public async Task TestForwardTracelogging()
{
ProviderGuid guid = null;
Assert.IsTrue(ProviderGuid.TryParse("TL{8e805eb3-6a8f-4a1e-90fa-a831d94e54a1}", out guid));
var forwarder = Forwarder.Build(guid);
var writer = new TestWriter();
writer.OnWrite += async(Dictionary <string, object> eventData) =>
{
// Test if correctly parsed
Assert.AreEqual(eventData["Test"], "Test");
};
await forwarder.Forward(new TestEventRecord
{
Id = 23,
ProviderName = "TraceLogging",
ProviderId = Guid.Parse("8e805eb3-6a8f-4a1e-90fa-a831d94e54a1"),
Fields = new Dictionary <string, object>
{
{ "Test", "Test" }
},
// Add a property of type 1 => Unicode String
Properties = new List <Property> {
new Property("Test", 1)
}
}, writer);
}
public async Task TestForwardManifest()
{
ProviderGuid guid = null;
Assert.IsTrue(ProviderGuid.TryParse("Microsoft-Windows-WMI-Activity", out guid));
var forwarder = Forwarder.Build(guid);
var writer = new TestWriter();
writer.OnWrite += async(Dictionary <string, object> eventData) =>
{
// Test if correctly parsed
Assert.AreEqual(eventData["Commandline"], "cmd.exe");
};
await forwarder.Forward(new TestEventRecord
{
Id = 23,
ProviderName = "Microsoft-Windows-WMI-Activity",
ProviderId = Guid.Parse("1418ef04-b0b4-4623-bf7e-d74ab47bbdaa"),
Fields = new Dictionary <string, object>
{
{ "Commandline", "cmd.exe" }
}
}, writer);
}
public async Task TestForwardManifestWithFilterKo()
{
ProviderGuid guid = null;
Assert.IsTrue(ProviderGuid.TryParse("Microsoft-Windows-WMI-Activity", out guid));
var forwarder = Forwarder.Build(guid);
var writer = new TestWriter();
writer.OnWrite += async(Dictionary <string, object> eventData) =>
{
// this code does not be reached
throw new AssertFailedException();
};
forwarder.AddFilter("Commandline", "toto.exe");
await forwarder.Forward(new TestEventRecord
{
Id = 23,
ProviderName = "Microsoft-Windows-WMI-Activity",
ProviderId = Guid.Parse("1418ef04-b0b4-4623-bf7e-d74ab47bbdaa"),
Fields = new Dictionary <string, object>
{
{ "Commandline", "cmd.exe" }
}
}, writer);
}
public void TestBuildTWPPForwarder()
{
ProviderGuid guid = null;
Assert.IsTrue(ProviderGuid.TryParse("WPP{8e805eb3-6a8f-4a1e-90fa-a831d94e54a1}", out guid));
var forwarder = Forwarder.Build(guid);
Assert.IsInstanceOfType(forwarder.Parser, typeof(NullParser));
}
public void TestBuildManifestForwarder()
{
ProviderGuid guid = null;
Assert.IsTrue(ProviderGuid.TryParse("Microsoft-Windows-WMI-Activity", out guid));
var forwarder = Forwarder.Build(guid);
Assert.IsInstanceOfType(forwarder.Parser, typeof(ManifestParser));
}
