win32utils-devel@rubyforge.org
2004-Oct-18 12:02 UTC
[Win32utils-devel] RE: Another Interesting "Problem" with Win32-EventLog
> -----Original Message----- > From: Joey Gibson [mailto:joey@joeygibson.com] > Sent: Monday, October 18, 2004 9:29 AM > To: Ruby-Talk; Berger, Daniel > Subject: Another Interesting "Problem" with Win32-EventLog > > > After Daniel patched the Win32-EventLog code to properly handle > "strange" event messages (I''ll leave it to Daniel to explain that) my > program started working, but then dies. Here''s the full text > of the program: > > require ''win32/eventlog'' > include Win32 > > log = EventLog.open("Application") > > log.read do |rec| > puts rec.inspect if rec.source == ''sshd'' > end > > I wrote this script because I''ve been getting thousands of > infiltration > attempts via ssh, and I wanted to pull all the ssh messages > out and do > "something" with them. I''ve been running the script thusly; > > ruby el.rb > el.out > > It runs for a few/several seconds then dies with this: > > This application has requested the Runtime to terminate it in > an unusual > way. > Please contact the application''s support team for more information. > > The output in the redirected file is truncated when the process died. > I''ve tried outputting to a file directly instead of just > going to stdout > and redirecting, but it does the same thing. The last run I did was a > few minutes ago, and the output file had 1433 complete lines (the > #inspect gets everything on one line) and 1 truncated line. There are > many more events still to be read. > > Does this ring a bell with anyone? > > Here are my vitals: > > ruby 1.8.2 (2004-07-29) [i386-mswin32] > WindowsXP Pro sp1 > Win32-EventLog - built from CVS on 10/14. > > JoeyHi Joey, I cannot duplicate this on my Windows XP Pro box here at work. However, the largest eventlog size I have is 518 records (in "System"). One thing I would add is "log.close" at the end of your script, but I doubt that''s the issue. It''s possible that there''s a subtle bug in our code that only manifests itself if you iterate over a high number of records. Is there any chance you could provide a backtrace? Regards, Dan
Possibly Parallel Threads
- RE: Another Interesting "Problem" with Win32-EventLog
- RE: Another Interesting "Problem" with Win32-EventLog
- win32-eventlog problem
- [ win32utils-Bugs-28904 ] Gem win32-eventlog v0.5.2 on Ruby 1.9.1 and 1.9.2
- seg on windows-pr-0.5.1 (was RE: win32-eventlog 0.4.0)