static void Main()
{
Playback playback = new Playback();
playback.AddEtlFiles(@"..\..\..\HTTP_Server.etl");
playback.AddLogFiles(@"..\..\..\HTTP_Server.evtx");
IObservable<SystemEvent> all = playback.GetObservable<SystemEvent>();
all.Count().Subscribe(Console.WriteLine);
playback.Run();
}
public void PlayTwoBothEtlAndEvtx()
{
var p = new Playback();
p.AddEtlFiles(EtlFileName);
p.AddLogFiles(EvtxFileName);
int parseCount = 0;
int fastSendCount = 0;
p.GetObservable<Deliver>().Subscribe(e => { parseCount++; });
p.GetObservable<FastResp>().Subscribe(e => { fastSendCount++; });
p.Run();
Assert.AreEqual(581, parseCount); // there seems to be one event that was lost in the etl->evt conversion...
Assert.AreEqual(579, fastSendCount); // and one more event here...
}
static void Main()
{
Playback playback = new Playback();
playback.AddEtlFiles(@"HTTP_Server.etl");
playback.AddLogFiles(@"HTTP_Server.evtx");
IObservable <SystemEvent> all = playback.GetObservable <SystemEvent>();
using (all.Count().Subscribe(Console.WriteLine))
{
playback.Run();
Console.ReadLine();
}
}
static void CountAllTwoFiles()
{
// The file HTTP_Server.evtx is Windows Event Log, obtained by converting HTTP_Server.etl
// It contains the same exact events, so let's count total # of events in the two files
Console.WriteLine("----- CountAllTwoFiles -----");
Playback playback = new Playback();
playback.AddEtlFiles(@"HTTP_Server.etl");
playback.AddLogFiles(@"HTTP_Server.evtx");
var all = playback.GetObservable <SystemEvent>();
all.Count().Subscribe(Console.WriteLine);
playback.Run();
}
public void PlayTwoBothEtlAndEvtx()
{
var p = new Playback();
p.AddEtlFiles(EtlFileName);
p.AddLogFiles(EvtxFileName);
int parseCount = 0;
int fastSendCount = 0;
p.GetObservable <Deliver>().Subscribe(e => { parseCount++; });
p.GetObservable <FastResp>().Subscribe(e => { fastSendCount++; });
p.Run();
Assert.AreEqual(582, parseCount);
Assert.AreEqual(578, fastSendCount);
}
static void Main()
{
Playback playback = new Playback();
playback.AddEtlFiles(@"..\..\..\HTTP_Server.etl");
playback.AddLogFiles(@"..\..\..\HTTP_Server.evtx");
IObservable<SystemEvent> all = playback.GetObservable<SystemEvent>();
var counts = from window in all.Window(TimeSpan.FromSeconds(5), playback.Scheduler)
from Count in window.Count()
select Count;
var withTime = counts.Timestamp(playback.Scheduler);
withTime.Subscribe(ts => Console.WriteLine("{0} {1}", ts.Timestamp, ts.Value));
playback.Run();
}
static void Main()
{
Playback playback = new Playback();
playback.AddEtlFiles(@"HTTP_Server.etl");
playback.AddLogFiles(@"HTTP_Server.evtx");
IObservable <SystemEvent> all = playback.GetObservable <SystemEvent>();
var counts = from window in all.Window(TimeSpan.FromSeconds(5), playback.Scheduler)
from Count in window.Count()
select Count;
var withTime = counts.Timestamp(playback.Scheduler);
using (withTime.Subscribe(ts => Console.WriteLine("{0} {1}", ts.Timestamp, ts.Value)))
{
playback.Run();
Console.ReadLine();
}
}
readonly List <ValidationRecord> _toValidate; // set breakpoint after scope.Run() and manualy valudate this
protected RxTestSuite(params string[] files)
{
Playback = new Playback();
foreach (var file in files)
{
string ext = Path.GetExtension(file).ToLowerInvariant();
switch (ext)
{
case ".etl":
Playback.AddEtlFiles(file);
break;
case ".evtx":
Playback.AddLogFiles(file);
break;
default:
throw new Exception("Unknown file type " + ext);
}
}
_toValidate = new List <ValidationRecord>();
}
private static void Main(string[] args)
{
if (args.Length < 2)
{
Console.WriteLine(
@"Usage: TxFmt files...
Supported files are
.man : Manifest
.etl : Event Trace Log
.evtx : Event Log");
Environment.Exit(1);
}
try
{
var pb = new Playback();
string asmDir = Path.Combine(Path.GetTempPath(), "TxFmt");
if (Directory.Exists(asmDir))
{
Directory.Delete(asmDir, true);
}
Directory.CreateDirectory(asmDir);
foreach (string a in args)
{
string ext = Path.GetExtension(a).ToLower();
switch (ext)
{
case ".etl":
pb.AddEtlFiles(a);
break;
case ".evtx":
pb.AddLogFiles(a);
break;
case ".man":
string manifest = File.ReadAllText(a);
Dictionary <string, string> generated = ManifestParser.Parse(manifest);
string assemblyPath = Path.Combine(asmDir, Path.ChangeExtension(Path.GetFileName(a), ".dll"));
AssemblyBuilder.OutputAssembly(generated, new string[] {}, assemblyPath);
break;
default:
throw new Exception("unknown extension " + ext);
}
}
var knownTypes = new List <Type>();
foreach (string a in Directory.GetFiles(asmDir, "*.dll"))
{
Assembly assembly = Assembly.LoadFrom(a);
knownTypes.AddRange(assembly.GetTypes());
}
pb.KnownTypes = knownTypes.ToArray();
IObservable <SystemEvent> all = pb.GetObservable <SystemEvent>();
all.Subscribe(e =>
{
if (!e.ToString().StartsWith(" DocumentServiceId"))
{
Console.WriteLine("{0} {1}", e.Header.EventId, e.ToString());
}
;
});
pb.Run();
}
catch (Exception ex)
{
ConsoleColor color = Console.ForegroundColor;
Console.ForegroundColor = ConsoleColor.Red;
Console.Error.WriteLine(ex.Message + "\n\n" + ex.StackTrace);
Console.ForegroundColor = color;
}
}
private static void Main(string[] args)
{
if (args.Length < 2)
{
Console.WriteLine(
@"Usage: TxFmt files...
Supported files are
.man : Manifest
.etl : Event Trace Log
.evtx : Event Log");
Environment.Exit(1);
}
try
{
var pb = new Playback();
string asmDir = Path.Combine(Path.GetTempPath(), "TxFmt");
if (Directory.Exists(asmDir))
Directory.Delete(asmDir, true);
Directory.CreateDirectory(asmDir);
foreach (string a in args)
{
string ext = Path.GetExtension(a).ToLower();
switch (ext)
{
case ".etl":
pb.AddEtlFiles(a);
break;
case ".evtx":
pb.AddLogFiles(a);
break;
case ".man":
string manifest = File.ReadAllText(a);
Dictionary<string, string> generated = ManifestParser.Parse(manifest);
string assemblyPath = Path.Combine(asmDir, Path.ChangeExtension(Path.GetFileName(a), ".dll"));
AssemblyBuilder.OutputAssembly(generated, new string[]{}, assemblyPath);
break;
default:
throw new Exception("unknown extension " + ext);
}
}
var knownTypes = new List<Type>();
foreach (string a in Directory.GetFiles(asmDir, "*.dll"))
{
Assembly assembly = Assembly.LoadFrom(a);
knownTypes.AddRange(assembly.GetTypes());
}
pb.KnownTypes = knownTypes.ToArray();
IObservable<SystemEvent> all = pb.GetObservable<SystemEvent>();
all.Subscribe(e=>
{
if (!e.ToString().StartsWith(" DocumentServiceId"))
{
Console.WriteLine("{0} {1}", e.Header.EventId, e.ToString());
};
});
pb.Run();
}
catch (Exception ex)
{
ConsoleColor color = Console.ForegroundColor;
Console.ForegroundColor = ConsoleColor.Red;
Console.Error.WriteLine(ex.Message + "\n\n" + ex.StackTrace);
Console.ForegroundColor = color;
}
}
static void CountAllTwoFiles()
{
// The file HTTP_Server.evtx is Windows Event Log, obtained by converting HTTP_Server.etl
// It contains the same exact events, so let's count total # of events in the two files
Console.WriteLine("----- CountAllTwoFiles -----");
Playback playback = new Playback();
playback.AddEtlFiles(@"HTTP_Server.etl");
playback.AddLogFiles(@"HTTP_Server.evtx");
var all = playback.GetObservable<SystemEvent>();
all.Count().Subscribe(Console.WriteLine);
playback.Run();
}
public void PlayTwoBothEtlAndEvtx()
{
var p = new Playback();
p.AddEtlFiles(EtlFileName);
p.AddLogFiles(EvtxFileName);
int parseCount = 0;
int fastSendCount = 0;
p.GetObservable<Deliver>().Subscribe(e => { parseCount++; });
p.GetObservable<FastResp>().Subscribe(e => { fastSendCount++; });
p.Run();
Assert.AreEqual(582, parseCount);
Assert.AreEqual(578, fastSendCount);
}
