public static EventLogRecord[] ReadEventLog(EventlogHandle handle,
UInt32 dwLastRecordId,
UInt32 nMaxRecords,
string sqlQuery)
{
EventLogRecord[] result = null;
EventAPI.EventLogRecord[] records = null; // new EventAPI.EventLogRecord[nMaxRecords];
UInt32 nRecordsReturned = 0;
UInt32 dwError =
EventAPI.ReadEventLog(handle.Handle, dwLastRecordId, nMaxRecords, sqlQuery,
out nRecordsReturned, out records);
if (dwError != 0)
{
Logger.Log(String.Format("Error: ReadEventLog [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
if (nRecordsReturned > 0)
{
result = new EventLogRecord[nRecordsReturned];
int iRecord = 0;
foreach (EventAPI.EventLogRecord record in records)
{
result[iRecord++] = new EventLogRecord(record);
}
}
return result;
}
public static EventLogRecord[] ReadEventLog(EventlogHandle handle,
UInt32 dwLastRecordId,
UInt32 nMaxRecords,
string sqlQuery)
{
EventLogRecord[] result = null;
EventAPI.EventLogRecord[] records = null; // new EventAPI.EventLogRecord[nMaxRecords];
UInt32 nRecordsReturned = 0;
UInt32 dwError =
EventAPI.ReadEventLog(handle.Handle, dwLastRecordId, nMaxRecords, sqlQuery,
out nRecordsReturned, out records);
if (dwError != 0)
{
Logger.Log(String.Format("Error: ReadEventLog [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
if (nRecordsReturned > 0)
{
result = new EventLogRecord[nRecordsReturned];
int iRecord = 0;
foreach (EventAPI.EventLogRecord record in records)
{
result[iRecord++] = new EventLogRecord(record);
}
}
return(result);
}
public static UInt32 GetCategoryCount(EventlogHandle handle)
{
UInt32 pdwNumMatched = 0;
UInt32 dwError =
EventAPI.GetCategoryCount(handle.Handle, out pdwNumMatched);
if (dwError != 0)
{
Logger.Log(String.Format("Error: GetCategoryCount [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return(pdwNumMatched);
}
public static UInt32 DeleteFromEventLog(EventlogHandle handle,
string sqlfilter)
{
UInt32 dwError =
EventAPI.DeleteFromEventLog(handle.Handle, sqlfilter);
if (dwError != 0)
{
Logger.Log(String.Format("Error: GetDistinctCategories [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return(dwError);
}
public static UInt32 CountLogs(EventlogHandle handle,
string sqlQuery)
{
UInt32 nRecordsMatched = 0;
UInt32 dwError =
EventAPI.CountEventLog(handle.Handle, sqlQuery, out nRecordsMatched);
if (dwError != 0)
{
Logger.Log(String.Format("Error: CountEventLog [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return(nRecordsMatched);
}
public static string[] GetDistinctCategories(EventlogHandle handle,
UInt32 pdwNumMatched)
{
string[] EventCategories = null;
UInt32 dwError =
EventAPI.GetDistinctCategories(handle.Handle, pdwNumMatched, out EventCategories);
if (dwError != 0)
{
Logger.Log(String.Format("Error: GetDistinctCategories [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return(EventCategories);
}
private void ConnectToDomain()
{
Logger.Log("EventlogPlugin.ConnectToDomain", Logger.eventLogLogLevel);
if (_hn.creds.Invalidated)
{
_container.ShowError("EventlogPlugin cannot connect to domain due to invalid credentials");
_hn.IsConnectionSuccess = false;
return;
}
if (!String.IsNullOrEmpty(_hn.hostName))
{
if (_currentHost != _hn.hostName)
{
if (eventLogHandle != null)
{
eventLogHandle.Dispose();
eventLogHandle = null;
}
if (_pluginNode != null && !String.IsNullOrEmpty(_hn.hostName))
{
_hn.IsConnectionSuccess = OpenEventLog(_hn.hostName);
if (!_hn.IsConnectionSuccess)
{
Logger.ShowUserError("Unable to open the event log; eventlog server may be disabled");
return;
}
if (eventLogHandle != null)
_pluginNode.Nodes.Clear();
}
_currentHost = _hn.hostName;
}
_hn.IsConnectionSuccess = true;
}
else
{
_hn.IsConnectionSuccess = false;
}
}
public void CloseEventLog()
{
if (eventLogHandle == null)
{
return;
}
eventLogHandle.Dispose();
eventLogHandle = null;
}
public bool OpenEventLog(string hostname)
{
try
{
if (eventLogHandle == null)
{
eventLogHandle = EventlogAdapter.OpenEventlog(hostname);
}
return (eventLogHandle != null);
}
catch (Exception e)
{
Logger.LogException("EventViewerPlugin.OpenEventLog", e);
eventLogHandle = null;
return false;
}
}
public static UInt32 CountLogs(EventlogHandle handle,
string sqlQuery)
{
UInt32 nRecordsMatched = 0;
UInt32 dwError =
EventAPI.CountEventLog(handle.Handle, sqlQuery, out nRecordsMatched);
if (dwError != 0)
{
Logger.Log(String.Format("Error: CountEventLog [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return nRecordsMatched;
}
public static UInt32 DeleteFromEventLog(EventlogHandle handle,
string sqlfilter)
{
UInt32 dwError =
EventAPI.DeleteFromEventLog(handle.Handle, sqlfilter);
if (dwError != 0)
{
Logger.Log(String.Format("Error: GetDistinctCategories [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return dwError;
}
public static string[] GetDistinctCategories(EventlogHandle handle,
UInt32 pdwNumMatched)
{
string[] EventCategories = null;
UInt32 dwError =
EventAPI.GetDistinctCategories(handle.Handle, pdwNumMatched, out EventCategories);
if (dwError != 0)
{
Logger.Log(String.Format("Error: GetDistinctCategories [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return EventCategories;
}
public static UInt32 GetCategoryCount(EventlogHandle handle)
{
UInt32 pdwNumMatched = 0;
UInt32 dwError =
EventAPI.GetCategoryCount(handle.Handle, out pdwNumMatched);
if (dwError != 0)
{
Logger.Log(String.Format("Error: GetCategoryCount [Code:{0}]", dwError), Logger.eventLogLogLevel);
}
return pdwNumMatched;
}
private EventlogHandle OpenEventLogHandle(EventlogHandle eventlogHandle)
{
Logger.Log("Opening eventlog", Logger.eventLogLogLevel);
EventlogPlugin plugin = (EventlogPlugin)pi;
EventlogHandle result = null;
if (eventlogHandle == null)
{
if (plugin.HostInfo != null &&
!String.IsNullOrEmpty(plugin.HostInfo.hostName))
{
result = EventlogAdapter.OpenEventlog((plugin.HostInfo.hostName));
}
}
if (result == null)
{
throw new Exception("Failed to get the eventlog handle");
}
Logger.Log(String.Format(
"EventViewerControl.OpenEventLogHandle(found handle={0:X}",
result.Handle.ToInt32()));
return result;
}
