通过 WMI 查询事件日志和 DCOM 的性质
首先是一些背景知识:
我目前正在使用 j-interop 查询从 Linux 机器到 Windows 机器的 WMI 调用,我正在针对 WMI 运行此查询:
SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'
并将其作为通知查询执行,以便我可以尽快取回数据正如它被创建的那样。然而,这在(罕见)时候证明是一个问题。
比如说,当用户更改根文件夹的权限时,我可能会被数千条日志淹没,系统可以很好地处理这个问题,java和互操作代码很高兴,但是WMI循环似乎是这样的:
Hook into event
while(forever)
{
Query server for next event.
Do work with event.
}
显然这不是为我工作,因为我会从服务器来回跳转数千次,程序不会阻塞,但它肯定需要永远,我找不到一种方法来让事件发生返回所有待处理事件(我认为)。
下一个选择是跟踪 WMI 返回的最后一个记录 ID,并对记录 ID 大于最后一个的所有事件进行直接查询,我假设这会工作得更好,但是我对DCOM不熟悉。
所以我的问题:
如果我运行 ExecQuery 而不是通知查询,由于分布式 COM 的性质,我是否必须在客户端/服务器之间来回遍历查询返回的每条记录?
First some background:
I'm currently using j-interop to query WMI calls to a Windows box from a Linux box, I'm running this query against WMI:
SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'
And executing it as a notification query so I can get the data back as soon as it's created. However this proves an issue at (rare) times.
Say, when a user changes permissions on a root folder, I can be flooded with thousands of logs, the system can handle this fine, java and the interop code is happy, however the WMI cycle seems to be this:
Hook into event
while(forever)
{
Query server for next event.
Do work with event.
}
Obviously this doesn't work for me, being as I'll jump back and forth from the server thousands of times, program doesn't choke but it sure takes forever, I can't find a way to get the event to return all pending events (I think).
The next choice is to keep track of the last record ID returned by WMI, and do a straight up query for all events where their record ID is greater than the last, I'm assuming this will work better, however I'm not familiar with DCOM.
So my question:
If I run a ExecQuery instead of a notification query, will I have to dance back and forth between client/server to iterate through each record returned by the query due to the nature of Distributed COM?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这里的主要解决方案是不使用 DCOM,它的效率非常低,并且我让服务器在执行大量 DCOM 指令时承受相当大的 CPU 压力。
如果我想远程执行此操作,或者在本地执行 WinAPI,我正在研究 Windows RPC Java 实现。
The main solution here is to not use DCOM for this, it's terribly inefficient and I've put servers under a decent amount of CPU strain executing large sets of DCOM instructions.
I'm looking into Windows RPC Java implementations if I wanted to do this remotely, or WinAPI locally.