public WindowsEventPollingSource(string logName, string query, bool includeEventData, IPlugInContext context)
: base(new ServiceDependency("EventLog"), context)
{
_logName = logName;
_query = query;
_includeEventData = includeEventData;
customFilters = context?.Configuration?["CustomFilters"]?.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries) ?? new string[0];
if (customFilters.Length > 0)
{
var badFilters = string.Join(",", customFilters.Where(i => EventInfoFilters.GetFilter(i) == null));
if (!string.IsNullOrWhiteSpace(badFilters))
{
throw new ConfigurationException($"Custom filter/s '{badFilters}' do not exist. Please check the filter names.");
}
}
if (bool.TryParse(context?.Configuration?["BookmarkOnBufferFlush"] ?? "false", out bool bookmarkOnBufferFlush))
{
this.bookmarkOnBufferFlush = bookmarkOnBufferFlush;
}
}
public EventLogSource(string logName, string query, IPlugInContext context) : base(new ServiceDependency("EventLog"), context)
{
Guard.ArgumentNotNullOrEmpty(logName, nameof(logName));
this.logName = logName;
this.query = query;
this.recordSubject = new Subject <IEnvelope <EventInfo> >();
this.bookmarkDirectory = Path.GetDirectoryName(this.GetBookmarkFilePath());
if (!Directory.Exists(this.bookmarkDirectory))
{
Directory.CreateDirectory(this.bookmarkDirectory);
}
if (bool.TryParse(context?.Configuration?["BookmarkOnBufferFlush"] ?? "false", out bool bookmarkOnBufferFlush))
{
this.bookmarkOnBufferFlush = bookmarkOnBufferFlush;
}
if (string.IsNullOrWhiteSpace(query))
{
this.eventLogQuery = new EventLogQuery(this.logName, PathType.LogName);
}
else
{
this.eventLogQuery = new EventLogQuery(this.logName, PathType.LogName, this.query);
}
if (bool.TryParse(context?.Configuration?["IncludeEventData"], out bool incEventData))
{
this.includeEventData = incEventData;
}
this.customFilters = context?.Configuration?["CustomFilters"]?.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries) ?? new string[0];
if (this.customFilters.Length > 0)
{
var badFilters = string.Join(",", this.customFilters.Where(i => EventInfoFilters.GetFilter(i) == null));
if (!string.IsNullOrWhiteSpace(badFilters))
{
throw new ConfigurationException($"Custom filter/s '{badFilters}' do not exist. Please check the filter names.");
}
}
}
private void SendEventRecord(EventRecord eventRecord)
{
if (InitialPosition == InitialPositionEnum.Timestamp &&
eventRecord.TimeCreated.HasValue &&
InitialPositionTimestamp > eventRecord.TimeCreated.Value.ToUniversalTime())
{
return; //Don't send if timetamp initial position is in the future
}
EventRecordEnvelope envelope;
if (_options.CustomFilters.Length > 0)
{
// Create new envelope with event data for filtering
envelope = new EventRecordEnvelope(eventRecord, true, _options.BookmarkOnBufferFlush
? new IntegerPositionRecordBookmark(Id, Id, eventRecord.RecordId ?? 0)
: null);
//Don't send if any filter return false
if (_options.CustomFilters.Any(name => !EventInfoFilters.GetFilter(name)(eventRecord)))
{
return;
}
//Strip off Event Data if not configured
if (!_options.IncludeEventData)
{
envelope.Data.EventData = null;
}
}
else
{
envelope = new EventRecordEnvelope(eventRecord, _options.IncludeEventData, _options.BookmarkOnBufferFlush
? new IntegerPositionRecordBookmark(Id, Id, eventRecord.RecordId ?? 0)
: null);
}
_recordSubject.OnNext(envelope);
_metrics?.PublishCounter(Id, MetricsConstants.CATEGORY_SOURCE, CounterTypeEnum.Increment,
MetricsConstants.EVENTLOG_SOURCE_EVENTS_READ, 1, MetricUnit.Count);
}
private void SendEventRecord(EventRecord eventRecord)
{
if (InitialPosition == InitialPositionEnum.Timestamp &&
InitialPositionTimestamp.HasValue &&
eventRecord.TimeCreated.HasValue &&
InitialPositionTimestamp.Value > eventRecord.TimeCreated.Value.ToUniversalTime())
{
return; //Don't send if timetamp initial position is in the future
}
if (customFilters.Any(name => !EventInfoFilters.GetFilter(name)(eventRecord)))
{
//Don't send if any filter return false
return;
}
var envelope = new RawEventRecordEnvelope(eventRecord, _includeEventData, 0);
_recordSubject.OnNext(envelope);
_metrics?.PublishCounter(Id, MetricsConstants.CATEGORY_SOURCE, CounterTypeEnum.Increment,
MetricsConstants.EVENTLOG_SOURCE_EVENTS_READ, 1, MetricUnit.Count);
}
private void SendEventRecord(EventRecord eventRecord)
{
if (this.InitialPosition == InitialPositionEnum.Timestamp &&
this.InitialPositionTimestamp.HasValue &&
eventRecord.TimeCreated.HasValue &&
this.InitialPositionTimestamp.Value > eventRecord.TimeCreated.Value.ToUniversalTime())
{
return; //Don't send if timetamp initial position is in the future
}
EventRecordEnvelope envelope;
if (this.customFilters.Length > 0)
{
envelope = new EventRecordEnvelope(eventRecord, true, this.bookmarkId); //Need event data for filtering
//Don't send if any filter return false
if (this.customFilters.Any(name => !EventInfoFilters.GetFilter(name)(envelope.Data)))
{
return;
}
//Strip off Event Data if not configured
if (!this.includeEventData)
{
envelope.Data.EventData = null;
}
}
else
{
envelope = new EventRecordEnvelope(eventRecord, this.includeEventData, this.bookmarkId);
}
this.recordSubject.OnNext(envelope);
this._metrics?.PublishCounter(this.Id, MetricsConstants.CATEGORY_SOURCE, CounterTypeEnum.Increment,
MetricsConstants.EVENTLOG_SOURCE_EVENTS_READ, 1, MetricUnit.Count);
}
public EventLogSource(string logName, string query, IPlugInContext context) : base(new ServiceDependency("EventLog"), context)
{
Guard.ArgumentNotNullOrEmpty(logName, nameof(logName));
_logName = logName;
_query = query;
if (string.IsNullOrEmpty(query))
{
_eventLogQuery = new EventLogQuery(logName, PathType.LogName);
}
else
{
_eventLogQuery = new EventLogQuery(logName, PathType.LogName, query);
}
string includeEventData = context?.Configuration?["IncludeEventData"];
if (!string.IsNullOrWhiteSpace(includeEventData))
{
_includeEventData = Convert.ToBoolean(includeEventData);
}
string customFilters = context?.Configuration?["CustomFilters"];
if (!string.IsNullOrWhiteSpace(customFilters))
{
_customFilters = customFilters.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
foreach (var filter in _customFilters)
{
if (EventInfoFilters.GetFilter(filter) == null)
{
throw new ConfigurationException($"Custom filter {filter} does not exist. Please check the filter name.");
}
}
}
}
private void ParseWindowsEventLogSourceOptions(IConfiguration config, WindowsEventLogSourceOptions options)
{
if (config["CustomFilters"] is not null)
{
options.CustomFilters = config["CustomFilters"].Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
var badFilters = string.Join(",", options.CustomFilters.Where(i => EventInfoFilters.GetFilter(i) == null));
if (!string.IsNullOrWhiteSpace(badFilters))
{
throw new ConfigurationException($"Custom filter/s '{badFilters}' do not exist. Please check the filter names.");
}
}
if (bool.TryParse(config["IncludeEventData"], out var ied))
{
options.IncludeEventData = ied;
}
if (bool.TryParse(config["BookmarkOnBufferFlush"], out var bookmarkOnBufferFlush))
{
options.BookmarkOnBufferFlush = bookmarkOnBufferFlush;
}
LoadInitialPositionSettings(config, options);
}
/// <summary>
/// Handles the incoming <see cref="EventRecord"/>
/// </summary>
/// <returns>True iff the reader should continue reading new records.</returns>
private bool OnEventRecord(EventRecord eventRecord, long?prevRecordId, CancellationToken cancellationToken)
{
try
{
if (prevRecordId == eventRecord.RecordId)
{
//This code deduplicate the events with the same RecordId
_logger.LogInformation("WindowsEventPollingSource Id {0} skipped duplicated log: {1}.", Id, eventRecord.ToXml());
}
if (InitialPosition == InitialPositionEnum.Timestamp &&
eventRecord.TimeCreated.HasValue &&
InitialPositionTimestamp > eventRecord.TimeCreated.Value.ToUniversalTime())
{
//Don't send if timetamp initial position is in the future
return(true);
}
if (_options.CustomFilters.Length > 0 && _options.CustomFilters.Any(name => !EventInfoFilters.GetFilter(name)(eventRecord)))
{
//Don't send if any filter return false
return(true);
}
var task = _eventChannel.Writer.WriteAsync(eventRecord, cancellationToken);
if (!task.IsCompleted)
{
// wait only if writing to buffer does not finish synchronously
task.AsTask().GetAwaiter().GetResult();
}
}
catch (EventLogException ele)
{
if (ele.Message.Contains("The handle is invalid", StringComparison.OrdinalIgnoreCase))
{
return(false);
}
else
{
ProcessRecordError(ele);
}
}
catch (Exception ex)
{
ProcessRecordError(ex);
}
return(true);
}