[Win32utils-devel] Possible problems with EventLog#write

Heesob Park phasis at gmail.com
Sun May 21 21:32:59 EDT 2006


Hi,

2006/5/22, Daniel Berger <djberg96 at gmail.com>:
> Heesob Park wrote:
> > Hi,
> >
> > 2006/5/21, Daniel Berger <djberg96 at gmail.com>:
> >> Hi,
> >>
> >> I've got EventLog#write and EventLog.add_event_source methods done.
> >> Well, I *think* they're done, but I can't get the data (text) to work
> >> properly, and I'm not sure if it's a bug in my .mc file, the
> >> add_event_source method, the write method, or just a goof in my test file.
> >>
> >> The source, category and event id seem to be ok.  However, the
> >> description always comes back with:
> >>
> >> The description for Event ID ( 3 ) in Source ( foo ) cannot be found.
> >> The local computer may not have the necessary registry information or
> >> message DLL files to display messages from a remote computer. You may be
> >> able to use the /AUXSOURCE= flag to retrieve this description; see Help
> >> and Support for details. The following information is part of the event:
> >> test.
> >>
> >> Anyway, here's the .mc file (which I took from the tutorial.txt file)
> >> and the test file:
> >>
> >> ; foo.mc
> >> MessageId=0x1
> >> SymbolicName=CATEGORY_ERROR
> >> Language=English
> >> error
> >> .
> >>
> >> MessageId=0x2
> >> SymbolicName=CATEGORY_WARNING
> >> Language=English
> >> warning
> >> .
> >>
> >> MessageId=0x3
> >> Severity=Error
> >> SymbolicName=FOO_ERROR
> >> Language=English
> >> Error: %1
> >> .
> >>
> > event_id is defined in the mc.h
> >
> > Look at the mc.h :
> >
> > #define CATEGORY_ERROR                   0x00000001L
> >
> > #define CATEGORY_WARNING                 0x00000002L
> >
> > #define FOO_ERROR                        0xC0000003L
> >
> >> # add.rb
> >> dll_file = Dir.pwd + '/foo.dll'
> >> EventLog.add_event_source(
> >>    "key_name"              => "foo",
> >>    "category_count"        => 2,
> >>    "event_message_file"    => dll_file,
> >>    "category_message_file" => dll_file
> >> )
> >>
> >> # test.rb
> >> require 'win32/eventlog'
> >> include Win32
> >>
> >> log = EventLog.open
> >>
> >> log.write(
> >>    :source     => 'foo',
> >>    :data       => 'test',
> >>    :category   => 0x2,
> >>    :event_id   => 0x3,
> >>    :event_type => EventLog::WARN
> >> )
> >>
> >> log.close
> >>
> >
> > You must call with event_id value 0xC0000003 instead of 0x3.
> >
> > But it raises error
> > test.rb:7:in `write': bignum too big to convert into `long' (RangeError)
> >         from test.rb:7
> >
> > It is another problem.
>
> I take it Win32API.c would have to be modified to use ULL2NUM. :(
>
> >
> >> I also made sure that it wasn't a path separator issue by doing a
> >> String#tr in the add_event_source, but that didn't seem to matter.
> >>
> >> Also, I'm not sure that doing File.expand_path on the dll name within
> >> add_event_source is a good idea - I just tossed that in there for now,
> >> but I'm curious what others think.
> >>
> > And tail method raises insufficient resource error after reading six
> > event log messages.
>
> Confirmed.  I tried wrapping the WaitForSingleObject() function in its
> own thread and/or calling GC.start but that didn't seem to help.  Any ideas?
>
One workaround is open event log every time like this:

      def notify_change(&block)
         @handle = OpenEventLog(@server, @source)
         unless block_given?
            raise EventLogError, 'block missing for notify_change()'
         end
         event = CreateEvent(0, 0, 0, 0)
         unless NotifyChangeEventLog(@handle, event)
            error = 'NotifyChangeEventLog() failed: ' + get_last_error
            raise EventLogError, error
         end
         wait_result = WaitForSingleObject(event, INFINITE)
         CloseHandle(event)

         if wait_result == WAIT_FAILED
            error = 'WaitForSingleObject() failed: ' + get_last_error
            raise EventLogError, error
         else
            last = read_last_event
            block.call(last)
         end
         CloseEventLog(@handle)
         self
      end

The other is GetNumberOfEventLogRecords instead of NotifyChangeEventLog
refer to http://support.microsoft.com/kb/q245609/

Regards,

Park Heesob



More information about the win32utils-devel mailing list