please dont rip this site Prev Next

EVENTLOGRECORD info  Overview  Group

The EVENTLOGRECORD structure contains information about an event record.

typedef struct _EVENTLOGRECORD { // evlr 

    DWORD  Length; 

    DWORD  Reserved; 

    DWORD  RecordNumber; 

    DWORD  TimeGenerated; 

    DWORD  TimeWritten; 

    DWORD  EventID; 

    WORD   EventType; 

    WORD   NumStrings; 

    WORD   EventCategory; 

    WORD   ReservedFlags; 

    DWORD  ClosingRecordNumber; 

    DWORD  StringOffset; 

    DWORD  UserSidLength; 

    DWORD  UserSidOffset; 

    DWORD  DataLength; 

    DWORD  DataOffset; 

    // 

    // Then follow: 

    // 

    // TCHAR SourceName[] 

    // TCHAR Computername[] 

    // SID   UserSid 

    // TCHAR Strings[] 

    // BYTE  Data[] 

    // CHAR  Pad[] 

    // DWORD Length; 

    // 

} EVENTLOGRECORD; 

 

Members

Length
Specifies the length, in bytes, of this event record. Note that this value is stored at both ends of the entry to ease moving forward or backward through the log. The length includes any pad bytes inserted at the end of the record for DWORD alignment.
Reserved
Reserved.
RecordNumber
Contains a record number that can be used with the EVENTLOG_SEEK_READ flag passed in a call to the ReadEventLog function to begin reading at a specified record.
TimeGenerated
The time at which this entry was submitted. This time is measured in the number of seconds elapsed since 00:00:00 January 1, 1970, Universal Coordinated Time.
TimeWritten
Specifies the time at which this entry was received by the service to be written to the logfile. This time is measured in the number of seconds elapsed since 00:00:00 January 1, 1970, Universal Coordinated Time.
EventID
Identifies the event. This is specific to the source that generated the event log entry, and is used, together with SourceName, to identify a message in a message file that is presented to the user while viewing the log.
EventType
Specifies the type of event. This member can be one of the following values:

Value

Meaning

EVENTLOG_ERROR_TYPE

Error event

EVENTLOG_WARNING_TYPE

Warning event

EVENTLOG_INFORMATION_TYPE

Information event

EVENTLOG_AUDIT_SUCCESS

Success Audit event

EVENTLOG_AUDIT_FAILURE

Failure Audit event

For more information about event types, see Event Logging.

NumStrings
Specifies the number of strings present in the log (at the position indicated by StringOffset). These strings are merged into the message before it is displayed to the user.
EventCategory
Specifies a subcategory for this event. This subcategory is source specific.
ReservedFlags
Reserved.
ClosingRecordNumber
Reserved.
StringOffset
Specifies the offset of the strings within this event log entry.
UserSidLength
Specifies the length, in bytes, of the UserSid member. This value can be zero if no security identifier was provided.
UserSidOffset
Specifies the offset of the security identifier within this event record.
DataLength
Specifies the length, in bytes, of the event-specific data (at the position indicated by DataOffset).
DataOffset
Specifies the offset of the event-specific information within this log. This information could be something specific (a disk driver might log the number of retries, for example), followed by binary information specific to the event being logged and to the source that generated the entry.
SourceName
Contains the variable-length null-terminated string specifying the name of the source (application, service, driver, subsystem) that generated the entry. This is the name used to retrieve from the registry the name of the file containing the message strings for this source. It is used, together with the event identifier, to get the message string that describes this event.
Computername
Contains the variable-length null-terminated string specifying the name of the computer that generated this event. There may also be some pad bytes after this field to ensure that the UserSid is aligned on a DWORD boundary.
UserSid
Specifies the security identifier of the active user at the time this event was logged. This member may be empty if the UserSidLength member is zero.

The defined members are followed by the replacement strings for the message identified by the event identifier, the binary information, some pad bytes to make sure the full entry is on a DWORD boundary, and finally the length of the log entry again. Because the strings and the binary information can be of any length, no structure members are defined to reference them.

The event identifier together with SourceName and a language identifier identify a message string that describes the event in more detail. The strings are used as replacement strings and are merged into the message string to make a complete message. The message strings are contained in a message file specified in the source entry in the registry.

The binary information is information that is specific to the event. It could be the contents of the processor registers when a device driver got an error, a dump of an invalid packet that was received from the network, a dump of all the structures in a program (when the data area was detected to be corrupt), and so on. This information should be useful to the writer of the device driver or the application in tracking down bugs or unauthorized breaks into the application.

See Also

ReadEventLog 


file: /Techref/os/win/api/win32/struc/src/str07_8.htm, 8KB, , updated: 2000/4/7 11:20, local time: 2024/11/10 02:14,
TOP NEW HELP FIND: 
3.142.42.32:LOG IN
©2024 PLEASE DON'T RIP! THIS SITE CLOSES OCT 28, 2024 SO LONG AND THANKS FOR ALL THE FISH!

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://linistepper.com/Techref/os/win/api/win32/struc/src/str07_8.htm"> EVENTLOGRECORD</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?