I'm trying to update the maximum log file size of the event log using EvtSetChannelConfigProperty() function. I don't get an error during the execution or run time. The maximum log file size is updated. But it isn't the same as I specified in the program.
Program:
UINT64 myvalue = 20544;
EVT_VARIANT value;
value.Count = 1;
value.Type = EvtVarTypeUInt64;
value.UInt64Arr = &myvalue;
EVT_HANDLE hlog = EvtOpenChannelConfig(NULL, L"Security", 0);
BOOL check = EvtSetChannelConfigProperty(hlog, EvtChannelLoggingConfigMaxSize, 0, &value);
check = EvtSaveChannelConfig(hlog, 0);
if (hlog)
EvtClose(hlog);
Looks like you're setting the property to the pointer to your variable, not its value.
Instead of
value.UInt64Arr = &myvalue;
try
value.UInt64Val = myvalue;