Win32 eventlog change_notify and tail's not tailing in orde


#1

Hi Daniel and win32 team,

I noticed that if i run change_notify or tail for a few records, the
grabbed record and time is not in order.

eg,

C:\family\ruby\win-eventlog>test5.rb
Win32::EventLog
record_number : 19558
time_generated : Tue May 23 16:46:33 China Standard Time 2006
time_written : Tue May 23 16:46:33 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4

record_number : 19226
time_generated : Tue May 23 15:52:14 China Standard Time 2006
time_written : Tue May 23 15:52:14 China Standard Time 2006
event_id : 600
event_type : audit success
category : 5

record_number : 18903
time_generated : Tue May 23 14:31:17 China Standard Time 2006
time_written : Tue May 23 14:31:17 China Standard Time 2006
event_id : 593
event_type : audit success
category : 5

record_number : 18603
time_generated : Tue May 23 11:52:33 China Standard Time 2006
time_written : Tue May 23 11:52:33 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4

record_number : 18296
time_generated : Tue May 23 11:48:31 China Standard Time 2006
time_written : Tue May 23 11:48:31 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4


Win32::EventLog
record_number : 19575
time_generated : Tue May 23 16:47:02 China Standard Time 2006
time_written : Tue May 23 16:47:02 China Standard Time 2006
event_id : 578
event_type : audit success
category : 4

note the record number and time in disorder.
The Eventlog#read works fine though and ::read outputs the normal
chonologic order. It’s only the change_notify and tail where i get
problems.

Btw, Is it possible to implem Eventlog#tail using Eventlog#read?

Thank you and kind regards -botp


#2

Hi,


event_id : 593
record_number : 18296
time_written : Tue May 23 16:47:02 China Standard Time 2006
Btw, Is it possible to implem Eventlog#tail using Eventlog#read?

Thank you and kind regards -botp

It is a known bug.

Refer to
http://rubyforge.org/pipermail/win32utils-devel/2006-May/000571.html

I recommend you to wait the announcement of new win32-eventlog package
before implement your own Eventlog#tail.

The pure ruby version of win32-eventlog package is about to release in
this
weekend.
I guess it will provide more reliable Eventlog#tail.

Regards,

Park H.