Community
Participate
Working Groups
Problem is found on Windows Security log parsing on Vista platform. Error is thrown when try to run standalone or Eclipse import of Windows Security log. To workaround the problem, Eclipse or standalone process must be started/run as administrator.
While I run the standalone process on the Vista platform without run as administrator, I get error message "<ACADErrorHeader> Failed to open event log". While I use Eclipse to import of Windows Security Log, a error log dialog is poped up, error message is" An error occurred while attempting to import the log file Microsoft Windows Security log . java.lang.Exception: IWAT0239E Converter command failed: java.lang.Exception: IWAT0238E Converter process ended with exit value 43" Exception stack trace : org.eclipse.hyades.logging.parsers.LogParserException: IWAT0412E Errors occurred parsing the log file null. at org.eclipse.hyades.logging.parsers.importer.ParserWrapper.parse(ParserWrapper.java:144) at org.eclipse.hyades.logging.parsers.internal.importer.LocalLogImportLoader.startParsing(LocalLogImportLoader.java:95) at org.eclipse.tptp.monitoring.logui.internal.wizards.ImportLogWizard$LocalLogImportJob.runOnLocalHost(ImportLogWizard.java:1504) at org.eclipse.tptp.monitoring.logui.internal.wizards.ImportLogWizard$LocalLogImportJob.run(ImportLogWizard.java:1471) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:58)
Sorry I used the lab machine to add the comment 1 which by default logged in by Liz.
In Vista although the user is logged on as an administrator, an application is run as a standard user by default. However, in order to open and read Windows security log, user needs Local System, Administrator account privilege. Or if user is granted one of the following privileges, he/she can open and read security log: SE_SECURITY_NAME privilege (the "manage auditing and security log" user right). The SE_AUDIT_NAME privilege. For more information, see Authorization Data Types and Constants. http://msdn2.microsoft.com/en-us/library/aa363658.aspx http://msdn2.microsoft.com/fr-fr/library/4xz6w79h(VS.71).aspx Therefore, the EventLogReader.exe which reads the security log and write to a text file has to be started as the administrator. The workarounds for this problem : . Local Log import: start the Eclipse as administrator . Remote Log import: srart AC as administrator . Starndalone GLA: 1. go to "GLA_HOME"\config\Windows\security, select EventLogReader.exe->right click -> select Properties->select Compatibility-> check "Run this program as an administrator" ->ok 2. modify the "GLA_HOME"\config\Windows\security\regex_example.adapter" change: <pu:Property propertyName="converter" propertyValue=""eventlogreader.exe" security .\error.log"/> <sensor:SingleFileSensor converter=""eventlogreader.exe" security .\error.log" directory="." fileName="error.log"/> to <pu:Property propertyName="converter" propertyValue="cmd.exe /c eventlogreader.exe security .\error.log"/> <sensor:SingleFileSensor converter="cmd.exe /c eventlogreader.exe security .\error.log" directory="." fileName="error.log"/>
Changing summary to be more descriptive.
Changing summary again.
Deferring this to 4.4 for further investigation into ways to resolve this issue programmatically. Bugzilla https://bugs.eclipse.org/bugs/show_bug.cgi?id=170530 was opened to add items to the 4.2 and 4.3 release notes for this issue.
Assigning to Cindy and targetting to fix this in i2
Created attachment 65141 [details] manifest file
Created attachment 65142 [details] manifest file and project fiel unzip these two files to org.eclipse.hyades.logging.parsers\src.native\EventLogReader2
I committed the attached files to TPTP Head CVS which will cause EventLogReader2.exe to be built with the required security settings so the adminstrator user can run the program without changing any properties or settings of the executable.
The EventLogReader2.exe file which is compiled with the manifest file, can't be executed on the vista machine without visual studio 2005 installed. Also this manifest only solves the problem for not need to run as administrator for standalone process. If use Eclipse to import windows logs on vista and don't start Eclipse as administrator , it failed with error message: "An error occurred while attempting to import the log file org.eclipse.hyades.logging.parsers.WindowsApplicationLogParser. IWAT0412E Errors occurred parsing the log file null. java.lang.Exception: IWAT0239E Converter command failed: java.io.IOException: CreateProcess: error=740"; It is a bug for java, as http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6410605. The workaround is to execute the native process command with"cmd.exe /c eventlogread2.exe ......"
Created attachment 65547 [details] patch ParserWrapper
Patch for ParserWrapper committed to TPTP Head CVS.
Created attachment 65613 [details] EventLogReader2.cpp remove the printf
Created attachment 65727 [details] EventLogReader2.cpp print dot at the command screen
Committed change to EventLogReader2.cpp to TPTP Head CVS.
Created attachment 65800 [details] porject files using static link option
I committed the changes to the build files to statically link the required DLL's. All problems should be fixed now. Resolving the defect as FIXED.
the EventLogReader2.exe.manifest file needs to be updated to remove the information about Microsoft.VC80.CRT dlls.Otherwise, the same error happens on the platform without VC 2005 installed.
Created attachment 66227 [details] manifest file
Created attachment 66228 [details] project file
Committed the latest fixes to the build files to TPTP Head CVS
CLOSE BUG