public static void BatchEventLog(string sql, string iCheckpoint)
{
COMEventLogInputContextClassClass Input = new COMEventLogInputContextClassClass();
Input.iCheckpoint = iCheckpoint;
ExectuteBatch(sql, Input);
}
public static DataTable ParseEventLog(string sql, string iCheckpoint)
{
COMEventLogInputContextClassClass Input = new COMEventLogInputContextClassClass();
Input.iCheckpoint = iCheckpoint;
return(Execute(sql, Input));
}
/// <summary>
/// Returns the correct Input Context class for this type of query. It will also sanity check
/// all relevant config params and throw exceptions where there are violations (required
/// setting missing, badly formed etc)
/// </summary>
/// <returns></returns>
/// <exception cref="ArgumentException">Thrown if a setting is missing</exception>
/// <exception cref="FormatException">Thrown if a setting is badly formed</exception>
protected override object GetInputContext()
{
var context = new COMEventLogInputContextClassClass
{
fullText = myConfig.FullText.GetValueOrDefault(true),
resolveSIDs = myConfig.ResolveSIDs.GetValueOrDefault(false),
formatMsg = myConfig.FormatMsg.GetValueOrDefault(true),
fullEventCode = myConfig.FullEventCode.GetValueOrDefault(false),
msgErrorMode = myConfig.MsgErrorMode ?? "MSG",
direction = myConfig.Direction ?? "FW",
stringsSep = myConfig.StringsSep ?? "|",
binaryFormat = myConfig.BinaryFormat ?? "HEX"
};
if (!string.IsNullOrEmpty(myConfig.CheckpointFile))
{
context.iCheckpoint = myConfig.CheckpointFile;
}
return(context);
}
public static DataTable runQuery(string q, string context, Func <int, bool> updateCallback = null)
{
Object o = null;
switch (context.ToLower())
{
case "active directory":
o = new COMADSInputContextClassClass();
break;
case "iis binary":
o = new COMIISBINInputContextClassClass();
break;
case "csv file":
o = new COMCSVInputContextClassClass();
break;
case "windows trace":
o = new COMETWInputContextClassClass();
break;
case "windows events":
o = new COMEventLogInputContextClassClass();
break;
case "file system":
o = new COMFileSystemInputContextClassClass();
break;
case "http error":
o = new COMHttpErrorInputContextClassClass();
break;
case "iis":
o = new COMIISIISInputContextClassClass();
break;
case "iis odbc":
o = new COMIISODBCInputContextClassClass();
break;
case "iis w3c":
o = new COMIISW3CInputContextClassClass();
break;
case "iis ncsa":
o = new COMIISNCSAInputContextClassClass();
break;
case "netmon":
o = new COMNetMonInputContextClassClass();
break;
case "registry":
o = new COMRegistryInputContextClassClass();
break;
case "textline":
o = new COMTextLineInputContextClassClass();
break;
case "textword":
o = new COMTextWordInputContextClassClass();
break;
case "tsv file":
o = new COMTSVInputContextClassClass();
break;
case "urlscan":
o = new COMURLScanLogInputContextClassClass();
break;
case "w3c":
o = new COMW3CInputContextClassClass();
break;
case "xml file":
o = new COMXMLInputContextClassClass();
break;
case "rpower logs":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerLogs"));
break;
case "rpower keys":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerKeys"));
break;
case "rpower cc logs":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerCC"));
break;
case "rpower dbf":
o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerDB"));
break;
default:
o = Activator.CreateInstance(Type.GetTypeFromProgID(context));
break;
}
if (o == null)
{
return(null);
}
else
{
return(runQuery(q, o, updateCallback));
}
}
