Forums | Admin Discussion Forums: help Start New Thread Nested Flat Threaded Ultimate Show 25 Show 50 Show 75 Show 100   By: Daniel Berger RE: Adv evt log descriptions - not retrieved [ reply ]   2009-02-17 01:19 Windows XP and Windows 2003 have different EventMessageFile's. So, the short answer is that you generally can't read a 2003 event log on Windows XP. There's nothing we can do about it I'm afraid. Regards, Dan By: Stuart Clarke RE: Adv evt log descriptions - not retrieved [ reply ]   2009-02-11 21:00 It doesn't gather that information in XP either. It is just a test log from a Virtual machine so I will be able to send it across. I will send it to your email. Thanks a lot for your help. By: Daniel Berger RE: Adv evt log descriptions - not retrieved [ reply ]   2009-02-11 20:46 Hm, and you're able to see all the information if you open up the 2003 event log in xp? Is there any chance you can send Park or I a copy of the eventlog as an attachment so we can analyze it? Dan By: Stuart Clarke RE: Adv evt log descriptions - not retrieved [ reply ]   2009-02-11 11:26 Hi Dan, Thanks for replying. The logs are from Server 2003, my application is using 1.86 Ruby with win32 version 0.5.0 and it is running on a Windows XP machine. Just FYI I am reading backed up event logs recovered from Server 2003. Many thanks By: Daniel Berger RE: Adv evt log descriptions - not retrieved [ reply ]   2009-02-10 12:18 Hi Stuart, What platform? What version of Ruby? What version of win32-eventlog? Thanks, Dan By: Stuart Clarke Adv evt log descriptions - not retrieved [ reply ]   2009-02-09 19:42 Hi, I have written a regular expression to pull out the IP address of all successful or failed logon attempts of type 10 (this is an RDP logon attempt). When an RDP logon occurs it writes a longer event descriptin like this: Successful Logon: User Name: Administrator Domain: XXXXXXXX Logon ID: (XXXXXX) Logon Type: 10 Logon Process: User32 Authentication Package: Negotiate Workstation Name: XXXXXXX Logon GUID: - Caller User Name: XXXXXXXX$ Caller Domain: WORKGROUP Caller Logon ID: (XXXXXXX) Caller Process ID: XXXX Transited Services: - Source Network Address: XXX.XXX.XXX.XXX Source Port: XXXX The source Netwotk Address is the IP address and is not picked up by event description? Is this due to it not being programmed in? Many thanks