Esempi in C# (CSharp) per wEventLogSearch EventLogHelper

Esempio n. 1

        private void BtnSearch_Click(object sender, EventArgs e)
        {
            lblErrPath.Text = "";
            if (string.IsNullOrWhiteSpace(txtBoxEventID.ToString()))
            {
                lblResults.Text = "EventID can not be blank";
                return;
            }
            if (!File.Exists(TxtBoxEvtFpath.Text) && !Directory.Exists(TxtBoxEvtFpath.Text))
            {
                lblResults.Text = "Input event log file or folder does not exist: ";
                lblErrPath.Text = TxtBoxEvtFpath.Text;
                return;
            }
            if (!Directory.Exists(Path.GetDirectoryName(TxtBoxOutput.Text)))
            {
                lblResults.Text = "Output directory does not exist: " + Path.GetDirectoryName(TxtBoxOutput.Text);
                lblErrPath.Text = TxtBoxOutput.Text;
                return;
            }
            int    recordCount  = 0;
            string searchString = "*";

            string directorypath       = TxtBoxEvtFpath.Text;
            string writeOutputpath     = TxtBoxOutput.Text;
            string filterText          = txtboxFilter.Text;
            bool   boolGroupProperties = false;

            if (chkGroupProperties.Checked == true)
            {
                boolGroupProperties = true;
            }

            //set filters for query
            if (txtBoxEventID.Text != "" && txtBoxEventID.Text != "*")
            {
                searchString = "*[System[(EventID=" + txtBoxEventID.Text + ")";
            }
            if (txtBoxTimeDiff.Text != "")
            {
                long   timeFilter = 0;
                string timeDiff   = txtBoxTimeDiff.Text;
                bool   canConvert = long.TryParse(timeDiff, out timeFilter);
                if (canConvert == true)
                {
                    if (searchString.Contains("*[System["))
                    {
                        searchString = searchString + " and TimeCreated[timediff(@SystemTime) <= " + timeFilter.ToString() + "]";
                    }
                    else if (searchString.Contains("*") || searchString == "")
                    {
                        searchString = "*[System[TimeCreated[timediff(@SystemTime) <= " + timeFilter.ToString() + "]";
                    }
                }
            }
            if (searchString.Contains("*[System["))
            {
                searchString = searchString + "]]";
            }

            if (radioFileFolder1.Checked == true)
            {
                //List<EventRecord> foundRecords = EventLogHelper.SearchEventLogs(TxtBoxEvtFpath.Text, searchString);
                //recordCount = EventLogHelper.WriteEventRecords(foundRecords, writeOutputpath, filterText, true, boolGroupProperties);
                recordCount     = EventLogHelper.SearchEventLog(TxtBoxEvtFpath.Text, searchString, writeOutputpath, filterText, boolGroupProperties);
                lblResults.Text = $"{recordCount} results were returned";
            }
            else
            {
                int      recordsCount = 0;
                string[] fileEntries  = Directory.GetFiles(directorypath);
                foreach (string fileName in fileEntries)
                {
                    //List<EventRecord> foundRecords = EventLogHelper.SearchEventLogs(fileName, searchString);
                    //recordCount = EventLogHelper.WriteEventRecords(foundRecords, writeOutputpath, filterText, true, boolGroupProperties);
                    recordCount  = EventLogHelper.SearchEventLog(fileName, searchString, writeOutputpath, filterText, boolGroupProperties);
                    recordsCount = recordsCount + recordCount;
                }
                lblResults.Text = $"{recordsCount} results were returned";
            }
        }