Announcement

Collapse
No announcement yet.

What's wrong with this function?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Guest's Avatar
    Guest replied
    Scott, you do realize you must deal with the variable length data which each eventlog record contains, correct?

    Just in case, check the structure lebgth after the call returns. The length then indicates the full length of the data and you can use the commented portion of the structure to make sense of the data following the fixed portion of the eventlogrecord.

    *** You have mail (tngbbs) ***

    [This message has been edited by Ron Pierce (edited June 18, 2001).]

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Scott, try it with %EVENTLOG_SEEK_READ and your existing flag.
    Also, you might want to dimension an array of records as the buffer if reading more than one record.

    Ron

    Leave a comment:


  • Scott Turchin
    started a topic What's wrong with this function?

    What's wrong with this function?

    This function seems to open the NT event log just fine, reads 481 records, shows #1 as the oldest record but does not bring back any data and pnbytesread is zero...

    I'm pretty sure it's the read event log function...????


    Scott


    Code:
    #Compile Exe
    #Register None
    #Dim All
    #Option Version5
    #Include "WIN32API.INC"
    
    Function WinMain (ByVal hCurInstance     As Long, _
                      ByVal hPrevInstance As Long, _
                      lpCmdLine           As Asciiz Ptr, _
                      ByVal iCmdShow      As Long) As Long
    
    Local lpSourceName      As Asciiz * 16
    Local lResult           As Long
    
    'Open Event log
    Local hEventLog         As Long
    Local lEventLogRecordCount  As Long
    Local lpOldestRecord    As Long
    'Read event log
    Local lpBuffer          As EVENTLOGRECORD
    Local dwRecordOffset    As Long '?
    Local pnBytesRead       As Long
    Local pnMinNumberOfBytesNeeded  As Long
    
    lpSourceName = "Application" ' 'Security, System
    
    pnMinNumberOfBytesNeeded = 1024 '?????? Huh?
    
    hEventLog = OpenEventLog("",lpSourceName)
    If IsFalse hEventLog Then
       MsgBox "Could not read the event log",%MB_ICONSTOP,"Error reading event log"
       Exit Function
    End If
    
    lResult = GetNumberOfEventLogRecords(hEventLog, lEventLogRecordCount)
    lResult = GetOldestEventLogRecord(ByVal hEventLog, lpOldestRecord)
    
    MsgBox "Number of event log events: " & Format$(lEventLogRecordCount) & $CRLF & "Oldest Record: " & Format$(lpOldestRecord)
    
    'Read the event log
    dwRecordOffset = 350
    lResult = ReadEventLog(ByVal hEventLog, _
                                ByVal %EVENTLOG_FORWARDS_READ, _
                                ByVal dwRecordOffset, _
                                lpBuffer, _
                                ByVal SizeOf(lpBuffer), _
                                pnBytesRead, _
                                pnMinNumberOfBytesNeeded)
    
    lResult = CloseEventLog(ByVal hEventLog)
    End Function
    ------------------
    Scott
Working...
X