Event Log Records
Information about each event is stored in the event log in an event log record. The event log record includes time, type, and category information. For more information, see the EVENTLOGRECORD structure.
The RecordNumber member of EVENTLOGRECORD contains the record number for the event log record. The very first record written to an event log is record number 1, and other records are numbered sequentially. If the record number reaches ULONG_MAX, the next record number will be 0, not 1; however, you use zero to seek to the record.
If the Retention registry value is set to zero, the event records are overwritten when the maximum log size is reached. Therefore, the oldest record in an event log may not be record number 1. To identify the oldest record in the log, call the GetOldestEventLogRecord function. You can then call the GetNumberOfEventLogRecords function and add the returned value to the oldest record number to determine the newest record.
You can read individual records from the event log using the ReadEventLog function. For more information, see Querying for Event Information.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for