<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.6944.0">
<TITLE>ReadEventLog doesn't return, CPU usage increases</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">This is running Python 2.3 on windows 2003/windows xp.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">I have written a script to display and filter the Win32 event log in a scrolling list to the command line (it also does some summary tasks). It uses the win32evtlog.ReadEventLog to seek or scan the event log based on filter parameters. It is supposed to run until the user kills it, so there are repeated calls to ReadEventLog. </FONT></P>
<P><FONT SIZE=2 FACE="Arial">The problem is that after the script has run from some time (usually several hours), the call to ReadEventLog seems to hang and the CPU usage increases dramatically (from nil to 30-50%). The script does not exit this stage, and has to be broken manually with Ctrl-C. I've tried closing and reopening the event log handle after it has been open for an hour. I've added explicit calls to the garbage collector. Neither helped at all.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">I realize that this is an API call, so it may not be a python issue. But I have seen this type of behavior on other scripts (not event loggers), but they were test/debug tools and weren't important enough to track down the issue.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Any help would be appreciated.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">code example:</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"> def OpenLog( self ):</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #open event log</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #</FONT>
<BR><FONT SIZE=2 FACE="Arial"> self.mHandle = win32evtlog.OpenEventLog( self.mComputer</FONT>
<BR><FONT SIZE=2 FACE="Arial"> , self.mLogType</FONT>
<BR><FONT SIZE=2 FACE="Arial"> )</FONT>
<BR><FONT SIZE=2 FACE="Arial"> if not self.mHandle:</FONT>
<BR><FONT SIZE=2 FACE="Arial"> raise ValueError, "invalid handle"</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"> self.mLogOpenTmst = time.time()</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"> def CloseLog( self ):</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"> win32evtlog.CloseEventLog( self.mHandle )</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"> def ReadLog( self ):</FONT>
</P>
<P> <FONT SIZE=2 FACE="Arial">self.mFlags = win32evtlog.EVENTLOG_FORWARDS_READ|win32evtlog.EVENTLOG_SEEK_READ</FONT>
<BR><FONT SIZE=2 FACE="Arial"> vEventScon = win32evtlog.ReadEventLog( self.mHandle</FONT>
<BR><FONT SIZE=2 FACE="Arial"> , self.mFlags</FONT>
<BR><FONT SIZE=2 FACE="Arial"> , self.mLogOffset</FONT>
<BR><FONT SIZE=2 FACE="Arial"> )</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # if not found, try again in 5 seconds</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #</FONT>
<BR><FONT SIZE=2 FACE="Arial"> if not vEventScon:</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"> #</FONT>
<BR><FONT SIZE=2 FACE="Arial"> # If we've had the log open for more than 1 hour, dump it and reopen</FONT>
<BR><FONT SIZE=2 FACE="Arial"> #</FONT>
<BR><FONT SIZE=2 FACE="Arial"> if ( time.time() > (self.mLogOpenTmst + 3600) ):</FONT>
<BR><FONT SIZE=2 FACE="Arial"> self.CloseLog()</FONT>
<BR><FONT SIZE=2 FACE="Arial"> self.OpenLog()</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial"> time.sleep( 5 )</FONT>
<BR><FONT SIZE=2 FACE="Arial"> return bOk</FONT>
</P>
<P> <FONT SIZE=2 FACE="Arial">#</FONT>
<BR> <FONT SIZE=2 FACE="Arial"># snip...</FONT>
<BR> <FONT SIZE=2 FACE="Arial"># manipulate event records here</FONT>
<BR> <FONT SIZE=2 FACE="Arial">#</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">#</FONT>
<BR><FONT SIZE=2 FACE="Arial"># main</FONT>
<BR><FONT SIZE=2 FACE="Arial">#</FONT>
<BR><FONT SIZE=2 FACE="Arial">OpenLog</FONT>
<BR><FONT SIZE=2 FACE="Arial">Ok = 1</FONT>
<BR><FONT SIZE=2 FACE="Arial">while Ok:</FONT>
<BR> <FONT SIZE=2 FACE="Arial">Ok = ReadLog()</FONT>
<BR><FONT SIZE=2 FACE="Arial">CloseLog()</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Jeff</FONT>
</P>
</BODY>
</HTML>