I work for Booz Allen Hamilton and am looking for a replacement for NTEventLogAppender that works with Windows 7 (32 and 64 bit). Google brought me to your pages. Here's my feedback.
1) This has to be run in a process that is running as administrator (new in Vista and 7) otherwise there are access issues getting to the registry. I have to read into the code more but I'm not clear on why it is accessing the registry in the first place
when I've already setup the "Log4jna" key under HKLM\SYSTEM\CurrentControlSet\services\eventlog along with the two string and dword values. My installer should do that as a one-time thing so again I'm not sure why it's being accessed.
2) I had a difficult time finding the logged events! This is more a Windows 7 issue. I was expecting them to appear in the "Application" logs but instead I had to open "Saved Logs" and point to the Log4jna.evtx file.
3) Once I was able to view the log entries I was confused by what I saw:
The description for Event ID 4096 from source Log4jna cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component
on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
203 [main] DEBUG org.apache.log4j.win32.Win32EventLogAppenderTest - Message 5
java.lang.Exception: Just testing. at org.apache.log4jna.nt.Win32EventLogAppenderTest.main(Win32EventLogAppenderTest.java:56)
the message resource is present but the message is not found in the string/message table
The intended messages was imbedded but I didn't get the issue with the event id. Then when I read the comment in the code I felt that I was missing something, where is the "message resource which consists of just '%1'"?
void reportEvent(String message,
This is the only message supported by the package. It is backed by
// a message resource which consists of just '%1' which is replaced
// by the string we just created.
The logging did happen but I would sure like to know how to clean up some of these issues.