Fail to read Security Event log with provider name "Microsoft-Windows-Security-Auditing" on Windows Server 2008

  • Thread starter Thread starter AndyGuoguo
  • Start date Start date
A

AndyGuoguo

Guest
Hi,folks.

I'm encounter a strange problem on ReadEventLog API. I want to read Security Event log,so at first I use OpenEventLog to open Security log,

******code start******
m_strProviderName = L"Microsoft-Windows-Security-Auditing";

hEventLog = OpenEventLog(NULL, m_strProviderName);
if (NULL == hEventLog)
{
wprintf(L"OpenEventLog failed with 0x%x.\n", GetLastError());
goto cleanup;
}

******code end******

Then use ReadEventLog regularly to get newcome log,but ReadEventLog always failed with error code ERROR_HANDLE_EOF,I can't get any log.

After I change the second parmeter(ProviderName) of OpenEventLog to "Security", ReadEventLog could get event logs which should be writen by "Microsoft-Windows-Security-Auditing". It's very confusing for me,why I can't read security log which actually provide by "Microsoft-Windows-Security-Auditing".

OS: Windows server 2008 standard (6001 SP1)

Update:

Same code works on win7\win10 well.

Thanks in advance.

Continue reading...
 
Back
Top