[Win32utils-devel] RE: Another Interesting "Problem" with
Win32-EventLog
win32utils-devel at rubyforge.org
win32utils-devel at rubyforge.org
Mon Oct 18 12:02:15 EDT 2004
> -----Original Message-----
> From: Joey Gibson [mailto:joey at joeygibson.com]
> Sent: Monday, October 18, 2004 9:29 AM
> To: Ruby-Talk; Berger, Daniel
> Subject: Another Interesting "Problem" with Win32-EventLog
>
>
> After Daniel patched the Win32-EventLog code to properly handle
> "strange" event messages (I'll leave it to Daniel to explain that) my
> program started working, but then dies. Here's the full text
> of the program:
>
> require 'win32/eventlog'
> include Win32
>
> log = EventLog.open("Application")
>
> log.read do |rec|
> puts rec.inspect if rec.source == 'sshd'
> end
>
> I wrote this script because I've been getting thousands of
> infiltration
> attempts via ssh, and I wanted to pull all the ssh messages
> out and do
> "something" with them. I've been running the script thusly;
>
> ruby el.rb > el.out
>
> It runs for a few/several seconds then dies with this:
>
> This application has requested the Runtime to terminate it in
> an unusual
> way.
> Please contact the application's support team for more information.
>
> The output in the redirected file is truncated when the process died.
> I've tried outputting to a file directly instead of just
> going to stdout
> and redirecting, but it does the same thing. The last run I did was a
> few minutes ago, and the output file had 1433 complete lines (the
> #inspect gets everything on one line) and 1 truncated line. There are
> many more events still to be read.
>
> Does this ring a bell with anyone?
>
> Here are my vitals:
>
> ruby 1.8.2 (2004-07-29) [i386-mswin32]
> WindowsXP Pro sp1
> Win32-EventLog - built from CVS on 10/14.
>
> Joey
Hi Joey,
I cannot duplicate this on my Windows XP Pro box here at work. However,
the largest eventlog size I have is 518 records (in "System").
One thing I would add is "log.close" at the end of your script, but I
doubt that's the issue.
It's possible that there's a subtle bug in our code that only manifests
itself if you iterate over a high number of records. Is there any
chance you could provide a backtrace?
Regards,
Dan
More information about the win32utils-devel
mailing list