ScottH
Posts: 6
Score: 0
Joined: 2.May2008
Status: offline
|
The W3C parsing routine appears to have a bug when it performs time correction to put the Time field into local time (since it is logged in UTC).
The two behaviors are as follows:
If the IIS server is set to roll over logs at midnight UTC (default behavior), all events between midnight and your local time correction (in my case 5:00a since I'm in Central Time) get archived automatically as Unclassified (even though Unclassified is set not to archive) possibly because they are considered Not In Work Hours (even though the server is defined as 24 hours a day) since there is no valid Time (that field is blank presumably because when the programmer took 3:00a and subtracted 5 hours, he ended up with a negative number that he didn't properly account for - it should correctly represent some local time of the previous day).
If the IIS server is set to roll over logs at midnight local time, all events that are caught the following day in that log (because of the time-skew) between midnight and your local time correction (in my case 5:00a since I'm in Central Time) have the same problem as above.
This is a huge problem.
|
Printable Version
W3C time correction problem in EventsManager 8.1.0 2008... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread