032 I can see ,
other numbers are strange numbers like : 3221487640,2147490651 etc...
I realy don't understand it.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 

Author Comment

by:sector
ID: 1417755
Well ?????
0
 
LVL 6

Expert Comment

by:stsanz
ID: 1417756
I have made some tests : my event log is correct but contains eventIDs that must be interpretated as hex numbers in the format 0x8000nnnn where nnnn is the event identifier as displayed in the event viewer.
So, to display the right event id, use :
(event->EventID & 0x0000FFFF)

Moreover, the ReadEventLog API can return several event descriptors if the buffer is big enough (indicated by nNumberOfBytesToRead parameter).
After a call to ReadEventLog, *pnBytesRead indicates how many bytes were returned in the buffer, each event descriptor having a variable length.
So, after each ReadEventLog call, you should browse the event buffer, using a piece of code of the following kind :

BYTE *buffer ;

buffer = (BYTE*)event ;
while (uRead > 0)        
{
  printf("EventID:0x%08X ",((EVENTLOGRECORD*)buffer)->EventID) ;
  uRead -= ((EVENTLOGRECORD*)buffer)->Length ;
  buffer += ((EVENTLOGRECORD*)buffer)->Length ;
}

Hope this helps.

0
 

Author Comment

by:sector
ID: 1417757
Thank you very much stsanz
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question