search for: eventlogstruct

...read backwards sequentially. C:\eclipse\workspace\win32-eventlog>irb irb(main):001:0> require ''win32/eventlog'' => true irb(main):002:0> include Win32 => Object irb(main):003:0> EventLog.open(''Security'').tail{ |log| p log } #<struct Struct::EventLogStruct record_number=15399, time_generated=Fri May 19 19:54:25 MDT 2006, time_written=Fri May 1 9 19:54:25 MDT 2006, event_id=680, event_type="audit failure", category=9, source="Security", computer="IMPERATOR", user ="SYSTEM", description="Logon attempt by:...

...rit I tried changing the second param to > ''L'', but that didn''t seem to have any effect. > > Any ideas? > > Dan Here''s some more info. Using the C version of win32-eventlog I can see the record in question looks like this: #<struct Struct::EventLogStruct record_number=12302, time_generated=Sat Mar 18 23:13:43 MST 2006, ti me_written=Sat Mar 18 23:13:43 MST 2006, event_id=11203, event_type="error", category=0, source="Sms Client", computer="CO3840GDJBERGEX", user=nil, description="Software updates evaluation failed...

...6 at gmail.com> wrote: >> Can you tell us which record numbers in particular are causing you >> problems? We aren''t finding any issues. > > all of them. the description is not complete or empty. > > in windows xp it works fine, eg > > #<struct Struct::EventLogStruct record_number=268, time_generated=Tue Dec 04 12: > 10:48 +0800 2007, time_written=Tue Dec 04 12:10:48 +0800 2007, event_id=642, eve > nt_type="audit_success", category=7, source="Security", computer="BG-MIS-PBOT", > user="Pe\361aIJM", string_inserts=...

All, I got a bug report from Greg Holmes where the description wasn''t being returned properly. At the moment, if there''s no event associated with the event id, then the description is empty. However, it turns out that there can still be associated information about the event. So, I propose the following tweak to the get_description private method: # If FormatMessage()