public void TestWriteEventLogEntryToSyslog(EventLogLevel severity) { var mockSyslogMessageWriter = new Mock <ISyslogMessageWriter>(MockBehavior.Strict); var syslogWriter = new EventLogSyslogWriter(mockSyslogMessageWriter.Object) { InstallFolder = @"C:\InstallFolder", ApplicationName = "AppName", DatabaseName = "DbName", DatabaseServer = "DbServerName", EnterpriseId = 11111, SoftwareVersion = "1.0", ErrorEnabled = severity == EventLogLevel.Error, InformationEnabled = severity == EventLogLevel.Information, WarningEnabled = severity == EventLogLevel.Warning, TraceEnabled = severity == EventLogLevel.Trace }; var logEntry = new EventLogEntry(Guid.NewGuid(), DateTime.Now, Stopwatch.GetTimestamp(), severity, "MachineName", "ProcessName", 10, "MsgSource", "Test Message", 5555, "FRED", "Bob"); mockSyslogMessageWriter.Setup(w => w.Write(It.Is <SyslogMessage>(m => ValidateMessage(syslogWriter, m, logEntry)))); syslogWriter.WriteEntry(logEntry); mockSyslogMessageWriter.VerifyAll(); }
public void ConstructorValidParameters( ) { Guid id = Guid.NewGuid( ); DateTime date = DateTime.Now; long timestamp = Stopwatch.GetTimestamp( ); const EventLogLevel logLevel = EventLogLevel.Error; string machineName = Environment.MachineName; string process = Process.GetCurrentProcess( ).ProcessName; int threadId = Thread.CurrentThread.ManagedThreadId; const string source = "Source"; const string message = "Message"; const long tenantId = 5555; const string userName = "******"; const string tenantName = "EDC"; var entry = new EventLogEntry(id, date, timestamp, logLevel, machineName, process, threadId, source, message, tenantId, tenantName, userName); Assert.AreEqual(id, entry.Id, "The Id is invalid"); Assert.AreEqual(date, entry.Date, "The Date is invalid"); Assert.AreEqual(timestamp, entry.Timestamp, "The Timestamp is invalid"); Assert.AreEqual(logLevel, entry.Level, "The Level is invalid"); Assert.AreEqual(machineName, entry.Machine, "The Machine is invalid"); Assert.AreEqual(process, entry.Process, "The Process is invalid"); Assert.AreEqual(threadId, entry.ThreadId, "The ThreadId is invalid"); Assert.AreEqual(source, entry.Source, "The Source is invalid"); Assert.AreEqual(tenantId, entry.TenantId, "The TenantId is invalid"); Assert.AreEqual(tenantName, entry.TenantName, "The TenantName is invalid"); Assert.AreEqual(userName, entry.UserName, "The UserName is invalid"); }
/// <summary> /// Create a new <see cref="EventLogWriteEventArgs"/>. /// </summary> /// <param name="entry"> /// The <see cref="EventLogEntry"/> written to the event log. This cannot be null. /// </param> /// <exception cref="ArgumentNullException"> /// <paramref name="entry"/> cannot be null. /// </exception> public EventLogWriteEventArgs(EventLogEntry entry) { if (entry == null) { throw new ArgumentNullException(nameof(entry)); } Entry = entry; }
/// <summary> /// Writes the event log entry to syslog. /// </summary> /// <param name="logEntry">The log entry.</param> public void WriteEntry(EventLogEntry logEntry) { if (logEntry == null || !CanWriteEntry(logEntry.Level)) { return; } SyslogMessage sysLogMessage = ConvertToSyslogMessage(logEntry); _syslogWriter.Write(sysLogMessage); }
/// <summary> /// Writes the specified entry to the event log writers, /// </summary> /// <param name="level">The error level.</param> /// <param name="source">The message source.</param> /// <param name="message">The message.</param> private void WriteEntry(EventLogLevel level, string source, string message) { DiagnosticsRequestContextData context = DiagnosticsRequestContext.GetContext(); string userName = string.Empty; long tenantId = -1; string tenantName = string.Empty; if (context != null) { userName = context.UserName; tenantId = context.TenantId; tenantName = context.TenantName; } // Truncate messages longer than 10000 chars if (message != null && message.Length > MaximumMessageSize) { message = message.Substring(0, MaximumMessageSize); } // Create an event log entry and pass it the writers. var logEntry = new EventLogEntry(DateTime.UtcNow, Stopwatch.GetTimestamp(), level, Thread.CurrentThread.ManagedThreadId, source ?? string.Empty, message ?? string.Empty, tenantId, tenantName, userName) { Machine = _machineName, Process = _processName }; OnWriteEvent(logEntry); foreach (IEventLogWriter logWriter in _eventLogWriters) { try { logWriter.WriteEntry(logEntry); } catch (Exception ex) { // Prevent errors from one writer affecting others. Trace.TraceError($"An error occured writing a message to a log writer. Writer type {logWriter.GetType().Name}, error {ex}."); } } }
/// <summary> /// Creates the extra message data from the log entry. /// </summary> /// <param name="logEntry"></param> /// <returns></returns> private SyslogSdElement CreateExtraMsgData(EventLogEntry logEntry) { var sdElement = new SyslogSdElement($"{EventLogMsgId}@{EnterpriseId.ToString(CultureInfo.InvariantCulture)}"); sdElement.Parameters.Add(new SyslogSdParameter("msgId", EventLogMsgId)); sdElement.Parameters.Add(new SyslogSdParameter("tenant", logEntry.TenantName)); sdElement.Parameters.Add(new SyslogSdParameter("tenantId", logEntry.TenantId.ToString(CultureInfo.InvariantCulture))); sdElement.Parameters.Add(new SyslogSdParameter("user", logEntry.UserName)); // Sd parameter is called logEntrySource for source as source appears be used by graylog for the name of the source machine sdElement.Parameters.Add(new SyslogSdParameter("logEntrySource", logEntry.Source)); sdElement.Parameters.Add(new SyslogSdParameter("threadId", logEntry.ThreadId.ToString(CultureInfo.InvariantCulture))); return(sdElement); }
/// <summary> /// Write an entry to the event log. /// </summary> /// <param name="logEntry"> /// The log entry. /// </param> public void WriteEntry(EventLogEntry logEntry) { if (logEntry == null || !CanWriteEntry(logEntry.Level)) { return; } // Add the entry to the list _eventLogEntryQueue.Enqueue(logEntry); lock (_lock) { // Signal the worker thread that a new entry is available Monitor.Pulse(_lock); } }
/// <summary> /// Converts the event log entry to a syslog message. /// </summary> /// <param name="logEntry">The log entry</param> /// <returns></returns> private SyslogMessage ConvertToSyslogMessage(EventLogEntry logEntry) { var syslogMessage = new SyslogMessage { Facility = SyslogFacility.UserLevelMessages, Severity = ConvertToSyslogSeverity(logEntry.Level), Timestamp = new DateTimeOffset(logEntry.Date), HostName = logEntry.Machine, AppName = ApplicationName, ProcId = logEntry.Process, MsgId = EventLogMsgId, Message = logEntry.Message }; syslogMessage.StructuredDataElements.Add(CreateExtraMsgData(logEntry)); syslogMessage.StructuredDataElements.Add(CreateSystemInfoData()); syslogMessage.StructuredDataElements.Add(CreateOriginData(_ipHostEntry)); return(syslogMessage); }
/// <summary> /// Raise the <see cref="WriteEvent" /> event. /// </summary> /// <param name="entry"> /// The entry written to event log. /// </param> protected void OnWriteEvent(EventLogEntry entry) { WriteEvent?.Invoke(this, new EventLogWriteEventArgs(entry)); }
/// <summary> /// Validates the message. /// </summary> /// <param name="syslogWriter"></param> /// <param name="message">The message.</param> /// <param name="logEntry">The event log data.</param> /// <returns></returns> private bool ValidateMessage(EventLogSyslogWriter syslogWriter, SyslogMessage message, EventLogEntry logEntry) { SyslogSeverity severity; switch (logEntry.Level) { case EventLogLevel.Error: severity = SyslogSeverity.Error; break; case EventLogLevel.Warning: severity = SyslogSeverity.Warning; break; case EventLogLevel.Information: severity = SyslogSeverity.Informational; break; case EventLogLevel.Trace: severity = SyslogSeverity.Debug; break; default: throw new ArgumentException("logEntry"); } Assert.AreEqual(1, message.Version, "The version is incorrect."); Assert.AreEqual(SyslogFacility.UserLevelMessages, message.Facility, "The facility is incorrect"); Assert.AreEqual(severity, message.Severity, "The severity is incorrect"); Assert.AreEqual(syslogWriter.ApplicationName, message.AppName, "The app name is incorrect"); Assert.AreEqual(logEntry.Machine, message.HostName, "The host name is incorrect"); Assert.AreEqual(logEntry.Process, message.ProcId, "The process id is incorrect"); Assert.AreEqual(logEntry.Message, message.Message, "The message is incorrect"); Assert.AreEqual("eventLog", message.MsgId, "The message id is invalid"); Assert.AreEqual(3, message.StructuredDataElements.Count, "The number of structured data elements is invalid"); Assert.AreEqual("eventLog@" + syslogWriter.EnterpriseId, message.StructuredDataElements[0].SdId); Assert.AreEqual("msgId", message.StructuredDataElements[0].Parameters[0].Name); Assert.AreEqual("eventLog", message.StructuredDataElements[0].Parameters[0].Value); Assert.AreEqual("tenant", message.StructuredDataElements[0].Parameters[1].Name); Assert.AreEqual(logEntry.TenantName, message.StructuredDataElements[0].Parameters[1].Value); Assert.AreEqual("tenantId", message.StructuredDataElements[0].Parameters[2].Name); Assert.AreEqual(logEntry.TenantId.ToString(CultureInfo.InvariantCulture), message.StructuredDataElements[0].Parameters[2].Value); Assert.AreEqual("user", message.StructuredDataElements[0].Parameters[3].Name); Assert.AreEqual(logEntry.UserName, message.StructuredDataElements[0].Parameters[3].Value); Assert.AreEqual("logEntrySource", message.StructuredDataElements[0].Parameters[4].Name); Assert.AreEqual(logEntry.Source, message.StructuredDataElements[0].Parameters[4].Value); Assert.AreEqual("threadId", message.StructuredDataElements[0].Parameters[5].Name); Assert.AreEqual(logEntry.ThreadId.ToString(CultureInfo.InvariantCulture), message.StructuredDataElements[0].Parameters[5].Value); Assert.AreEqual("systemInfo@" + syslogWriter.EnterpriseId, message.StructuredDataElements[1].SdId); Assert.AreEqual("installDirectory", message.StructuredDataElements[1].Parameters[0].Name); Assert.AreEqual(syslogWriter.InstallFolder.Replace("\\", "/"), message.StructuredDataElements[1].Parameters[0].Value); Assert.AreEqual("databaseName", message.StructuredDataElements[1].Parameters[1].Name); Assert.AreEqual(syslogWriter.DatabaseName, message.StructuredDataElements[1].Parameters[1].Value); Assert.AreEqual("databaseServer", message.StructuredDataElements[1].Parameters[2].Name); Assert.AreEqual(syslogWriter.DatabaseServer, message.StructuredDataElements[1].Parameters[2].Value); Assert.AreEqual(SyslogOriginConstants.Origin, message.StructuredDataElements[2].SdId); return(true); }