public void TestBOS()
{
string sourceId = "TestDirectorySourceBOSBookmark";
Setup(sourceId);
WriteLogs("A", 2);
WriteLogs("B", 3);
ListEventSink logRecords = new ListEventSink();
DirectorySource <IDictionary <string, string>, LogContext> watcher = CreateDirectorySource(sourceId, logRecords);
watcher.InitialPosition = InitialPositionEnum.BOS;
watcher.Start();
Thread.Sleep(2000);
watcher.Stop();
Assert.Equal(5, logRecords.Count);
logRecords.Clear();
WriteLogs("B", 1);
WriteLogs("C", 5);
watcher.Start();
WriteLogs("D", 7);
Thread.Sleep(2000);
watcher.Stop();
Assert.Equal(13, logRecords.Count);
}
public void TestBOSWithIncludeSubdirectories()
{
string sourceId = "TestBOSWithIncludeSubdirectories";
var subDir1 = "CPU";
var subDir2 = "Memory";
var subdirectories = new string[] { subDir1, subDir2 };
Setup(sourceId, subdirectories);
WriteLogs("A", 2, subDir1);
WriteLogs("B", 3, subDir2);
ListEventSink logRecords = new ListEventSink();
var config = TestUtility.GetConfig("Sources", "IncludeSubdirectories");
DirectorySource <IDictionary <string, string>, LogContext> watcher = CreateDirectorySource(sourceId, "log_?.log", logRecords, config);
watcher.InitialPosition = InitialPositionEnum.BOS;
watcher.Start();
Thread.Sleep(2000);
watcher.Stop();
Assert.Equal(5, logRecords.Count);
logRecords.Clear();
WriteLogs("B", 1, subDir1);
WriteLogs("C", 5, subDir2);
watcher.Start();
WriteLogs("D", 7, subDir1);
Thread.Sleep(2000);
watcher.Stop();
Assert.Equal(13, logRecords.Count);
}
public void TestInitialPositionBookMarkPollingSource()
{
ListEventSink records = new ListEventSink();
string sourceId = "TestInitialPositionBookMark";
DeleteExistingBookmarkFile(sourceId);
//This should generate a water mark file
using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager)))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.Bookmark;
source.Start();
var nowUtc = DateTime.UtcNow;
string msg = $"Message generated by EventLogTest {nowUtc}";
int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id));
Assert.NotNull(foundRecord);
Assert.True(foundRecord.Timestamp >= nowUtc); // Assert that the record exists and was created after the source stop.
source.Stop();
//Write some new logs after the source stop
DateTime dateTime2Utc = DateTime.UtcNow;
int eventId2 = (int)(DateTime.Now.Ticks % ushort.MaxValue);
msg = $"Message generated by EventLogTest {dateTime2Utc}";
records.Clear();
EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId2);
System.Threading.Thread.Sleep(1000);
records.Clear();
source.Reset();
source.Start();
System.Threading.Thread.Sleep(5000);
//Should get the record when the source is stopped
var foundRecord2 = records.FirstOrDefault(r => eventId2.Equals(((RawEventRecordEnvelope)r).Data.Id));
Assert.NotNull(foundRecord2);
Assert.True(foundRecord2.Timestamp >= dateTime2Utc); // Assert that the record exists and was created after the source stop.
}
}
public void TestInitialPositionTimeStampPollingSource()
{
ListEventSink records = new ListEventSink();
DateTime initialTimestamp = DateTime.Now.AddDays(-1);
DateTime nowUtc = DateTime.UtcNow;
string sourceId = "TestInitialPositionTimeStamp";
DeleteExistingBookmarkFile(sourceId);
using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager)))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.Timestamp;
source.InitialPositionTimestamp = initialTimestamp;
source.Start();
do
{
EventLog.WriteEntry(LogSource, "A fresh message", EventLogEntryType.Information, 0);
System.Threading.Thread.Sleep(1000);
}while (source.LastEventLatency > new TimeSpan(0, 0, 1));
source.Stop();
Assert.True(records.Count > 0, "There is an event after the timestamp.");
Assert.True(records[0].Timestamp >= initialTimestamp.ToUniversalTime() && records[0].Timestamp < nowUtc, "There is an earlier event after the initial timestamp.");
DateTime dateTime1 = records[records.Count - 1].Timestamp;
//Write some new logs after the source stop
DateTime dateTime2 = DateTime.Now;
string msg = $"Message generated by EventLogTest {dateTime2}";
int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
records.Clear();
EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
source.Reset();
source.Start();
System.Threading.Thread.Sleep(5000);
//Should get the record when the source is stopped
Assert.True(records.Count > 0, "Should get the new record.");
var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id));
Assert.True(foundRecord.Timestamp >= dateTime1); // Assert that the record exists and was created after the source stop.
}
}
public void TestInitialPositionTimeStamp()
{
string logName = "Application";
string logSource = "EventLogTest";
ListEventSink records = new ListEventSink();
DateTime initialTimestamp = DateTime.Now.AddDays(-1);
DateTime nowUtc = DateTime.UtcNow;
string sourceId = "TestInitialPositionTimeStamp";
DeleteExistingBookmarkFile(sourceId);
using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null, _bookmarkManager)))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.Timestamp;
source.InitialPositionTimestamp = initialTimestamp;
source.Start();
do
{
EventLog.WriteEntry(logSource, "A fresh message", EventLogEntryType.Information, 0);
System.Threading.Thread.Sleep(1000);
}while (source.LastEventLatency > new TimeSpan(0, 0, 1));
source.Stop();
Assert.True(records.Count > 0, "There is an event after the timestamp.");
Assert.True(records[0].Timestamp >= initialTimestamp.ToUniversalTime() && records[0].Timestamp < nowUtc, "There is an earlier event after the initial timestamp.");
DateTime dateTime1 = records[records.Count - 1].Timestamp;
//Write some new logs after the source stop
DateTime dateTime2 = DateTime.Now;
string msg = $"Message generated by EventLogTest {dateTime2}";
int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
records.Clear();
source.Start();
System.Threading.Thread.Sleep(2000);
//Should get the record when the source is stopped
Assert.True(records.Count > 0, "Should get the new record.");
Assert.True(records[0].Timestamp >= dateTime1, "Should pick up new records.");
}
}
public void TestInitialPositionBookMark()
{
string logName = "Application";
string logSource = "Test";
ListEventSink records = new ListEventSink();
string sourceId = "TestInitialPositionBookMark";
DeleteExistingBookmarkFile(sourceId);
//This should generate a water mark file
using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null)))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.Bookmark;
source.Start();
var nowUtc = DateTime.UtcNow;
string msg = $"Message generated by EventLogTest {nowUtc}";
int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
if (!EventLog.SourceExists(logSource))
{
EventLog.CreateEventSource(logSource, logName);
}
EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
source.Stop();
//Write some new logs after the source stop
DateTime dateTime2Utc = DateTime.UtcNow;
msg = $"Message generated by EventLogTest {dateTime2Utc}";
EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
records.Clear();
source.Start();
System.Threading.Thread.Sleep(1000);
//Should get the record when the source is stopped
var foundRecord = records.FirstOrDefault(r => msg.Equals(((EventRecordEnvelope)r).Data.Description));
Assert.NotNull(foundRecord);
Assert.True(foundRecord.Timestamp >= dateTime2Utc);
}
}
public void TestInitialPositionBOS()
{
string logName = "Application";
string logSource = "Test";
ListEventSink records = new ListEventSink();
DateTime nowUtc = DateTime.UtcNow;
string sourceId = "TestInitialPositionTimeStamp";
DeleteExistingBookmarkFile(sourceId);
using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null)))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.BOS;
source.Start();
do
{
EventLog.WriteEntry(logSource, "A fresh message", EventLogEntryType.Information, 0);
System.Threading.Thread.Sleep(1000);
}while (source.LastEventLatency > new TimeSpan(0, 0, 1));
System.Threading.Thread.Sleep(1000);
source.Stop();
Assert.True(records.Count > 0);
Assert.True(records[0].Timestamp < nowUtc);
//Write some new logs after the source stop
DateTime dateTime2Utc = DateTime.UtcNow;
string msg = $"Message generated by EventLogTest {dateTime2Utc}";
int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
records.Clear();
source.Start();
System.Threading.Thread.Sleep(1000);
//Should get the record when the source is stopped
Assert.True(records.Count > 0);
Assert.True(records[0].Timestamp >= dateTime2Utc);
}
}
public void TestInitialPositionBookMark()
{
string logName = "Application";
string logSource = "Test";
ListEventSink records = new ListEventSink();
string sourceId = "TestInitialPositionBookMark";
DeleteExistingBookmarkFile(sourceId);
//This should generate a water mark file
using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null)))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.Bookmark;
source.Start();
string msg = $"Message generated by EvengLogTest {DateTime.Now}";
int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
if (!EventLog.SourceExists(logSource))
{
EventLog.CreateEventSource(logSource, logName);
}
EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
source.Stop();
//Write some new logs afte the source stop
DateTime dateTime2 = DateTime.Now;
msg = $"Message generated by EvengLogTest {dateTime2}";
EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId);
System.Threading.Thread.Sleep(1000);
records.Clear();
source.Start();
System.Threading.Thread.Sleep(1000);
//Should get the record when the souce is stopped
Assert.True(records.Count > 0);
Assert.True(records[0].Timestamp >= dateTime2);
}
}
public void TestInitialPositionBOS(bool acknowledge)
{
var records = new ListEventSink();
var sourceId = "TestEvtInitialPositionTimeStamp";
var eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
var msg = "A fresh message";
// Write some events before the source is created
for (int i = 0; i < 3; i++)
{
EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);
}
var now = DateTime.UtcNow;
using (var source = CreateSource(sourceId, eventId))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.BOS;
source.Start();
for (int i = 0; i < 5; i++)
{
EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);
}
Thread.Sleep(5000);
if (acknowledge)
{
// Send the acknowledgements as if they had come from sources.
var bookmark = Assert.IsType <BookmarkInfo>(BookmarkManager.GetBookmark(sourceId));
BookmarkManager.SaveBookmark(bookmark.Id, records.Last().Position, null);
}
source.Stop();
Thread.Sleep(1000);
Assert.True(records[0].Timestamp < now, $"First record should have been written before {now}, but was written at {records[0].Timestamp}");
var lastRecordTimestamp = records.Last().Timestamp;
Assert.True(lastRecordTimestamp > now, $"Last record should have been written after {now}, but was written at {records.Last().Timestamp}");
records.Clear();
//Write some new logs after the source stop
var newmsg = "A fresh message after source stop";
EventLog.WriteEntry(LogSource, newmsg, EventLogEntryType.Information, eventId);
Thread.Sleep(1000);
source.Start();
Thread.Sleep(3000);
IEnvelope lastRecord;
if (acknowledge)
{
lastRecord = Assert.Single(records);
}
else
{
Assert.Equal(9, records.Count);
lastRecord = records.Last();
}
Assert.True(lastRecord.Timestamp > lastRecordTimestamp);
Assert.Matches("after source stop", lastRecord.GetMessage("string"));
}
}
public void TestInitialPositionBookMark(bool acknowledge)
{
var records = new ListEventSink();
var sourceId = "TestEvtInitialPositionBookMark";
var eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
var msg = "A fresh message";
// Write some events before the source is created
for (int i = 0; i < 3; i++)
{
EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);
}
var now = DateTime.UtcNow;
using (var source = CreateSource(sourceId, eventId))
{
source.Subscribe(records);
source.Id = sourceId;
source.InitialPosition = InitialPositionEnum.Bookmark;
source.Start();
Thread.Sleep(2000);
// When using Bookmark as Initial position, and there is no bookmark, it should not process old events.
Assert.Empty(records);
EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);
Thread.Sleep(1000);
if (acknowledge)
{
// Send the acknowledgements as if they had come from sources.
var bookmark = Assert.IsType <BookmarkInfo>(BookmarkManager.GetBookmark(sourceId));
BookmarkManager.SaveBookmark(bookmark.Id, records.Last().Position, null);
}
source.Stop();
Thread.Sleep(1000);
var lastRecordTimestamp = Assert.Single(records).Timestamp;
Assert.True(lastRecordTimestamp > now);
records.Clear();
//Write some new logs after the source stop
var newmsg = "A fresh message after source stop";
EventLog.WriteEntry(LogSource, newmsg, EventLogEntryType.Information, eventId);
Thread.Sleep(1000);
source.Start();
Thread.Sleep(1000);
// If it's a clean shutdown (i.e. config reload), the bookmark isn't removed from BookmarkManager,
// so the source should pick up where it left off according to the previous bookmark value.
if (acknowledge)
{
var lastRecord = Assert.Single(records);
Assert.True(lastRecord.Timestamp > lastRecordTimestamp);
Assert.Matches("after source stop", lastRecord.GetMessage("string"));
}
else
{
// When using Bookmark as Initial position, and there is no bookmark, it should not process old events.
// Since we didn't commit the bookmark in this theory, no records should be returned.
Assert.Empty(records);
}
}
}
