| 术语 | readeventlog |
| 释义 | ReadEventLog 语法: C++ BOOL ReadEventLog( __in HANDLE hEventLog, __in DWORD dwReadFlags, __in DWORD dwRecordOffset, __out LPVOID lpBuffer, __in DWORD nNumberOfBytesToRead, __out DWORD *pnBytesRead, __out DWORD *pnMinNumberOfBytesNeeded ); ReadEventLog函数 读取指定的事件日志条目的指定数目。该函数可以用来读取顺序或时间顺序日志条目。 参数 hEventLog [in] 句柄到事件日志中被读取。该OpenEventLog函数返回此句柄。 dwReadFlags [in] 使用下列标志值,以指示如何读取日志文件。此参数必须包括下列值之一(标志是互相排斥的)。 ValueMeaning EVENTLOG_SEEK_READ 0x0002Begin阅读从dwRecordOffset参数中指定的记录。 此选项可能无法使用较大的日志文件,如果该函数不能确定日志文件的大小。有关详细信息,请参阅知识库文章177199。 EVENTLOG_SEQUENTIAL_READ 0x0001Read的记录顺序。如果这是第一次读操作中,EVENTLOG_FORWARDS_READ EVENTLOG_BACKWARDS_READ旗确定哪些记录首先阅读。 必须指定下列标志之一,表明连续读操作方向(标志是互相排斥的)。 ValueMeaning EVENTLOG_FORWARDS_READ 0x0004The日志是按时间顺序读(旧到新)。默认。 EVENTLOG_BACKWARDS_READ 0x0008The日志读取的时间顺序,(从新到旧的)。 dwRecordOffset [in] 在日志记录号入境会上读操作应该开始。此参数被忽略,除非dwReadFlags包括EVENTLOG_SEEK_READ标志。 lpBuffer [out] 一个应用程序分配的缓冲区,将收到一个或多个EVENTLOGRECORD结构。这个参数不能为NULL,即使nNumberOfBytesToRead参数为零。 这个缓冲区的最大尺寸为0x7ffff字节。 nNumberOfBytesToRead [in] 该lpBuffer缓冲区的大小,以字节为单位。此函数将读取多达日志条目为适合在缓冲区,该函数将不会返回的部分作品。 pnBytesRead [out] 一个变量,它接收由函数读取的字节数的指针。 pnMinNumberOfBytesNeeded [out] 一个变量,它接收的lpBuffer缓冲区所需大小的指针。这个值是有效的仅此函数返回0,GetLastError返回ERROR_INSUFFICIENT_BUFFER。 返回值 如果函数成功,返回值为非零。 如果函数失败,返回值是零。为了获得更多错误信息,调用GetLastError。 备注 当此函数返回成功,在事件日志读取的位置是由读取记录数调整。 注意:此源的配置文件的名称也可能是其他来源的配置文件名(几个来源可以存在一个单一的日志)的子项。因此,这个函数可能会返回那些由多个源记录的事件。 实例 有关示例,请参阅查询的事件信息。 要求: 最低支持:client-Windows 2000专业版 最低支持server-Windows 2000服务器 HeaderWinbase.h(头文件:winuser.h) LibraryAdvapi32.lib DLLAdvapi32.dll Unicode和ANSI namesReadEventLogW(Unicode)和ReadEventLogA(ANSI)的 参见 事件记录功能 ClearEventLog CloseEventLog EVENTLOGRECORD OpenEventLog ReportEvent 如果有任何问题和意见,请发送给微软(wsddocfb@microsoft.com) 生成日期:2009年8月6日 ==英文原文==ReadEventLog Function Reads the specified number of entries from the specified event log. The function can be used to read log entries in chronological or reverse chronological order. Syntax C++ BOOL ReadEventLog( __in HANDLE hEventLog, __in DWORD dwReadFlags, __in DWORD dwRecordOffset, __out LPVOID lpBuffer, __in DWORD nNumberOfBytesToRead, __out DWORD *pnBytesRead, __out DWORD *pnMinNumberOfBytesNeeded ); Parameters hEventLog [in] A handle to the event log to be read. The OpenEventLog function returns this handle. dwReadFlags [in] Use the following flag values to indicate how to read the log file. This parameter must include one of the following values (the flags are mutually exclusive). ValueMeaning EVENTLOG_SEEK_READ 0x0002Begin reading from the record specified in the dwRecordOffset parameter. This option may not work with large log files if the function cannot determine the log file's size. For details, see Knowledge Base article, 177199. EVENTLOG_SEQUENTIAL_READ 0x0001Read the records sequentially. If this is the first read operation, the EVENTLOG_FORWARDS_READ EVENTLOG_BACKWARDS_READ flags determines which record is read first. You must specify one of the following flags to indicate the direction for successive read operations (the flags are mutually exclusive). ValueMeaning EVENTLOG_FORWARDS_READ 0x0004The log is read in chronological order (oldest to newest). The default. EVENTLOG_BACKWARDS_READ 0x0008The log is read in reverse chronological order (newest to oldest). dwRecordOffset [in] The record number of the log-entry at which the read operation should start. This parameter is ignored unless dwReadFlags includes the EVENTLOG_SEEK_READ flag. lpBuffer [out] An application-allocated buffer that will receive one or more EVENTLOGRECORD structures. This parameter cannot be NULL, even if the nNumberOfBytesToRead parameter is zero. The maximum size of this buffer is 0x7ffff bytes. nNumberOfBytesToRead [in] The size of the lpBuffer buffer, in bytes. This function will read as many log entries as will fit in the buffer; the function will not return partial entries. pnBytesRead [out] A pointer to a variable that receives the number of bytes read by the function. pnMinNumberOfBytesNeeded [out] A pointer to a variable that receives the required size of the lpBuffer buffer. This value is valid only this function returns zero and GetLastError returns ERROR_INSUFFICIENT_BUFFER. Return Value If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. Remarks When this function returns successfully, the read position in the event log is adjusted by the number of records read. Note The configured file name for this source may also be the configured file name for other sources (several sources can exist as subkeys under a single log). Therefore, this function may return events that were logged by more than one source. Examples For an example, see Querying for Event Information . Requirements Minimum supported clientWindows 2000 Professional Minimum supported serverWindows 2000 Server HeaderWinbase.h (include Windows.h) LibraryAdvapi32.lib DLLAdvapi32.dll Unicode and ANSI namesReadEventLogW (Unicode) and ReadEventLogA (ANSI) See Also Event Logging Functions ClearEventLog CloseEventLog EVENTLOGRECORD OpenEventLog ReportEvent Send comments about this topic to Microsoft Build date: 8/6/2009 ==原始网址==http://msdn.microsoft.com/en-us/library/aa363674(VS.85).aspx\n |
| 随便看 |
|
windows api函数参考手册包含2258条windows api函数文档,详细介绍nodejs、java、rust调用windows api的方法技巧,是学习windows api编程的入门中文文档。