This course has been developed to provide you with the requisite knowledge to not only pass the AWS CSA certification exam but also gain the hands-on experience required to become a qualified AWS Solutions architect working in a real-world environment.
Course Of The Month
10 days, 4 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
[Vb.net] Eventlog Watcher Service becomes unresponsive after large amount of entries
Posted on 2013-01-07
This is the situation:
I have written a Windows Service that monitors the Domain Controllers Security eventlog for certain events.
It filters the eventmessages and sends email if a filter is matched.
The service runs fine until our HR-->Active Directory import runs.
This adds ca. 2000 events to the Security eventlog within 2 seconds.
After this, the service still runs, but doesn't respond to new events anymore.
Hopefully someone can point me in the right direction to solve this
I have written a Windows Service that monitors the Domain Controllers Security eventlog for certain events.
It filters the eventmessages and sends email if a filter is matched.
The service runs fine until our HR-->Active Directory import runs.
This adds ca. 2000 events to the Security eventlog within 2 seconds.
After this, the service still runs, but doesn't respond to new events anymore.
Hopefully someone can point me in the right direction to solve this
Imports System.Threading
Imports System.Net.Mail
Imports System.Security.Principal
Public Class EventLogWatcherService
Private Shared signal As AutoResetEvent
Protected Overrides Sub OnStart(ByVal args() As String)
' This is where the service starts
'Start the Event Log Watcher Service as a new thread
Dim workerThread = New Thread(AddressOf WatchEventLog)
workerThread.Start()
'Write start message to Eventlog
WriteLogMessage("Service Started", EventLogEntryType.Information)
End Sub
Public Sub WatchEventLog()
'Set new event
signal = New AutoResetEvent(False)
'Connect to the OS-Security Eventlog
Dim logwatcherlog = New EventLog("Security", ".", "LogMonitoringService")
logwatcherlog.Source = "LogMonitoringService"
'Add event handler to the Security Eventlog. This triggers at new events
AddHandler logwatcherlog.EntryWritten, New System.Diagnostics.EntryWrittenEventHandler(AddressOf EventLog1_EntryWritten)
logwatcherlog.EnableRaisingEvents = True
'Wait for Event
signal.WaitOne()
End Sub
Public Sub EventLog1_EntryWritten(ByVal [source] As Object, ByVal e As entryWrittenEventArgs)
'Check the Events on EventID's. On match a new thread is fired to handle this event.
If e.Entry.InstanceId = "4728" Or e.Entry.InstanceId = "4729" Then
Dim thread As New Threading.Thread(AddressOf FoundEventToHandle)
thread.Start(e)
End If
End Sub
Public Sub FoundEventToHandle(ByVal e As EntryWrittenEventArgs)
‘Filters the eventmessage and sends an email on a filter match.
'** WHEN HR-->AD IMPORT IS RUN, THIS PART ISN"T REACHED**
'Dispose the current Entry to prevent unresponive service
e.Entry.Dispose()
'Sleep short and Signal for complete
Thread.Sleep(1)
signal.Set()
End Sub
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
3
6 Comments
Active 3 days ago
I think it happens because you try to create 2000 threads within 2 seconds which overwhelms it. What you can do is change the approach and use a queue with a single thread. Whenever a new entry is written, you put the EntryWrittenEventArgs into a queue. A single thread can then keep monitoring this queue and process the items when found.
Thanks @CodeCruiser, That was the solution !
I have it running already.
Just to be complete, here is part of the code that I changed:
In the Public Class, I added
in the Onstart I added a new thread to watch the eventlog queue
The Eventlog1 sub, where I handled the filter, now just looks like this:
The new Thread that watches the collection looks like this:
I have it running already.
Just to be complete, here is part of the code that I changed:
In the Public Class, I added
Public EntryCollection As New Collection
in the Onstart I added a new thread to watch the eventlog queue
Dim EventCollectionWatcheTread = New Thread(AddressOf EventCollectionWatcher)
EventCollectionWatcheTread.start()
The Eventlog1 sub, where I handled the filter, now just looks like this:
Public Sub EventLog1_EntryWritten(ByVal [source] As Object, ByVal e As EntryWrittenEventArgs)
'Add new entries to queue
EntryCollection.Add(e)
signal.Set()
End Sub
The new Thread that watches the collection looks like this:
Public Sub EventCollectionWatcher()
Do
If EntryCollection.Count > 0 Then
Dim e As EntryWrittenEventArgs = EntryCollection(1)
If e.Entry.InstanceId = "4728" Or e.Entry.InstanceId = "4729" Then
Dim thread As New Threading.Thread(AddressOf FoundEventToHandle)
thread.Start(e)
End If
EntryCollection.Remove(1)
End If
Thread.Sleep(100)
Loop
End Sub
Active 3 days ago
By the way, you are still creating extra threads in EventCollectionWatcher method which you don't need to as this method is already executing on a separate thread so you can put the code from FoundEventToHandle method in there.
Thanks CodeCruiser, I'm new to thread programming, therefore I really appreciate your assistance !
The 'FoundEventToHandle' sub is rather large and I'd like to leave it as a seperate sub.
Would it be ok to handle the event as shown below ?
Is it also correct to assume that I can delete the line 'Thread.Sleep(100)' too, because the code is now running as a single thread ?
Thanks !
The 'FoundEventToHandle' sub is rather large and I'd like to leave it as a seperate sub.
Would it be ok to handle the event as shown below ?
Is it also correct to assume that I can delete the line 'Thread.Sleep(100)' too, because the code is now running as a single thread ?
Thanks !
Public Sub EventCollectionWatcher()
Do
If EntryCollection.Count > 0 Then
Dim e As EntryWrittenEventArgs = EntryCollection(1)
If e.Entry.InstanceId = "4728" Or e.Entry.InstanceId = "4729" Then
FoundEventToHandle()
End If
EntryCollection.Remove(1)
End If
Loop
End Sub
Featured Post
Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In my previous article (http://www.experts-exchange.com/Programming/Languages/.NET/.NET_Framework_3.x/A_4362-Serialization-in-NET-1.html) we saw the basics of serialization and how types/objects can be serialized to Binary format. In this blog we wi…
This document covers how to connect to SQL Server and browse its contents. It is meant for those new to Visual Studio and/or working with Microsoft SQL Server. It is not a guide to building SQL Server database connections in your code. This is mo…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month10 days, 4 hours left to enroll
624 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.