Thread: ReadEventLog

I am using a Win API ~ ReadEventLog that reads a whole number of entries from the specified event log.

""Private Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long""

The second parameter is the flag. Through MSDN, I found a few constants but I am not sure if I have to assigned it to a value. There constants are :
==> EVENTLOG_FORWARDS_READ
==> EVENTLOG_SEQUENTIAL_READ

When I run it, the value of these constants are empty. So, I wonder if I should assign value to them.

The return value to the ReadEventLog is 0. Can anyone guide me on this? Before this, I already use OpenEventLog to get
its handle and successful at it.
Can anyone give any example on how to put the correct parameter or any tips?
Thanks!

I know this is an old issue, but it was never resolved and now i have similar questions regarding it.. below is my code.. I would like to know what i am doing incorrectly as it is never reading anything in to the buffer.

Thanks
-mcd

[Highlight=VB]
Private Const EVENTLOG_SUCCESS = &H0
Private Const EVENTLOG_ERROR_TYPE = &H1
Private Const EVENTLOG_WARNING_TYPE = &H2
Private Const EVENTLOG_INFORMATION_TYPE = &H4
Private Const EVENTLOG_AUDIT_SUCCESS = &H8
Private Const EVENTLOG_AUDIT_FAILURE = &H10
Private Const EVENTLOG_SEQUENTIAL_READ = &H1
Private Const EVENTLOG_SEEK_READ = &H2
Private Const EVENTLOG_FORWARDS_READ = &H4
Private Const EVENTLOG_BACKWARDS_READ = &H8
Private Type EVENTLOGRECORD
Length As Long ' Length of full record
Reserved As Long ' Used by the service
RecordNumber As Long ' Absolute record number
TimeGenerated As Long ' Seconds since 1-1-1970
TimeWritten As Long 'Seconds since 1-1-1970
EventID As Long
EventType As Integer
NumStrings As Integer
EventCategory As Integer
ReservedFlags As Integer ' For use with paired events (auditing)
ClosingRecordNumber As Long 'For use with paired events (auditing)
StringOffset As Long ' Offset from beginning of record
UserSidLength As Long
UserSidOffset As Long
DataLength As Long
DataOffset As Long ' Offset from beginning of record
End Type

Private Declare Function OpenEventLog Lib "advapi32.dll" Alias "OpenEventLogA" (ByVal lpUNCServerName As String, ByVal lpSourceName As String) As Long
Private Declare Function CloseEventLog Lib "advapi32.dll" (ByVal hEventLog As Long) As Long
Private Declare Function BackupEventLog Lib "advapi32.dll" Alias "BackupEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function ClearEventLog Lib "advapi32.dll" Alias "ClearEventLogA" (ByVal hEventLog As Long, ByVal lpBackupFileName As String) As Long
Private Declare Function GetNumberOfEventLogRecords Lib "advapi32.dll" (ByVal hEventLog As Long, NumberOfRecords As Long) As Long
Private Declare Function GetOldestEventLogRecord Lib "advapi32.dll" (ByVal hEventLog As Long, OldestRecord As Long) As Long
Private Declare Function ReportEvent Lib "advapi32.dll" Alias "ReportEventA" (ByVal hEventLog As Long, ByVal wType As Long, ByVal wCategory As Long, ByVal dwEventID As Long, lpUserSid As Any, ByVal wNumStrings As Long, ByVal dwDataSize As Long, lpStrings As String, lpRawData As Any) As Long
Private Declare Function ReadEventLog Lib "advapi32.dll" Alias "ReadEventLogA" (ByVal hEventLog As Long, ByVal dwReadFlags As Long, ByVal dwRecordOffset As Long, lpBuffer As EVENTLOGRECORD, ByVal nNumberOfBytesToRead As Long, pnBytesRead As Long, pnMinNumberOfBytesNeeded As Long) As Long


Private Sub Form_Load()

Dim hEventLog As Long
Dim LogString As String
Dim Ret As Long
Dim ELR As EVENTLOGRECORD
Dim bBytes(1 To 1024) As Byte
Dim l_lngBytesRead As Long
Dim l_lngBytesNeeded As Long

'Open the event log
hEventLog = OpenEventLog(vbNullString, "System")

'Report a new event
ReportEvent hEventLog, EVENTLOG_INFORMATION_TYPE, 0, 0, ByVal 0&, 1, 0, "Hello World!", ByVal 0&

'Get the number of reported events
GetNumberOfEventLogRecords hEventLog, Ret
MsgBox "Events reported: " + CStr(Ret)

'Read the event log
While (ReadEventLog(hEventLog, EVENTLOG_FORWARDS_READ, EVENTLOG_SEQUENTIAL_READ, ELR, ByVal 1024, l_lngBytesRead, l_lngBytesNeeded))
'display event

Wend

'Close the event log
CloseEventLog hEventLog
End Sub
[\VBCODE]

good suggestion, but this example only opens, reads the count, writes to it and closes the event log.. I would like to read from it and display information from the log.

Thanks,
-mcd