[jcifs] eventlog.patch issues

Michael B Allen ioplex at gmail.com
Wed Aug 20 19:31:27 GMT 2008


On Wed, Aug 20, 2008 at 2:21 PM, Marasim <marasim at gmail.com> wrote:
> Hi All:
>
> Can somebody help me with the eventlog patch. I am not able to retrieve some of
> the description fields for Windows events. For example, for evnt ID 531, I am
> not able to retrieve the Reason code (which is Account currently disabled). Is
> this something which only MSFT proprietary DLLs can retrieve and decode?
>
> I would appreciate any help in this regard.

If you can see some event log records and not others, my guess would
be that it's either some kind of "access mask" or permissions issue.

The best way to debug this sort of thing is to get a packet capture of
the Event Log Viewer looking at the target records and then compare
that to a capture of JCIFS doing the same thing using WireShark. Then
you'll see definitively if the target information is even in the
server response.

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/


More information about the jcifs mailing list