public ISource CreateInstance(string entry, IPlugInContext context)
{
var config = context.Configuration;
if (!OperatingSystem.IsWindows())
{
throw new PlatformNotSupportedException($"Source type '{entry}' is only supported on Windows");
}
switch (entry.ToLowerInvariant())
{
case WINDOWS_EVENT_LOG_POLLING_SOURCE:
var pollingOptions = new WindowsEventLogPollingSourceOptions();
ParseWindowsEventLogSourceOptions(config, pollingOptions);
ParseEventLogPollingSourceOptions(config, pollingOptions);
var weps = new WindowsEventPollingSource(config[ConfigConstants.ID],
config["LogName"], config["Query"], context.BookmarkManager, pollingOptions, context);
return(weps);
case WINDOWS_EVENT_LOG_SOURCE:
var eventOpts = new WindowsEventLogSourceOptions();
ParseWindowsEventLogSourceOptions(config, eventOpts);
var source = new EventLogSource(config[ConfigConstants.ID], config["LogName"], config["Query"],
context.BookmarkManager, eventOpts, context);
return(source);
case WINDOWS_PERFORMANCE_COUNTER_SOURCE:
var performanceCounterSource = new PerformanceCounterSource(context);
return(performanceCounterSource);
case WINDOWS_ETW_EVENT_SOURCE:
var providerName = config["ProviderName"];
var traceLevelString = DefaultMissingConfig(config["TraceLevel"], "Verbose");
var matchAnyKeywordString = DefaultMissingConfig(config["MatchAnyKeyword"], ulong.MaxValue.ToString());
if (string.IsNullOrWhiteSpace(providerName))
{
throw new Exception($"A provider name must be specified for the WindowsEtwEventSource.");
}
TraceEventLevel traceLevel;
ulong matchAnyKeyword;
if (!Enum.TryParse <TraceEventLevel>(traceLevelString, out traceLevel))
{
var validNames = string.Join(", ", Enum.GetNames(typeof(TraceEventLevel)));
throw new Exception($"{traceLevelString} is not a valid trace level value ({validNames}) for the WindowsEtwEventSource.");
}
matchAnyKeyword = ParseMatchAnyKeyword(matchAnyKeywordString);
var eventSource = new EtwEventSource(providerName, traceLevel, matchAnyKeyword, context);
return(eventSource);
default:
throw new Exception($"Source type {entry} not recognized.");
}
}
public WindowsEventPollingSource(string id, string logName, string query, IBookmarkManager bookmarkManager,
WindowsEventLogPollingSourceOptions options, IPlugInContext context)
: base(id, logName, query, bookmarkManager, context)
{
_options = options;
InitialPosition = options.InitialPosition;
InitialPositionTimestamp = options.InitialPositionTimestamp;
}
private void ParseEventLogPollingSourceOptions(IConfiguration config, WindowsEventLogPollingSourceOptions options)
{
if (int.TryParse(config["MaxReaderDelayMs"], out var maxReaderDelayMs))
{
options.MaxReaderDelayMs = maxReaderDelayMs;
}
if (int.TryParse(config["MinReaderDelayMs"], out var minReaderDelayMs))
{
options.MinReaderDelayMs = minReaderDelayMs;
}
if (int.TryParse(config["DelayThreshold"], out var delayThreshold))
{
options.DelayThreshold = delayThreshold;
}
}
