public void GetLogInformation_UsingLogName_DoesNotThrow(string logName)
{
using (var session = new EventLogSession())
{
EventLogConfiguration configuration;
try
{
configuration = new EventLogConfiguration(logName, session);
}
catch (EventLogNotFoundException)
{
throw new SkipTestException(nameof(EventLogNotFoundException));
}
using (configuration)
{
EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
Assert.Equal(logInfo.CreationTime, logInfo.CreationTime);
Assert.Equal(logInfo.LastAccessTime, logInfo.LastAccessTime);
Assert.Equal(logInfo.LastWriteTime, logInfo.LastWriteTime);
Assert.Equal(logInfo.FileSize, logInfo.FileSize);
Assert.Equal(logInfo.Attributes, logInfo.Attributes);
Assert.Equal(logInfo.RecordCount, logInfo.RecordCount);
Assert.Equal(logInfo.OldestRecordNumber, logInfo.OldestRecordNumber);
Assert.Equal(logInfo.IsLogFull, logInfo.IsLogFull);
}
}
}
public void GetLogInformation_UsingLogName_DoesNotThrow(string logName)
{
DateTime?creationTime, lastAccessTime, lastWriteTime;
long? fileSize, recordCount, oldestRecordNumber;
int? attributes;
bool? isLogFull;
using (var session = new EventLogSession())
{
EventLogConfiguration configuration = null;
try
{
configuration = new EventLogConfiguration(logName, session);
}
catch (EventLogNotFoundException)
{
configuration?.Dispose();
return;
}
EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
creationTime = logInfo.CreationTime;
lastAccessTime = logInfo.LastAccessTime;
lastWriteTime = logInfo.LastWriteTime;
fileSize = logInfo.FileSize;
attributes = logInfo.Attributes;
recordCount = logInfo.RecordCount;
oldestRecordNumber = logInfo.OldestRecordNumber;
isLogFull = logInfo.IsLogFull;
configuration.Dispose();
}
using (var session = new EventLogSession())
{
using (var configuration = new EventLogConfiguration(logName, session))
{
EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
Assert.Equal(creationTime, logInfo.CreationTime);
Assert.Equal(lastAccessTime, logInfo.LastAccessTime);
Assert.Equal(lastWriteTime, logInfo.LastWriteTime);
Assert.Equal(fileSize, logInfo.FileSize);
Assert.Equal(attributes, logInfo.Attributes);
Assert.Equal(recordCount, logInfo.RecordCount);
Assert.Equal(oldestRecordNumber, logInfo.OldestRecordNumber);
Assert.Equal(isLogFull, logInfo.IsLogFull);
}
}
}
public static void Main(string[] args)
{
int exitCode = 0;
String logPath = "Application";
String query = "*/System[Level <= 3 and Level >= 1]"; // XPath selecting all events of level warning or higher.
String targetFile = Environment.ExpandEnvironmentVariables("%USERPROFILE%\\export.evtx");
String targetFileWithMessages = Environment.ExpandEnvironmentVariables("%USERPROFILE%\\exportWithMessages.evtx");
try
{
//
// Parse the command line.
//
if (args.Length > 0)
{
if (args[0] == "/?" || args[0] == "-?")
{
Console.WriteLine("Usage: LogManagement [<logname> [<exportFile> [<exportFileWithMessages>]]]\n" +
"<logname> is the name of an existing event log.\n" +
"When <logname> is not specified, Application is assumed.\n" +
"EXAMPLE: LogManagement Microsoft-Windows-TaskScheduler/Operational archive.evtx archiveWithMessages.evtx\n");
Environment.Exit(0);
}
else
{
logPath = args[0];
if (args.Length > 1)
{
targetFile = args[1];
}
if (args.Length > 2)
{
targetFileWithMessages = args[2];
}
}
}
//
// Get log information.
//
EventLogSession session = new EventLogSession();
EventLogInformation logInfo = session.GetLogInformation(logPath, PathType.LogName);
Console.WriteLine("The {0} log contains {1} events.", logPath, logInfo.RecordCount);
//
// Export selected events from a log to a file.
//
if (File.Exists(targetFile))
{
Console.WriteLine("Could not export log {0}: file {1} already exists", logPath, targetFile);
Environment.Exit(1);
}
else
{
session.ExportLog(logPath, PathType.LogName, query, targetFile, true);
Console.WriteLine("Selected events from the {0} log have been exported to file {1}.", logPath, targetFile);
}
//
// Capture localized event information so that the exported log can be viewed on
// systems that might not have some of the event providers installed.
//
if (File.Exists(targetFileWithMessages))
{
Console.WriteLine("Could not archive log {0}: file {1} already exists", logPath, targetFileWithMessages);
Environment.Exit(1);
}
else
{
session.ExportLogAndMessages(logPath, PathType.LogName, query, targetFileWithMessages, true, CultureInfo.CurrentCulture);
Console.WriteLine("The export file {0} has been localized into {1} for archiving.", targetFileWithMessages, CultureInfo.CurrentCulture.DisplayName);
}
//
// Clear the log.
//
session.ClearLog(logPath);
Console.WriteLine("The {0} log has been cleared.", logPath);
}
catch (UnauthorizedAccessException e)
{
Console.WriteLine("You do not have the correct permissions. " +
"Try re-running the sample with administrator privileges.\n" + e.ToString());
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
exitCode = 1;
}
Environment.Exit(exitCode);
}