EvtArchiveExportedLog fails with ERROR_DIRECTORY

随声附和 提交于 2020-01-14 11:16:29

问题


I need to export some events from Windows Event Log to XML on Windows Server 2008 R2. To achieve it I export these events to a file using EvtExportLog and then try to use EvtArchiveExportedLog to get localized descriptions for events. Here's the sample:

EvtExportLog( 0, 0, query, logFileName, EvtExportLogChannelPath );
EvtArchiveExportedLog( 0, logFileName, 0, 0 );

EvtExportLog function succeeds and creates .evtx file but EvtArchiveExportedLog constantly fails with ERROR_DIRECTORY error code. I have no idea what the reason of such behaviour is.


回答1:


It seems that I've found the reason. EvtArchiveExportedLog makes an RPC call to svchost.exe which hosts eventlog service. This service tries to create a file in "%windir%\ServiceProfiles\LocalService\AppData\Local\Temp" folder, fails with ERROR_ACCESS_DENIED code and returns ERROR_DIRECTORY to RPC client. So far as RPC server impersonates client, the solution is to grant access privileges to the calling thread.



来源:https://stackoverflow.com/questions/3301271/evtarchiveexportedlog-fails-with-error-directory

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!