C
Cartoper
I am trying to read the event log from the news to the oldest and get
the time. I cannot figure out how to get the time. When I look at the
event log it has things from today but when I run my code it starts a
month back. The times are also off. Might someone be kind enough to
enlighten me as to what I am doing wrong? The following code is
virtually identical to the example in MSDN, except I am trying to
extract the time:
HANDLE h;
EVENTLOGRECORD *pevlr;
LPBYTE pBuffer = new BYTE[BUFFER_SIZE];
DWORD dwRead = 0, dwNeeded = 0, dwThisRecord = 0;
// Open the Application event log.
h = OpenEventLog( NULL, "System"); // source name
if (h == NULL)
return false;
pevlr = (EVENTLOGRECORD *) pBuffer;
TIME_ZONE_INFORMATION tzi;
GetTimeZoneInformation(&tzi);
// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the records
// sequentially until there are no more.
while (ReadEventLog(h, // event log handle
EVENTLOG_BACKWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
struct tm * pTmStruct = gmtime((long*)&pevlr-
SYSTEMTIME universalTime, localTime;
LPSYSTEMTIME lptime = &localTime;
universalTime.wYear = pTmStruct->tm_year + 1900;
universalTime.wMonth = pTmStruct->tm_mon;
universalTime.wDay = pTmStruct->tm_mday;
universalTime.wHour = pTmStruct->tm_hour;
universalTime.wMinute = pTmStruct->tm_min;
universalTime.wSecond = pTmStruct->tm_sec;
if( SystemTimeToTzSpecificLocalTime(&tzi, &universalTime,
&localTime) == false)
{
lptime = &universalTime;
}
printf("%04d/%02d/%02d %02d:%02d:%02d ",
lptime->wYear, lptime->wMonth, lptime->wDay,
lptime->wHour, lptime->wMinute, lptime->wSecond);
printf("%02d Event ID: 0x%08X ", dwThisRecord++, pevlr-
printf("EventType: %d Source: %s\n", pevlr->EventType,
(LPSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD)));
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *) ((LPBYTE) pevlr + pevlr-
pevlr = (EVENTLOGRECORD *) pBuffer;
}
CloseEventLog(h);
delete pBuffer;
the time. I cannot figure out how to get the time. When I look at the
event log it has things from today but when I run my code it starts a
month back. The times are also off. Might someone be kind enough to
enlighten me as to what I am doing wrong? The following code is
virtually identical to the example in MSDN, except I am trying to
extract the time:
HANDLE h;
EVENTLOGRECORD *pevlr;
LPBYTE pBuffer = new BYTE[BUFFER_SIZE];
DWORD dwRead = 0, dwNeeded = 0, dwThisRecord = 0;
// Open the Application event log.
h = OpenEventLog( NULL, "System"); // source name
if (h == NULL)
return false;
pevlr = (EVENTLOGRECORD *) pBuffer;
TIME_ZONE_INFORMATION tzi;
GetTimeZoneInformation(&tzi);
// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the records
// sequentially until there are no more.
while (ReadEventLog(h, // event log handle
EVENTLOG_BACKWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
struct tm * pTmStruct = gmtime((long*)&pevlr-
TimeWritten);
SYSTEMTIME universalTime, localTime;
LPSYSTEMTIME lptime = &localTime;
universalTime.wYear = pTmStruct->tm_year + 1900;
universalTime.wMonth = pTmStruct->tm_mon;
universalTime.wDay = pTmStruct->tm_mday;
universalTime.wHour = pTmStruct->tm_hour;
universalTime.wMinute = pTmStruct->tm_min;
universalTime.wSecond = pTmStruct->tm_sec;
if( SystemTimeToTzSpecificLocalTime(&tzi, &universalTime,
&localTime) == false)
{
lptime = &universalTime;
}
printf("%04d/%02d/%02d %02d:%02d:%02d ",
lptime->wYear, lptime->wMonth, lptime->wDay,
lptime->wHour, lptime->wMinute, lptime->wSecond);
printf("%02d Event ID: 0x%08X ", dwThisRecord++, pevlr-
EventID);
printf("EventType: %d Source: %s\n", pevlr->EventType,
(LPSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD)));
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *) ((LPBYTE) pevlr + pevlr-
}Length);
pevlr = (EVENTLOGRECORD *) pBuffer;
}
CloseEventLog(h);
delete pBuffer;