Hi, I've just implemented a small app to query for all the event log entries in a particular Event Log (i.e "System"). All works fine but I don't seem to be able to iterate through all the records availiable. In my machine for ex. there are over 40k entries for the System event log and for some reason I can't read all of them.
Now, here's what I tried so far:
-- Only reads 61 entries:
ReadEventLog(EVENTLOG_SEEK_READ or EVENTLOG_FORWARDS_READ, dwOldestRec, dwRead, dwNeeded);
Where dwOldestRec => GetOldestEventLogRecord(Handle, dwOldestRec);
I do a loop while ReadEventLog... and then another loop through the buffer to get all the entries from the buffer (in my case I'm using a 4096 bytes buffer). This is the exact same method as the MSDN example.
-- Reads over 13k entries:
If I start from the end of the log and go back I can read more entries, i can't figure out why. Although I can read substantially more entries in this way, it's not the whole 40k entries..
ReadEventLog(EVENTLOG_SEEK_READ or EVENTLOG_BACKWARDS_READ, dwTotalRecords - dwOldestRec + 1, dwRead, dwNeeded);
I then do the same thing as previously to read the entries..
Any clue on what I'm doing wrong here? I can put all source here if necessary.
Thank you,
Marcelo Grossi
