//internal List<EventLogEntryEx> GetMatchingEventLogEntries()
//{
// List<EventLogEntryEx> list = new List<EventLogEntryEx>();
// using (diag.EventLog log = new diag.EventLog(EventLog, Computer))
// {
// DateTime currentTime = DateTime.Now;
// int counter = 0;
// int listSize = log.Entries.Count - 1;
// for (int i = listSize; i >= 0; i--)
// {
// try
// {
// diag.EventLogEntry entry = log.Entries[i];
// if (WithInLastXEntries > 0 && WithInLastXEntries <= counter)
// break;
// if (WithInLastXMinutes > 0 && entry.TimeGenerated.AddMinutes(WithInLastXMinutes) < currentTime)
// break;
// EventLogEntryEx newentry = new EventLogEntryEx();
// newentry.Category = entry.Category;
// newentry.EntryType = entry.EntryType;
// newentry.EventId = (int)(entry.InstanceId & 65535);
// newentry.MachineName = entry.MachineName;
// newentry.LogName = EventLog;
// newentry.Message = entry.Message;
// newentry.MessageSummary = newentry.Message.Length > 80 ? newentry.Message.Substring(0, 80) : newentry.Message;
// newentry.Source = entry.Source;
// newentry.TimeGenerated = entry.TimeGenerated;
// newentry.UserName = entry.UserName;
// if (MatchEntry(newentry))
// list.Add(newentry);
// counter++;
// }
// catch (Exception ex)
// {
// if (!ex.ToString().Contains("is out of bounds"))
// {
// throw;
// }
// }
// }
// }
// return list;
//}
private bool MatchEntry(EventLogEntryEx entry)
{
bool match = true;
if (!EventEntryTypeMatch(entry))
{
match = false;
}
else if (Sources.Count > 0 && !Sources.Contains(entry.Source))
{
match = false;
}
else if (EventIds.Count > 0 && !EventIds.Contains(entry.EventId))
{
match = false;
}
else if (TextFilter.Length > 0 && UseRegEx)
{
System.Text.RegularExpressions.Match regMatch = System.Text.RegularExpressions.Regex.Match(entry.Message, TextFilter, System.Text.RegularExpressions.RegexOptions.Multiline);
match = regMatch.Success;
}
else if (TextFilter.Length > 0 && !ContainsText && (!entry.Message.StartsWith(TextFilter, StringComparison.CurrentCultureIgnoreCase)))
{
match = false;
}
else if (TextFilter.Length > 0 && ContainsText && (!entry.Message.ToLower().Contains(TextFilter.ToLower())))
{
match = false;
}
return(match);
}
internal int GetMatchingEventLogCount()
{
int result = 0;
LastEntries = new List <EventLogEntryEx>();
using (diag.EventLog log = new diag.EventLog(EventLog, Computer))
{
DateTime currentTime = DateTime.Now;
int counter = 0;
int listSize = log.Entries.Count - 1;
for (int i = listSize; i >= 0; i--)
{
try
{
diag.EventLogEntry entry = log.Entries[i];
if (WithInLastXEntries > 0 && WithInLastXEntries <= counter)
{
break;
}
if (WithInLastXMinutes > 0 && entry.TimeGenerated.AddMinutes(WithInLastXMinutes) < currentTime)
{
break;
}
EventLogEntryEx newentry = new EventLogEntryEx();
newentry.Category = entry.Category;
newentry.EntryType = entry.EntryType;
newentry.EventId = (int)(entry.InstanceId & 65535);
newentry.MachineName = entry.MachineName;
newentry.LogName = EventLog;
newentry.Source = entry.Source;
newentry.Message = entry.Message;
newentry.MessageSummary = newentry.Message.Length > 80 ? newentry.Message.Substring(0, 80) : newentry.Message;
//if (TextFilter.Length > 0)
// newentry.Message = entry.Message;
newentry.TimeGenerated = entry.TimeGenerated;
newentry.UserName = entry.UserName;
if (MatchEntry(newentry))
{
LastEntries.Add(newentry);
result++;
}
counter++;
}
catch (Exception ex)
{
string errStr = ex.ToString();
if (!(errStr.Contains("is out of bounds") || errStr.Contains("outside the bounds")))
{
throw;
}
}
}
}
return(result);
}
private void DisplaySelectedItemDetails()
{
string oldStatusText = toolStripStatusLabelDetails.Text;
RTFBuilder rtfBuilder = new RTFBuilder();
string logName = "";
if (lvwEntries2.SelectedItems.Count > 0 && lvwEntries2.SelectedItems[0].Tag is EventLogCollectorEntry)
{
logName = ((EventLogCollectorEntry)lvwEntries2.SelectedItems[0].Tag).EventLog;
}
if (lvwDetails.SelectedItems.Count > MAXPREVIEWDISPLAYCOUNT)
{
Cursor.Current = Cursors.WaitCursor;
}
//have to limit the maximum number of selected items
foreach (ListViewItem lvi in (from ListViewItem l in lvwDetails.SelectedItems
select l).Take(MAXPREVIEWDISPLAYCOUNT))
{
if (lvi.Tag is EventLogEntryEx)
{
EventLogEntryEx ev = (EventLogEntryEx)lvi.Tag;
rtfBuilder.FontStyle(FontStyle.Bold).Append("Date time: ").AppendLine(ev.TimeGenerated.ToString("yyyy-MM-dd HH:mm:ss"));
rtfBuilder.FontStyle(FontStyle.Bold).Append("Type: ").AppendLine(ev.EntryType.ToString());
rtfBuilder.FontStyle(FontStyle.Bold).Append("Computer: ").AppendLine(ev.MachineName);
rtfBuilder.FontStyle(FontStyle.Bold).Append("Event log: ").AppendLine(ev.LogName);
rtfBuilder.FontStyle(FontStyle.Bold).Append("Source: ").AppendLine(ev.Source);
rtfBuilder.FontStyle(FontStyle.Bold).Append("Event ID: ").AppendLine(ev.EventId.ToString());
rtfBuilder.FontStyle(FontStyle.Bold).Append("Message: ").AppendLine();
rtfBuilder.Append(ev.Message.Replace("\r\n", "\r\n\t")).AppendLine();
rtfBuilder.FontStyle(FontStyle.Underline).AppendLine(new String(' ', 250));
rtfBuilder.AppendLine();
}
}
if (lvwDetails.SelectedItems.Count > MAXPREVIEWDISPLAYCOUNT)
{
rtfBuilder.FontStyle(FontStyle.Bold).AppendLine(string.Format("Only first {0} entries shown...", MAXPREVIEWDISPLAYCOUNT));
}
else if (lvwDetails.SelectedItems.Count == 0)
{
rtfBuilder.FontStyle(FontStyle.Bold).AppendLine("No entries selected");
}
else
{
rtfBuilder.FontStyle(FontStyle.Bold).AppendLine(string.Format("{0} entry(s)", lvwDetails.SelectedItems.Count));
}
rtxDetails.Rtf = rtfBuilder.ToString();
rtxDetails.SelectionStart = 0;
rtxDetails.SelectionLength = 0;
rtxDetails.ScrollToCaret();
Cursor.Current = Cursors.Default;
toolStripStatusLabelDetails.Text = oldStatusText;
}
private bool EventEntryTypeMatch(EventLogEntryEx entry)
{
if (TypeInfo && TypeWarn && TypeErr)
{
return(true);
}
else if (!TypeInfo && (entry.EntryType == diag.EventLogEntryType.Information || entry.EntryType == 0) ||
!TypeWarn && entry.EntryType == diag.EventLogEntryType.Warning ||
!TypeErr && entry.EntryType == diag.EventLogEntryType.Error ||
!TypeInfo && entry.EntryType == diag.EventLogEntryType.SuccessAudit ||
!TypeErr && entry.EntryType == diag.EventLogEntryType.FailureAudit)
{
return(false);
}
else
{
return(true);
}
}
