Victor
Reputation: 182
How to open windows' service-specific event log
We need to read service-specific event log "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" programmatically. Following code
LPWSTR pwsLogName = L"Microsoft-Windows-TerminalServices-LocalSessionManager/Operational";
HANDLE hEventLog = OpenEventLog(nullptr, pwsLogName);
results opening "Application" log instead of required.
In the same time command line utility wevtutil can succesfuly read needed log:
wevtutil query-events Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
What are we doing wrong?
Upvotes: 0
Views: 1260
Answers (2)
jojo
Reputation: 31
The behaviour is by design; see: https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openeventloga
Todo: check if registry key exists first, then use openEventLog() if succeeded.
_stprintf_s(szKeyName, _T("System\\CurrentControlSet\\Services\\EventLog\\%s"),szLogName);
dwRet = RegOpenKey(HKEY_LOCAL_MACHINE, szKeyName, &hKey);
if (ERROR_SUCCESS == dwRet)
{
RegCloseKey(hKey);
// continue with openEventLog()
Upvotes: 1
Related Questions
- Open an Event object created by my service from my application
- Can C# window service automatically log into custom eventsource/log
- Reading event logs from Application and services logs using c# | PrintServices
- Logging Events in a Windows Service Program
- Where can I find Window service event logs?
- Logging Windows Service
- How to read event log created in windows service app?
- WIndow Services Event ID
- Get event viewer logs with win api in c++
- How do i read the eventlog of windows service