[wpkg-users] Event Log format

Rainer Meier r.meier at wpkg.org
Thu Nov 19 15:23:19 CET 2009 

Hi Charles,

Charles Gargent wrote:
> I export the eventlogs from each client to a central log on the server
> so I can parse them latter. Unfortunately the line breaks in the
> message come through with the export. I have made a start on changing
> the script and removing the line breaks, does anyone know where all
> the occurrences are that need to be changed? I am using version 1.1.2
> 
> Would it be possible to change this in future versions? Obviously it
> doesnt look as pretty when looking in the eventlog but then all the
> other eventlog entries are on one line aswell, probably for this very
> reason.

Actually I cannot confirm that other event logs are all single-liners. Had a
quick look on the machine I am writing this and the first entry (Source:
Security-SPP) shows ~10 lines. Another example is coming from the IAANTmon
(Intel Matrix Storage) which contains quite a lot of text and information.

I agree that lots of entries are typically very very short and therefore fit on
one line but this is no strict requirement. So if your "tool" has problems to
parse multi-line messages, then you should probably think about improving this
instead of asking all vendors around the world (including Microsoft built-in
loggers) to change.

Multi-Line messages are nothing more than simple text strings with some "\n\r"
characters inside. So any tool could actually parse them as normal characters.


WPKG itself already concatenates multi-line log messages to single-line messages
before it writes them to the log files. In this case line breaks ("\n\r") are
replaced by pipe characters.

So if you really wish to have single-line entries in your event log you might
decide to write the single-lined entries which are usually sent to the log files
to event log.

This can be done quite easily. Try changing line 5776 (1.1.3-RC2) from

WshShell.logEvent(type, "" + description);

to

WshShell.logEvent(type, getLogLine("dummy", description));

This will make WPKG log log-file-style single-line events.
If you want to include the real severity instead of dummy then you will have to
re-arrange some code in the log() function.

If you do not want the lines to be formatted like log file entries you could
also copy some code from the getLogLine() method in order to replace linebreaks
by pipe characters.



I do not plan to include such a change in any official version since I believe
multi-line output in event log is common and helps increasing readability. So I
still recommend you to make your tools capable of using multi-line event log
entries - especially because WPKG is for sure not the only one using formatted
messages.

br,
Rainer

More information about the wpkg-users mailing list