Writes an entry at the end of the specified event log.
Syntax
|
BOOL ReportEvent(
__in HANDLE hEventLog,
__in WORD wType,
__in WORD wCategory,
__in DWORD dwEventID,
__in PSID lpUserSid,
__in WORD wNumStrings,
__in DWORD dwDataSize,
__in LPCTSTR *lpStrings,
__in LPVOID lpRawData
);
|
Parameters
- hEventLog [in]
-
A handle to the event log. This handle is returned by the
RegisterEventSource function.
As of Windows XP SP2, this parameter cannot be a handle to the Security log. To write an event to the Security log, use the AuthzReportSecurityEvent function.
- wType [in]
-
The type of event to be logged. This parameter can be one of the following values.
| Value | Meaning |
|---|
|
EVENTLOG_SUCCESS
0x0000
| Information event
|
|
EVENTLOG_AUDIT_FAILURE
0x0010
| Failure Audit event
|
|
EVENTLOG_AUDIT_SUCCESS
0x0008
| Success Audit event
|
|
EVENTLOG_ERROR_TYPE
0x0001
| Error event
|
|
EVENTLOG_INFORMATION_TYPE
0x0004
| Information event
|
|
EVENTLOG_WARNING_TYPE
0x0002
| Warning event
|
For more information about event types, see
Event Types.
- wCategory [in]
-
The event category. This is source-specific information; the category can have any value. For more information, see
Event Categories.
- dwEventID [in]
-
The event identifier. The event identifier specifies the entry in the message file associated with the event source. For more information, see Event Identifiers.
- lpUserSid [in]
-
A pointer to the current user's security identifier. This parameter can be NULL if the security identifier is not required.
- wNumStrings [in]
-
The number of insert strings in the array pointed to by the lpStrings parameter. A value of zero indicates that no strings are present.
- dwDataSize [in]
-
The number of bytes of event-specific raw (binary) data to write to the log. If this parameter is zero, no event-specific data is present.
- lpStrings [in]
-
A pointer to a buffer containing an array of null-terminated strings that are merged into the message before Event Viewer displays the string to the user. This parameter must be a valid pointer (or NULL), even if wNumStrings is zero. Each string has a limit of 32K characters.
- lpRawData [in]
-
A pointer to the buffer containing the binary data. This parameter must be a valid pointer (or NULL), even if the dwDataSize parameter is zero.
Return Value
If the function succeeds, the return value is nonzero, indicating that the entry was written to the log.
If the function fails, the return value is zero. To get extended error information, call
GetLastError.
Remarks
This function is used to log an event. The entry is written to the end of the configured log for the source identified by the hEventLog parameter. The
ReportEvent function adds the time, the entry's length, and the offsets before storing the entry in the log. To enable the function to add the username, you must supply the user's SID in the lpUserSid parameter.
Note that there is no way to log a string that contains %n, where n is an integer value. This syntax is used in IPv6 addresses, so it is a problem to log an event message that contains an IPv6 address. For example, if the message text contains %1, the event viewer treats it as an insertion string.
Examples
For an example, see
Reporting an Event.
Requirements
| Client | Requires Windows Vista, Windows XP, or Windows 2000 Professional. |
|---|
| Server | Requires Windows Server 2008, Windows Server 2003, or Windows 2000 Server. |
|---|
| Header | Declared in Winbase.h; include Windows.h. |
|---|
| Library | Use Advapi32.lib. |
|---|
| DLL | Requires Advapi32.dll. |
|---|
| Unicode/ANSI | Implemented as ReportEventW (Unicode) and ReportEventA (ANSI). |
|---|
See Also
Event Logging Functions
ClearEventLog
CloseEventLog
OpenEventLog
ReadEventLog
RegisterEventSource
Event Log File Format
Send comments about this topic to Microsoft
Build date: 9/19/2008