none
event Logs RRS feed

  • Question

  • Hi,

    I am creating a c++ program to read the information that are present in a evtx file.

    I'm trying to fetch the  source name(Provider Name) of the event. so that i could fetch the corresponding dll file and load it to fetch the event data of that corresponding event.

    Can anyone help me in fetching the source of the event log.

    Thanks in advance,

    Gopichand

    Monday, September 16, 2019 12:53 PM

All replies

  • Hi,

    Thank you for posting here.

    >>Can anyone help me in fetching the source of the event log.

    When an application uses the RegisterEventSource or OpenEventLog function to get a handle to an event log, the event logging service searches for the specified event source in the registry.

    An application can use the Application log without adding a new event source to the registry. If the application calls RegisterEventSource and passes a source name that cannot be found in the registry, the event-logging service uses the Application log by default.

    An event viewer application uses the OpenEventLog function to open the event log for an event source. The event viewer can then use the ReadEventLog function to read event records from the log. ReadEventLog returns a buffer containing an EVENTLOGRECORD structure and additional information that describes a logged event. 

    For more details I suggest you could refer to the link:
    https://docs.microsoft.com/en-us/windows/win32/eventlog/querying-for-event-source-messages

    Best Regards,

    Jeanine Zhang

    Tuesday, September 17, 2019 1:56 AM
    Moderator