Announcement

Collapse
No announcement yet.

What's wrong with this function?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    What's wrong with this function?

    This function seems to open the NT event log just fine, reads 481 records, shows #1 as the oldest record but does not bring back any data and pnbytesread is zero...

    I'm pretty sure it's the read event log function...????


    Scott


    Code:
    #Compile Exe
#Register None
#Dim All
#Option Version5
#Include "WIN32API.INC"

Function WinMain (ByVal hCurInstance     As Long, _
                  ByVal hPrevInstance As Long, _
                  lpCmdLine           As Asciiz Ptr, _
                  ByVal iCmdShow      As Long) As Long

Local lpSourceName      As Asciiz * 16
Local lResult           As Long

'Open Event log
Local hEventLog         As Long
Local lEventLogRecordCount  As Long
Local lpOldestRecord    As Long
'Read event log
Local lpBuffer          As EVENTLOGRECORD
Local dwRecordOffset    As Long '?
Local pnBytesRead       As Long
Local pnMinNumberOfBytesNeeded  As Long

lpSourceName = "Application" ' 'Security, System

pnMinNumberOfBytesNeeded = 1024 '?????? Huh?

hEventLog = OpenEventLog("",lpSourceName)
If IsFalse hEventLog Then
   MsgBox "Could not read the event log",%MB_ICONSTOP,"Error reading event log"
   Exit Function
End If

lResult = GetNumberOfEventLogRecords(hEventLog, lEventLogRecordCount)
lResult = GetOldestEventLogRecord(ByVal hEventLog, lpOldestRecord)

MsgBox "Number of event log events: " & Format$(lEventLogRecordCount) & $CRLF & "Oldest Record: " & Format$(lpOldestRecord)

'Read the event log
dwRecordOffset = 350
lResult = ReadEventLog(ByVal hEventLog, _
                            ByVal %EVENTLOG_FORWARDS_READ, _
                            ByVal dwRecordOffset, _
                            lpBuffer, _
                            ByVal SizeOf(lpBuffer), _
                            pnBytesRead, _
                            pnMinNumberOfBytesNeeded)

lResult = CloseEventLog(ByVal hEventLog)
End Function
    ------------------
    Scott
    Scott Turchin
    MCSE, MCP+I
    http://www.tngbbs.com
    ----------------------
    True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi
    Tags: None
  • #2
    Scott, try it with %EVENTLOG_SEEK_READ and your existing flag.
    Also, you might want to dimension an array of records as the buffer if reading more than one record.

    Ron

    Comment

    • #3
      Scott, you do realize you must deal with the variable length data which each eventlog record contains, correct?

      Just in case, check the structure lebgth after the call returns. The length then indicates the full length of the data and you can use the commented portion of the structure to make sense of the data following the fixed portion of the eventlogrecord.

      *** You have mail (tngbbs) ***

      [This message has been edited by Ron Pierce (edited June 18, 2001).]

      Comment

      Previous template Next
      Working...
      X

      We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

      By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

      I Agree