public void ParseLog(string query)
{
var logParser = new LogQueryClassClass();
var logContext = new COMW3CInputContextClassClass();
var outputContext = new COMCSVOutputContextClassClass { oDQuotes = @"AUTO" };
logParser.ExecuteBatch(query, logContext, outputContext);
}
public GatherResult GatherLogs()
{
var dynamicResults = new List<dynamic>();
DateTime? lastLogEntryTime = null;
var logQuery = new LogQueryClassClass();
var inputFormat = new COMW3CInputContextClassClass();
const string query = "SELECT TO_TIMESTAMP(date, time) AS [EventTime], * FROM '{0}' WHERE EventTime > TIMESTAMP('{1}','yyyy-MM-dd HH:mm:ss')";
var results =
logQuery.Execute(string.Format(query, logLocation, LastLogEntrySent.ToString("yyyy-MM-dd HH:mm:ss")), inputFormat);
var columnNames = new List<string>();
var columnCount = results.getColumnCount();
for (var i = 0; i < columnCount; ++i)
{
columnNames.Add(results.getColumnName(i));
}
while (!results.atEnd())
{
var obj = new ExpandoObject();
IDictionary<string, object> underObject = obj;
underObject.Add("Source", "IisLog");
underObject.Add("Devicename", Environment.MachineName);
var record = results.getRecord();
var filtered = false;
for (var i = 0; i < columnCount; ++i)
{
if (columnNames[i] == "cs(User-Agent)")
{
var userAgent = (string)record.getValue(i);
if (filters.Any(f => userAgent.IndexOf(f) != -1))
{
filtered = true;
break;
};
}
if (columnNames[i] == "EventTime")
{
var eventDate = DateTime.Parse(((DateTime)record.getValue(i)).ToString("o") + "Z").ToUniversalTime();
if (eventDate > LastLogEntrySent) lastLogEntryTime = eventDate;
underObject.Add(columnNames[i], eventDate.ToString("o"));
}
else
{
underObject.Add(columnNames[i], record.getValue(i));
}
}
if(!filtered)
dynamicResults.Add(underObject);
results.moveNext();
}
return new GatherResult
{
Logs = dynamicResults,
LastLogEntryTime = lastLogEntryTime
};
}
public GatherResult GatherLogs()
{
var dynamicResults = new List <dynamic>();
DateTime? lastLogEntryTime = null;
var logQuery = new LogQueryClassClass();
var inputFormat = new COMW3CInputContextClassClass();
const string query = "SELECT TO_TIMESTAMP(date, time) AS [EventTime], * FROM '{0}' WHERE EventTime > TIMESTAMP('{1}','yyyy-MM-dd HH:mm:ss')";
var results =
logQuery.Execute(string.Format(query, logLocation, LastLogEntrySent.ToString("yyyy-MM-dd HH:mm:ss")), inputFormat);
var columnNames = new List <string>();
var columnCount = results.getColumnCount();
for (var i = 0; i < columnCount; ++i)
{
columnNames.Add(results.getColumnName(i));
}
while (!results.atEnd())
{
var obj = new ExpandoObject();
IDictionary <string, object> underObject = obj;
underObject.Add("Source", "IisLog");
underObject.Add("Devicename", Environment.MachineName);
var record = results.getRecord();
var filtered = false;
for (var i = 0; i < columnCount; ++i)
{
if (columnNames[i] == "cs(User-Agent)")
{
var userAgent = (string)record.getValue(i);
if (filters.Any(f => userAgent.IndexOf(f) != -1))
{
filtered = true;
break;
}
;
}
if (columnNames[i] == "EventTime")
{
var eventDate = DateTime.Parse(((DateTime)record.getValue(i)).ToString("o") + "Z").ToUniversalTime();
if (eventDate > LastLogEntrySent)
{
lastLogEntryTime = eventDate;
}
underObject.Add(columnNames[i], eventDate.ToString("o"));
}
else
{
underObject.Add(columnNames[i], record.getValue(i));
}
}
if (!filtered)
{
dynamicResults.Add(underObject);
}
results.moveNext();
}
return(new GatherResult
{
Logs = dynamicResults,
LastLogEntryTime = lastLogEntryTime
});
}
public static DataTable runQuery(string q, string context, Func <int, bool> updateCallback = null)
{
Object o = null;
switch (context.ToLower())
{
case "active directory":
o = new COMADSInputContextClassClass();
break;
case "iis binary":
o = new COMIISBINInputContextClassClass();
break;
case "csv file":
o = new COMCSVInputContextClassClass();
break;
case "windows trace":
o = new COMETWInputContextClassClass();
break;
case "windows events":
o = new COMEventLogInputContextClassClass();
break;
case "file system":
o = new COMFileSystemInputContextClassClass();
break;
case "http error":
o = new COMHttpErrorInputContextClassClass();
break;
case "iis":
o = new COMIISIISInputContextClassClass();
break;
case "iis odbc":
o = new COMIISODBCInputContextClassClass();
break;
case "iis w3c":
o = new COMIISW3CInputContextClassClass();
break;
case "iis ncsa":
o = new COMIISNCSAInputContextClassClass();
break;
case "netmon":
o = new COMNetMonInputContextClassClass();
break;
case "registry":
o = new COMRegistryInputContextClassClass();
break;
case "textline":
o = new COMTextLineInputContextClassClass();
break;
case "textword":
o = new COMTextWordInputContextClassClass();
break;
case "tsv file":
o = new COMTSVInputContextClassClass();
break;
case "urlscan":
o = new COMURLScanLogInputContextClassClass();
break;
case "w3c":
o = new COMW3CInputContextClassClass();
break;
case "xml file":
o = new COMXMLInputContextClassClass();
break;
case "rpower logs":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerLogs"));
break;
case "rpower keys":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerKeys"));
break;
case "rpower cc logs":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerCC"));
break;
case "rpower dbf":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerDB"));
break;
default:
o = Activator.CreateInstance(Type.GetTypeFromProgID(context));
break;
}
if (o == null)
{
return(null);
}
else
{
return(runQuery(q, o, updateCallback));
}
}