[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Win32-EventLog problem

Joey Gibson

10/13/2004 6:11:00 PM

I installed the latest Win32-EventLog the other day and can query my
EventLog fine, but there are cases where I can see a description in the
EventViewer, but my Ruby code gets a nil for description. I first
noticed this while trying to pull out all the failed ssh logins that
were reported (I've been under siege the last week or so from the ssh
exploit script). I was able to get at those records that were from sshd,
all of which had text like this shown in the EventViewer:

The description for Event ID ( 0 ) in Source ( sshd ) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be
able to use the /AUXSOURCE= flag to retrieve this description; see Help
and Support for details. The following information is part of the event:
invalid login.

But Ruby shows me nil for the description. I've also seen this with
other processes. The pattern seems to be that if the Event Id is 0, a
message like that shows up, with the last sentence saying "in part of
the event" and them some info that is actually useful. But with Ruby,
all I get is nil for the description. I've briefly looked at the C
source for this, but I'm not familiar with the EventLog code in Windows...

So, is there anything that I can do to get the description that the
EventViewer displays instead of nil, in those cases where the Event Id
is 0 (or the event can't be found, or whatever the problem is)? It seems
like the EventViewer has access to something that we don't.

BTW, this is on a WindowsXP Pro sp1 system. (Actually two different
systems.)

Joey

--
She drove a Plymouth Satellite
Faster than the Speed of Light...

http://www.joeygibso...
http://www.joeygibso.../life/Wisdom.html
Atlanta Ruby User Group http://www....
2 Answers

djberg96

10/14/2004 4:23:00 PM

0

Joey Gibson <joey@joeygibson.com> wrote in message news:<416D6FC9.2010903@joeygibson.com>...
> I installed the latest Win32-EventLog the other day and can query my
> EventLog fine, but there are cases where I can see a description in the
> EventViewer, but my Ruby code gets a nil for description. I first
> noticed this while trying to pull out all the failed ssh logins that
> were reported (I've been under siege the last week or so from the ssh
> exploit script). I was able to get at those records that were from sshd,
> all of which had text like this shown in the EventViewer:

<snip>

This bug has been identified and fixed in CVS. I'll post a new
release tonight. For more information, please see the
win32utils-devel mailing list archive.

Regards,

Dan

Joey Gibson

10/14/2004 4:40:00 PM

0

Daniel Berger wrote:

> This bug has been identified and fixed in CVS. I'll post a new
>
>release tonight. For more information, please see the
>win32utils-devel mailing list archive.
>
>
>

Excellent! I just pulled the files from CVS, built and tested. I'm
seeing stuff now that I didn't see before. This is exactly what I
wanted. Thanks, Daniel.

Joey

--
She drove a Plymouth Satellite
Faster than the Speed of Light...

http://www.joeygibso...
http://www.joeygibso.../life/Wisdom.html
Atlanta Ruby User Group http://www....