You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4j-user@logging.apache.org by Shuh Chang <sh...@gemalto.com> on 2006/11/22 01:21:45 UTC
NTEventLogAppender with missing description source for Windows Server
2003
Hi,
I am using logging-log4j-1.2.14 to log data with great success for various
log4j appenders:
1. RollingFileAppender for local lolg file.
2. SyslogAppender for remote syslog on Linux platform.
My Windows platforms tested include both Windows Server 2003 and Windows XP.
However, for the NTEventLogAppender appender, I keep getting annoying
EventLog message in the Event Viewer:
The description for Event ID ( 4096 ) in Source ( Log4j ) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be
able to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event: [my
real log info displays correctly here...]
I have searched for an answer for this (well-known?) problem. However, all
the "solutions" that I found so far do not apply to my situation.
Here is my NTEventLogAppender configuration in log4j.properties:
# NTEventLog Appender
log4j.appender.EventLogger=org.apache.log4j.nt.NTEventLogAppender
log4j.appender.EventLogger.Threshold=DEBUG
log4j.appender.EventLogger.Name=WindowsEventLog
log4j.appender.EventLogger.layout=org.apache.log4j.PatternLayout
log4j.appender.EventLogger.layout.ConversionPattern=%-5p %d{ISO8601} - %m%n
The "solutions" that I found (but not working for me) include:
1. Make sure that NTEventLogApplender.dll is located in the system path (
<http://mail-archives.apache.org/mod_mbox/logging-log4j-user/200108.mbox/%3c
000f01c12132$ff638c40$0d01a8c0@javainternals.com%3e> ):
I followed the instructions desccribed in the above link to place the
NTEventLogApplender.dll in the C:\Windows\system32 folder, it does not solve
the problem. Since the solution shown above uses C:\WINNT\system32 as an
example, I even tried to create the C:\WINNT\system32 on my Windows Server
2003 and placed the NTEventLogApplender.dll file there, but it doesn't make
a different either.
2. Make sure that the path is added to EventMessageFile (
http://blog.gmane.org/gmane.comp.jakarta.log4j.devel/day=20021115 ):
In both cases (C:\WINNT\system32 and C:\Windows\system32), I also edited the
registry to add the path to the EventMessageFile. This solution also makes
no difference,
3. Try to resolve the problem with /AUXSOURCE= flag (
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=10755 ):
Although I am running the application to send the log locally to the
EventLog and should not have to specify the /AUXSOURCE= flag, I nonetheless
tried to speccify /AUXSOURCE=my.ip.dotted.address flag, this also makes no
difference for me.
4. I try to look at the registry myself and see what else could be fixed:
To test, I used the createevent command (as described here
http://technet2.microsoft.com/WindowsServer/en/library/ff176dba-52f7-47c2-a5
dd-97f0d374593a1033.mspx?mfr=true) to create a test EventLog as shown below:
C:\>eventcreate /l application /so mylog4j /t information /id 999 /d
mylog4j-description
SUCCESS: A 'information' type event is created in the 'mylog4j' log/source.
C:\>
This event log shows cleanly in the Event Viewer:
=====================================================================
Event Type: Information
Event Source: mylog4j
Event Category: None
Event ID: 999
Date: 11/21/2006
Time: 5:50:09 PM
User: N/A
Computer: myPC
Description:
mylog4j-description
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
=====================================================================
Note that the createevent command can only take an Event ID equal or less
than 1000, so I used 999 for the test.
I compared the registry entries between the Log4j created by the
NTEventLogAppender and the mylog4j created by eventcreate command. I found
that one difference is that mylog4j has an entry in the following registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces=
mylog4j
WSH
WMIAdapter
....
I tried to add Log4j in that registry like this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces=
Log4j
mylog4j
WSH
WMIAdapter
....
but it doesn't help either.
I was wondering if NTEventLogAppender.dll needs to be recompiled for Windows
Server 2003 or XP, or the "description" field needs to be set. (Can it be
set in the NTEventLogAppender properties? I can't find the way to do it.)
However, the downlaoded logging-log4j-1.2.14.zip doesn't seem to have the
complete C++ source (missing all the header files, for instance?):
Directory of
D:\download\apache\log4j\logging-log4j-1.2.14\src\java\org\apache\log4j\nt
09/14/2006 02:04 AM 247 EventLogCategories.mc
09/14/2006 02:04 AM 7,424 nteventlog.cpp
09/14/2006 02:04 AM 4,304 NTEventLogAppender.java
09/14/2006 02:04 AM 2,417 NTEventLogAppender.rc
09/14/2006 02:04 AM 253 package.html
5 File(s) 14,645 bytes
I have done some extensive research on this issue, but to no avail. I am
hoping that someone with in-depth knowledge on the log4j internals for
NTEventLogAppender could help out. Thanks in advance.
Regards,
Shuh
RE: NTEventLogAppender with missing description source for Windows
Server 2003
Posted by Shuh Chang <sh...@gemalto.com>.
I need to make a correction: I just found out that the
NTEventLogAppender.dll *does* create the default "Log4j" entry (or any other
source specified in the log4j.properties) in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces registry. That's my mistake. Sorry about that.
Nonetheless, the NTEventLogAppender.dll still couldn't be properly
loaded/registered in the registry by the regsvr32 command, which causes the
extra annoying messages in the event viewer.
Regards,
Shuh
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org
RE: NTEventLogAppender with missing description source for Windows
Server 2003
Posted by Shuh Chang <sh...@gemalto.com>.
Yeah, it looks like that the calls to RegisterEventSource in the
nteventlog.cpp program might be out of sync.
In the Java_org_apache_log4j_nt_NTEventLogAppender_registerEventSource
function (for initial event source registration):
jint handle = (jint)RegisterEventSource(nserver, nsource);
In the Java_org_apache_log4j_nt_NTEventLogAppender_reportEvent function (for
subsequent event reports):
handle = (jint)RegisterEventSource(NULL, "Log4j");
It looks like the RegisterEventSource call during the initial event source
registration
(Java_org_apache_log4j_nt_NTEventLogAppender_registerEventSource) may not
have the proper source available, which causes the Log4j source missing from
the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces
as seen in my event log test from eventcreate command for the registry
inspection.
Regards,
Shuh
-----Original Message-----
From: Curt Arnold [mailto:carnold@apache.org]
Sent: Wednesday, November 22, 2006 10:10 AM
To: Log4J Users List
Subject: Re: NTEventLogAppender with missing description source for
Windows Server 2003
Sorry, I'm on the road at the moment and don't have access to my
Windows development resources. As far as I can tell from your
description the appender is working as expected. It does log the
message to the EventLog, it just has never implemented the code to
register a corresponding message description. regsvr32 does not find
the entry point since there is no RegisterDll entry point since the
DLL does not register any resources (likely it should). If it
appears to be missing header files, it is likely files that are
produced by javah that generate the header required to implement the
java native methods.
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org
Re: NTEventLogAppender with missing description source for Windows Server 2003
Posted by Curt Arnold <ca...@apache.org>.
Sorry, I'm on the road at the moment and don't have access to my
Windows development resources. As far as I can tell from your
description the appender is working as expected. It does log the
message to the EventLog, it just has never implemented the code to
register a corresponding message description. regsvr32 does not find
the entry point since there is no RegisterDll entry point since the
DLL does not register any resources (likely it should). If it
appears to be missing header files, it is likely files that are
produced by javah that generate the header required to implement the
java native methods.
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org
RE: NTEventLogAppender with missing description source for Windows
Server 2003
Posted by Shuh Chang <sh...@gemalto.com>.
Other than the four "solutions" I tried, I forgot to mention the fifth one
that I also did:
5. Use the regsvr32 to register NTEventLogAppender.dll:
I used the regsvr32 command to register the NTEventLogAppender.dll file, but
got the pop-up error message: "NTEventLogAppender.dll was loaded, but the
DllRegisterServer entry point was not found. This file can not be
registered." Again, I tried it in both cases (the NTEventLogAppender.dll is
located in C:\Windows\system32 or C:\WINNT\system32), and none works.
Regards,
Shuh
-----Original Message-----
From: Shuh Chang [mailto:shuh.chang@gemalto.com]
Sent: Tuesday, November 21, 2006 6:22 PM
To: log4j-user@logging.apache.org
Subject: NTEventLogAppender with missing description source for Windows
Server 2003
Hi,
I am using logging-log4j-1.2.14 to log data with great success for various
log4j appenders:
1. RollingFileAppender for local lolg file.
2. SyslogAppender for remote syslog on Linux platform.
My Windows platforms tested include both Windows Server 2003 and Windows XP.
However, for the NTEventLogAppender appender, I keep getting annoying
EventLog message in the Event Viewer:
The description for Event ID ( 4096 ) in Source ( Log4j ) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be
able to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event: [my
real log info displays correctly here...]
I have searched for an answer for this (well-known?) problem. However, all
the "solutions" that I found so far do not apply to my situation.
Here is my NTEventLogAppender configuration in log4j.properties:
# NTEventLog Appender
log4j.appender.EventLogger=org.apache.log4j.nt.NTEventLogAppender
log4j.appender.EventLogger.Threshold=DEBUG
log4j.appender.EventLogger.Name=WindowsEventLog
log4j.appender.EventLogger.layout=org.apache.log4j.PatternLayout
log4j.appender.EventLogger.layout.ConversionPattern=%-5p %d{ISO8601} - %m%n
The "solutions" that I found (but not working for me) include:
1. Make sure that NTEventLogApplender.dll is located in the system path (
<http://mail-archives.apache.org/mod_mbox/logging-log4j-user/200108.mbox/%3c
000f01c12132$ff638c40$0d01a8c0@javainternals.com%3e> ):
I followed the instructions desccribed in the above link to place the
NTEventLogApplender.dll in the C:\Windows\system32 folder, it does not solve
the problem. Since the solution shown above uses C:\WINNT\system32 as an
example, I even tried to create the C:\WINNT\system32 on my Windows Server
2003 and placed the NTEventLogApplender.dll file there, but it doesn't make
a different either.
2. Make sure that the path is added to EventMessageFile (
http://blog.gmane.org/gmane.comp.jakarta.log4j.devel/day=20021115 ):
In both cases (C:\WINNT\system32 and C:\Windows\system32), I also edited the
registry to add the path to the EventMessageFile. This solution also makes
no difference,
3. Try to resolve the problem with /AUXSOURCE= flag (
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=10755 ):
Although I am running the application to send the log locally to the
EventLog and should not have to specify the /AUXSOURCE= flag, I nonetheless
tried to speccify /AUXSOURCE=my.ip.dotted.address flag, this also makes no
difference for me.
4. I try to look at the registry myself and see what else could be fixed:
To test, I used the createevent command (as described here
http://technet2.microsoft.com/WindowsServer/en/library/ff176dba-52f7-47c2-a5
dd-97f0d374593a1033.mspx?mfr=true) to create a test EventLog as shown below:
C:\>eventcreate /l application /so mylog4j /t information /id 999 /d
mylog4j-description
SUCCESS: A 'information' type event is created in the 'mylog4j' log/source.
C:\>
This event log shows cleanly in the Event Viewer:
=====================================================================
Event Type: Information
Event Source: mylog4j
Event Category: None
Event ID: 999
Date: 11/21/2006
Time: 5:50:09 PM
User: N/A
Computer: myPC
Description:
mylog4j-description
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
=====================================================================
Note that the createevent command can only take an Event ID equal or less
than 1000, so I used 999 for the test.
I compared the registry entries between the Log4j created by the
NTEventLogAppender and the mylog4j created by eventcreate command. I found
that one difference is that mylog4j has an entry in the following registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces=
mylog4j
WSH
WMIAdapter
....
I tried to add Log4j in that registry like this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces=
Log4j
mylog4j
WSH
WMIAdapter
....
but it doesn't help either.
I was wondering if NTEventLogAppender.dll needs to be recompiled for Windows
Server 2003 or XP, or the "description" field needs to be set. (Can it be
set in the NTEventLogAppender properties? I can't find the way to do it.)
However, the downlaoded logging-log4j-1.2.14.zip doesn't seem to have the
complete C++ source (missing all the header files, for instance?):
Directory of
D:\download\apache\log4j\logging-log4j-1.2.14\src\java\org\apache\log4j\nt
09/14/2006 02:04 AM 247 EventLogCategories.mc
09/14/2006 02:04 AM 7,424 nteventlog.cpp
09/14/2006 02:04 AM 4,304 NTEventLogAppender.java
09/14/2006 02:04 AM 2,417 NTEventLogAppender.rc
09/14/2006 02:04 AM 253 package.html
5 File(s) 14,645 bytes
I have done some extensive research on this issue, but to no avail. I am
hoping that someone with in-depth knowledge on the log4j internals for
NTEventLogAppender could help out. Thanks in advance.
Regards,
Shuh
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org