public static IObservable <EventLogRecord> TryGetObservable(string[] files, out IDictionary <string, Exception> fileReadExceptions)
{
fileReadExceptions = null;
List <EventLogRecord> events = new List <EventLogRecord>();
foreach (string file in files)
{
try
{
var result = EvtxEnumerable.FromFiles(file);
events.AddRange(result);
}
catch (EventLogException logEx)
{
if (fileReadExceptions != null)
{
fileReadExceptions.Add(file, logEx);
}
else
{
fileReadExceptions = new Dictionary <string, Exception>();
fileReadExceptions.Add(file, logEx);
}
}
}
return(events.ToObservable());
}
/// <summary>
/// Creates an observable on a folder and can watch new files dropped.
/// </summary>
/// <param name="path">Path to the folder.</param>
/// <param name="watchNewFiles">Watch new files dropped in the folder.</param>
/// <returns></returns>
public static IObservable <EventLogRecord> FromFolder(string path, bool watchNewFiles)
{
var files = Directory.EnumerateFiles(path).ToArray();
IObservable <EventLogRecord> observable = FromFiles(files);
if (watchNewFiles)
{
FileSystemWatcher fileSystemWatcher = new FileSystemWatcher(path);
fileSystemWatcher.EnableRaisingEvents = true;
IObservable <EventLogRecord> observable2 = Observable.Create <EventLogRecord>(observer =>
{
fileSystemWatcher.Created += (sender, e) =>
{
// This sleep ensures that the file is readable after creation.
// Without this, an exception is encountered
Thread.Sleep(TimeSpan.FromSeconds(1));
var events = EvtxEnumerable.FromFiles(e.FullPath);
foreach (var item in events)
{
observer.OnNext(item);
}
};
return(fileSystemWatcher);
});
observable = observable.Concat(observable2);
}
return(observable);
}
public static void AddLogFiles(this IPlaybackConfiguration playback, params string[] files)
{
playback.AddInput(
() => EvtxEnumerable.FromFiles(files).ToObservable(ThreadPoolScheduler.Instance),
typeof(EvtxManifestTypeMap),
typeof(EvtxTypeMap));
}
public static IObservable <EventLogRecord> FromFiles(params string[] files)
{
return(EvtxEnumerable.FromFiles(files).ToObservable());
}