Mailing-List: contact log4j-user-help@logging.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Log4J Users List" <log4j-user@logging.apache.org>
Received-SPF: neutral (nike.apache.org: local policy)
Message-Id: <CF2D934E-331C-46A4-B826-296FECE920BF@apache.org>
From: Curt Arnold <carnold@apache.org>
To: "Log4J Users List" <log4j-user@logging.apache.org>
In-Reply-To: <32424.1180.qm@web111910.mail.gq1.yahoo.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Re: NTEventLogAppender
Date: Sun, 23 Aug 2009 20:48:25 -0500
References: <32424.1180.qm@web111910.mail.gq1.yahoo.com>


On Aug 21, 2009, at 12:52 PM, Aa Bb wrote:

> Hello,
> I am using various appenders in my xml configuration file, i.e.  
> Console, RollingFile, and SocketAppender.
> My NTEventLogAppender however is not working.
>
> Computer Config: Windows XP Service Pack 2
> Log4j: log4j-1.2.15
> I Did This: C:\windows\system32\NTEventLogAppender.dll
> I Did This: regsvr32 NTEventLogAppender.dll
>
> Before I switched machines the NTEventLogAppender was working fine.
> Now, when I send a log event the EventViewer.Security has an entry  
> stating: A trusted logon process has registered with the Local  
> Security Authority, Logon Process Name: KSecDD.

That message would seem to be unrelated to log4j.  From http://msdn.microsoft.com/en-us/library/bb204775(VS.85).aspx 
:
>
> The Microsoft kernel security support provider interface  
> (Ksecdd.sys) is a general purpose, software-based, cryptographic  
> module residing at the kernel mode level of Windows. Ksecdd.sys runs  
> as a kernel mode export driver, and provides cryptographic services  
> through their documented interfaces to kernel components. The only  
> built-in Microsoft provider algorithm that is not supported by  
> Ksecdd.sys is DSA.

 From a search, there are viruses that borrow the name of "KSecDD".   
Wasn't clear whether your message was normal behavior for KSecDD.


> I'm thinking that something was configured on my old machine that I  
> have to do on my new machine.
>
> Is there anything I am missing?
> Is there a java JNI file that I need to install?
>
> Thank you,
>

NTEventLogAppender must be on the execute path, which you would expect  
that it would be if it is installed in \windows\system32.  Could you  
try placing it in the current working directory from where you launch  
java?

Registering it will register the message resource, however if you  
don't register, all that would happen is that your messages are not  
formatted correctly in the Event Viewer.

It does not appear that you are running a 64-bit Java VM, but if you  
were you would need rebuild NTEventLogAppender.dll for x64 from the  
SVN HEAD.

A debugger or process viewer like http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx 
  may give you some insight to whether NTEventLogAppender.dll loaded  
successfully.

  
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org