X-Spam-Check-By: sourceware.org Date: Wed, 30 Nov 2005 18:45:09 -0500 (EST) From: Igor Pechtchanski Reply-To: cygwin AT cygwin DOT com To: cygwin AT cygwin DOT com Subject: Syslog "event source" registration [Was Re: Suggest cygrunsrv extension: --pidfile option (patch included)] In-Reply-To: <4385CE09.D2DAB8AF@dessent.net> Message-ID: References: <4380AB2E DOT 7010302 AT t-online DOT de> <20051121153016 DOT GI2999 AT calimero DOT vinschen DOT de> <438221C6 DOT 1080103 AT t-online DOT de> <20051122095442 DOT GL2999 AT calimero DOT vinschen DOT de> <4384E07F DOT 6000308 AT t-online DOT de> <20051124113107 DOT GC2999 AT calimero DOT vinschen DOT de> <1EfHhO-1i3eWO0 AT fwd33 DOT aul DOT t-online DOT de> <4385CE09 DOT D2DAB8AF AT dessent DOT net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Thu, 24 Nov 2005, Brian Dessent wrote: > Christian Franke wrote: > > > Unlike syslog, windows event log is intended to store only message > > parameters, not complete messages. > > The (probably localized) messages must be provided by such an "event > > message file" (the misleading MS-term;-), which is essentially an .exe > > or .dll containing (message id, string) pairs in a resource section. > > For Cygwin, this would be one trivial (0, "%1") pair. > > > > Does such a file (and associated registry tool) exist for Cygwin? > > It's trivial to add the RT_MESSAGETABLE resource to cygwin1.dll that > contains the single message "%1\r\n". It's complicated by the fact that > windres doesn't have parsing support for messagetables, but you can just > specify the raw binary for something this trivial. If you search the ML > archives someone posted the appropriate .rc bits a couple years ago. > > The hard part is that for every "event source" you need to add keys: > > HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\(name)\ > EventMessageFile = REG_SZ "c:\path\to\cygwin1.dll" > TypesSupported = REG_DWORD 0x1f > > where (name) is whatever the application passed to openlog()'s first > parameter. > > This sucks because it means that to truly do this right, the code in > Cygwin's openlog() has got to add these keys every time it's called. > But it can't just blindly overwrite whatever event source might exist > already because otherwise a malicious application that called e.g. > openlog("MsiInstaller", ...) would fubar the MSI event source. So it's > got to check if the event source exists, decide if it's a Cygwin event > source, figure out if the DLL path is correct, and if not, put the > current cygwin DLL path in the key. > > This is not insurmountable but it's kind of a pain. I've been slowly > working on a patch that does all this, but it's not ready yet. For the > time being I just add event sources manually and it works great. Why complicate openlog()? Let the Cygwin applications that use openlog() do this (e.g., in a postinstall script). We could even add a utility package in "Base", similar to "editrights", that contains scripts for adding and removing this setting (something like 'regtool add "KEY/$1/VAL"; regtool set "KEY/$1/VAL" "value"') that the postinstall and preremove scripts can invoke... That way this would also be cleaned up if, say, "openssh" were uninstalled. Igor -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! If there's any real truth it's that the entire multidimensional infinity of the Universe is almost certainly being run by a bunch of maniacs. /DA -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/