开发者

EvtArchiveExportedLog fails with ERROR_DIRECTORY

开发者 https://www.devze.com 2023-01-08 19:26 出处:网络
I need to export some events from Windows Event Log to XML on Windows Server 2008 R2. To achieve it I export these events to a file using EvtExportLog and then try to use EvtArchiveExportedLog to get

I need to export some events from Windows Event Log to XML on Windows Server 2008 R2. To achieve it I export these events to a file using EvtExportLog and then try to use EvtArchiveExportedLog to get localized descriptions for events. Here's the sample:

EvtExportLog( 0, 0, query, logFileName, EvtExportLogChannelPath );
EvtArchiveExportedLog( 0, logFileName, 0, 0 );

EvtExportLog function succeeds and creates .evtx file but EvtArchiveE开发者_开发百科xportedLog constantly fails with ERROR_DIRECTORY error code. I have no idea what the reason of such behaviour is.


It seems that I've found the reason. EvtArchiveExportedLog makes an RPC call to svchost.exe which hosts eventlog service. This service tries to create a file in "%windir%\ServiceProfiles\LocalService\AppData\Local\Temp" folder, fails with ERROR_ACCESS_DENIED code and returns ERROR_DIRECTORY to RPC client. So far as RPC server impersonates client, the solution is to grant access privileges to the calling thread.

0

精彩评论

暂无评论...
验证码 换一张
取 消