public RESTStatus GetEventLogs(SQLLib sql, EventLogSearch eventlogsearch, NetworkConnectionInfo ni)
{
if (ni.HasAcl(ACLFlags.ChangeServerSettings) == false)
{
ni.Error = "Access denied";
ni.ErrorID = ErrorFlags.AccessDenied;
return(RESTStatus.Denied);
}
EventLogs = new EventLogReportFullList();
EventLogs.Data = new List <EventLogReportFull>();
if (eventlogsearch == null)
{
return(RESTStatus.Success);
}
if (eventlogsearch.QTY < 1)
{
eventlogsearch.QTY = 500;
}
string SQLQuery = "SELECT TOP " + eventlogsearch.QTY + " * FROM EventLog WHERE ";
List <SQLParam> SQLQueryArgs = new List <SQLParam>();
if (eventlogsearch.MachineID != null)
{
if (Computers.MachineExists(sql, eventlogsearch.MachineID) == false)
{
ni.Error = "Invalid Data";
ni.ErrorID = ErrorFlags.InvalidData;
return(RESTStatus.NotFound);
}
SQLQuery += "MachineID=@m AND ";
SQLQueryArgs.Add(new SQLParam("@m", eventlogsearch.MachineID));
}
if (eventlogsearch.Source != null)
{
SQLQuery += "Source=@s AND ";
SQLQueryArgs.Add(new SQLParam("@s", eventlogsearch.Source));
}
if (eventlogsearch.EventLogType != null)
{
SQLQuery += "EventLogType=@t AND ";
SQLQueryArgs.Add(new SQLParam("@t", eventlogsearch.EventLogType));
}
if (eventlogsearch.FromDate != null)
{
SQLQuery += "TimeGenerated>=@tgf AND ";
SQLQueryArgs.Add(new SQLParam("@tgf", eventlogsearch.FromDate));
}
if (eventlogsearch.ToDate != null)
{
SQLQuery += "TimeGenerated<=@tgt AND ";
SQLQueryArgs.Add(new SQLParam("@tgt", eventlogsearch.ToDate));
}
if (eventlogsearch.EventLogBook != null)
{
SQLQuery += "EventLog=@evtb AND ";
SQLQueryArgs.Add(new SQLParam("@evtb", eventlogsearch.EventLogBook));
}
if (eventlogsearch.CategoryNumber != null)
{
SQLQuery += "CategoryNumber=@catnum AND ";
SQLQueryArgs.Add(new SQLParam("@catnum", eventlogsearch.CategoryNumber));
}
SQLQuery = SQLQuery.Trim();
SQLQuery += " 1=1 ";
SQLQuery += " ORDER BY TimeGenerated DESC";
lock (ni.sqllock)
{
SqlDataReader dr = sql.ExecSQLReader(SQLQuery, SQLQueryArgs.ToArray());
while (dr.Read())
{
EventLogReportFull ev = new EventLogReportFull();
ev.Category = Convert.ToString(dr["Category"]);
ev.CategoryNumber = Convert.ToInt32(dr["CategoryNumber"]);
ev.Data = (byte[])dr["Data"];
ev.EventLog = Convert.ToString(dr["EventLog"]);
ev.EventLogType = Convert.ToInt32(dr["EventLogType"]);
ev.InstanceID = Convert.ToInt64(dr["InstanceID"]);
ev.JSONReplacementStrings = Convert.ToString(dr["JSONReplacementStrings"]);
ev.LogID = Convert.ToString(dr["LogID"]);
ev.MachineID = Convert.ToString(dr["MachineID"]);
ev.Message = Convert.ToString(dr["Message"]);
ev.Reported = SQLLib.GetDTUTC(dr["Reported"]);
ev.Source = Convert.ToString(dr["Source"]);
ev.TimeGenerated = SQLLib.GetDTUTC(dr["TimeGenerated"]);
ev.TimeWritten = SQLLib.GetDTUTC(dr["TimeWritten"]);
EventLogs.Data.Add(ev);
}
dr.Close();
}
return(RESTStatus.Success);
}
private void cmdQuery_Click(object sender, EventArgs e)
{
EventLogSearch ls = new EventLogSearch();
if (lstBook.Text.Trim() != "" && lstBook.Text != "(any)")
{
ls.EventLogBook = lstBook.Text.Trim();
}
if (lstSources.Text.Trim() != "")
{
ls.Source = lstSources.Text.Trim();
}
if (DTTo.Enabled == true)
{
ls.ToDate = DTTo.Value;
}
if (DTFrom.Enabled == true)
{
ls.FromDate = DTFrom.Value;
}
if (lstStatus.SelectedIndex > 0)
{
ls.EventLogType = 1 << (lstStatus.SelectedIndex - 1);
}
if (txtEventID.Text.Trim() != "")
{
int i = 0;
if (int.TryParse(txtEventID.Text, out i) == true)
{
ls.CategoryNumber = i;
}
}
ls.MachineID = MachineID;
int.TryParse(txtQTY.Text, out ls.QTY);
if (ls.QTY < 1)
{
ls.QTY = 1000;
}
txtQTY.Text = ls.QTY.ToString();
List <EventLogReportFull> evl = Program.net.GetEventLogs(ls);
lstData.Items.Clear();
if (evl != null)
{
foreach (EventLogReportFull ev in evl)
{
int imgindex = 0;
string Text = "";
switch (ev.EventLogType)
{
case 1:
imgindex = 3;
Text = "Error";
break;
case 2:
imgindex = 2;
Text = "Warning";
break;
case 0:
case 4:
imgindex = 4;
Text = "Information";
break;
case 8:
imgindex = 0;
Text = "Success Audit";
break;
case 16:
imgindex = 1;
Text = "Failure Audit";
break;
default:
imgindex = 4;
Text = "?";
break;
}
ListViewItem i = new ListViewItem(Text, imgindex);
i.SubItems.Add(ev.TimeGenerated.ToLongDateString() + " " + ev.TimeGenerated.ToLongTimeString());
i.SubItems.Add(GetComputerName(ev.MachineID));
i.SubItems.Add(ev.EventLog);
i.SubItems.Add(ev.Source);
i.SubItems.Add(ev.CategoryNumber.ToString());
i.Tag = ev;
lstData.Items.Add(i);
}
}
if (lstData.Items.Count == 0)
{
if (evl == null)
{
lblResults.Text = "Nothing";
}
else
{
lblResults.Text = lstData.Items.Count.ToString() + " item" + (lstData.Items.Count == 1 ? "" : "s");
}
}
else
{
lblResults.Text = lstData.Items.Count.ToString() + " item" + (lstData.Items.Count == 1 ? "" : "s");
}
}
