/// <summary>
/// Creates a Windows event log for the extender of ServiceExe.
/// serviceName must be defined.
/// </summary>
public static ILogger CreateLog(string svcName)
{
windowsLogger = (WindowsLogger)Log.CreateLogger("Windows");
windowsLogger.ApplicationName = svcName;
WindowsLogger.CreateLog(svcName, svcName);
return(windowsLogger);
}
public void SubscribeShouldIncrementSubscribers()
{
BamServer server = CreateServer(MethodBase.GetCurrentMethod().Name);
ILogger logger = new TextFileLogger();
Expect.AreEqual(0, server.Subscribers.Length);
server.Subscribe(logger);
Expect.AreEqual(1, server.Subscribers.Length);
server.Subscribe(logger);
Expect.AreEqual(1, server.Subscribers.Length); // should only get added once
ILogger winLogger = new WindowsLogger();
server.Subscribe(winLogger);
Expect.AreEqual(2, server.Subscribers.Length);
Expect.IsTrue(server.IsSubscribed(winLogger));
}
public bool LogMessage(string message, LoggingTarget target)
{
ILogger Logger = null;
switch (target)
{
case LoggingTarget.Console:
Logger = new WindowsLogger();
break;
case LoggingTarget.Database:
//Logger = new DatabaseLogger();
break;
}
if (Logger != null)
{
return(Logger.LogMessage(message));
}
else
{
return(false);
}
}
public void Given_Subject_IsOfType(Type type)
{
subject = new WindowsLogger(type);
}
public void SetUp()
{
subject = null;
ilog = new Mock <ILog>();
}
static void Main(string[] args)
{
// Setting up logging
BaseLogger logger;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
logger = new WindowsLogger("RealTimeKql", "RealTimeKql");
}
else
{
logger = new ConsoleLogger();
}
if (!logger.Setup())
{
Console.WriteLine("Error instantiating logger. Terminating program...");
return;
}
logger.Log(LogLevel.INFORMATION, "Welcome to Real-Time KQL!");
// Parsing command line arguments
var commandLineParser = new CommandLineParser(logger, args);
if (!commandLineParser.Parse())
{
logger.Log(LogLevel.ERROR, "Problem parsing command line arguments. Terminating program...");
return;
}
else if (commandLineParser.InputSubcommand == null)
{
// User called help, terminating program
return;
}
// Setting up output method
IOutput output = null;
if (commandLineParser.OutputSubcommand == null)
{
output = new ConsoleJsonOutput(logger);
}
switch (commandLineParser.OutputSubcommand.Name)
{
case "json":
output = GetJsonOutput(logger, commandLineParser.OutputSubcommand);
break;
case "table":
output = new ConsoleTableOutput(logger);
break;
case "adx":
output = GetAdxOutput(logger, commandLineParser.OutputSubcommand.Options);
break;
case "blob":
output = GetBlobOutput(logger, commandLineParser.OutputSubcommand.Options);
break;
case "eventlog":
output = GetEventLogOutput(logger, commandLineParser.OutputSubcommand.Options);
break;
default:
logger.Log(LogLevel.ERROR, $"ERROR! Problem recognizing output method specified: {commandLineParser.OutputSubcommand.Name}");
return;
}
// Setting up event component
EventComponent eventComponent = null;
var arg = commandLineParser.InputSubcommand.Argument?.Value;
var options = commandLineParser.InputSubcommand.Options;
var queries = commandLineParser.Queries.ToArray();
switch (commandLineParser.InputSubcommand.Name)
{
case "etw":
eventComponent = new EtwSession(arg, output, queries);
break;
case "etl":
eventComponent = new EtlFileReader(arg, output, queries);
break;
case "winlog":
eventComponent = new WinlogRealTime(arg, output, queries);
break;
case "evtx":
eventComponent = new EvtxFileReader(arg, output, queries);
break;
case "csv":
eventComponent = new CsvFileReader(arg, output, queries);
break;
case "syslog":
eventComponent = new SyslogFileReader(arg, output, queries);
break;
case "syslogserver":
eventComponent = GetSyslogServer(options, output, queries);
break;
default:
logger.Log(LogLevel.ERROR, $"Problem recognizing input method specified: {commandLineParser.InputSubcommand.Name}. Terminating program...");
return;
}
if (!eventComponent.Start())
{
logger.Log(LogLevel.ERROR, "Error starting up. Please review usage and examples. Terminating program...");
return;
}
// Waiting for exit signal
var exitEvent = new ManualResetEvent(false);
Console.CancelKeyPress += (sender, eventArgs) =>
{
eventArgs.Cancel = false;
exitEvent.Set();
};
exitEvent.WaitOne();
}
/// <summary>
/// Creates a Windows event log for the extender of ServiceExe.
/// serviceName must be defined.
/// </summary>
public static void CreateLog()
{
windowsLogger = (WindowsLogger)Log.CreateLogger("Windows");
windowsLogger.ApplicationName = serviceName;
WindowsLogger.CreateLog(serviceName, serviceName);
}
