| BOOL ReadEventLog(hEventLog, fdwRead, dwRecordNumber, lpvBuffer, cbBuffer, pcbRead, pcbNeeded) | |||||
| HANDLE hEventLog; | /* event-log handle (returned by OpenEventLog) | */ | |||
| DWORD fdwRead; | /* specifies how to read log | */ | |||
| DWORD dwRecordNumber; | /* number of first record | */ | |||
| LPVOID lpvBuffer; | /* address of buffer for read data | */ | |||
| DWORD cbBuffer; | /* number of bytes to read | */ | |||
| DWORD *pcbRead; | /* number of bytes read | */ | |||
| DWORD *pcbNeeded; | /* number of bytes needed for next record | */ | |||
The ReadEventLog function reads a whole number of entries from the event log. The function can be used to read log entries in forward or reverse chronological order.
hEventLog
Specifies the event-log handle. This handle is returned by the OpenEventLog function.
fdwRead
Specifies how this read operation is to proceed. This parameter may be some combination of the following values:
| Value | Meaning |
| EVENTLOG_FORWARDS_READ | ||
| Log is read in forward chronological order. This flag is ignored if it is specified with EVENTLOG_SEEK_READ. | ||
| EVENTLOG_BACKWARDS_READ | ||
| Log is read in reverse chronological order. This flag is ignored if it is specified with EVENTLOG_SEEK_READ. | ||
| EVENTLOG_SEEK_READ | ||
| Read operation proceeds from the record specified by dwRecordNumber. | ||
| EVENTLOG_SEQUENTIAL_READ | ||
| Read operation proceeds sequentially from the last call to the ReadEventLog function using this handle. | ||
dwRecordNumber
Specifies the log-entry record number where the read operation should start. This parameter is ignored unless fdwRead includes the EVENTLOG_SEEK_READ flag.
lpvBuffer
Points to a buffer for the data read from the event log.
cbBuffer
Specifies the size of the buffer.
pcbRead
Points to a variable that receives the number of bytes read by the function.
pcbNeeded
Points to a variable that receives the number of bytes needed for the next log entry. This count is valid only if ReadEventLog returns zero and GetLastError returns BUFFER_TOO_SMALL.
The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.
When this function returns, the error-log read position is adjusted by the number of records actually read. Only a whole number of event log records will be returned.
The ReadEventLog function can be used to read any log file by specifying the appropriate module name with the OpenEventLog function. To read a log file that is not the configured file for any module, e.g. a backup copy of an earlier log, the viewing utility must create an entry in the configuration registry for a dummy module and then use that module name to access the log file.
Note:
The configured file name for this module may also be the configured file name for other modules. Therefore, it is not valid to expect to get back from this call only those events that were logged by the module represented by hEventLog.
ClearEventLog, CloseEventLog, OpenEventLog, ReportEvent