Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Eventlog Syntax issue

Dec
231
2
I am using version 13.04:

Command "EVENLOG" show the following syntax in the manual:

EVENTLOG [S"source" /Cn /E /I /W] message

this syntax works but when using the /= option the following syntax is generated:

EVENTLOG [/S"source" /Cn /E /I /W] message

and this doesn't work.

Craig Gunhouse
 
What exactly are you typing? /= isn't meant to be combined with other options.
 
From the command line,
Code:
eventlog /s"testsource" /c7 /i foo
(as expected) gives an event with source "testsource" and message "foo. This
Code:
eventlog s"testsource" /c7 /i foo
gives an event with source "TCC.EXE" and message "s"testsource" /c7 /i foo" (that would also seem to be as expected).
The problem with the /= dialog is that it doesn't put the "/Ssource" first, where the help says it must be, even of it's the first thing you enter in the dialog. It puts the category first. Below, I entered the source before I entered the category, and recalled the command after it failed.
Code:
v:\> eventlog /=
TCC: (Sys) The parameter is incorrect.
"Stestsource4"
Usage : EVENTLOG [/Ssource] [/Cn /EIW] message
 
v:\> EVENTLOG /C666 /Stestsource4 foo
 
And the error message I get when I use EVENTLOG not elevated is odd:
Code:
v:\> eventlog /s"testsource" /c666 /i foo
TCC: (Sys) The operation completed successfully.
 
And the error message I get when I use EVENTLOG not elevated is odd:
Code:
v:\> eventlog /s"testsource" /c666 /i foo
TCC: (Sys) The operation completed successfully.
And I don't understand why EVENTLOG should fail at all for me, an admin, not elevated, under UAC. Under those circumstances, this feeble attempt results in an event log entry (with the expected "source cannot be found" caveat).
Code:
    HANDLE hEventLog = OpenEventLog(NULL, L"Application");
    if ( hEventLog == NULL )
        Error(L"OpenEventLog()", GetLastError());
    HANDLE hEventSource = RegisterEventSource(NULL, L"NoExist");
    if ( hEventSource == NULL )
        Error(L"RegisterEventSource()", GetLastError());
    LPCWSTR szMessage = L"foo";
    if ( !ReportEvent(hEventSource, EVENTLOG_SUCCESS, 888, 666, NULL, 1, 0, &szMessage, NULL) )
        Error(L"ReportEvent()", GetLastError());
 
And I don't understand why EVENTLOG should fail at all for me, an admin, not elevated, under UAC. Under those circumstances, this feeble attempt results in an event log entry (with the expected "source cannot be found" caveat).

You're not creating the event source (in the HKLM registry tree), which is where the elevation is required.
 
You're not creating the event source (in the HKLM registry tree), which is where the elevation is required.
Yeah, I figured that out after remembering how it all works.

There's a small error in the help. It says the category may be 0-999999. But it's a WORD and indeed, 65536 results in 0, 65537 results in 1.
 
Sorry after more testing, it appears to be the placement of the "/S" option:

[C:\Program Files\JPSoft\TCMD13x64]EVENTLOG /S"TEST" /E /C1 TEST
TCC: (Sys) The operation completed successfully.

[C:\Program Files\JPSoft\TCMD13x64]EVENTLOG /E /C1 /S"TEST" TEST
TCC: (Sys) The parameter is incorrect.
"S"TEST""
Usage : EVENTLOG [/Ssource] [/Cn /EIW] message

And EVENTLOG /= generates syntax similar to the second fail syntax.

Craig
 

Similar threads

Back
Top