Hi,
I am using logging-log4j-1.2.14 to log data with great success for various
log4j appenders:
1. RollingFileAppender for local lolg file.
2. SyslogAppender for remote syslog on Linux platform.
My Windows platforms tested include both Windows Server 2003 and Windows XP.
However, for the NTEventLogAppender appender, I keep getting annoying
EventLog message in the Event Viewer:
The description for Event ID ( 4096 ) in Source ( Log4j ) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be
able to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event: [my
real log info displays correctly here...]
I have searched for an answer for this (well-known?) problem. However, all
the "solutions" that I found so far do not apply to my situation.
Here is my NTEventLogAppender configuration in log4j.properties:
# NTEventLog Appender
log4j.appender.EventLogger=org.apache.log4j.nt.NTEventLogAppender
log4j.appender.EventLogger.Threshold=DEBUG
log4j.appender.EventLogger.Name=WindowsEventLog
log4j.appender.EventLogger.layout=org.apache.log4j.PatternLayout
log4j.appender.EventLogger.layout.ConversionPattern=%-5p %d{ISO8601} - %m%n
The "solutions" that I found (but not working for me) include:
1. Make sure that NTEventLogApplender.dll is located in the system path (
<http://mail-archives.apache.org/mod_mbox/logging-log4j-user/200108.mbox/%3c
[EMAIL PROTECTED]> ):
I followed the instructions desccribed in the above link to place the
NTEventLogApplender.dll in the C:\Windows\system32 folder, it does not solve
the problem. Since the solution shown above uses C:\WINNT\system32 as an
example, I even tried to create the C:\WINNT\system32 on my Windows Server
2003 and placed the NTEventLogApplender.dll file there, but it doesn't make
a different either.
2. Make sure that the path is added to EventMessageFile (
http://blog.gmane.org/gmane.comp.jakarta.log4j.devel/day=20021115 ):
In both cases (C:\WINNT\system32 and C:\Windows\system32), I also edited the
registry to add the path to the EventMessageFile. This solution also makes
no difference,
3. Try to resolve the problem with /AUXSOURCE= flag (
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=10755 ):
Although I am running the application to send the log locally to the
EventLog and should not have to specify the /AUXSOURCE= flag, I nonetheless
tried to speccify /AUXSOURCE=my.ip.dotted.address flag, this also makes no
difference for me.
4. I try to look at the registry myself and see what else could be fixed:
To test, I used the createevent command (as described here
http://technet2.microsoft.com/WindowsServer/en/library/ff176dba-52f7-47c2-a5
dd-97f0d374593a1033.mspx?mfr=true) to create a test EventLog as shown below:
C:\>eventcreate /l application /so mylog4j /t information /id 999 /d
mylog4j-description
SUCCESS: A 'information' type event is created in the 'mylog4j' log/source.
C:\>
This event log shows cleanly in the Event Viewer:
=====================================================================
Event Type: Information
Event Source: mylog4j
Event Category: None
Event ID: 999
Date: 11/21/2006
Time: 5:50:09 PM
User: N/A
Computer: myPC
Description:
mylog4j-description
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
=====================================================================
Note that the createevent command can only take an Event ID equal or less
than 1000, so I used 999 for the test.
I compared the registry entries between the Log4j created by the
NTEventLogAppender and the mylog4j created by eventcreate command. I found
that one difference is that mylog4j has an entry in the following registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces=
mylog4j
WSH
WMIAdapter
....
I tried to add Log4j in that registry like this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\So
urces=
Log4j
mylog4j
WSH
WMIAdapter
....
but it doesn't help either.
I was wondering if NTEventLogAppender.dll needs to be recompiled for Windows
Server 2003 or XP, or the "description" field needs to be set. (Can it be
set in the NTEventLogAppender properties? I can't find the way to do it.)
However, the downlaoded logging-log4j-1.2.14.zip doesn't seem to have the
complete C++ source (missing all the header files, for instance?):
Directory of
D:\download\apache\log4j\logging-log4j-1.2.14\src\java\org\apache\log4j\nt
09/14/2006 02:04 AM 247 EventLogCategories.mc
09/14/2006 02:04 AM 7,424 nteventlog.cpp
09/14/2006 02:04 AM 4,304 NTEventLogAppender.java
09/14/2006 02:04 AM 2,417 NTEventLogAppender.rc
09/14/2006 02:04 AM 253 package.html
5 File(s) 14,645 bytes
I have done some extensive research on this issue, but to no avail. I am
hoping that someone with in-depth knowledge on the log4j internals for
NTEventLogAppender could help out. Thanks in advance.
Regards,
Shuh
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
