Ian,
see below for details fron WINNT.h
#define EVENTLOG_SEQUENTIAL_READ 0X0001
#define EVENTLOG_SEEK_READ 0X0002
#define EVENTLOG_FORWARDS_READ 0X0004
#define EVENTLOG_BACKWARDS_READ 0X0008
//
// The types of events that can be logged.
//
#define EVENTLOG_SUCCESS 0X0000
#define EVENTLOG_ERROR_TYPE 0x0001
#define EVENTLOG_WARNING_TYPE 0x0002
#define EVENTLOG_INFORMATION_TYPE 0x0004
#define EVENTLOG_AUDIT_SUCCESS 0x0008
#define EVENTLOG_AUDIT_FAILURE 0x0010
//
// Defines for the WRITE flags used by Auditing for paired events
// These are not implemented in Product 1
//
#define EVENTLOG_START_PAIRED_EVENT 0x0001
#define EVENTLOG_END_PAIRED_EVENT 0x0002
#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004
#define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008
#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010
//
// Structure that defines the header of the Eventlog record. This is the
// fixed-sized portion before all the variable-length strings, binary
// data and pad bytes.
//
// TimeGenerated is the time it was generated at the client.
// TimeWritten is the time it was put into the log at the server end.
//
typedef struct _EVENTLOGRECORD {
DWORD Length; // Length of full record
DWORD Reserved; // Used by the service
DWORD RecordNumber; // Absolute record number
DWORD TimeGenerated; // Seconds since 1-1-1970
DWORD TimeWritten; // Seconds since 1-1-1970
DWORD EventID;
WORD EventType;
WORD NumStrings;
WORD EventCategory;
WORD ReservedFlags; // For use with paired events (auditing)
DWORD ClosingRecordNumber; // For use with paired events (auditing)
DWORD StringOffset; // Offset from beginning of record
DWORD UserSidLength;
DWORD UserSidOffset;
DWORD DataLength;
DWORD DataOffset; // Offset from beginning of record
//
// Then follow:
//
// WCHAR SourceName[]
// WCHAR Computername[]
// SID UserSid
// WCHAR Strings[]
// BYTE Data[]
// CHAR Pad[]
// DWORD Length;
//
} EVENTLOGRECORD, *PEVENTLOGRECORD;
//SS: start of changes to support clustering
//SS: ideally the
#define MAXLOGICALLOGNAMESIZE 256
#pragma warning(disable : 4200)
typedef struct _EVENTSFORLOGFILE{
DWORD ulSize;
WCHAR szLogicalLogFile[MAXLOGICALLOGNAMESIZE]; //name of the
logical file-security/application/system
DWORD ulNumRecords;
EVENTLOGRECORD pEventLogRecords[];
}EVENTSFORLOGFILE, *PEVENTSFORLOGFILE;
Ron
Ian Bartholomew wrote in message ...
>I am just starting to write a Dolphin wrapper for the above Windows
>(XP/2000/NT) facility but, as is usual, I find that my header file
>information is too far out of date to contain the required constants.
>
>Could some kind soul have a look in the header file for the Windows AdvApi
>dll (possibly in windows.h or winnt.h if there is no such file as advapi.h)
>and post the values of any constants that are of the format EVENTLOG_*.
>There may be others needed but that should be enough at the moment.
>
>If there is any interest I will, of course, make the Dolphin wrapper
>available.
>
>TIA
>Ian
>
>
>
>
Locked
