NetAuditRead or Net32AuditRead

The NetAuditRead API reads from the audit log on a server.

The NetAuditRead API replaces the NetAuditOpen API, which is now obsolete.

To read an entire audit log, an application must call NetAuditRead repeatedly until the API indicates that there is no more data to be read. Each call to NetAuditRead returns a handle that must be provided to any subsequent call to NetAuditRead. This handle changes with each subsequent call; it is not a system file handle and never should be treated as such.

Note: The audit log can contain more than 64KB of data. If pusBytesReturned is 0 and pusBytesAvail is not 0, usBuflen is too small to hold all the records in the file, and the application should continue to reiterate calls to this API until pusBytesReturned is returned as 0.

The value of pusBytesAvail can be 0xFFFF. This value means there can be 0xFFFF or more bytes of data available, which possibly is even more than 64KB (the maximum buffer size). In order to receive all the data available from this API, an application must reiterate the call until pusBytesReturned and pusBytesAvail both are returned as 0.

pusBytesReturned applies to the last complete record in the buffer. However, a partial record may be left at the end of the buffer. You may not know whether the area following the last entry is null unless you check.

Restrictions

Syntax

Parameters

Return Codes

Related Information