How To Use Log4jna

Oct 14, 2010 at 4:06 PM

I work for Booz Allen Hamilton and am looking for a replacement for NTEventLogAppender that works with Windows 7 (32 and 64 bit). Google brought me to your pages. Here's my feedback.

1) This has to be run in a process that is running as administrator (new in Vista and 7) otherwise there are access issues getting to the registry. I have to read into the code more but I'm not clear on why it is accessing the registry in the first place when I've already setup the "Log4jna" key under HKLM\SYSTEM\CurrentControlSet\services\eventlog along with the two string and dword values. My installer should do that as a one-time thing so again I'm not sure why it's being accessed.

2) I had a difficult time finding the logged events! This is more a Windows 7 issue. I was expecting them to appear in the "Application" logs but instead I had to open "Saved Logs" and point to the Log4jna.evtx file.

3) Once I was able to view the log entries I was confused by what I saw:

The description for Event ID 4096 from source Log4jna cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

203 [main] DEBUG org.apache.log4j.win32.Win32EventLogAppenderTest - Message 5

java.lang.Exception: Just testing. at org.apache.log4jna.nt.Win32EventLogAppenderTest.main(Win32EventLogAppenderTest.java:56)

the message resource is present but the message is not found in the string/message table

 The intended messages was imbedded but I didn't get the issue with the event id. Then when I read the comment in the code I felt that I was missing something, where is the "message resource which consists of just '%1'"?

 

private void reportEvent(String message, intpriority) {

  // This is the only message supported by the package. It is backed by  

 // a message resource which consists of just '%1' which is replaced

 // by the string we just created.

The logging did happen but I would sure like to know how to clean up some of these issues.

Thanks,

-Dave

 

 

 

Coordinator
Oct 14, 2010 at 4:22 PM

I believe all your problems are caused by the fact that you're creating a Log4jna entry in the wrong place. It needs to be under Application, not under eventlog. I wrote two FAQs.

Let me know if these help.

 

Oct 14, 2010 at 9:27 PM

Good catch -- I hadn't realized that I skipped the "Application" key. Once I place my key under it everything went well.

Thanks for updating the jar file and for the demo program. I had difficulty using both BasicConfigurator and PropertyConfigurator together (and in either order) as shown below. I wanted to keep the BasicConfigurator so I could get the proper 'source' name to appear in the Event Viewer. Is there a way to set the source name in the log4j.properties file and then skip using the BasicConfigurator?

	static Logger logger = LogManager.getLogger(XXXXXXXEventLogger.class);

	public static void main(String[] args) {
		try {
			BasicConfigurator.configure(new Win32EventLogAppender("XXXXXXX Service"));
			PropertyConfigurator.configureAndWatch("log4j.properties");

Coordinator
Oct 14, 2010 at 9:41 PM
Is there a way to set the source name in the log4j.properties file and then skip using the BasicConfigurator?

	static Logger logger = LogManager.getLogger(XXXXXXXEventLogger.class);

	public static void main(String[] args) {
		try {
			BasicConfigurator.configure(new Win32EventLogAppender("XXXXXXX Service"));
			PropertyConfigurator.configureAndWatch("log4j.properties");

 

Yes, you shouldn't be doing the above (aka using BasicConfigurator). Configure log4j generically with a PropertyConfiguration.

PropertyConfigurator.configureAndWatch("log4j.properties"); 
Then do the rest of the configuration inside log4j.properties, including for source.
log4j.rootCategory=INFO, S, E

org.apache.log4jna.nt.demo=DEBUG

log4j.appender.S = org.apache.log4j.ConsoleAppender
log4j.appender.S.layout = org.apache.log4j.PatternLayout
log4j.appender.S.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n

log4j.appender.E = org.apache.log4jna.nt.Win32EventLogAppender
log4j.appender.E.layout = org.apache.log4j.PatternLayout
log4j.appender.E.source = demo
log4j.appender.E.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n

Do log4j.appender.E.source = demo to specify the source. The log4j.properties can be embedded in your JAR (as in the demo application) or can be a free-floating file on classpath.

Oct 15, 2010 at 4:54 PM

When using the log4jna.jar file released Thursday, October 14, 2010, I began having access issues again with the registry. The entry for my service (xxxxx Servuce) was in HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\xxx Service and the 4 values were correct. I tried running my service from a command prompt having administrator privilege and found that an additional registry entry was being made, HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Log4jna. The access problem I was having was about creating this key and not the key for my service. Was this intentional that the additional key entry is now required? The following was added when running my service with administrator privilege. Once this additional key was created, I had no difficulty running my service without administrator privilege.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Log4jna]
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000006

Coordinator
Oct 15, 2010 at 5:11 PM

Okay, my bad. This thing is prematurely trying to register the event source in the constructor before the name was set (copy paste from log4j's NTEventLogAppender). Try 1.0.57962.0.