private void StartWatch(object sender, RoutedEventArgs e)
{
//read textbox values
string machineName = MachineName.Text;
string logFile = LogFile.Text;
//create query
//4 = Information Log Level (required)
//11,12 - EventIDs of the start/end query processing (required)
string s = LogQueryBuilder.Build(
new List <int> {
4
},
new List <int> {
11, 12
}
);
//Create logreader -> sign up for new logreader events -> Begin watching
watchingLogReader = LogReaderFactory.CreateLiveLogReader(query: s, server: machineName);
watchingLogReader.CompleteQueryWrittenEvent += WriteWatchResults;
bool watchStartSuccessful = watchingLogReader.StartWatch();
if (watchStartSuccessful)
{
//update UI with available options
StartWatchButton.IsEnabled = false;
ParseButton.IsEnabled = false;
CancelButton.IsEnabled = true;
Processing.Content = "Processing";
dispatcherTimer.Start();
//set outputwriter to whatever output option was chosen in the ui
switch (SaveAsOption)
{
default:
case SaveAsOptions.EventFrame:
outputWriter = new AFWriter(db);
break;
case SaveAsOptions.Text:
outputWriter = new TextFileWriter(FileOutput.Text);
break;
case SaveAsOptions.Console:
outputWriter = new ConsoleWriter();
break;
}
}
else
{
MessageBoxResult result = MessageBox.Show("Error creating log watcher - this feature is not available with this version", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
static void Main(string[] args)
{
string s = LogQueryBuilder.Build(
new List <int> {
4
},
new List <int> {
11, 12
},
DateTime.Now.AddDays(-1)
);
LogReader log = LogReaderFactory.CreateSavedLogReader(@"C:\WebAPILog\Analytic.evtx", s);
var result = new Dictionary <string, Query>();
log.ReadLog(result);
foreach (Query q in result.Values)
{
Console.WriteLine(q);
}
Console.WriteLine("<ENTER> to EXIT");
Console.ReadLine();
}
private void Parse(object sender, RoutedEventArgs e)
{
//Gets all the entries from the requested log that fit the filter criteria requested
//can only update the ui from this context
var ui = TaskScheduler.FromCurrentSynchronizationContext();
//initialize token
ct = new CancellationTokenSource();
//completed queries will be stored here
Dictionary <string, Query> results = new Dictionary <string, Query>();
//read textbox values (since you can't easily do it in the task)
string stringStart = StartTime.Text;
string stringEnd = EndTime.Text;
string machineName = MachineName.Text;
string logFile = LogFile.Text;
//update UI with available options
StartWatchButton.IsEnabled = false;
ParseButton.IsEnabled = false;
CancelButton.IsEnabled = true;
Processing.Content = "Processing";
dispatcherTimer.Start();
var task = Task.Factory.StartNew(() =>
{
//try to parse start and endtime
DateTime startTime;
bool st = DateTime.TryParse(stringStart, out startTime);
if (!st)
{
startTime = DateTime.MinValue;
}
DateTime endTime;
bool et = DateTime.TryParse(stringEnd, out endTime);
if (!et)
{
endTime = DateTime.Now;
}
//create query
//4 = Information Log Level (required)
//11,12 - EventIDs of the start/end query processing (required)
string s = LogQueryBuilder.Build(
new List <int> {
4
},
new List <int> {
11, 12
},
startTime,
endTime
);
ReadLog(s, results, logFile, machineName);
}, ct.Token);
//once task has been completed or cancelled
task.ContinueWith((tresult) =>
{
//remove events that were shorter than the minimum time specified
float mseconds;
bool converted = float.TryParse(MinSeconds.Text, out mseconds);
if (converted)
{
results = results.Values.Where(r => r.Duration.Seconds >= mseconds).ToDictionary(r => r.id);
}
System.Console.WriteLine($"{results.Count} results");
//save results to whatever medium was selected
SaveResults(results);
},
CancellationToken.None,
TaskContinuationOptions.NotOnFaulted,
ui
);
//If task has been completed, cancelled, or faulted
task.ContinueWith(
(tresult) => {
//update UI with available options
CancelButton.IsEnabled = false;
//StartWatchButton.IsEnabled = true;
ParseButton.IsEnabled = true;
Processing.Content = "";
//Stop text from saying "Processing"
dispatcherTimer.Stop();
},
CancellationToken.None,
TaskContinuationOptions.None,
ui
);
}