[Win32utils-devel] Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: [ANN] win32-eventlog 0.4.0))
phasis at gmail.com
Tue May 30 09:14:35 EDT 2006
2006/5/30, Daniel Berger <djberg96 at gmail.com>:
> Hi again,
> Peña wrote:
> > # > i get a segfault on windows-pr if i run mulitple tails by
> > # threading, one thread for each host i'm tailing.
> > argh, this is getting tricky. i'm getting empty records and weird characters too :)
> > --------
> > record_number : 20983290
> > time_generated : Tue May 30 16:15:27 China Standard Time 2006
> > time_written : Tue May 30 16:15:27 China Standard Time 2006
> > event_id : 642
> > event_type : audit_success
> > category : 7
> > description : User Account Changed:
> > Target Account Name: ztest2
> > Target Domain: DMPI
> > Target Account ID: ?
> > ??????21-1995071569-205336168-60295696-9240}
> > Caller User Name: pe±aijm
> > Caller Domain: DMPI
> > Caller Logon ID: (0x0,0x16DF9294)
> > --------
I guess the event logging Windows machine code page is different from
the monitoring machine code page.
> (cc'd to the devel list)
> I just noticed the "China Standard Time". Do your event log records
> contain non-ascii text? If so, I'll have to switch to the wide
> character version of ReadEventLog() I think. This might also explain
> the duplicate records you showed me earlier (?).
> Where are you located, btw? I forgot.
> Also, regarding the EventLog#notify_change method, I just remembered
> something. From the MSDN docs: The NotifyChangeEventLog function does
> not work with remote handles.
> > troubleshooting in win is terrible, i think i might as well go to the other route, that is, just let a linux syslog do the central processing. I really wanted to avoid the client installation, tsktsk.. anyway
> > Dan, do you have a win32 util that sends a log snippet/record to a remote syslog server? I am not familiar w the format and the protocol, so i'm asking..
> If there's a way to remotely log to a *nix syslog from Windows, I'm
> afraid I don't know what it is. Anyone?
I think the Snare Agent for
might be useful.
> > Also, do you have a utility that remotely installs a service/program? Agrh, the problem here is installing ruby on the remote nodes...
If your OS is XP or 2003, you can use the remote desktop connection
with sharing disk drive.
More information about the win32utils-devel