Hooking into Windows Event Viewer

[Sean]

Here is a code I found that notifies if an event has been generated. I
still can't find anything that would actually grab the event and export
it a file which is what I am trying to do

#include <windows.h>
#include <stdio.h>


BOOL notifyChange(LPCTSTR logSource)
{
BOOL bSuccess;
HANDLE hEventLog, hEvent;
DWORD dwWaitResult;

hEventLog = OpenEventLog(NULL, // local machine
logSource); // event log source name
if (hEventLog == NULL)
{
printf("Could not open event log.");
return FALSE;
}

hEvent = CreateEvent(NULL, // default security attributes
FALSE, // no manual reset
FALSE, // create as not signaled
NULL); // no event name

NotifyChangeEventLog(hEventLog, hEvent);

dwWaitResult = WaitForSingleObject(hEvent, INFINITE);
if (dwWaitResult == WAIT_FAILED)
bSuccess = FALSE;
else bSuccess = TRUE;

CloseHandle(hEvent);
CloseEventLog(hEventLog);
return bSuccess;
}

What i am stuck on right now is the "LPCTSTR logSource". Where do I
find the source of the log and how do I pass store it in a LPCTSTR.

Can anyone give me a better suggestion. i am basically trying to grab
any info that is generated by Windows Event logger (event ID, type of
event, message, user, etc) to a text file.

 

[Salt_Peter]

Here is a code I found that notifies if an event has been generated. I
still can't find anything that would actually grab the event and export
it a file which is what I am trying to do

What follows is not C++, consider asking in a relevent newsgroup.
Consult the following for a potential list of possibilities:
[5.9] Which newsgroup should I post my questions?
http://www.parashift.com/c++-faq-lite/how-to-post.html