| UID | title | description | helpviewer_keywords | old-location | tech.root | ms.assetid | ms.date | ms.keywords | req.header | req.include-header | req.target-type | req.target-min-winverclnt | req.target-min-winversvr | req.kmdf-ver | req.umdf-ver | req.ddi-compliance | req.unicode-ansi | req.idl | req.max-support | req.namespace | req.assembly | req.type-library | req.lib | req.dll | req.irql | targetos | req.typenames | req.redist | ms.custom | f1_keywords | dev_langs | topic_type | api_type | api_location | api_name | req.apiset | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NF:winbase.ReadEventLogA |
ReadEventLogA function (winbase.h) |
Reads the specified number of entries from the specified event log. (ANSI) |
|
base\readeventlog.htm |
base |
10b37174-661a-4dc6-a7fe-752739494156 |
12/05/2018 |
EVENTLOG_BACKWARDS_READ, EVENTLOG_FORWARDS_READ, EVENTLOG_SEEK_READ, EVENTLOG_SEQUENTIAL_READ, ReadEventLog, ReadEventLog function, ReadEventLogA, ReadEventLogW, _win32_readeventlog, base.readeventlog, winbase/ReadEventLog, winbase/ReadEventLogA, winbase/ReadEventLogW |
winbase.h |
Windows.h |
Windows |
Windows 2000 Professional [desktop apps only] |
Windows 2000 Server [desktop apps only] |
ReadEventLogW (Unicode) and ReadEventLogA (ANSI) |
Advapi32.lib |
Advapi32.dll |
Windows |
19H1 |
|
|
|
|
|
|
ext-ms-win-advapi32-eventlog-ansi-l1-1-0 (introduced in Windows 10, version 10.0.10240) |
Reads the specified number of entries from the specified event log. The function can be used to read log entries in chronological or reverse chronological order.
A handle to the event log to be read. The OpenEventLog function returns this handle.
Use the following flag values to indicate how to read the log file. This parameter must include one of the following values (the flags are mutually exclusive).
You must specify one of the following flags to indicate the direction for successive read operations (the flags are mutually exclusive).
The record number of the log-entry at which the read operation should start. This parameter is ignored unless dwReadFlags includes the EVENTLOG_SEEK_READ flag.
An application-allocated buffer that will receive one or more EVENTLOGRECORD structures. This parameter cannot be NULL, even if the nNumberOfBytesToRead parameter is zero.
The maximum size of this buffer is 0x7ffff bytes.
The size of the lpBuffer buffer, in bytes. This function will read as many log entries as will fit in the buffer; the function will not return partial entries.
A pointer to a variable that receives the number of bytes read by the function.
A pointer to a variable that receives the required size of the lpBuffer buffer. This value is valid only if this function returns zero and GetLastError returns ERROR_INSUFFICIENT_BUFFER.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
When this function returns successfully, the read position in the event log is adjusted by the number of records read.
For an example, see Querying for Event Information.
Note
The winbase.h header defines ReadEventLog as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.