ReadEventLog
The ReadEventLog
function reads a whole number of entries from the specified event log. The
function can be used to read log entries in forward or reverse chronological
order.
BOOL ReadEventLog(
|
HANDLE hEventLog, |
// handle of event
log |
|
DWORD dwReadFlags, |
// specifies how to
read log |
|
DWORD dwRecordOffset, |
// number of first
record |
|
LPVOID lpBuffer, |
// address of
buffer for read data |
|
DWORD nNumberOfBytesToRead, |
// number of bytes
to read |
|
DWORD *pnBytesRead, |
// number of bytes
read |
|
DWORD *pnMinNumberOfBytesNeeded |
// number of bytes
required for next record |
|
); |
|
Parameters
hEventLog
Identifies
the event log to read. This handle is returned by the OpenEventLog
function.
dwReadFlags
Specifies how
the read operation is to proceed. This parameter can be any combination of the
following values:
|
Value |
Meaning |
|
EVENTLOG_FORWARDS_READ |
The log is
read in forward chronological order. |
|
EVENTLOG_BACKWARDS_READ |
The log is
read in reverse chronological order. |
|
EVENTLOG_SEEK_READ |
The read
operation proceeds from the record specified by the dwRecordOffset
parameter. If this flag is used, dwReadFlags must also specify
EVENTLOG_FORWARDS_READ or EVENTLOG_BACKWARDS_READ. If the buffer is large
enough, more than one record can be read at the specified seek position; the
additional flag indicates the direction for successive read operations. |
|
EVENTLOG_SEQUENTIAL_READ |
The read
operation proceeds sequentially from the last call to the ReadEventLog
function using this handle. |
dwRecordOffset
Specifies the
log-entry record number at which the read operation should start. This
parameter is ignored unless the dwReadFlags parameter includes the
EVENTLOG_SEEK_READ flag.
lpBuffer
Points to a
buffer for the data read from the event log. This parameter cannot be NULL,
even if the nNumberOfBytesToRead parameter is zero.
The buffer
will be filled with an EVENTLOGRECORD structure.
nNumberOfBytesToRead
Specifies the
size, in bytes, of the buffer. This function will read as many whole log
entries as will fit in the buffer; the function will not return partial
entries, even if there is room in the buffer.
pnBytesRead
Points to a
variable that receives the number of bytes read by the function.
pnMinNumberOfBytesNeeded
Points to a
variable that receives the number of bytes required for the next log entry.
This count is valid only if ReadEventLog returns zero and GetLastError
returns ERROR_INSUFFICIENT_BUFFER.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
Remarks
When this
function returns, the read position in the error log is adjusted by the number
of records read. Only a whole number of event log records will be returned.
Note The configured
filename for this source may also be the configured filename for other sources
(several sources can exist as subkeys under a single logfile). Therefore, this
function may return events that were logged by more than one source.
See Also