TechQA.

EvtSubscribe doesn't work with query on EventRecordID

966 views Asked by At

I'm trying to subscribe on upcoming events using function EvtSubscribe:

hsubscription = microsoft_EvtSubscribe(
    NULL,                          // session
    NULL,                          // signal
    NULL,                          // channel path
    L"<QueryList><Query Id="0" Path='Application'><Select>*[System[EventRecordID >= 1037374]]</Select></Query></QueryList>" // query
    NULL,                          // bookmark
    context,                       // context
    clbk,                          // callback
    EvtSubscribeToFutureEvents     // flags
);

But the callback has never been called back. I tried several approaches using XPath + channel path: Event/System[EventRecordID=1037374], *[System/EventRecordID=1037374], but it doesn't work neither. BTW, whenever the subscription is created for any other field (like: *[System/Computer="windows-build"]) everything works perfectly fine.

What am I doing wrong? Thanks

windows event-log msdn
Original Q&A
0

There are 0 answers

Related Questions in WINDOWS

Related Questions in EVENT-LOG

Related Questions in MSDN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions