The ReadEventLog function reads a whole number of entries from the specified event log. The function can be used to read log entries in forward or reverse chronological order.
BOOL ReadEventLog(
HANDLE hEventLog, |
// handle of event log |
DWORD dwReadFlags, |
// specifies how to read log |
DWORD dwRecordOffset, |
// number of first record |
LPVOID lpBuffer, |
// address of buffer for read data |
DWORD nNumberOfBytesToRead, |
// number of bytes to read |
DWORD *pnBytesRead, |
// number of bytes read |
DWORD *pnMinNumberOfBytesNeeded |
// number of bytes required for next record |
); |
Value |
Meaning |
EVENTLOG_FORWARDS_READ |
The log is read in forward chronological order. |
EVENTLOG_BACKWARDS_READ |
The log is read in reverse chronological order. |
EVENTLOG_SEEK_READ |
The read operation proceeds from the record specified by the dwRecordOffset parameter. If this flag is used, dwReadFlags must also specify EVENTLOG_FORWARDS_READ or EVENTLOG_BACKWARDS_READ. If the buffer is large enough, more than one record can be read at the specified seek position; the additional flag indicates the direction for successive read operations. |
EVENTLOG_SEQUENTIAL_READ |
The read operation proceeds sequentially from the last call to the ReadEventLog function using this handle. |
The buffer will be filled with an EVENTLOGRECORD
structure.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
When this function returns, the read position in the error log is adjusted by the number of records read. Only a whole number of event log records will be returned.
Note The configured filename for this source may also be the configured filename for other sources (several sources can exist as subkeys under a single logfile). Therefore, this function may return events that were logged by more than one source.
ClearEventLog, CloseEventLog, EVENTLOGRECORD, OpenEventLog, ReportEvent
Questions: