Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Event Logger Poblem

Posted on 1998-12-28
6
Medium Priority
?
390 Views
Last Modified: 2013-12-03
I have a problem with this program.
For some resone it returns some EventID that are correct and some that are not. ( realy invalid values that dosn't make sense at all ). What might be the problem ????

      EVENTLOGRECORD *event;
      BYTE* bBuffer;
      DWORD uRead,uNeeded,cRecords = 0;
      HANDLE m_hHandle = 0;

      m_hHandle = OpenEventLog(NULL,"System");
    if (m_hHandle == 0)
            return;

      ReadEventLog(m_hHandle,
                         EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
                        0,
                        event,
                        0,
                        &uRead,
                        &uNeeded);
      

      bBuffer = new BYTE[uNeeded];

      event = reinterpret_cast<EVENTLOGRECORD*>(&bBuffer);

      while( event->EventID != 20032 )
      {

             ReadEventLog(m_hHandle,
                                    EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
                                    0,
                                    event,
                                    uNeeded,
                                    &uRead,
                                    &uNeeded);
      
            switch (event->EventID)
            {
                  case 4 :
                        printf("error 4\n");
                        break;
                  case 7024:
                        printf("error 7024\n");
                        break;
                  default:
                        break;

            }
            
            event = reinterpret_cast<EVENTLOGRECORD*>(&bBuffer);

      }

      CloseEventLog(m_hHandle);
      delete bBuffer;
}
0
Comment
Question by:sector
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 6

Accepted Solution

by:
stsanz earned 440 total points
ID: 1417752
Your allocation method is a bit odd.
First, event pointer must not be NULL before the first call of ReadEventLog, even if nNumberOfBytesToRead is 0 (see ReadEventLog online help)
Secondly, you allocate a bBuffer for a uNeeded size that is valid only for the first call, and never reallocate it.

Try with the following piece of code :

{
EVENTLOGRECORD*  event;
DWORD  uRead,uNeeded,cRecords = 0;
HANDLE  m_hHandle = 0;
BOOL  bRes ;
DWORD  dwError ;
DWORD  dwBufSize = 4096 ;

m_hHandle = OpenEventLog(NULL,"System");
if (m_hHandle == 0)
  return ;

printf("Event log opened\n") ;

event = (EVENTLOGRECORD*)new BYTE[dwBufSize] ;

while (TRUE)
{
bRes = ReadEventLog(m_hHandle,
  EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
  0,
  event,
  dwBufSize,
  &uRead,
  &uNeeded);

if (!bRes)
  {
  dwError = GetLastError();
  if (dwError != ERROR_INSUFFICIENT_BUFFER)
    {
    CloseEventLog(m_hHandle);
    delete event ;
    }

  // Buffer is not long enough : reallocate
  delete event ;
  event = (EVENTLOGRECORD*)new BYTE[uNeeded] ;
  break ;
  }

switch (event->EventID)
  {
  case 4 :
    printf("error 4\n");
    break;
  case 7024:
    printf("error 7024\n");
    break;
  default:
    printf("Default case\n") ;
    break;
  }
}
}

Hope this helps.
0
 
LVL 6

Expert Comment

by:stsanz
ID: 1417753
Sorry, I have forgotten a return statement in :

if (dwError != ERROR_INSUFFICIENT_BUFFER)
    {
    CloseEventLog(m_hHandle);
    delete event ;
    return ;
    }

0
 

Author Comment

by:sector
ID: 1417754
The buffer is always empty.
I still don't get the event ID as shown in the Event Viewe.
For some reason only the eventID 20032 I can see ,
other numbers are strange numbers like : 3221487640,2147490651 etc...
I realy don't understand it.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:sector
ID: 1417755
Well ?????
0
 
LVL 6

Expert Comment

by:stsanz
ID: 1417756
I have made some tests : my event log is correct but contains eventIDs that must be interpretated as hex numbers in the format 0x8000nnnn where nnnn is the event identifier as displayed in the event viewer.
So, to display the right event id, use :
(event->EventID & 0x0000FFFF)

Moreover, the ReadEventLog API can return several event descriptors if the buffer is big enough (indicated by nNumberOfBytesToRead parameter).
After a call to ReadEventLog, *pnBytesRead indicates how many bytes were returned in the buffer, each event descriptor having a variable length.
So, after each ReadEventLog call, you should browse the event buffer, using a piece of code of the following kind :

BYTE *buffer ;

buffer = (BYTE*)event ;
while (uRead > 0)        
{
  printf("EventID:0x%08X ",((EVENTLOGRECORD*)buffer)->EventID) ;
  uRead -= ((EVENTLOGRECORD*)buffer)->Length ;
  buffer += ((EVENTLOGRECORD*)buffer)->Length ;
}

Hope this helps.

0
 

Author Comment

by:sector
ID: 1417757
Thank you very much stsanz
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to make a Windows 7 gadget that accepts files dropped from the Windows Explorer.  It also illustrates how to give your gadget a non-rectangular shape and how to add some nifty visual effects to text displayed in a your gadget.…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question