Richard:
I have run automated (24x7) tests on my product for days without issues with
the RAM-based EWF. I haven't actually tracked how many registry writes
occur though. I created a unique hive on another partition for the registry
settings that I need so that they are persistent between reboots. As for
the OS itself, I'm sure there is some writing to the registry in normal
operation. If you are updating the same registry key/value over time, I
don't think this consumes RAM over time as the same sector on disk is being
used. I seem to recall some discussion on this a very long time ago. Maybe
one of the MS EWF guys can comment on this again. Thus, I don't think you
would need to schedule a commit every 24 hours or so. Of course, the only
way to be sure is to run your product 24x7 and see what breaks.
HTH... Doug
Richard Jenkins said:
Thanks Doug -
This is what I suspected, but the MS documentation does not mention this.
They discuss the swap file, but not the event logs.
Ever had a problem with writes to the registry causing overflow in time?
Perhaps a commit once every
24 hrs is needed for this.
Has anyone run XPE with EWF without a reboot for extented periods of time?
-Richard
move
the
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application]
"File"="D:\\AppEvent.evt"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security]
"File"="D:\\SecEvent.evt"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System]
"File"="D:\\SysEvent.evt"
Also, if you don't move the event log files to another partition and
you
do
a lot of writes and you run out of memory you WILL blue screen for sure.
HTH... Doug
What is the recommended practice for Event Log files when using EWF
in
XPE
SP1? Is it recommended to move the event log files to an un-protected
partition when using EWF (RAM or disk based?) I would think that the
constant writing to the event log files would cause an overflow in
the
EWF
overlay over time. Anyone have any experience with this?
