How do I read the setup eventlog on windows 7 - event-log

I have some C++ code which reads the Application, Security or System eventlogs quite happily using OpenEventLog and ReadEventLog API calls.
I want to read the Setup eventlog on Windows 7 so I pass "Setup" as the log name into OpenEventLog but I just get back the contents of the Application log (which is the documented behaviour for unknown logs).
How do I read the Setup eventlog?

I have solved this.
Because the setup eventlog is a new format log it can only be opened using the new API calls EvtQuery, EvtNext etc., the old OpenEventLog/ReadEventLog functions do not work on it.

Related

Create Event Log source and write to it without administrative privileges

I'm running a Powershell logon script which sets users' Outlook signatures.
For debugging purposes, I'd like to log information in the client's Windows event log.
Using the New-Eventlog -LogName "Application" -Source $ParentScript command gives me a security error, "Access denied".
The users don't have administrative privileges so PowerShell is struggling to create a new source. I don't really understand this because most techy guides for the Event Log appear to indicate that any level of user can write to the Application log. Perhaps any user can write to this log, just not create a source within it?
I've looked online and one author appeared to suggest (unless I have misinterpreted) that creating an event log in registry could be an option: https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/00a043ae-9ea1-4a55-8b7c-d088a4b08f09/how-do-i-create-an-event-log-source-under-vista?forum=windowsgeneraldevelopmentissues
Unfortunately the code is not in PowerShell and I'm struggling to follow it.
My three-questions-in-one therefore are:
Can I create a new EventLog source in the registry using PowerShell?
If so, what commands should I be looking at and are permissions relevant (e.g. do I need to create a registry key then add perms to it?)
If so, can I write to this source in PowerShell without administrative privileges?
You can create a new Event Log souce with with the built-in cmelt New-EventLog something like there is a nice (even if somehow dated) post here
Full documentation for the cmdlet can be found here
Generally speaking yes you, well your user, should be able to write to the event log if memory serves a non local admin user should already be able to do so but I cannot test it right now anyhow you can red more here or read on server fault
Hope this can help a bit.

Catalyst: Log4perl and Apache

I host my Catalyst web application with Apache2 and ModPerl. The web application uses the Log4perl modul to generate logfiles.
The problem is that only log entries are generated when the apache service is starting. Afterwards no new entries were generated.
If I use the integrated development server of catalyst instead, log entries are generated normaly.
I already checked the access rights and these seem ok: the apache process is owner and can write.
Anyone a idea what causes this problem???
This is my log4perl config:
log4perl.logger.myapp=INFO, LOGFILE
log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
log4perl.appender.LOGFILE.filename=myapp.log
log4perl.appender.LOGFILE.mode=append
log4perl.appender.LOGFILE.layout=PatternLayout
log4perl.appender.LOGFILE.layout.ConversionPattern=[%d] [%p] %m%n
I setup a test application running on Apache2 and mod_perl and I got this to work. Here were the notes that I took about it.
I used Log::Log4perl::Catalyst to do the logging within Catalyst. You mentioned using Log4perl, but I didn't know if you were using the Catalyst extension or not. In my main package, I had these lines:
use Log::Log4perl::Catalyst;
...
__PACKAGE__->log(Log::Log4perl::Catalyst->new('/full/path/to/l4p.conf'));
I did have to specify the full path to the log configuration file. I added a few logging statements to make sure that worked.
I used your sample above, but I did change one thing. I had to specify a full path to the log location again:
log4perl.appender.LOGFILE.filename=/full/path/to/myapp.log
Once I did those things, hitting the main site updated the log file.

Aggregation of IIS logs

We have an IIS .Net application deployed across several machines. We use IIS log information to do reporting of performance of the web application and navigation by the user. Currently the reporting is only required infrequently (once a day, for the previous day), so we just roll the logs every 24 hours, and move the old logs to our reporting server.
We have a new requirement that means we need much faster turnaround on the IIS log information, say every minute for the sake of the discussion.
There exist Apache tools like Facebook's Scribe to scalably move Apache web server logs across a network of servers.
Are there any similar tools available for IIS?
Is this the right question to ask?
Should we be doing something different, if the timing requirements have changed so much?
I've looked at this question and the answers, and the only one that seems to come close is this one.
Pointers appreciated!
Snare is a little old but worth mentioning.
Snare Agent for IIS Servers
http://www.intersectalliance.com/projects/SnareIIS/index.html
I used this old version a long time ago and it worked well by forwarding/sending/replicating IIS logs over a network via syslog.
Today, they have a newer version called Snare Epilog
http://www.intersectalliance.com/projects/EpilogWindows/index.html
The code is also open source; perhaps you might find it useful.
You might also want to try ...
http://nxlog.org
http://www.syslogserver.com/syslogagent.html
I tend to write a .bat file in conjunction with LOG Parser 2.2. The .Bat file will determine the appropriate file dates and pull the corresponding logs from multiple IIS server log locations into a single local directory. Once the files are across I then run a Log Parser command to query the log content over all log files and then produce a single output file in .csv format. Finally, I run an SSIS job to import the new .csv file into a running log table which I can then query on an ongoing basis.

Windows Service startup time

Is there a way to programmatically retrieve start-up time/duration for all the Windows Services that have started during boot in Windows XP?
That is, the time the service was initialized to getting to the "started" state.
Thank you in advance!
P.S. I'm not asking for software recommendation.
I would start with looking at the logs in event viewer, check if that information you want is there.
If it is, then use Microsofts EventLog class to get the log you want.
For example if you're interested in the System log use -
EventLog systemLog = new EventLog("System");
systemLog contains a collection of all entries in the System log. Should be easy from there.

Application Deployment with Powershell

I've developed a Powershell script to deploy updates to a suite of applications; including SQL Server database updates.
Next I need a way to execute these scripts on 100+ servers; without manually connecting to each server. "Powershell v2 with remoting" is not an option as it is still in CTP.
Powershell v1 with WinRM looks the most promising, but I can't get feedback from my scripts. The scripts execute, but I need to know about exceptions. The scripts create a log file, is there a way to send the contents of the log file back to the "client" (the local computer making the remote calls)?
Quick answer is No. Long version is, possible but will involve lots of hacks. I developed very similar deployment script/system using PowerShell 2 last year. The remoting feature is the primary reason we put up with the CTP status. PowerShell 1 with WinRM is flaky at best and as you said, no real feedback apart from ok or failed.
Alternative that I considered included using PsExec, which is very much non-standard and may be blocked by firewall. The other approach involves using system management tools such as MS's System Center, but that's just a big hammer for a tiny nail. So you have to pick your poison...
Just a comment on this: The easiest way to capture powershell output is to use the start-transcript cmdlet to pipe console output to a file. We have a small snippet at the start of all our script that sends a log file with the console output from each script to a central file share, and names the log file with script name and date executed so that we'll have an idea of what happened. Its not too hard to pipe all those log files into a database for further processing either. Probably won't seolve all your problems, but would definitely help on the "getting data back" part.
best regards,
Trond