[wpkg-users] Event Log format

Charles Gargent charlesgargent at gmail.com
Thu Nov 19 16:18:43 CET 2009 

2009/11/19 Rainer Meier <r.meier at wpkg.org>:
> Hi Charles,
>
> Charles Gargent wrote:
>> I export the eventlogs from each client to a central log on the server
>> so I can parse them latter. Unfortunately the line breaks in the
>> message come through with the export. I have made a start on changing
>> the script and removing the line breaks, does anyone know where all
>> the occurrences are that need to be changed? I am using version 1.1.2
>>
>> Would it be possible to change this in future versions? Obviously it
>> doesnt look as pretty when looking in the eventlog but then all the
>> other eventlog entries are on one line aswell, probably for this very
>> reason.
>
> Actually I cannot confirm that other event logs are all single-liners. Had a
> quick look on the machine I am writing this and the first entry (Source:
> Security-SPP) shows ~10 lines. Another example is coming from the IAANTmon
> (Intel Matrix Storage) which contains quite a lot of text and information.
>
> I agree that lots of entries are typically very very short and therefore fit on
> one line but this is no strict requirement. So if your "tool" has problems to
> parse multi-line messages, then you should probably think about improving this
> instead of asking all vendors around the world (including Microsoft built-in
> loggers) to change.
>
> Multi-Line messages are nothing more than simple text strings with some "\n\r"
> characters inside. So any tool could actually parse them as normal characters.
>
>
> WPKG itself already concatenates multi-line log messages to single-line messages
> before it writes them to the log files. In this case line breaks ("\n\r") are
> replaced by pipe characters.
>
> So if you really wish to have single-line entries in your event log you might
> decide to write the single-lined entries which are usually sent to the log files
> to event log.
>
> This can be done quite easily. Try changing line 5776 (1.1.3-RC2) from
>
> WshShell.logEvent(type, "" + description);
>
> to
>
> WshShell.logEvent(type, getLogLine("dummy", description));
>
> This will make WPKG log log-file-style single-line events.
> If you want to include the real severity instead of dummy then you will have to
> re-arrange some code in the log() function.
>
> If you do not want the lines to be formatted like log file entries you could
> also copy some code from the getLogLine() method in order to replace linebreaks
> by pipe characters.
>
>
>
> I do not plan to include such a change in any official version since I believe
> multi-line output in event log is common and helps increasing readability. So I
> still recommend you to make your tools capable of using multi-line event log
> entries - especially because WPKG is for sure not the only one using formatted
> messages.
>
> br,
> Rainer
>
Thanks for that, after I posted I think I did your last suggestion

I add the following in line 5753 of v1.1.2
description = description.replace(new
RegExp("(\\r\\n)|(\\n\\r)|[\\r\\n]+", "g"), " ");

that seems to work.

fyi the tool I use to export the eventlogs is Logparser

More information about the wpkg-users mailing list