The following code sample reads all the records in the Application logfile and displays the event identifier, event type, and source name for each event log entry.
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;
/* Open the Application event log. */
h = OpenEventLog(NULL, /* uses local computer */
"Application"); /* source name */
if (h == NULL)
ErrorExit("could not open Application event log");
pevlr = (EVENTLOGRECORD *) &bBuffer;
/*
* Opening the event log positions the file pointer
* for this handle at the beginning of the log.
*
* Read records sequentially until there
* are no more.
*/
while (ReadEventLog(h, /* event log handle */
EVENTLOG_FORWARDS_READ | /* reads forward */
EVENTLOG_SEQUENTIAL_READ, /* sequential read */
0, /* ignored for sequential reads */
pevlr, /* address of buffer */
BUFFER_SIZE, /* size of buffer */
&dwRead, /* count of bytes read */
&dwNeeded)) { /* bytes in next record */
while (dwRead > 0) {
/*
* Print the event ID, type, and source name.
* The source name is just past the end of the
* formal structure.
*/
printf("%02d Event ID: 0x%08X ",
dwThisRecord++, pevlr->EventID);
printf("EventType: %d Source: %s\n",
pevlr->EventType, (LPSTR) ((LPBYTE) pevlr +
sizeof(EVENTLOGRECORD)));
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)
((LPBYTE) pevlr + pevlr->Length);
}
pevlr = (EVENTLOGRECORD *) &bBuffer;
}
CloseEventLog(h);