Prev Next

ReadEventLog info  Overview  Group

The ReadEventLog function reads a whole number of entries from the specified event log. The function can be used to read log entries in forward or reverse chronological order.

BOOL ReadEventLog(

    HANDLE hEventLog,

// handle of event log

    DWORD dwReadFlags,

// specifies how to read log

    DWORD dwRecordOffset,

// number of first record

    LPVOID lpBuffer,

// address of buffer for read data

    DWORD nNumberOfBytesToRead,

// number of bytes to read

    DWORD *pnBytesRead,

// number of bytes read

    DWORD *pnMinNumberOfBytesNeeded 

// number of bytes required for next record

   );

Parameters

hEventLog
Identifies the event log to read. This handle is returned by the OpenEventLog function.
dwReadFlags
Specifies how the read operation is to proceed. This parameter can be any combination of the following values:

Value

Meaning

EVENTLOG_FORWARDS_READ

The log is read in forward chronological order.

EVENTLOG_BACKWARDS_READ

The log is read in reverse chronological order.

EVENTLOG_SEEK_READ

The read operation proceeds from the record specified by the dwRecordOffset parameter. If this flag is used, dwReadFlags must also specify EVENTLOG_FORWARDS_READ or EVENTLOG_BACKWARDS_READ. If the buffer is large enough, more than one record can be read at the specified seek position; the additional flag indicates the direction for successive read operations.

EVENTLOG_SEQUENTIAL_READ

The read operation proceeds sequentially from the last call to the ReadEventLog function using this handle.

dwRecordOffset
Specifies the log-entry record number at which the read operation should start. This parameter is ignored unless the dwReadFlags parameter includes the EVENTLOG_SEEK_READ flag.
lpBuffer
Points to a buffer for the data read from the event log. This parameter cannot be NULL, even if the nNumberOfBytesToRead parameter is zero.

The buffer will be filled with an EVENTLOGRECORD structure.

nNumberOfBytesToRead
Specifies the size, in bytes, of the buffer. This function will read as many whole log entries as will fit in the buffer; the function will not return partial entries, even if there is room in the buffer.
pnBytesRead
Points to a variable that receives the number of bytes read by the function.
pnMinNumberOfBytesNeeded
Points to a variable that receives the number of bytes required for the next log entry. This count is valid only if ReadEventLog returns zero and GetLastError returns ERROR_INSUFFICIENT_BUFFER.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

When this function returns, the read position in the error log is adjusted by the number of records read. Only a whole number of event log records will be returned.

Note  The configured filename for this source may also be the configured filename for other sources (several sources can exist as subkeys under a single logfile). Therefore, this function may return events that were logged by more than one source.

See Also

ClearEventLog, CloseEventLog, EVENTLOGRECORD, OpenEventLog, ReportEvent 

Questions: