Esempio n. 1
0
        public void TestSavingOutdatedBookmarkPollingSource()
        {
            string logName   = "Application";
            string logSource = nameof(TestSavingOutdatedBookmark);
            string query     = $"*[System[Provider[@Name = '{logSource}']]]";

            DeleteExistingBookmarkFile(logSource);

            if (!EventLog.SourceExists(logSource))
            {
                EventLog.CreateEventSource(logSource, logName);
            }

            using (WindowsEventPollingSource source = new WindowsEventPollingSource(logName, query, false, new PluginContext(null, null, null, _bookmarkManager)))
            {
                source.Id = logSource;
                source.InitialPosition = InitialPositionEnum.Bookmark;
                source.Start();
                System.Threading.Thread.Sleep(1000);
                EventLog.WriteEntry(logSource, "TestSavingOutdatedBookmark test message");
                System.Threading.Thread.Sleep(1000);
                var lastSavedBookmark = source._lastSavedBookmark;

                // execute a save bookmark operation at the '0' position
                source.SaveBookmarkInternal(0, false);

                // assert that 'SaveBookmarkInternal' does not throw exception,
                // and the saved bookmark remains the latest position.
                Assert.Equal(lastSavedBookmark, source._lastSavedBookmark);
            }
        }
Esempio n. 2
0
        public void TestEventXml2PollingSource()
        {
            ListEventSink records = new ListEventSink();
            var           config  = TestUtility.GetConfig("Sources", "ApplicationLogWithEventData");

            using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(config, null, null, _bookmarkManager)))
            {
                source.Subscribe(records);
                source.Start();

                string msg     = $"Message generated by EventLogTest {DateTime.Now}";
                int    eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
                EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);

                System.Threading.Thread.Sleep(1000);

                source.Stop();
            }

            string xml       = ((RawEventRecordEnvelope)records[0]).GetMessage("xml2");
            var    xDocument = XDocument.Parse(xml);
            var    xRoot     = xDocument.Root;

            Assert.Equal("Event", xRoot.Name.LocalName);
            XNamespace ns = xRoot.GetDefaultNamespace();

            Assert.NotNull(xRoot.Element(ns + "System"));
            Assert.NotNull(xRoot.Element(ns + "EventData"));
        }
Esempio n. 3
0
        public void TestInitialPositionBookMarkPollingSource()
        {
            ListEventSink records  = new ListEventSink();
            string        sourceId = "TestInitialPositionBookMark";

            DeleteExistingBookmarkFile(sourceId);

            //This should generate a water mark file
            using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager)))
            {
                source.Subscribe(records);
                source.Id = sourceId;
                source.InitialPosition = InitialPositionEnum.Bookmark;
                source.Start();

                var    nowUtc  = DateTime.UtcNow;
                string msg     = $"Message generated by EventLogTest {nowUtc}";
                int    eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
                EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);

                System.Threading.Thread.Sleep(1000);
                var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id));
                Assert.NotNull(foundRecord);
                Assert.True(foundRecord.Timestamp >= nowUtc); // Assert that the record exists and was created after the source stop.

                source.Stop();

                //Write some new logs after the source stop
                DateTime dateTime2Utc = DateTime.UtcNow;
                int      eventId2     = (int)(DateTime.Now.Ticks % ushort.MaxValue);
                msg = $"Message generated by EventLogTest {dateTime2Utc}";
                records.Clear();
                EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId2);
                System.Threading.Thread.Sleep(1000);

                records.Clear();

                source.Reset();
                source.Start();
                System.Threading.Thread.Sleep(5000);
                //Should get the record when the source is stopped
                var foundRecord2 = records.FirstOrDefault(r => eventId2.Equals(((RawEventRecordEnvelope)r).Data.Id));
                Assert.NotNull(foundRecord2);
                Assert.True(foundRecord2.Timestamp >= dateTime2Utc); // Assert that the record exists and was created after the source stop.
            }
        }
Esempio n. 4
0
        public void TestInitialPositionTimeStampPollingSource()
        {
            ListEventSink records          = new ListEventSink();
            DateTime      initialTimestamp = DateTime.Now.AddDays(-1);
            DateTime      nowUtc           = DateTime.UtcNow;
            string        sourceId         = "TestInitialPositionTimeStamp";

            DeleteExistingBookmarkFile(sourceId);

            using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager)))
            {
                source.Subscribe(records);
                source.Id = sourceId;
                source.InitialPosition          = InitialPositionEnum.Timestamp;
                source.InitialPositionTimestamp = initialTimestamp;
                source.Start();

                do
                {
                    EventLog.WriteEntry(LogSource, "A fresh message", EventLogEntryType.Information, 0);
                    System.Threading.Thread.Sleep(1000);
                }while (source.LastEventLatency > new TimeSpan(0, 0, 1));

                source.Stop();
                Assert.True(records.Count > 0, "There is an event after the timestamp.");
                Assert.True(records[0].Timestamp >= initialTimestamp.ToUniversalTime() && records[0].Timestamp < nowUtc, "There is an earlier event after the initial timestamp.");
                DateTime dateTime1 = records[records.Count - 1].Timestamp;

                //Write some new logs after the source stop
                DateTime dateTime2 = DateTime.Now;
                string   msg       = $"Message generated by EventLogTest {dateTime2}";
                int      eventId   = (int)(DateTime.Now.Ticks % ushort.MaxValue);
                records.Clear();
                EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);
                System.Threading.Thread.Sleep(1000);

                source.Reset();
                source.Start();
                System.Threading.Thread.Sleep(5000);
                //Should get the record when the source is stopped
                Assert.True(records.Count > 0, "Should get the new record.");
                var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id));
                Assert.True(foundRecord.Timestamp >= dateTime1); // Assert that the record exists and was created after the source stop.
            }
        }
Esempio n. 5
0
        public void TestInitialPositionEOSPollingSource()
        {
            ListEventSink records = new ListEventSink();

            using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, null, false, new PluginContext(null, null, null, _bookmarkManager)))
            {
                source.Subscribe(records);
                source.Start();

                string msg     = $"Message generated by EventLogTest {DateTime.Now}";
                int    eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue);
                EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId);

                System.Threading.Thread.Sleep(1000);

                source.Stop();
            }

            Assert.True(records.Count > 0);
        }