EventID is an obsolete property. So if you were using this property your question is: How do I get this information alternatively? The Microsoft online help suggests that:
"Two event log entries from the same source can have matching EventID values, but have different InstanceId values due to differences in the top two bits of the event identifier. "
The solution:
int EventID = (int) (Entry.InstanceID & 0x3fff)
Explanation
the EventID is stored in the 14 rightmost bits. '&' is a bitwise operation and 0x3fff is the hex representation of the binary sequence: 0011 (3) 1111 (f) 1111 (f) 1111 (f) this bitwise operation sets all bits other than the 14 rightmost bits to '0'. Et voila!
My rant: "top 2 bits." That's like losing something in a tetradecagon-shaped room and said it was placed in a corner. let me explain to you why:
EventID is an int (32 bits), InstanceID is a long(64 bits). So, is it the top 2 bits of the long or the int? answer: Neither -.-
In fact, EventID is 14 bits, 2 smaller than a short, hence the difference between an EventID and InstanceID is the top 2 bits of a short inside a long that is referenced as an int (what?). But that would mean that InstanceID is a short which it clearly isn't. The writer made a riddle out of a description attempt. When I go to a resource page, I'm looking for clear answers, not riddles.
Friday, October 31, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment