public ISource CreateInstance(string entry, IPlugInContext context)
{
var config = context.Configuration;
if (!OperatingSystem.IsWindows())
{
throw new PlatformNotSupportedException($"Source type '{entry}' is only supported on Windows");
}
switch (entry.ToLowerInvariant())
{
case WINDOWS_EVENT_LOG_POLLING_SOURCE:
var pollingOptions = new WindowsEventLogPollingSourceOptions();
ParseWindowsEventLogSourceOptions(config, pollingOptions);
ParseEventLogPollingSourceOptions(config, pollingOptions);
var weps = new WindowsEventPollingSource(config[ConfigConstants.ID],
config["LogName"], config["Query"], context.BookmarkManager, pollingOptions, context);
return(weps);
case WINDOWS_EVENT_LOG_SOURCE:
var eventOpts = new WindowsEventLogSourceOptions();
ParseWindowsEventLogSourceOptions(config, eventOpts);
var source = new EventLogSource(config[ConfigConstants.ID], config["LogName"], config["Query"],
context.BookmarkManager, eventOpts, context);
return(source);
case WINDOWS_PERFORMANCE_COUNTER_SOURCE:
var performanceCounterSource = new PerformanceCounterSource(context);
return(performanceCounterSource);
case WINDOWS_ETW_EVENT_SOURCE:
var providerName = config["ProviderName"];
var traceLevelString = DefaultMissingConfig(config["TraceLevel"], "Verbose");
var matchAnyKeywordString = DefaultMissingConfig(config["MatchAnyKeyword"], ulong.MaxValue.ToString());
if (string.IsNullOrWhiteSpace(providerName))
{
throw new Exception($"A provider name must be specified for the WindowsEtwEventSource.");
}
TraceEventLevel traceLevel;
ulong matchAnyKeyword;
if (!Enum.TryParse <TraceEventLevel>(traceLevelString, out traceLevel))
{
var validNames = string.Join(", ", Enum.GetNames(typeof(TraceEventLevel)));
throw new Exception($"{traceLevelString} is not a valid trace level value ({validNames}) for the WindowsEtwEventSource.");
}
matchAnyKeyword = ParseMatchAnyKeyword(matchAnyKeywordString);
var eventSource = new EtwEventSource(providerName, traceLevel, matchAnyKeyword, context);
return(eventSource);
default:
throw new Exception($"Source type {entry} not recognized.");
}
}
public ISource CreateInstance(string entry, IPlugInContext context)
{
IConfiguration config = context.Configuration;
switch (entry.ToLowerInvariant())
{
case WINDOWS_EVENT_LOG_POLLING_SOURCE:
var includeEventData = bool.TryParse(context?.Configuration?["IncludeEventData"], out bool ied) && ied;
var weps = new WindowsEventPollingSource(config["LogName"], config["Query"], includeEventData, context);
EventSource <EventRecord> .LoadCommonSourceConfig(config, weps);
return(weps);
case "windowseventlogsource":
string logName = config["LogName"];
string query = config["Query"];
EventLogSource source = new EventLogSource(logName, query, context);
EventSource <EventInfo> .LoadCommonSourceConfig(config, source);
return(source);
case "windowsperformancecountersource":
PerformanceCounterSource performanceCounterSource = new PerformanceCounterSource(context);
return(performanceCounterSource);
case "windowsetweventsource":
string providerName = config["ProviderName"];
string traceLevelString = DefaultMissingConfig(config["TraceLevel"], "Verbose");
string matchAnyKeywordString = DefaultMissingConfig(config["MatchAnyKeyword"], ulong.MaxValue.ToString());
if (string.IsNullOrWhiteSpace(providerName))
{
throw new Exception($"A provider name must be specified for the WindowsEtwEventSource.");
}
TraceEventLevel traceLevel;
ulong matchAnyKeyword;
if (!Enum.TryParse <TraceEventLevel>(traceLevelString, out traceLevel))
{
string validNames = string.Join(", ", Enum.GetNames(typeof(TraceEventLevel)));
throw new Exception($"{traceLevelString} is not a valid trace level value ({validNames}) for the WindowsEtwEventSource.");
}
matchAnyKeyword = ParseMatchAnyKeyword(matchAnyKeywordString);
var eventSource = new EtwEventSource(providerName, traceLevel, matchAnyKeyword, context);
return(eventSource);
default:
throw new Exception($"Source type {entry} not recognized.");
}
}