Reputation: 31
EvtSubscribe not returning signal when using pull subscription
I used the same code given in [Microsoft documentation] (https://learn.microsoft.com/en-us/windows/win32/wes/subscribing-to-events#pull-subscriptions) to collect logs in real-time by subscribing to the event source "Application" in the event viewer but when the logs flow rate is high/log collection prolongs continuously for longer duration say 1-2days the waitForMultipleObjects function stop returning the signal.To simulate logs from PowerShell the following command was used and the EvtSubscribe query param were as follows
For($x=1; $x -lt 2000000; $x=$x+1)
{
Write-EventLog -LogName "Application" -Source "MyApps" -EventID 1116 -EntryType Error -Message "MyApp." -Category 1 -RawData 10,20
}
pwsPath = L"Application"
pwsQuery = "*"
EvtSubscribe(NULL, aWaitHandles[1], pwsPath, pwsQuery, NULL, NULL, NULL,EvtSubscribeStartAtOldestRecord);
From the a above Powershell command the log collection from the application runs for around 10minutes and stops abruptly and the event xmls are not printed in command prompt\console application
Tried with push subscription - for reference , and it works as intended and the log collection doesn't stop with high flow/log duration of time
What am i doing wrong here? Kindly help
Upvotes: 3
Views: 119
Answers (0)
Related Questions
- When does a process get SIGABRT (signal 6)?
- Why do people say there is modulo bias when using a random number generator?
- Does using const on function parameters have any effect? Why does it not affect the function signature?
- How to print to console when using Qt
- Mouse speed not changing by using SPI_SETMOUSESPEED
- Returning error codes from process when using CreateProcess