On Aug 21, 2009, at 12:52 PM, Aa Bb wrote:
Hello,
I am using various appenders in my xml configuration file, i.e.
Console, RollingFile, and SocketAppender.
My NTEventLogAppender however is not working.
Computer Config: Windows XP Service Pack 2
Log4j: log4j-1.2.15
I Did This: C:\windows\system32\NTEventLogAppender.dll
I Did This: regsvr32 NTEventLogAppender.dll
Before I switched machines the NTEventLogAppender was working fine.
Now, when I send a log event the EventViewer.Security has an entry
stating: A trusted logon process has registered with the Local
Security Authority, Logon Process Name: KSecDD.
That message would seem to be unrelated to log4j. From http://msdn.microsoft.com/en-us/library/bb204775(VS.85).aspx
:
The Microsoft kernel security support provider interface
(Ksecdd.sys) is a general purpose, software-based, cryptographic
module residing at the kernel mode level of Windows. Ksecdd.sys runs
as a kernel mode export driver, and provides cryptographic services
through their documented interfaces to kernel components. The only
built-in Microsoft provider algorithm that is not supported by
Ksecdd.sys is DSA.
From a search, there are viruses that borrow the name of "KSecDD".
Wasn't clear whether your message was normal behavior for KSecDD.
I'm thinking that something was configured on my old machine that I
have to do on my new machine.
Is there anything I am missing?
Is there a java JNI file that I need to install?
Thank you,
NTEventLogAppender must be on the execute path, which you would expect
that it would be if it is installed in \windows\system32. Could you
try placing it in the current working directory from where you launch
java?
Registering it will register the message resource, however if you
don't register, all that would happen is that your messages are not
formatted correctly in the Event Viewer.
It does not appear that you are running a 64-bit Java VM, but if you
were you would need rebuild NTEventLogAppender.dll for x64 from the
SVN HEAD.
A debugger or process viewer like http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
may give you some insight to whether NTEventLogAppender.dll loaded
successfully.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
