Library names injected if message not found in the message table

Question

Library names injected if message not found in the message table

project0 opened this issue 5 years ago · 3 comments

Note sure where is it coming from, but i see the library names only when the event log has no proper description.
I am using the eventlog2 plugin.

"DescriptionTitle": "The message resource is present but the message was not found in the message table.\r\n0.4.6/fluent/plugin/parser_winevt_xml.so"

"DescriptionTitle": "The message resource is present but the message was not found in the message table.\r\nib/fluent/plugin/in_windows_eventlog2.rb",
"EventData": [
  "C:\\ProgramData\\Datadog\\datadog.yaml seems to contain a valid configuration, not overwriting config"
],

Answer 1 · 2020-01-28T08:12:42.000Z

This is because message resource is not installed properly.
This phenomenon is also observed in Windows' event log viewer.
This is plugin limitation.

see:

NOTE: When Description contains error message such as The message resource is present but the message was not found in the message table., eventlog's resource file (.mui) related to error generating event is something wrong. This issue is also occurred in built-in Windows Event Viewer which is the part of Windows management tool.

Answer 2 · 2020-01-28T08:44:32.000Z

sorry, but i am not alking about the message itself, its regarding the injected libary name in the message: r\n0.4.6/fluent/plugin/parser_winevt_xml.so.

Answer 3 · 2020-01-28T10:20:50.000Z

Strictly speaking, we just use EvtFormatMessage to obtain events's Description.
This library name log glitch is caused by this Windows API....
We cannot fix it.