[Win32utils-devel] Tweak to win32-eventlog

Wayne Vucenic waynev at gmail.com
Sat Dec 16 19:13:42 EST 2006

Hi Dan,

It was great seeing you again at RubyConf Denver!

I gave the win32-eventlog 0.4.2 gem a try on my XP SP 2 system with
Ruby 1.8.5 (.NET 2.0 runtime installed), and I get two test failures:

C:\ruby\lib\ruby\gems\1.8\gems\win32-eventlog-0.4.2\test>ruby -v
ruby 1.8.5 (2006-08-25) [i386-mswin32]

C:\ruby\lib\ruby\gems\1.8\gems\win32-eventlog-0.4.2\test>ruby tc_eventlog.rb

Relax - this will take a few moments

Loaded suite tc_eventlog
Finished in 57.969 seconds.

  1) Failure:
test_seek_read(TC_EventLog) [tc_eventlog.rb:116]:
<11> expected but was

  2) Failure:
test_seek_read_backwards(TC_EventLog) [tc_eventlog.rb:123]:
<10> expected but was

26 tests, 5180 assertions, 2 failures, 0 errors

I tried debugging this a little. In the above 2 cases, after the
ReadEventLog call, GetLastError returns 87 ("The parameter is

I played around with calls that failed and calls that succeeded, and
finally got these two test cases:

This one works:
      flags = EventLog::SEQUENTIAL_READ | EventLog::FORWARDS_READ
      @records = EventLog.read(nil, nil, flags)

And this one fails:
      flags = EventLog::SEEK_READ | EventLog::FORWARDS_READ
      @records = EventLog.read(nil, nil, flags)

In the actual call to ReadEventLog in eventlog.rb line 460, the only
difference is the value of flags, which is 5 when it works, and 6 when
it fails.  I checked the Win32 documentation, and everything seems to
be fine, and it looks like both calls should succeed.

I'm perfectly willing to help debug this, if anyone can suggest what I
should try next.  I guess one next step would be to try making this
same call from C or C++, but I didn't try that yet.

I also tried on Win2K SP4, Ruby 1.8.2, and that works fine.



On 12/16/06, Daniel Berger <djberg96 at gmail.com> wrote:
> On 12/13/06, Daniel Berger <djberg96 at gmail.com> wrote:
> > All,
> >
> > I got a bug report from Greg Holmes where the description wasn't being
> > returned properly.  At the moment, if there's no event associated with
> > the event id, then the description is empty.
> >
> > However, it turns out that there can still be associated information
> > about the event.  So, I propose the following tweak to the
> > get_description private method:
> >
> > # If FormatMessage() returned 0, but va_list isn't empty,
> > # then return the va_list instead.
> > if val == 0 && !va_list.empty?
> >     buf = va_list.join("\n")
> > end
> >
> > Where 'val' is the result of the FormatMessage() call.  I've attached
> > the sample backup file he sent me to demonstrate the problem.  The patch
> > above seems to work fine.
> >
> > Please let me know if you have any issues with this approach.  If not,
> > I'd like to get a release out this weekend.
> Actually, I've been looking over the Python evtlogutils stuff, and I
> think a better approach is to allow people to get at the string
> inserts independently of the full event log message as the Python
> module does. So, I'm going to add the string_inserts member to the
> EventLogStruct. Sound good?
> I also realized that we should probably check the CategoryMessageFile
> and ParameterMessageFile instead of only the EventMessageFile in the
> get_description method.
> Last but not least, I'm getting strange results for the attached
> backup event log.  If you've got the .NET 2.0 runtime installed,
> you'll end up getting, ""The operation completed successfully."
> instead of what I would expect, i.e. nothing.  Suggestions welcome.
> - Dan
> _______________________________________________
> win32utils-devel mailing list
> win32utils-devel at rubyforge.org
> http://rubyforge.org/mailman/listinfo/win32utils-devel

More information about the win32utils-devel mailing list