First some background:
I'm currently using j-interop to query WMI calls to a Windows box from a Linux box, I'm running this query against WMI:
SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'
And executing it as a notification query so I can get the data back as soon as it's created. However this proves an issue at (rare) times.
Say, when a user changes permissions on a root folder, I can be flooded with thousands of logs, the system can handle this fine, java and the interop code is happy, however the WMI cycle seems to be this:
Hook into event
while(forever)
{
Query server for next event.
Do work with event.
}
Obviously this doesn't work for me, being as I'll jump back and forth from the server thousands of times, program doesn't choke but it sure takes forever, I can't find a way to get the event to return all pending events (I think).
The next choice is to keep track of the last record ID returned by WMI, and do a straight up query for all events where their record ID is greater than the last, I'm assuming this will work better, however I'm not familiar with DCOM.
So my question:
If I run a ExecQuery instead of a notification query, will I have to dance back and forth between client/server to iterate through each record returned by the query due to the nature of Distributed COM?
The main solution here is to not use DCOM for this, it's terribly inefficient and I've put servers under a decent amount of CPU strain executing large sets of DCOM instructions.
I'm looking into Windows RPC Java implementations if I wanted to do this remotely, or WinAPI locally.