oiaohm wrote: > Not going to work any time soon. Wine does not have a event log so its not viewable. > > So yes API-MS-Win-Security-Base will not run. Wine is not a emulator and its called that for a reason. > > So far wine has had no real world reason to create a eventlog. Wine errors with more details to out to console. In fact if anything does try to write to eventlog it is just printed out on console. > > Other than eventlog checking programs no real world application has been found checking the evenlog. Need to implement basically zero because console will provide better details over the issues. Yeah, I can see that pretty much the only use for this is querying event logs. oiaohm wrote: > > Now for remote snooping on windows event logs. You don't need wine. WMI is just ms form of WBEM. WBEM is kinda a unified standard and with it you can probe windows machines eventlogs or Linux systems syslogs or what ever format logs the OS that supports WBEM has. > > http://docs.huihoo.com/zenoss/admin-guide/2.4.2/ch06s06.html > > Yes the reach out get windows eventlogs from Linux is general operations for many cross platform monitoring software suits. > > StrangeWill > > > For pulling logs over Windows RPC... neither which are available on Linux. > > > Basically I don't know where you got this from thinking I have software doing this every 1 min or so from windows boxes being managed. Even better using zenoss I can set up auto responses to eventlog events. WMI is a bit too slow for what we need to do, we're doing full auditing on our servers, which when major changes are made to the file system will produces thousands of logs a second (WMI will take minutes to catch up), and the DCOM overhead puts a bit of CPU load on the servers. I wanted to move away from WMI because of that. As far as I understand it, Windows RPC is not DCOM WMI, unless there is a way to make WMI requests over a non-DCOM interface.