EvtArchiveExportedLog失败，并显示ERROR_DIRECTORY [英] EvtArchiveExportedLog fails with ERROR_DIRECTORY

问题描述

我需要将Windows事件日志中的某些事件导出到Windows Server 2008 R2上的XML.为此，我使用EvtExportLog将这些事件导出到文件中，然后尝试使用EvtArchiveExportedLog获取事件的本地化描述. 这是示例:

I need to export some events from Windows Event Log to XML on Windows Server 2008 R2. To achieve it I export these events to a file using EvtExportLog and then try to use EvtArchiveExportedLog to get localized descriptions for events. Here's the sample:

EvtExportLog( 0, 0, query, logFileName, EvtExportLogChannelPath );
EvtArchiveExportedLog( 0, logFileName, 0, 0 );

EvtExportLog函数成功并创建了.evtx文件，但EvtArchiveExportedLog始终失败，并显示ERROR_DIRECTORY错误代码.我不知道这种行为的原因是什么.

EvtExportLog function succeeds and creates .evtx file but EvtArchiveExportedLog constantly fails with ERROR_DIRECTORY error code. I have no idea what the reason of such behaviour is.

推荐答案

似乎我找到了原因. EvtArchiveExportedLog对承载事件日志服务的svchost.exe进行RPC调用.此服务尝试在％windir％\ ServiceProfiles \ LocalService \ AppData \ Local \ Temp"文件夹中创建文件，失败并显示ERROR_ACCESS_DENIED代码，并将ERROR_DIRECTORY返回给RPC客户端.就RPC服务器模拟客户端而言，解决方案是向调用线程授予访问权限.

It seems that I've found the reason. EvtArchiveExportedLog makes an RPC call to svchost.exe which hosts eventlog service. This service tries to create a file in "%windir%\ServiceProfiles\LocalService\AppData\Local\Temp" folder, fails with ERROR_ACCESS_DENIED code and returns ERROR_DIRECTORY to RPC client. So far as RPC server impersonates client, the solution is to grant access privileges to the calling thread.

这篇关于EvtArchiveExportedLog失败，并显示ERROR_DIRECTORY的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！