Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 158146

Summary: Windows Event Log rules adapters may generate incorrect creationTime values
Product: z_Archived Reporter: Hari H Krishna <harkrish>
Component: TPTP.monitoringAssignee: Dave Smith <smith>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P1 CC: igururao, labadie, umarkova
Version: unspecifiedKeywords: plan
Target Milestone: ---   
Hardware: PC   
OS: Windows XP   
Whiteboard: closed460

Description Hari H Krishna CLA 2006-09-21 09:53:18 EDT 
https://cs.opensource.ibm.com/bugzilla/show_bug.cgi?id=10654

Steps to Reproduce:
1. Import a WAS activity log (text version) with the rules-based adapter.
2. Notice that some of the creationTime values do not match the timestamps in 
the corresponding records in the log file.

This problem was introduced in AC 4.2 when the substitution rule for creation 
time was changed to use the @TIMEZONE and timeFormat string options.

TPTP adapter to be modified
1. Windows Security
2. Windows Application
3. Windows System
Comment 1 Hari H Krishna CLA 2006-09-21 10:06:21 EDT 
As per discussion with Uliyana and Eric canging the severity to critical
Comment 2 Dave Smith CLA 2006-09-21 17:50:57 EDT 
While there is a problem parsing some log files with a rules adapter that uses a timeFormat string to parse a timestamp that includes fractional seconds, it does not affect the Windows Event log adapters.  This is because the Windows Event logs do not include a fractional second value but the EventLogReader program that converts the binary event log into a text file pads the timestamp with a fractional second value of 6 zeros (eg. CreationTime: 10/24/2005 14:25:05.000000;).  The fractional seconds are only an issue if they are non-zero.  In the Windows Event log case I believe they will always be zero.  I have never encountered one where it was non zero.  Therefore, I will downgrade the severity to normal since the problem has never been encountered with Windows Event Logs.  However, I'll target this to 4.3 to fix the creationTime rule to truncate the fractional seconds to 3 digits in case the event logs change in the future to generate timestamps with longer fractional seconds.
This downgrading has been negotiated with Eric Labadie who represents the consuming product who opened this bugzilla.
Comment 3 Dave Smith CLA 2006-10-24 17:23:02 EDT 
Deferring to 4.4 as it is not a stop ship issue and cannot be contained in 4.3.
Comment 4 Dave Smith CLA 2007-01-17 23:40:30 EST 
Added sizing.
Comment 5 Dave Smith CLA 2007-02-06 02:15:02 EST 
Targetting to fix in i3 and increasing priority to indicate it is planned for
4.4.
Comment 6 Dave Smith CLA 2007-02-06 17:43:15 EST 
Changing to a more appropriate component.  The adapter files are in the Monitor.Analysis component.
Comment 7 Dave Smith CLA 2007-04-25 15:20:38 EDT 
Committed fix to TPTP Head CVS.

The fix was to change the match pattern in the creationTime rule from

"(\d{2}/\d{2}/\d{4}\s\d{2}:\d{2}:\d{2}\.\d{6})"

to

"(\d{2}/\d{2}/\d{4}\s\d{2}:\d{2}:\d{2}\.\d{3})\d{3}"

in all Windows event log adapter files.
Comment 8 Paul Slauenwhite CLA 2009-06-30 13:15:28 EDT 
As of TPTP 4.6.0, TPTP is in maintenance mode and focusing on improving quality by resolving relevant enhancements/defects and increasing test coverage through test creation, automation, Build Verification Tests (BVTs), and expanded run-time execution. As part of the TPTP Bugzilla housecleaning process (see http://wiki.eclipse.org/Bugzilla_Housecleaning_Processes), this enhancement/defect is verified/closed by the Project Lead since this enhancement/defect has been resolved and unverified for more than 1 year and considered to be fixed. If this enhancement/defect is still unresolved and reproducible in the latest TPTP release (http://www.eclipse.org/tptp/home/downloads/), please re-open.