public void EvtxReader()
{
var parser = EvtxEnumerable.FromFiles(FileName);
int count = parser.Count();
Assert.AreEqual(2041, count); // in ETW there is one more event with system information
}
static void Main()
{
IEnumerable <EventRecord> evtx = EvtxEnumerable.FromFiles(@"HTTP_Server.evtx");
Console.WriteLine(evtx.Count());
Console.ReadLine();
}
public static IObservable <IDictionary <string, object> > FromFiles(params string[] logFiles)
{
var enumerable = EvtxEnumerable.FromFiles(logFiles);
var observable = Observable.Create <EventLogRecord>(x =>
{
foreach (var item in enumerable)
{
x.OnNext(item);
}
x.OnCompleted();
return(Disposable.Create(() => { }));
});
return(observable.Select(e => e.Deserialize()));
}