[Win32utils-devel] Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: [ANN] win32-eventlog 0.4.0))

Daniel Berger djberg96 at gmail.com
Tue May 30 08:44:36 EDT 2006 

Hi again,

Peña wrote:
> # > i get a segfault on windows-pr if i run mulitple tails by 
> # threading, one thread for each host i'm tailing.
> 
> argh, this is getting tricky. i'm getting empty records and weird characters too :)
> 
> --------
> record_number : 20983290
> time_generated : Tue May 30 16:15:27 China Standard Time 2006
> time_written : Tue May 30 16:15:27 China Standard Time 2006
> event_id : 642
> event_type : audit_success
> category : 7
> description : User Account Changed:
>         Target Account Name:    ztest2
>         Target Domain:  DMPI
>         Target Account ID:      ?
> ??????21-1995071569-205336168-60295696-9240}
>         Caller User Name:       pe±aijm
>         Caller Domain:  DMPI
>         Caller Logon ID:        (0x0,0x16DF9294)
> 
> --------

(cc'd to the devel list)

I just noticed the "China Standard Time".  Do your event log records 
contain non-ascii text?  If so, I'll have to switch to the wide 
character version of ReadEventLog() I think.  This might also explain 
the duplicate records you showed me earlier (?).

Where are you located, btw?  I forgot.

Also, regarding the EventLog#notify_change method, I just remembered 
something.  From the MSDN docs: The NotifyChangeEventLog function does 
not work with remote handles.

> troubleshooting in win is terrible, i think i might as well go to the other route, that is, just let a linux syslog do the central processing. I really wanted to avoid the client installation, tsktsk.. anyway
> 
> Dan, do you have a win32 util that sends a log snippet/record to a remote syslog server? I am not familiar w the format and the protocol, so i'm asking..

If there's a way to remotely log to a *nix syslog from Windows, I'm 
afraid I don't know what it is.  Anyone?

> Also, do you have a utility that remotely installs a service/program? Agrh, the problem here is installing ruby on the remote nodes...

The win32-service package should work.  Check it out.

Regards,

Dan

More information about the win32utils-devel mailing list