in reply to Win32::EventLog *complete* message retrieval

NT Event message CODES are stored in the event logs.

The message text is retrieved by the event viewer by calling the dll that wrote the event.

This is why you can read text for all events ON THE MACHINE WHERE THEY WERE CREATED. When viewing events remotely, eventviewer tries to call the source dll - if it is absent, the text is not translated.

Hope this helps.

Offense, like beauty, is in the eye of the beholder, and a fantasy.
By guaranteeing freedom of expression, the First Amendment also guarntees offense.
  • Comment on Re: Win32::EventLog *complete* message retrieval

Replies are listed 'Best First'.
Re: Re: Win32::EventLog *complete* message retrieval
by Anonymous Monk on May 29, 2004 at 12:38 UTC
    Thanks NetWallah.

    I've looked into this further and came across some vb code to query the registry to find out the name of the appropriate binary resource file and retrieve the message using that file. I'll have a play around with that.

    Greg

[reply]

In Section Seekers of Perl Wisdom