Cheshire Cat Computing

_________________
Steve Shipway
UNIX Systems, ITSS, University of Auckland, NZ
Woe unto them that rise up early in the morning... -- Isaiah 5:11

I have now tested this in a 2003 server which with I have severe problems. The service is started but absolutely nothing is reported. I have checked both debug boxes, but there is no sign of anything in the Event viever. Restarting the service does NOT help. It did work somehow before I started to reconfigure it. (The filtering by Event id:s by using off did not work, thi is the problem I have had all the time...that is why I reconfigured it.)

There is nothing special in the filter definitions, but is it possible to screw up the definitions in a way that this would be the result???

The filter definitions are stored in a linked list in the agent as it runs, which is traversed for each message that is found in the eventlog since the last scan run. There shouldn't be any way for this to cause a lockup.

When I get back (28th) I'll add more debugging to the agent so that it logs a debug message for each loop, so we can track down if it is processing messages or not... we are running it (successfully) under Win2K3 here to trace a particular message ID so I don't think it is (necessarily)a Win2K3 compatibility issue.

The code that grabs the new eventlog messages for processing was lifted from NTSyslog, so I'm pretty confident in its stability. The debug messages I've added in my new code (the filter processing) but they should log something for every eventlog message, even if it fails the filter check - so it indicates that no messages are being caught. Very odd - nothing for it but to add more debug telltales and find out what it's doing.

Thanks in advance for any help you can give in testing to track this down!

_________________
Steve Shipway
UNIX Systems, ITSS, University of Auckland, NZ
Woe unto them that rise up early in the morning... -- Isaiah 5:11