Re: Security Log problem

From: Yu Chen (yuchen_at_online.microsoft.com)
Date: 04/06/04


Date: Tue, 6 Apr 2004 11:46:17 -0700

Simon,

I can't reproduce your problem on a Window 2003 server machine. When there's
only one 517 audit in the security log, GetOldestEventLogRecord returns 1.

What platform does your application run on? When you say
GetOldestEventLogRecord fails, do you mean it returns FALSE (if so, what
does GetLastError() return?), or does it return some strange value in
OldestRecord?

Thanks,

Yu Chen [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.

"Simon" <anonymous@discussions.microsoft.com> wrote in message
news:E65DC609-359F-490D-A172-D58E45DF9D41@microsoft.com...
> Hi,
>
> I'm working on an application that monitors the event logs for changes.
It works fine except for one instance. When the security log is cleared,
there is a success audit placed into the security log (event id 517). My
code calls the GetOldestEventLogRecord() function any time an event log is
cleared to reset its index variable. When this success audit is the only
thing in the security log, the GetOldestEventLogRecord() function does not
return its index.
> I'm wondering if anybody knows of a workaround for this, or knows if it is
impossible to get the record number of this success audit, or has any other
ideas on the subject.
>
> Thanks,
>
> Simon