List Info

Thread: Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: win32-eventlog 0.4.0
Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: win32-eventlog 0.4.0
user name
 2006-05-30 12:44:36 
Hi again,

Peña wrote:
> # > i get a segfault on windows-pr if i run mulitple
tails by 
> # threading, one thread for each host i'm tailing.
> 
> argh, this is getting tricky. i'm getting empty
records and weird characters too 
> 
> --------
> record_number : 20983290
> time_generated : Tue May 30 16:15:27 China Standard
Time 2006
> time_written : Tue May 30 16:15:27 China Standard Time
2006
> event_id : 642
> event_type : audit_success
> category : 7
> description : User Account Changed:
>         Target Account Name:    ztest2
>         Target Domain:  DMPI
>         Target Account ID:      ?
> ??????21-1995071569-205336168-60295696-9240}
>         Caller User Name:       peħaijm
>         Caller Domain:  DMPI
>         Caller Logon ID:        (0x0,0x16DF9294)
> 
> --------

(cc'd to the devel list)

I just noticed the "China Standard Time".  Do
your event log records 
contain non-ascii text?  If so, I'll have to switch to the
wide 
character version of ReadEventLog() I think.  This might
also explain 
the duplicate records you showed me earlier (?).

Where are you located, btw?  I forgot.

Also, regarding the EventLog#notify_change method, I just
remembered 
something.  From the MSDN docs: The NotifyChangeEventLog
function does 
not work with remote handles.

> troubleshooting in win is terrible, i think i might as
well go to the other route, that is, just let a linux syslog
do the central processing. I really wanted to avoid the
client installation, tsktsk.. anyway
> 
> Dan, do you have a win32 util that sends a log
snippet/record to a remote syslog server? I am not familiar
w the format and the protocol, so i'm asking..

If there's a way to remotely log to a *nix syslog from
Windows, I'm 
afraid I don't know what it is.  Anyone?

> Also, do you have a utility that remotely installs a
service/program? Agrh, the problem here is installing ruby
on the remote nodes...

The win32-service package should work.  Check it out.

Regards,

Dan


_______________________________________________
win32utils-devel mailing list
win32utils-develrubyforge.org
http://rubyforge.org/mailman/listinfo/win32utils-devel
Syslogging and remote installer (was RE: seg on windows-pr-0.5.1 (was RE: win32-eventlog 0.4.0
user name
 2006-05-30 13:14:35 
Hi,
2006/5/30, Daniel Berger <djberg96gmail.com>:
> Hi again,
>
> Peña wrote:
> > # > i get a segfault on windows-pr if i run
mulitple tails by
> > # threading, one thread for each host i'm
tailing.
> >
> > argh, this is getting tricky. i'm getting empty
records and weird characters too 
> >
> > --------
> > record_number : 20983290
> > time_generated : Tue May 30 16:15:27 China
Standard Time 2006
> > time_written : Tue May 30 16:15:27 China Standard
Time 2006
> > event_id : 642
> > event_type : audit_success
> > category : 7
> > description : User Account Changed:
> >         Target Account Name:    ztest2
> >         Target Domain:  DMPI
> >         Target Account ID:      ?
> > ??????21-1995071569-205336168-60295696-9240}
> >         Caller User Name:       peħaijm
> >         Caller Domain:  DMPI
> >         Caller Logon ID:        (0x0,0x16DF9294)
> >
> > --------
>
I guess the event logging Windows machine code page is
different from
the monitoring machine code page.

> (cc'd to the devel list)
>
> I just noticed the "China Standard Time". 
Do your event log records
> contain non-ascii text?  If so, I'll have to switch to
the wide
> character version of ReadEventLog() I think.  This
might also explain
> the duplicate records you showed me earlier (?).
>
> Where are you located, btw?  I forgot.
>
> Also, regarding the EventLog#notify_change method, I
just remembered
> something.  From the MSDN docs: The
NotifyChangeEventLog function does
> not work with remote handles.
>
> > troubleshooting in win is terrible, i think i
might as well go to the other route, that is, just let a
linux syslog do the central processing. I really wanted to
avoid the client installation, tsktsk.. anyway
> >
> > Dan, do you have a win32 util that sends a log
snippet/record to a remote syslog server? I am not familiar
w the format and the protocol, so i'm asking..
>
> If there's a way to remotely log to a *nix syslog from
Windows, I'm
> afraid I don't know what it is.  Anyone?
>
I think the Snare Agent for
Windows(http://www.intersectalliance.com/projects/Snare
Windows/index.html)
might be useful.

> > Also, do you have a utility that remotely installs
a service/program? Agrh, the problem here is installing ruby
on the remote nodes...
>
If your OS is XP or 2003, you can use the remote desktop
connection
with sharing disk drive.

_______________________________________________
win32utils-devel mailing list
win32utils-develrubyforge.org
http://rubyforge.org/mailman/listinfo/win32utils-devel
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )