Daniel Berger
2006-May-30 12:44 UTC
[Win32utils-devel] Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: [ANN] win32-eventlog 0.4.0))
Hi again, Pe?a wrote:> # > i get a segfault on windows-pr if i run mulitple tails by > # threading, one thread for each host i''m tailing. > > argh, this is getting tricky. i''m getting empty records and weird characters too :) > > -------- > record_number : 20983290 > time_generated : Tue May 30 16:15:27 China Standard Time 2006 > time_written : Tue May 30 16:15:27 China Standard Time 2006 > event_id : 642 > event_type : audit_success > category : 7 > description : User Account Changed: > Target Account Name: ztest2 > Target Domain: DMPI > Target Account ID: ? > ??????21-1995071569-205336168-60295696-9240} > Caller User Name: pe?aijm > Caller Domain: DMPI > Caller Logon ID: (0x0,0x16DF9294) > > --------(cc''d to the devel list) I just noticed the "China Standard Time". Do your event log records contain non-ascii text? If so, I''ll have to switch to the wide character version of ReadEventLog() I think. This might also explain the duplicate records you showed me earlier (?). Where are you located, btw? I forgot. Also, regarding the EventLog#notify_change method, I just remembered something. From the MSDN docs: The NotifyChangeEventLog function does not work with remote handles.> troubleshooting in win is terrible, i think i might as well go to the other route, that is, just let a linux syslog do the central processing. I really wanted to avoid the client installation, tsktsk.. anyway > > Dan, do you have a win32 util that sends a log snippet/record to a remote syslog server? I am not familiar w the format and the protocol, so i''m asking..If there''s a way to remotely log to a *nix syslog from Windows, I''m afraid I don''t know what it is. Anyone?> Also, do you have a utility that remotely installs a service/program? Agrh, the problem here is installing ruby on the remote nodes...The win32-service package should work. Check it out. Regards, Dan
Heesob Park
2006-May-30 13:14 UTC
[Win32utils-devel] Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: [ANN] win32-eventlog 0.4.0))
Hi, 2006/5/30, Daniel Berger <djberg96 at gmail.com>:> Hi again, > > Pe?a wrote: > > # > i get a segfault on windows-pr if i run mulitple tails by > > # threading, one thread for each host i''m tailing. > > > > argh, this is getting tricky. i''m getting empty records and weird characters too :) > > > > -------- > > record_number : 20983290 > > time_generated : Tue May 30 16:15:27 China Standard Time 2006 > > time_written : Tue May 30 16:15:27 China Standard Time 2006 > > event_id : 642 > > event_type : audit_success > > category : 7 > > description : User Account Changed: > > Target Account Name: ztest2 > > Target Domain: DMPI > > Target Account ID: ? > > ??????21-1995071569-205336168-60295696-9240} > > Caller User Name: pe?aijm > > Caller Domain: DMPI > > Caller Logon ID: (0x0,0x16DF9294) > > > > -------- >I guess the event logging Windows machine code page is different from the monitoring machine code page.> (cc''d to the devel list) > > I just noticed the "China Standard Time". Do your event log records > contain non-ascii text? If so, I''ll have to switch to the wide > character version of ReadEventLog() I think. This might also explain > the duplicate records you showed me earlier (?). > > Where are you located, btw? I forgot. > > Also, regarding the EventLog#notify_change method, I just remembered > something. From the MSDN docs: The NotifyChangeEventLog function does > not work with remote handles. > > > troubleshooting in win is terrible, i think i might as well go to the other route, that is, just let a linux syslog do the central processing. I really wanted to avoid the client installation, tsktsk.. anyway > > > > Dan, do you have a win32 util that sends a log snippet/record to a remote syslog server? I am not familiar w the format and the protocol, so i''m asking.. > > If there''s a way to remotely log to a *nix syslog from Windows, I''m > afraid I don''t know what it is. Anyone? >I think the Snare Agent for Windows(http://www.intersectalliance.com/projects/SnareWindows/index.html) might be useful.> > Also, do you have a utility that remotely installs a service/program? Agrh, the problem here is installing ruby on the remote nodes... >If your OS is XP or 2003, you can use the remote desktop connection with sharing disk drive.