Skip Menu |
 

This queue is for tickets about the Win32-EventLog CPAN distribution.

Report information
The Basics
Id: 61484
Status: open
Priority: 0/
Queue: Win32-EventLog

People
Owner: Nobody in particular
Requestors: paul [...] sennovation.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: missing results with Win32::EventLog
Date: Mon, 20 Sep 2010 10:05:39 -0400
To: bug-Win32-EventLog [...] rt.cpan.org
From: Paul Faulstich <paul [...] sennovation.com>
Download (untitled) / with headers
text/plain 1.4k
I am finding that Win32::EventLog does not consistently pull all the data from the event log. I suspect this may be because I am pulling data from remote machines. I have looked though the source code for a place that might have a hidden timeout or synchronization issue that is causing events to be dropped, but I am not seeing it. Also, I can run my script over and over, and I get the same results, which I wouldn't expect with a timeout or synchronization problem. I also wonder if it has to do with needing to change the value of other parameters, such as NumberOfBytesToRead, which I don't appear to be able to set. See http://msdn.microsoft.com/en-us/library/aa363674%28VS.85%29.aspx Enclosed are three files: * my example perl script. This script prints details of all events whose Source includes the string "Symantec". For other events, it prints just the Source name. (exampleEventLog.pl) * the results from running the perl script, which contains only 4 entries with a source of Symantec Antivirus (example.out5.txt) * a screenshot of the EventViewer for that machine, which shows far more than 4 entries for Symantec Antivirus, including entries interspersed between those that the perl script found. (snap447.png) Please let me know if there are other tests I can do to help resolve this problem. I guess the good news is my results are consistent with any given PC. Thanks, Paul -- Paul Faulstich, GIAC GSEC SEnnovation.com
Download example.out5.txt
text/plain 6.2k

Message body is not shown because sender requested not to inline it.

Download exampleEventLog.pl
text/x-perl 1.2k

Message body is not shown because sender requested not to inline it.

Download snap447.png
image/png 37.1k

Message body is not shown because sender requested not to inline it.

CC: libwin32 [...] perl.org
Subject: Re: [rt.cpan.org #61484] missing results with Win32::EventLog
Date: Tue, 21 Sep 2010 11:43:15 +0200
To: bug-Win32-EventLog [...] rt.cpan.org
From: Olivier Mengué <dolmen [...] cpan.org>
Download (untitled) / with headers
text/plain 8.8k
Hi Paul It looks like the use of the EVENT_SEQUENTIAL_READ flag is what causes the skip. I've modified your script to use explicit offset calculation and all events appear. I only used the example from Win32::Log's perldoc as a reference. See attached file. Olivier Mengué. 2010/9/20 Paul Faulstich via RT <bug-Win32-EventLog@rt.cpan.org> Show quoted text
> Mon Sep 20 10:05:52 2010: Request 61484 was acted upon. > Transaction: Ticket created by paul@sennovation.com > Queue: Win32-EventLog > Subject: missing results with Win32::EventLog > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: paul@sennovation.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=61484 > > > > I am finding that Win32::EventLog does not consistently pull all the > data from the event log. I suspect this may be because I am pulling > data from remote machines. I have looked though the source code for a > place that might have a hidden timeout or synchronization issue that > is causing events to be dropped, but I am not seeing it. Also, I can > run my script over and over, and I get the same results, which I > wouldn't expect with a timeout or synchronization problem. > > I also wonder if it has to do with needing to change the value of > other parameters, such as NumberOfBytesToRead, which I don't appear to > be able to set. See > http://msdn.microsoft.com/en-us/library/aa363674%28VS.85%29.aspx > > Enclosed are three files: > * my example perl script. This script prints details of all events > whose Source includes the string "Symantec". For other events, it > prints just the Source name. (exampleEventLog.pl) > * the results from running the perl script, which contains only 4 > entries with a source of Symantec Antivirus (example.out5.txt) > * a screenshot of the EventViewer for that machine, which shows far > more than 4 entries for Symantec Antivirus, including entries > interspersed between those that the perl script found. (snap447.png) > > Please let me know if there are other tests I can do to help resolve > this problem. I guess the good news is my results are consistent with > any given PC. > > Thanks, > > Paul > > -- > Paul Faulstich, GIAC GSEC > SEnnovation.com > > > Machine: BG60246 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: SecurityCenter > !!!!! > Source: ccSvcHst > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: Offline Files > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: RCONSVC > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > ==================================================== > Sat Sep 18 22:51:59 2010 BG60246[12] Symantec AntiVirus:INFORMATION > > > Changed value 'HKLM\SOFTWARE\Symantec\Symantec Endpoint > Protection\AV\Storages\MicrosoftExchangeClient\RealTimeScan\FileType' from > '0' to '1' > ==================================================== > Sat Sep 18 22:51:59 2010 BG60246[12] Symantec AntiVirus:INFORMATION > > > New Value 'HKLM\SOFTWARE\Symantec\Symantec Endpoint > Protection\AV\Quarantine\ForwardingPort' = '33' > ==================================================== > Sat Sep 18 22:51:52 2010 BG60246[14] Symantec AntiVirus:INFORMATION > > > Symantec Endpoint Protection services startup was successful. > !!!!! > Source: MsiInstaller > !!!!! > Source: crypt32 > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: ccSvcHst > !!!!! > Source: SescLU > !!!!! > Source: RCONSVC > ==================================================== > Fri Sep 17 23:17:43 2010 BG60246[14] Symantec AntiVirus:INFORMATION > > > Symantec Endpoint Protection services startup was successful. > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: UPHClean > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: UPHClean > !!!!! > Source: MsiInstaller > !!!!! > Source: Folder Redirection > !!!!! > Source: RCONSVC > !!!!! > Source: MsiInstaller > !!!!! > Source: Outlook > !!!!! > Source: RCONSVC > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: Outlook > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: UPHClean > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: WinMgmt > !!!!! > Source: WinMgmt > !!!!! > Source: RCONSVC > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: WinMgmt > !!!!! > Source: WinMgmt > !!!!! > Source: WinMgmt > !!!!! > Source: WinMgmt > !!!!! > Source: MsiInstaller > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: crypt32 > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: LoadPerf > !!!!! > Source: System.ServiceModel.Install 3.0.0.0 > !!!!! > Source: System.ServiceModel.Install 3.0.0.0 > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: MsiInstaller > !!!!! > Source: UPHClean > >
Download (untitled) / with headers
text/html 10.4k
Download exampleEventLog.pl
text/x-perl 1.5k

Message body is not shown because sender requested not to inline it.

RT-Send-CC: libwin32 [...] perl.org
Download (untitled) / with headers
text/plain 403b
My solution above was a workaround. However there is a real bug in the Win32::EventLog code. The lpEvtLog->CurEntryNum member is incorrectly incremented in ReadEventLog. It should be incremented by just 1 instead of LogBuf->Length. See http://code.google.com/p/libwin32/source/browse/trunk/Win32-EventLog/EventLog.xs#351 -- Olivier Mengué - http://search.cpan.org/~dolmen/ http://github.com/dolmen/
Subject: Re: [rt.cpan.org #61484] missing results with Win32::EventLog
Date: Tue, 21 Sep 2010 10:04:36 -0400
To: bug-Win32-EventLog [...] rt.cpan.org
From: Paul Faulstich <paul [...] sennovation.com>
Download (untitled) / with headers
text/plain 890b
Thanks! I was working off the example in the O'Reilly perl sysadm book http://oreilly.com/catalog/perlsysadm/chapter/ch09.html Good catching the bug. Worth noting in the module documentation, since others may miss it. Thanks for your help. I will use your approach of manually counting backwards through the entries. Paul 2010/9/21 Olivier 'dolmen' Mengué via RT <bug-Win32-EventLog@rt.cpan.org>: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=61484 > > > My solution above was a workaround. > > However there is a real bug in the Win32::EventLog code. > The lpEvtLog->CurEntryNum member is incorrectly incremented in > ReadEventLog. It should be incremented by just 1 instead of LogBuf->Length. > > See > http://code.google.com/p/libwin32/source/browse/trunk/Win32-EventLog/EventLog.xs#351 > > -- > Olivier Mengué - http://search.cpan.org/~dolmen/ http://github.com/dolmen/ >
Subject: [patch] missing results with Win32::EventLog
RT-Send-CC: libwin32 [...] perl.org
Download (untitled) / with headers
text/plain 778b
Le Mar 21 Sep 2010 10:04:50, paul@sennovation.com a écrit : Show quoted text
> Good catching the bug.
Well... My proposed fix did not work. I've been trapped by the variable names. Anyway I finally found the problem. Show quoted text
> Worth noting in the module documentation, > since others may miss it.
A real fix is always better than documentation. So here is the full patch (really tested this time), with a test case. Jan: can I have a commit bit on the libwin32 repository? Show quoted text
> Thanks! I was working off the example in the O'Reilly perl sysadm > book http://oreilly.com/catalog/perlsysadm/chapter/ch09.html
Thanks for this reference. It helped me to fix the bug while preserving compatibility with this book sample. -- Olivier Mengué - http://search.cpan.org/~dolmen/ http://github.com/dolmen/
Subject: RT61484.patch
Download RT61484.patch
text/x-diff 8.5k
Index: t/RT61484.t =================================================================== --- t/RT61484.t (revision 0) +++ t/RT61484.t (revision 0) @@ -0,0 +1,98 @@ +use strict; +use warnings; + +use Test::More tests => 122; + + +{ + package TestLogSeq; + use Win32::EventLog; + + sub new + { + my $class = shift; + #$class = (ref $class) ? (ref $class) : $class; + my $log = Win32::EventLog->new('Application', ''); + Test::More::isa_ok($log, 'Win32::EventLog', "$class log"); + return bless { + log => $log, + flags => (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ), + }, $class; + } + + sub _next_offset + { + 0 + } + + sub read + { + my $self = shift; + local $Win32::EventLog::GetMessageText = 1; + my ($flags, $offset) = ($self->{flags}, $self->_next_offset); + #printf "# %s: 0x%X %d\n", (ref $self), $flags, $offset; + $self->{log}->Read($flags, $offset, my $entry) or die "Read failure"; + Test::More::is(ref $entry, 'HASH', "entry is HASHREF"); + Test::More::ok(exists $entry->{RecordNumber}, "entry has RecordNumber"); + if ($offset > 1) { + Test::More::is($entry->{RecordNumber}, $offset, "RecordNumber is $offset"); + } + return $entry; + } + + sub DESTROY + { + $_[0]->{log}->Close; + } +} + +{ + package TestLogSeek; + use Win32::EventLog; + use Test::More; + + our @ISA = qw(TestLogSeq); + + sub new + { + my $class = shift; + my $self = TestLogSeq::new($class, @_); + $self->{flags} = (EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ); + + my $log = $self->{log}; + + my ($oldest, $lastRec); + $log->GetOldest($oldest); + $log->GetNumber($lastRec); + $self->{offset} = $oldest + $lastRec; + + return $self; + } + + sub _next_offset + { + return --$_[0]->{offset}; + } +} + + +sub check_entries +{ + my ($a, $b) = @_; + is(scalar localtime $a->{TimeGenerated}, scalar localtime $b->{TimeGenerated}, 'check TimeGenerated is "'.scalar(localtime $a->{TimeGenerated}).'"'); + #foreach my $attr (qw(RecordNumber Computer Source EventType Category EventID Message)) { + foreach my $attr (qw(RecordNumber)) { + is($a->{$attr}, $b->{$attr}, "check $attr is $b->{$attr}"); + } +} + + +my $log_seq = TestLogSeq->new; +my $log_seek = TestLogSeek->new; + +foreach (1..15) { + pass "== Read $_ =="; + check_entries($log_seq->read, $log_seek->read); +} + +# vim:set et sw=4 sts=4: Index: Changes =================================================================== --- Changes (revision 502) +++ Changes (working copy) @@ -1,5 +1,14 @@ Revision history for Perl extension Win32::EventLog. +0.077 + - fix for skipped record when reading in SEQUENTIAL mode + (RT#61484) by Olivier Mengue + - the OFFSET argument is now completely ignored in SEQUENTIAL read + as in the underlying Win32 implementation. A '0' value previously + had a special behaviour which bypassed the cache and so gave + unpredictable results. Olivier Mengue. + - added test for RT#61484 by Olivier Mengue + 0.076 Wed Jul 02 2008 (Jan Dubois) - Make sure the regression tests are properly skipped on Win95 Index: EventLog.xs =================================================================== --- EventLog.xs (revision 502) +++ EventLog.xs (working copy) @@ -26,9 +26,8 @@ BOOL wideEntries; /* has unicode character entries */ LPBYTE BufPtr; /* pointer to data buffer */ DWORD BufLen; /* size of buffer */ - DWORD NumEntries; /* number of entries in buffer */ - DWORD CurEntryNum; /* next entry to return */ EVENTLOGRECORD *CurEntry; /* point to next entry to return */ + EVENTLOGRECORD *EndEntry; /* point to after the last entry read */ DWORD Flags; /* read flags for ReadEventLog */ } EvtLogCtlBuf, *lpEvtLogCtlBuf; @@ -278,12 +277,14 @@ lpEvtLog = SVE(handle); if ((lpEvtLog != NULL) && (lpEvtLog->dwID == EVTLOGID)) { DWORD NumRead, Required; - if (Flags != lpEvtLog->Flags) { + if ( (Flags != lpEvtLog->Flags) + || (lpEvtLog->CurEntry >= lpEvtLog->EndEntry) + || (((Flags & EVENTLOG_SEEK_READ) == EVENTLOG_SEEK_READ) && Record != lpEvtLog->CurEntry->RecordNumber)) { /* Reset to new read mode & force a re-read call */ lpEvtLog->Flags = Flags; - lpEvtLog->NumEntries = 0; + lpEvtLog->EndEntry = (EVENTLOGRECORD*) lpEvtLog->BufPtr; } - if ((lpEvtLog->NumEntries == 0) || (Record != 0)) { + if (lpEvtLog->CurEntry >= lpEvtLog->EndEntry) { redo_read: result = ReadEventLogA(lpEvtLog->hLog, Flags, Record, lpEvtLog->BufPtr, lpEvtLog->BufLen, @@ -291,9 +292,9 @@ lpEvtLog->wideEntries = FALSE; if (result) - lpEvtLog->NumEntries = NumRead; + lpEvtLog->EndEntry = (EVENTLOGRECORD*) (lpEvtLog->BufPtr + NumRead); else { - lpEvtLog->NumEntries = 0; + lpEvtLog->EndEntry = (EVENTLOGRECORD*) lpEvtLog->BufPtr; if (Required > lpEvtLog->BufLen && GetLastError() == ERROR_INSUFFICIENT_BUFFER) { @@ -302,12 +303,12 @@ goto redo_read; } } - lpEvtLog->CurEntryNum = 0; - lpEvtLog->CurEntry = (EVENTLOGRECORD*)lpEvtLog->BufPtr; + lpEvtLog->CurEntry = (EVENTLOGRECORD*) lpEvtLog->BufPtr; } - if (lpEvtLog->CurEntryNum < lpEvtLog->NumEntries) { + if (lpEvtLog->CurEntry < lpEvtLog->EndEntry) { EVENTLOGRECORD *LogBuf; + /*printf("# CurEntryNum: %d NumEntries: %d\n", lpEvtLog->CurEntryNum, lpEvtLog->NumEntries);*/ LogBuf = lpEvtLog->CurEntry; SETPVN(3, (char*)LogBuf, LogBuf->Length); if (lpEvtLog->wideEntries) { @@ -348,13 +349,7 @@ SETPVN(8, ((LPBYTE)LogBuf)+LogBuf->StringOffset, LogBuf->DataOffset-LogBuf->StringOffset); /* to next entry in buffer */ - lpEvtLog->CurEntryNum += LogBuf->Length; lpEvtLog->CurEntry = (EVENTLOGRECORD*)(((LPBYTE)LogBuf) + LogBuf->Length); - if (lpEvtLog->CurEntryNum == lpEvtLog->NumEntries) { - lpEvtLog->NumEntries = 0; - lpEvtLog->CurEntryNum = 0; - lpEvtLog->CurEntry = NULL; - } RETVAL = TRUE; } } @@ -684,9 +679,8 @@ if (lpEvtLog->hLog) { /* return info... */ lpEvtLog->dwID = EVTLOGID; - lpEvtLog->NumEntries = 0; - lpEvtLog->CurEntryNum = 0; - lpEvtLog->CurEntry = NULL; + lpEvtLog->CurEntry = (EVENTLOGRECORD*) lpEvtLog->BufPtr; + lpEvtLog->EndEntry = (EVENTLOGRECORD*) lpEvtLog->BufPtr; lpEvtLog->Flags = 0; hEventLog = (size_t)lpEvtLog; RETVAL = TRUE; @@ -718,9 +712,8 @@ if (lpEvtLog->hLog) { /* return info... */ lpEvtLog->dwID = EVTLOGID; - lpEvtLog->NumEntries = 0; - lpEvtLog->CurEntryNum = 0; - lpEvtLog->CurEntry = NULL; + lpEvtLog->CurEntry = (EVENTLOGRECORD*) lpEvtLog->BufPtr; + lpEvtLog->EndEntry = (EVENTLOGRECORD*) lpEvtLog->BufPtr; lpEvtLog->Flags = 0; hEventLog = (size_t)lpEvtLog; RETVAL = TRUE; Index: EventLog.pm =================================================================== --- EventLog.pm (revision 502) +++ EventLog.pm (working copy) @@ -9,7 +9,7 @@ use strict; use vars qw($VERSION $AUTOLOAD @ISA @EXPORT $GetMessageText); -$VERSION = '0.076'; +$VERSION = '0.077'; require Exporter; require DynaLoader; @@ -276,6 +276,21 @@ The Read() method read an EventLog entry from the EventLog represented by $handle. +When using EVENTLOG_SEQUENTIAL_READ, OFFSET must have the following values: + +=over 4 + +=item 1 + +Reset read from start (either first or last record depending on +EVENTLOG_FORWARDS_READ / EVENTLOG_BACKWARDS_READ flags) + +=item 0 + +Read the next item. + +=back + =item $handle->Close(); The Close() method closes the EventLog represented by $handle. After @@ -459,13 +474,15 @@ =head1 BUGS -None currently known. +See L<https://rt.cpan.org/NoAuth/Bugs.html?Dist=Win32-EventLog> The test script for 'make test' should be re-written to use the EventLog object. =head1 AUTHOR -Original code by Jesse Dougherty for HiP Communications. Additional -fixes and updates attributed to Martin Pauley -<martin.pauley@ulsterbank.ltd.uk>) and Bret Giddings (bret@essex.ac.uk). +Original code by Jesse Dougherty for HiP Communications. + +Additional fixes and updates attributed to Martin Pauley +<martin.pauley@ulsterbank.ltd.uk>), Bret Giddings (<bret@essex.ac.uk>) +and Olivier MenguE<eacute> (<dolmen@cpan.org>).
RT-Send-CC: libwin32 [...] perl.org
Download (untitled) / with headers
text/plain 105b
Patch committed in r506. -- Olivier Mengué - http://search.cpan.org/~dolmen/ http://github.com/dolmen/
Subject: RE: [rt.cpan.org #61484] missing results with Win32::EventLog
Date: Fri, 1 Oct 2010 15:41:30 -0700
To: <bug-Win32-EventLog [...] rt.cpan.org>
From: "Jan Dubois" <jand [...] activestate.com>
Download (untitled) / with headers
text/plain 448b
On Thu, 23 Sep 2010, Olivier 'dolmen' Mengué via RT wrote: Show quoted text
> > Patch committed in r506.
I was just running the new test you wrote for this bug (r505), and it doesn't fail for me with the old version of Win32::EventLog. That means it doesn't actually show that the new patch makes any difference. I haven't looked into the details though; any ideas what may be going on. Tested with plain ActivePerl 5.12.2.1202 on Windows 2000. Cheers, -Jan


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.