Problem in code to display EVT file contents in Event Viewer

S

shanks

Hi,

I've written code to view the contents of an Event file (.EVT) in
Windows' Event Viewer.

I've created a new Registry entry:
SYSTEM\\CurrentControlSet\\Services\\EventLog\\My_Events.

The "File" subkey of this entry has the value:
%SystemRoot%\system32\config\MyEvent.Evt

(This file name is a #define in the code. So if I want to open
"AnotherEventFile.Evt", I set the #define to this file.)

Now the PROBLEM:

Right after executing my code, I DO NOT see the contents of the EVT
file in Event Viewer. The Registry entry has the correct EVT file
specified, Event Viewer correctly shows a section called "My_Events"
below the "Application", "System" and "Security" sections, and when I
view the properties of "My_Events", the correct EVT file specified is
seen.

ONLY WHEN I RESTART MY SYSTEM DO I SEE THE CONTENTS OF THE FILE.

Why can I not see the EVT file contents right after my code executes??

Is this a refresh problem, in which case some API is to be used to
notify Windows that a Registry value has been updated?

Will be grateful if someone could help me out with this!

Thanks in advance,
Shankar
 
D

Dave Patrick

No clue about your code. (ask them in one of the dev groups) but make sure
the value "File" is type Reg_Expand_Sz

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi,
|
| I've written code to view the contents of an Event file (.EVT) in
| Windows' Event Viewer.
|
| I've created a new Registry entry:
| SYSTEM\\CurrentControlSet\\Services\\EventLog\\My_Events.
|
| The "File" subkey of this entry has the value:
| %SystemRoot%\system32\config\MyEvent.Evt
|
| (This file name is a #define in the code. So if I want to open
| "AnotherEventFile.Evt", I set the #define to this file.)
|
| Now the PROBLEM:
|
| Right after executing my code, I DO NOT see the contents of the EVT
| file in Event Viewer. The Registry entry has the correct EVT file
| specified, Event Viewer correctly shows a section called "My_Events"
| below the "Application", "System" and "Security" sections, and when I
| view the properties of "My_Events", the correct EVT file specified is
| seen.
|
| ONLY WHEN I RESTART MY SYSTEM DO I SEE THE CONTENTS OF THE FILE.
|
| Why can I not see the EVT file contents right after my code executes??
|
| Is this a refresh problem, in which case some API is to be used to
| notify Windows that a Registry value has been updated?
|
| Will be grateful if someone could help me out with this!
|
| Thanks in advance,
| Shankar
|
 
S

shanks

Thanks, Dave. Yes, I have used "Reg_Expand_Sz".
Will post this question on a Dev group as you say. But if you come up
with some ideas, pls let me know. Thanks.
 
D

Dave Patrick

You're welcome.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Thanks, Dave. Yes, I have used "Reg_Expand_Sz".
| Will post this question on a Dev group as you say. But if you come up
| with some ideas, pls let me know. Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event Viewer - Deleting Custom Log Files 2
How to open evt file via DOS command 2
Event Viewer 3
confused listview.items during itemChecked Event 2
Exporting the System/Application event log 1
event viewer shows only one message 2
Event Viewer 2
EventLog 1

Top