I need to write a program to convert an archived event log file (.evt) to an text file without using eventViewer.
I was able to get most of the part using OpenBackupEventLog, ReadEventLog, and EVENTLOGRECORD but i cant figure out how to get the category, computer name, and the actual error message from it...
I tried using GetEventLogInformation to get the actual error mesage but its returning a 0. this is what i did..
char InfoChar[1000];
LPDWORD BytesNeeded;
DWORD InfoSize = 1000;
BytesNeeded = 0;
int result = GetEventLogInformation
(evt1,NULL, &InfoChar, InfoSize, BytesNeeded);
Please tell me how i can get the category, computer, and the actual error message out of the EVENTLOGRECORD. If GetEventLogInformation is the correct function to use, please give me an example or tell me what i did wrong...
or... it would be great to know if there are any better ways of converting a .evt file to a .txt file.
hi,
if u r ready to use a 3rd party tool then u may use Log Parser 2.2; u will need to install it first.
then a command line argument from its root.
LogParser "SELECT * INTO c:\task\Trace.txt FROM c:\task\application.evt"
Reply With Quote
Bookmarks