I've been working on windows log collection for a while. Can somebody please help me how to find the size of windows logs (Security, Application, System, etc) and also how to get the number of events that has been inserted into it. I need to access them using C++. There's a windows function EvtQuery to execute the query in C++.
I'm able to fetch the contents written in the log file. But how do I get the file size and the number of events which are not fields inside it?
Please refer the link to find details on the EvtQuery function: https://learn.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtquery
Please help
Thank you.
You Could use a combination of GetFileSizeEx to get the file size of the log and GetNumberOfEventLogRecords to retrieve the number of records in the specified event log.