[Win32utils-devel] Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: [ANN] win32-eventlog 0.4.0))

Heesob Park phasis at gmail.com
Tue May 30 09:14:35 EDT 2006


Hi,
2006/5/30, Daniel Berger <djberg96 at gmail.com>:
> Hi again,
>
> Peña wrote:
> > # > i get a segfault on windows-pr if i run mulitple tails by
> > # threading, one thread for each host i'm tailing.
> >
> > argh, this is getting tricky. i'm getting empty records and weird characters too :)
> >
> > --------
> > record_number : 20983290
> > time_generated : Tue May 30 16:15:27 China Standard Time 2006
> > time_written : Tue May 30 16:15:27 China Standard Time 2006
> > event_id : 642
> > event_type : audit_success
> > category : 7
> > description : User Account Changed:
> >         Target Account Name:    ztest2
> >         Target Domain:  DMPI
> >         Target Account ID:      ?
> > ??????21-1995071569-205336168-60295696-9240}
> >         Caller User Name:       pe±aijm
> >         Caller Domain:  DMPI
> >         Caller Logon ID:        (0x0,0x16DF9294)
> >
> > --------
>
I guess the event logging Windows machine code page is different from
the monitoring machine code page.

> (cc'd to the devel list)
>
> I just noticed the "China Standard Time".  Do your event log records
> contain non-ascii text?  If so, I'll have to switch to the wide
> character version of ReadEventLog() I think.  This might also explain
> the duplicate records you showed me earlier (?).
>
> Where are you located, btw?  I forgot.
>
> Also, regarding the EventLog#notify_change method, I just remembered
> something.  From the MSDN docs: The NotifyChangeEventLog function does
> not work with remote handles.
>
> > troubleshooting in win is terrible, i think i might as well go to the other route, that is, just let a linux syslog do the central processing. I really wanted to avoid the client installation, tsktsk.. anyway
> >
> > Dan, do you have a win32 util that sends a log snippet/record to a remote syslog server? I am not familiar w the format and the protocol, so i'm asking..
>
> If there's a way to remotely log to a *nix syslog from Windows, I'm
> afraid I don't know what it is.  Anyone?
>
I think the Snare Agent for
Windows(http://www.intersectalliance.com/projects/SnareWindows/index.html)
might be useful.

> > Also, do you have a utility that remotely installs a service/program? Agrh, the problem here is installing ruby on the remote nodes...
>
If your OS is XP or 2003, you can use the remote desktop connection
with sharing disk drive.



More information about the win32utils-devel mailing list