Hi,

I've written code to view the contents of an Event file (.EVT) in
Windows' Event Viewer.

I've created a new Registry entry:
SYSTEM\\CurrentControlSet\\Services\\EventLog\\My_Events.

The "File" subkey of this entry has the value:
%SystemRoot%\system32\config\MyEvent.Evt

(This file name is a #define in the code. So if I want to open
"AnotherEventFile.Evt", I set the #define to this file.)

Now the PROBLEM:

Right after executing my code, I DO NOT see the contents of the EVT
file in Event Viewer. The Registry entry has the correct EVT file
specified, Event Viewer correctly shows a section called "My_Events"
below the "Application", "System" and "Security" sections, and when I
view the properties of "My_Events", the correct EVT file specified is
seen.

ONLY WHEN I RESTART MY SYSTEM DO I SEE THE CONTENTS OF THE FILE.

Why can I not see the EVT file contents right after my code executes??

Is this a refresh problem, in which case some API is to be used to
notify Windows that a Registry value has been updated?

Will be grateful if someone could help me out with this!

Thanks in advance,
Shankar

No clue about your code. (ask them in one of the dev groups) but make sure
the value "File" is type Reg_Expand_Sz

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"shanks" wrote:
| Hi,
|
| I've written code to view the contents of an Event file (.EVT) in
| Windows' Event Viewer.
|
| I've created a new Registry entry:
| SYSTEM\\CurrentControlSet\\Services\\EventLog\\My_Events.
|
| The "File" subkey of this entry has the value:
| %SystemRoot%\system32\config\MyEvent.Evt
|
| (This file name is a #define in the code. So if I want to open
| "AnotherEventFile.Evt", I set the #define to this file.)
|
| Now the PROBLEM:
|
| Right after executing my code, I DO NOT see the contents of the EVT
| file in Event Viewer. The Registry entry has the correct EVT file
| specified, Event Viewer correctly shows a section called "My_Events"
| below the "Application", "System" and "Security" sections, and when I
| view the properties of "My_Events", the correct EVT file specified is
| seen.
|
| ONLY WHEN I RESTART MY SYSTEM DO I SEE THE CONTENTS OF THE FILE.
|
| Why can I not see the EVT file contents right after my code executes??
|
| Is this a refresh problem, in which case some API is to be used to
| notify Windows that a Registry value has been updated?
|
| Will be grateful if someone could help me out with this!
|
| Thanks in advance,
| Shankar
|

Thanks, Dave. Yes, I have used "Reg_Expand_Sz".
Will post this question on a Dev group as you say. But if you come up
with some ideas, pls let me know. Thanks.


Dave Patrick wrote:
> No clue about your code. (ask them in one of the dev groups) but make sure
> the value "File" is type Reg_Expand_Sz
>
> --
> Regards,
>
> Dave Patrick ....Please no email replies - reply in newsgroup.
> Microsoft Certified Professional
> Microsoft MVP [Windows]
> http://www.microsoft.com/protect
>
> "shanks" wrote:
> | Hi,
> |
> | I've written code to view the contents of an Event file (.EVT) in
> | Windows' Event Viewer.
> |
> | I've created a new Registry entry:
> | SYSTEM\\CurrentControlSet\\Services\\EventLog\\My_Events.
> |
> | The "File" subkey of this entry has the value:
> | %SystemRoot%\system32\config\MyEvent.Evt
> |
> | (This file name is a #define in the code. So if I want to open
> | "AnotherEventFile.Evt", I set the #define to this file.)
> |
> | Now the PROBLEM:
> |
> | Right after executing my code, I DO NOT see the contents of the EVT
> | file in Event Viewer. The Registry entry has the correct EVT file
> | specified, Event Viewer correctly shows a section called "My_Events"
> | below the "Application", "System" and "Security" sections, and when I
> | view the properties of "My_Events", the correct EVT file specified is
> | seen.
> |
> | ONLY WHEN I RESTART MY SYSTEM DO I SEE THE CONTENTS OF THE FILE.
> |
> | Why can I not see the EVT file contents right after my code executes??
> |
> | Is this a refresh problem, in which case some API is to be used to
> | notify Windows that a Registry value has been updated?
> |
> | Will be grateful if someone could help me out with this!
> |
> | Thanks in advance,
> | Shankar
> |

You're welcome.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

"shanks" wrote:
| Thanks, Dave. Yes, I have used "Reg_Expand_Sz".
| Will post this question on a Dev group as you say. But if you come up
| with some ideas, pls let me know. Thanks.