Win32::EventLog problems

Fri, 28 May 2004 13:16:46 -0700 

Hello,

I am attempting to read the windows eventlog and running into some difficulty.

I am trying to seek to a specific record (x) using EVENTLOG_SEEK_READ, read record x, and then continue to read the rest of the eventlog from that position using EVENTLOG_SEQUENTIAL_READ. What seems to happen, is that record x is read successfully, but when doing the sequential read to finish the eventlog, it skips some records after the first read record.

For example, read record 5, then do sequential read. Next read record seems to be always greater than 6. The next read record seems to depend on the size of the record in the eventlog. The smaller the records, the more that are skipped.


Here is what MS says about ReadEventLog:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/readeventlog.asp

<snip>
"nNumberOfBytesToRead
[in] Size of the buffer, in bytes. This function will read as many whole log entries as will fit in the buffer; the function will not return partial entries, even if there is room in the buffer."
</snip>

Does anyone know how to work around this problem?
I know it would be possible to increment $LastRead until I get an error, but this does seem to be a bug in perl.

Here is some code to show the problem I am seeing.

#!perl -w
use strict;
use Win32::EventLog;
$Win32::EventLog::GetMessageText = 1;

my $handle;
my $OldRec;
my $NumRec;
my $hashRef;

# assume record #1 exists
my $LastRead = 1;

# open the security log
$handle=Win32::EventLog->new("System", $ENV{ComputerName});
$handle->GetOldest($OldRec);
$handle->GetNumber($NumRec);

print "OLDEST: $OldRec, NUMREC: $NumRec\n";

$handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,
              $LastRead,
              $hashRef);
print "FIRST RECORD READ: $hashRef->{RecordNumber}\n";
while($handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEQUENTIAL_READ,
                    0,
                    $hashRef)) {
        print "$hashRef->{RecordNumber} ";
}

# end code

Thanks,
Michael

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN Premium http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines

_______________________________________________
ActivePerl mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Reply via email to