windows-server-2008 windows-server-2008-r2

从系统读取应用程序/系统/安全事件日志时，ReadEventLog() API 在 Windows Server 2008 R2 上失败，错误代码为 87

发布于 2024-09-06 22:31:44 字数 1451 浏览 3 评论 0原文

我有一个 MFC 应用程序，它在 WOW64 环境中读取 Windows Server 2008 R2 上的系统（即应用程序/系统/安全）事件日志。我在 Windows Server 2008 R2 中遇到 std SDK ::ReadEventLog() 函数的问题。下面我提供了代码片段，但相同的代码/API 在 Windows XP WOW64 和 Windows XP 中完美运行。 x64 环境。错误代码“87”指的是“参数不正确”，但根据我的说法，我传递给 ::ReadEventLog() 函数的参数似乎是正确的。

[代码]

//缓冲区大小。常量 int BUFFER_SIZE = 1024*10
BYTE l_bBufferSize[BUFFER_SIZE];
EVENTLOGRECORD* l_pEvntLogRecord = NULL;

l_pEvntLogRecord = (EVENTLOGRECORD *) &l_bBufferSize; ::设置最后一个错误(0);

/* 调整“计数器”以读取日志。 'l_nReadRecordIndex' 与列表控件映射，例如按下键时，'l_nReadRecordIndex' 设置为“GetCountPerPage() + 1”，这是一种情况，因为它们有多种情况。 */

DWORD l_dwLogCounter = (GetTotalNumberOfRecords() - l_nReadRecordIndex) + 1;

//按照“nCntToReadRecords”读取日志。

for(l_dwLogCounter;l_nNoOfRecTobeRead <= nCntToReadRecords;l_dwLogCounter--, l_nNoOfRecTobeRead++) {

//获取要读取的实际位置。

if(0 != ::ReadEventLog( m_hEventLogHandle, EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ,
l_dwLogCounter、l_pEvntLogRecord、BUFFER_SIZE、 &l_dwReadBytes, &l_dwNeedBytes))

{
     DWORD l_dwErrCode = 0;
     l_dwErrCode = ::GetLastError();    //87 is returned
     return FALSE
}

}

//数据填充代码

如果有人知道类似的问题或处理过类似的问题，请让我知道解决方案。请参考上面的代码片段并让我知道以下事项，a）什么是不正确的参数。 b) 他们是否有其他读取事件日志的方式？

提前致谢。

-- 加内什

原文

I have an MFC application which reads system (i.e. Application/System/Security) event logs on Windows Server 2008 R2 in WOW64 environment. I am facing a problem with std SDK ::ReadEventLog() function in Windows Server 2008 R2. Below I have provided the code snippet, but the same code/API works perfectly in Windows XP WOW64 & x64 environment. Error code '87' refers to "The parameter is incorrect" but according me the parameters which I passed to ::ReadEventLog() function seems to be correct.

[Code]

//BufferSize.
const int BUFFER_SIZE = 1024*10
BYTE l_bBufferSize[BUFFER_SIZE];
EVENTLOGRECORD* l_pEvntLogRecord = NULL;

l_pEvntLogRecord = (EVENTLOGRECORD *) &l_bBufferSize;
::SetLastError(0);

/*
Adjust the 'counter' to read logs. 'l_nReadRecordIndex' is mapped with the list control, e.g. on key down, 'l_nReadRecordIndex' is set as "GetCountPerPage() + 1" this is one case as their are many case.
*/

DWORD l_dwLogCounter = (GetTotalNumberOfRecords() - l_nReadRecordIndex) + 1;

//Read logs as per "nCntToReadRecords".

for(l_dwLogCounter;l_nNoOfRecTobeRead <= nCntToReadRecords;l_dwLogCounter--, l_nNoOfRecTobeRead++)
{

//Get Actual position to read.

if(0 != ::ReadEventLog( m_hEventLogHandle, EVENTLOG_SEEK_READ|EVENTLOG_FORWARDS_READ,
l_dwLogCounter, l_pEvntLogRecord, BUFFER_SIZE,
&l_dwReadBytes, &l_dwNeedBytes))

{
     DWORD l_dwErrCode = 0;
     l_dwErrCode = ::GetLastError();    //87 is returned
     return FALSE
}

}

//Data population code

If any one is aware of similar problem or worked on the similar issue please let me know the solution. Please refer the above code snippet and let me know the following things, a) What are the incorrect parameters. b) Is their any another way to read event logs.

Thanks in advance.

--
Ganesh

分享到QQ

分享到微博