VISTA Prob in GetOldestEventLogRecord ad in RecordNumbes

  • Thread starter VISTA: EVENTLOG-RECORD NUMBER Problems
  • Start date
V

VISTA: EVENTLOG-RECORD NUMBER Problems

Hello Experts,

On VISTA, both 32 bit as well as 64 bit, I observe a few problems with
Eventlog APIs when Record Numbers in the EventLog start from a higher number
rather than 1.
(Note this can be achieved by limiting the size and marking Overwrite options)

Comparison was done using Following WMI CMI Studio.

Example Query

SELECT * FROM Win32_NTLogEvent where Logfile="Application"

ISSUE1
======
Browsing EventLogFile through ReadEventLog give inconsistent results:

Value of 'RecordNumber' member of the strucure EVENTLOGRECORD differ from
what is observed in WMI CMI Studio

These Obtained RecordNumber values give Correct result using EventLogApis,
like reading Message But the same number doesn't have validity in WMI Studio

ISSUE2
=====
'GetOldestEventLogRecord' API returns always 1, even if oldest RecordNumber
is greater than 1

Thanks,
Pankaj
 
A

Andrew McLaren

> These Obtained RecordNumber values give Correct result using EventLogApis,
> like reading Message But the same number doesn't have validity in WMI
> Studio

This sounds more like a problem in WMI Studio, than in Vista as long as
the API is working correctly. WMI Studio is pretty old now (c.2002?) and I
doubt anyone at Microsoft is doing any maintenance on it. So it might just
be a fact of life. Unless someone wants to write a KB article. Generally,
SDK tools don't get the same support and maintence resources from Microsoft
that revenue-generating products get (whether that's a good or bad thing, is
a separate discussion).

> 'GetOldestEventLogRecord' API returns always 1, even if oldest
> RecordNumber
> is greater than 1

Interesting. I might try to repro, if I can get my Event Log to start with a
record higher than 1. But not many dev support guys from Microsoft lurk in
this forum, so don't expect Microsoft to act on a bug report based on your
post. If your company has a support agreement with Microsoft, your best bet
would be to open a Service Request, to report the bug. If you don't want the
administrative overhead of an SR, you can submit feedback via this webpage:
http://feedback.windowsvista.micros...kurl=http://support.microsoft.com/gp/cp_vista
That will have a better chance of reaching the Product Group in Microsoft,
than a post here will.

Regards,
--
Andrew McLaren
amclar (at) optusnet dot com dot au
 
You must log in or register to reply here.
Back
Top Bottom