private string XmlWriterEtwEventDictionary(EtwListener etwListener, IDictionary <string, object> eventValue)
{
return(null);
var sb = new StringBuilder();
var stt = new XmlWriterSettings();
stt.ConformanceLevel = ConformanceLevel.Fragment;
using (var writer = System.Xml.XmlWriter.Create(sb, stt))
{
DateTime?summaryDateTime = Convert.ToDateTime(eventValue["TimeCreated"]);
var eventTimeUtc = summaryDateTime?.ToUniversalTime()
.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ");
// DataItem header
writer.WriteStartElement("DataItem");
writer.WriteAttributeString("type", "System.Event.LinkedData");
writer.WriteAttributeString("time", eventTimeUtc);
writer.WriteAttributeString("sourceHealthServiceId", WorkspaceId);
//Nested elements
writer.WriteElementString("EventOriginId", "{7C384BE3-8EBD-4B86-A392-357AA34750C5}");
writer.WriteElementString("PublisherId", $"{etwListener.EtwListenerConfig.ProviderId.ToString()}");
writer.WriteElementString("PublisherName", etwListener.EtwListenerConfig.ProviderName);
writer.WriteElementString("EventSourceName", etwListener.EtwListenerConfig.ProviderName);
writer.WriteElementString("Channel", etwListener.EtwListenerConfig.ObservableName);
writer.WriteElementString("LoggingComputer", Global.GetMachineFqdn());
writer.WriteElementString("EventNumber", eventValue["EventId"].ToString());
writer.WriteElementString("EventCategory", "0");
writer.WriteElementString("EventLevel", "0");
writer.WriteElementString("UserName", "N/A");
writer.WriteElementString("RawDescription", string.Empty);
writer.WriteElementString("LCID", "1033");
writer.WriteElementString("CollectDescription", "True");
// EventData with nested data item
// Create the EventData from the dictionary object
// go through the items in the dictionary and copy over the key value pairs)
writer.WriteStartElement("EventData");
writer.WriteStartElement("DataItem");
writer.WriteAttributeString("type", "System.XmlData");
writer.WriteAttributeString("time", eventTimeUtc);
writer.WriteAttributeString("sourceHealthServiceId", WorkspaceId);
var xmlEventData = XmlWriterEtwEventDataDictionary(etwListener, eventValue);
writer.WriteRaw(xmlEventData); //write DataItem content
writer.WriteFullEndElement(); // close DataItem
writer.WriteFullEndElement(); // close EventData
writer.WriteElementString("EventDisplayNumber", eventValue["EventId"].ToString());
writer.WriteElementString("EventDescription", string.Empty);
writer.WriteElementString("ManagedEntityId", "{D056ADDA-9675-7690-CC92-41AA6B90CC05}");
writer.WriteElementString("RuleId", "{1F68E37D-EC73-9BD3-92D5-C236C995FA0A}");
writer.WriteFullEndElement(); // </DataItem>
writer.Flush();
}
var xml = sb.ToString();
return(xml);
}
private string XmlWriterEtwEventDataDictionary(EtwListener etwListener, IDictionary <string, object> eventValue)
{
var sb = new StringBuilder();
var stt = new XmlWriterSettings();
stt.ConformanceLevel = ConformanceLevel.Fragment;
using (var writer = System.Xml.XmlWriter.Create(sb, stt))
{
DateTime?summaryDateTime = Convert.ToDateTime(eventValue["TimeCreated"]);
var eventTimeUtc = summaryDateTime?.ToUniversalTime()
.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ");
writer.WriteStartElement("EventData", "http://schemas.microsoft.com/win/2004/08/events/event");
foreach (var kvp in eventValue)
{
writer.WriteStartElement("Data");
writer.WriteAttributeString("Name", kvp.Key);
writer.WriteRaw(kvp.Value.ToString()); //write Data content
writer.WriteFullEndElement(); // close Data
}
writer.WriteFullEndElement(); // close EventData
writer.Flush();
}
var xml = sb.ToString();
return(xml);
}
public void AddEvent(EtwListener etwListener, IDictionary <string, object> evt, bool useEventIngest)
{
var returnXmlWriterValue = XmlWriterEtwEventDictionary(etwListener, evt);
AddToPayload(returnXmlWriterValue, useEventIngest);
}
