troubleshooting Question
[Vb.net] Eventlog Watcher Service becomes unresponsive after large amount of entries
orbisict asked on
This is the situation:
I have written a Windows Service that monitors the Domain Controllers Security eventlog for certain events.
It filters the eventmessages and sends email if a filter is matched.
The service runs fine until our HR-->Active Directory import runs.
This adds ca. 2000 events to the Security eventlog within 2 seconds.
After this, the service still runs, but doesn't respond to new events anymore.
Hopefully someone can point me in the right direction to solve this
I have written a Windows Service that monitors the Domain Controllers Security eventlog for certain events.
It filters the eventmessages and sends email if a filter is matched.
The service runs fine until our HR-->Active Directory import runs.
This adds ca. 2000 events to the Security eventlog within 2 seconds.
After this, the service still runs, but doesn't respond to new events anymore.
Hopefully someone can point me in the right direction to solve this
Imports System.Threading
Imports System.Net.Mail
Imports System.Security.Principal
Public Class EventLogWatcherService
Private Shared signal As AutoResetEvent
Protected Overrides Sub OnStart(ByVal args() As String)
' This is where the service starts
'Start the Event Log Watcher Service as a new thread
Dim workerThread = New Thread(AddressOf WatchEventLog)
workerThread.Start()
'Write start message to Eventlog
WriteLogMessage("Service Started", EventLogEntryType.Information)
End Sub
Public Sub WatchEventLog()
'Set new event
signal = New AutoResetEvent(False)
'Connect to the OS-Security Eventlog
Dim logwatcherlog = New EventLog("Security", ".", "LogMonitoringService")
logwatcherlog.Source = "LogMonitoringService"
'Add event handler to the Security Eventlog. This triggers at new events
AddHandler logwatcherlog.EntryWritten, New System.Diagnostics.EntryWrittenEventHandler(AddressOf EventLog1_EntryWritten)
logwatcherlog.EnableRaisingEvents = True
'Wait for Event
signal.WaitOne()
End Sub
Public Sub EventLog1_EntryWritten(ByVal [source] As Object, ByVal e As entryWrittenEventArgs)
'Check the Events on EventID's. On match a new thread is fired to handle this event.
If e.Entry.InstanceId = "4728" Or e.Entry.InstanceId = "4729" Then
Dim thread As New Threading.Thread(AddressOf FoundEventToHandle)
thread.Start(e)
End If
End Sub
Public Sub FoundEventToHandle(ByVal e As EntryWrittenEventArgs)
‘Filters the eventmessage and sends an email on a filter match.
'** WHEN HR-->AD IMPORT IS RUN, THIS PART ISN"T REACHED**
'Dispose the current Entry to prevent unresponive service
e.Entry.Dispose()
'Sleep short and Signal for complete
Thread.Sleep(1)
signal.Set()
End Sub
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.