ReportEvent Function (Windows)

ReportEvent Function

Writes an entry at the end of the specified event log.

Syntax

C++

BOOL ReportEvent(
  __in  HANDLE hEventLog,
  __in  WORD wType,
  __in  WORD wCategory,
  __in  DWORD dwEventID,
  __in  PSID lpUserSid,
  __in  WORD wNumStrings,
  __in  DWORD dwDataSize,
  __in  LPCTSTR *lpStrings,
  __in  LPVOID lpRawData
);

Parameters

hEventLog [in]

A handle to the event log. The RegisterEventSource function returns this handle.

As of Windows XP with SP2, this parameter cannot be a handle to the Security log. To write an event to the Security log, use the AuthzReportSecurityEvent function.

wType [in]

The type of event to be logged. This parameter can be one of the following values.

Value	Meaning
EVENTLOG_SUCCESS 0x0000	Information event
EVENTLOG_AUDIT_FAILURE 0x0010	Failure Audit event
EVENTLOG_AUDIT_SUCCESS 0x0008	Success Audit event
EVENTLOG_ERROR_TYPE 0x0001	Error event
EVENTLOG_INFORMATION_TYPE 0x0004	Information event
EVENTLOG_WARNING_TYPE 0x0002	Warning event

For more information about event types, see Event Types.

wCategory [in]

The event category. This is source-specific information; the category can have any value. For more information, see Event Categories.

dwEventID [in]

The event identifier. The event identifier specifies the entry in the message file associated with the event source. For more information, see Event Identifiers.

lpUserSid [in]

A pointer to the current user's security identifier. This parameter can be NULL if the security identifier is not required.

wNumStrings [in]

The number of insert strings in the array pointed to by the lpStrings parameter. A value of zero indicates that no strings are present.

dwDataSize [in]

The number of bytes of event-specific raw (binary) data to write to the log. If this parameter is zero, no event-specific data is present.

lpStrings [in]

A pointer to a buffer containing an array of null-terminated strings that are merged into the message before Event Viewer displays the string to the user. This parameter must be a valid pointer (or NULL), even if wNumStrings is zero. Each string is limited to 31,839 characters.

Prior to Windows Vista: Each string is limited to 32K characters.

lpRawData [in]

A pointer to the buffer containing the binary data. This parameter must be a valid pointer (or NULL), even if the dwDataSize parameter is zero.

Return Value

If the function succeeds, the return value is nonzero, indicating that the entry was written to the log.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

This function is used to log an event. The entry is written to the end of the configured log for the source identified by the hEventLog parameter. The ReportEvent function adds the time, the entry's length, and the offsets before storing the entry in the log. To enable the function to add the username, you must supply the user's SID in the lpUserSid parameter.

Note that the string that you log cannot contain %n, where n is an integer value (for example, %1) because the event viewer treats it as an insertion string. Because an IPv6 address can contain this character sequence, you cannot log an event message that contains an IPv6 address.

Examples

For an example, see Reporting an Event.

Requirements

Minimum supported client	Windows 2000 Professional
Minimum supported server	Windows 2000 Server
Header	Winbase.h (include Windows.h)
Library	Advapi32.lib
DLL	Advapi32.dll
Unicode and ANSI names	ReportEventW (Unicode) and ReportEventA (ANSI)