Reads an entry from the event log
#include <EventLog.au3>
_EventLog__Read ( $hEventLog [, $bRead = True [, $bForward = True [, $iOffset = 0]]] )
| $hEventLog | A handle to the event log |
| $bRead | [optional] If True, operation proceeds sequentially from the last call to this function using this handle. If False, the read will operation proceeds from the record specified by the $iOffset parameter. |
| $bForward | [optional] If True, the log is read in date order. If False, the log is read in reverse date order. |
| $iOffset | [optional] The number of the event record at which the read operation should start. This parameter is ignored if $bRead is True. |
| Success: | an array with the following format: [ 0] - True [ 1] - Number of the record [ 2] - Date at which this entry was submitted [ 3] - Time at which this entry was submitted [ 4] - Date at which this entry was received to be written to the log [ 5] - Time at which this entry was received to be written to the log [ 6] - Event identifier [ 7] - Event type. This can be one of the following values: 1 - Error event 2 - Warning event 4 - Information event 8 - Success audit event 16 - Failure audit event [ 8] - Event type string [ 9] - Event category [10] - Event source [11] - Computer name [12] - Username [13] - Event description [14] - Event data array |
| Failure: | $Array[0] = False |
When this function returns successfully, the read position in the event log is adjusted by the number of records read.
Though multiple records can be read, this function returns one record at a time for sanity sake.
_EventLog__Close, _EventLog__Open
#include <EventLog.au3>
#include <FontConstants.au3>
#include <GUIConstantsEx.au3>
Global $g_idMemo
Example()
Func Example()
Local $hEventLog, $aEvent
; Create GUI
GUICreate("EventLog", 600, 300)
$g_idMemo = GUICtrlCreateEdit("", 2, 2, 596, 294, 0)
GUICtrlSetFont($g_idMemo, 9, $FW_NORMAL, $GUI_FONTNORMAL, "Courier New")
GUISetState(@SW_SHOW)
; Read most current event record
$hEventLog = _EventLog__Open("", "Application")
$aEvent = _EventLog__Read($hEventLog, True, False) ; read last event
; $hEventLog = _EventLog__Open("", "System")
; $aEvent = _EventLog__Read($hEventLog)
; $aEvent = _EventLog__Read($hEventLog, True, False)
MemoWrite("Result ............: " & $aEvent[0])
MemoWrite("Record number .....: " & $aEvent[1])
MemoWrite("Submitted .........: " & $aEvent[2] & " " & $aEvent[3])
MemoWrite("Generated .........: " & $aEvent[4] & " " & $aEvent[5])
MemoWrite("Event ID ..........: " & $aEvent[6])
MemoWrite("Type ..............: " & $aEvent[8])
MemoWrite("Category ..........: " & $aEvent[9])
MemoWrite("Source ............: " & $aEvent[10])
MemoWrite("Computer ..........: " & $aEvent[11])
MemoWrite("Username ..........: " & $aEvent[12])
MemoWrite("Description .......: " & $aEvent[13])
_EventLog__Close($hEventLog)
; Loop until the user exits.
Do
Until GUIGetMsg() = $GUI_EVENT_CLOSE
EndFunc ;==>Example
; Write a line to the memo control
Func MemoWrite($sMessage)
GUICtrlSetData($g_idMemo, $sMessage & @CRLF, 1)
EndFunc ;==>MemoWrite