A
AndyGuoguo
Guest
Hi,folks.
I'm encounter a strange problem on ReadEventLog API. I want to read Security Event log,so at first I use OpenEventLog to open Security log,
******code start******
m_strProviderName = L"Microsoft-Windows-Security-Auditing";
hEventLog = OpenEventLog(NULL, m_strProviderName);
if (NULL == hEventLog)
{
wprintf(L"OpenEventLog failed with 0x%x.\n", GetLastError());
goto cleanup;
}
******code end******
Then use ReadEventLog regularly to get newcome log,but ReadEventLog always failed with error code ERROR_HANDLE_EOF,I can't get any log.
After I change the second parmeter(ProviderName) of OpenEventLog to "Security", ReadEventLog could get event logs which should be writen by "Microsoft-Windows-Security-Auditing". It's very confusing for me,why I can't read security log which actually provide by "Microsoft-Windows-Security-Auditing".
OS: Windows server 2008 standard (6001 SP1)
Update:
Same code works on win7\win10 well.
Thanks in advance.
Continue reading...
I'm encounter a strange problem on ReadEventLog API. I want to read Security Event log,so at first I use OpenEventLog to open Security log,
******code start******
m_strProviderName = L"Microsoft-Windows-Security-Auditing";
hEventLog = OpenEventLog(NULL, m_strProviderName);
if (NULL == hEventLog)
{
wprintf(L"OpenEventLog failed with 0x%x.\n", GetLastError());
goto cleanup;
}
******code end******
Then use ReadEventLog regularly to get newcome log,but ReadEventLog always failed with error code ERROR_HANDLE_EOF,I can't get any log.
After I change the second parmeter(ProviderName) of OpenEventLog to "Security", ReadEventLog could get event logs which should be writen by "Microsoft-Windows-Security-Auditing". It's very confusing for me,why I can't read security log which actually provide by "Microsoft-Windows-Security-Auditing".
OS: Windows server 2008 standard (6001 SP1)
Update:
Same code works on win7\win10 well.
Thanks in advance.
Continue reading...