471,318 Members | 1,859 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,318 software developers and data experts.

Debugging a logon process event

Hello.
OK, Thanks to the help I have the remote debugging worked out.

Here is my next hurdle.

I have a service that is supposed to be catching Event Log written
events.

this.eventLog1.EntryWritten += new
System.Diagnostics.EntryWrittenEventHandler(this.e ventLog1_EntryWritten);

It catches event log entries just fine when I am logged in and catches
the log off events, but it does not seem to catch the logon events.

I figured I could remote debug this, however since I have to have the
remote debugging monitor running, I can't debug while the user is
logged off.

Any ideas as how to debug this particular problem? That is, debug
before a user has signed on?

Or even better yet, any ideas as to why my
System.Diagnostics.EntryWrittenEventHandler(this.e ventLog1_EntryWritten)
is not catching anything until after a user signs in? It's a service,
so it is indeed running before a user signs in.

Thanks as always!
-A

Jan 11 '06 #1
4 2039

"Guy Noir" <ah******@gmail.com> wrote in message
news:11**********************@g49g2000cwa.googlegr oups.com...
| Hello.
| OK, Thanks to the help I have the remote debugging worked out.
|
| Here is my next hurdle.
|
| I have a service that is supposed to be catching Event Log written
| events.
|
| this.eventLog1.EntryWritten += new
| System.Diagnostics.EntryWrittenEventHandler(this.e ventLog1_EntryWritten);
|
| It catches event log entries just fine when I am logged in and catches
| the log off events, but it does not seem to catch the logon events.
|
| I figured I could remote debug this, however since I have to have the
| remote debugging monitor running, I can't debug while the user is
| logged off.
|
| Any ideas as how to debug this particular problem? That is, debug
| before a user has signed on?
|
| Or even better yet, any ideas as to why my
| System.Diagnostics.EntryWrittenEventHandler(this.e ventLog1_EntryWritten)
| is not catching anything until after a user signs in? It's a service,
| so it is indeed running before a user signs in.
|
| Thanks as always!
| -A
|

This is not a reliable method to receive specific eventlog notifications,
the system only raises one event per 5 seconds, that means that messages
written within the 5 seconds windows following an eventlog event will not
result in another event getting raised.

Willy.
Jan 11 '06 #2
Interesting!

Is there another way to collect specific event log entries "real time"?
Or could you point me in the right direction?

Thanks so much!
-A

Jan 11 '06 #3
Here is what I am proposing. It seems a bit kludgy but so does the
..EntryWrittenEventHandler.

Keep collecting events via .EntryWrittenEventHandler

But every 10 minutes parse the event log using the Date/Time/INDEX
Number as a primary key. The idea is that the EventWrittenEventHandler
can catch events, the ones we miss are parsed every 10 minutes.

Worst case: events are missed by the EventWrittenEventHandler and the
machine shuts down before the 10 minute cycle has run.

Then again, as long as the machine is shut down gracefully, I could
include the log parse method in the onstop method.

Just seems kind of kludgy to me.

Jan 11 '06 #4

"Guy Noir" <ah******@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
| Here is what I am proposing. It seems a bit kludgy but so does the
| .EntryWrittenEventHandler.
|
| Keep collecting events via .EntryWrittenEventHandler
|
| But every 10 minutes parse the event log using the Date/Time/INDEX
| Number as a primary key. The idea is that the EventWrittenEventHandler
| can catch events, the ones we miss are parsed every 10 minutes.
|
| Worst case: events are missed by the EventWrittenEventHandler and the
| machine shuts down before the 10 minute cycle has run.
|
| Then again, as long as the machine is shut down gracefully, I could
| include the log parse method in the onstop method.
|
| Just seems kind of kludgy to me.
|

I would parse the eventlog at every event, the minimum interval between
these is 5 seconds, this won't hurt system performance, anyway if that much
events are logged, you need to parse at a higher rate anyway.
When the system shuts-down you parse a last time in your Service OnShutdown
eventhandler.

Willy.


Jan 11 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Aarti | last post: by
16 posts views Thread by Serdar Kalaycý | last post: by
6 posts views Thread by gerry | last post: by
reply views Thread by robpimentel | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.