[wpkg-users] Event Log format

Charles Gargent charlesgargent at gmail.com
Thu Nov 19 19:13:34 CET 2009 

2009/11/19 Rainer Meier <r.meier at wpkg.org>:
> Hi Charles,
>
> Charles Gargent wrote:
>> Thanks for that, after I posted I think I did your last suggestion
>>
>> I add the following in line 5753 of v1.1.2
>> description = description.replace(new
>> RegExp("(\\r\\n)|(\\n\\r)|[\\r\\n]+", "g"), " ");
>>
>> that seems to work.
>
> Great.
>
>
>> fyi the tool I use to export the eventlogs is Logparser
>
> A google search revealed that it seems to be a Microsoft tool. However I've
> never used it. Are you sure it cannot handle multi-line eventlog entries?
> Another quick search on google pointed me to this site:
> <http://www.lizardl.com/PageHtml.aspx?lng=2&PageId=18&PageListItemId=17>
> Where one of the features of this parser seems to be to support multi-line logs:
>
> "[...]This input format is also used for parsing multiline text log files (one
> record is spread through one or more text lines) from various sources"
>
> On a blog about Log Parser 2.1 I found the statement that the next version (2.2
> is available already) should support multiple line parsing. See
> <http://weblogs.asp.net/rosherove/archive/2004/01/10/49441.aspx>.
>
> So there is hope that Microsoft either already fixed this issue or will fix it
> in the future. If not, then pre-parsers might help preparing the data for the tool.
>
> br,
> Rainer
>

Below there is a section from the help file,

Thanks for that, I never really looked at this setting. I have always
left in on by default. I will have to test a bit further as to what is
going on as it doesnt work. I dont fully understand what the wpkg.js
script is doing when it says  "replace new-lines by pipes" on line
5685. Is this a type of newline character in eventlog speak? If this
is the case then perhaps logparser only deals with one type and not
the other.

>From Helpfile:

formatMsg

Values: ON | OFF

Default: ON

Format the text message as a single line.

Details: Event text messages often span multiple lines. When this
parameter is set to "ON", the EVT input format preserves readability
of the messages by removing carriage-return, line-feed, and multiple
space characters from the message text.
When this parameter is set to "OFF", the EVT input format returns the
original message text with no intervening post-processing.

Example: -formatMsg:OFF

More information about the wpkg-users mailing list