Hi Daniel and win32 team,
I noticed that if i run change_notify or tail for a few records, the
grabbed record and time is not in order.
eg,
C:\family\ruby\win-eventlog>test5.rb
Win32::EventLog
record_number : 19558
time_generated : Tue May 23 16:46:33 China Standard Time 2006
time_written : Tue May 23 16:46:33 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4
record_number : 19226
time_generated : Tue May 23 15:52:14 China Standard Time 2006
time_written : Tue May 23 15:52:14 China Standard Time 2006
event_id : 600
event_type : audit success
category : 5
record_number : 18903
time_generated : Tue May 23 14:31:17 China Standard Time 2006
time_written : Tue May 23 14:31:17 China Standard Time 2006
event_id : 593
event_type : audit success
category : 5
record_number : 18603
time_generated : Tue May 23 11:52:33 China Standard Time 2006
time_written : Tue May 23 11:52:33 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4
record_number : 18296
time_generated : Tue May 23 11:48:31 China Standard Time 2006
time_written : Tue May 23 11:48:31 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4
Win32::EventLog
record_number : 19575
time_generated : Tue May 23 16:47:02 China Standard Time 2006
time_written : Tue May 23 16:47:02 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4
note the record number and time in disorder.
The Eventlog#read works fine though and ::read outputs the normal
chonologic order. It’s only the change_notify and tail where i get
problems.
Btw, Is it possible to implem Eventlog#tail using Eventlog#read?
Thank you and kind regards -botp