public static List <ILogEntry> LoadFromXml(string fileName) { var xml = new XmlDocument(); var nsmgr = new XmlNamespaceManager(xml.NameTable); nsmgr.AddNamespace("x", "http://schemas.microsoft.com/win/2004/08/events/event"); xml.Load(fileName); var result = new List <ILogEntry>(); foreach (XmlElement item in xml.SelectNodes("/Events/x:Event", nsmgr)) { var entry = new LoadedLogEntry(); switch (item.SelectSingleNode("x:System/x:Level", nsmgr).InnerText) { default: throw new NotSupportedException(); case "0": entry.EntryType = EventLogEntryType.Information; break; case "2": entry.EntryType = EventLogEntryType.Error; break; case "3": entry.EntryType = EventLogEntryType.Warning; break; case "4": entry.EntryType = EventLogEntryType.Information; break; } var timeSource = item.SelectSingleNode("x:System/x:TimeCreated/@SystemTime", nsmgr).InnerText; var datetime = XmlConvert.ToDateTime(timeSource, XmlDateTimeSerializationMode.Unspecified); entry.TimeGenerated = datetime; entry.TimeWritten = datetime; entry.Category = item.SelectSingleNode("x:System/x:Channel", nsmgr).InnerText; entry.MachineName = item.SelectSingleNode("x:System/x:Computer", nsmgr).InnerText; var data = new StringBuilder(); foreach (XmlElement dataElement in item.SelectNodes("x:EventData/x:Data", nsmgr)) { data.Append(dataElement.InnerText).Append(Environment.NewLine); } entry.Message = data.ToString().Trim(); result.Add(entry); } return(result); }
static void Run(Configuration config) { var entries = new List <ILogEntry>(); if (config.SourceIsFile) { if (config.SourceType == SourceType.EvtxFile) { entries = LoadedLogEntry.LoadFromEvtx(config.FileName); } else if (config.SourceType == SourceType.XmlFile) { entries = LoadedLogEntry.LoadFromXml(config.FileName); } else { throw new NotSupportedException(); } } else { var logs = config.SourceType == SourceType.LocalComputer ? EventLog.GetEventLogs() : EventLog.GetEventLogs(config.ComputerName); var snLog = logs.FirstOrDefault(l => l.Log == config.LogName); if (snLog == null) { Console.WriteLine("EventLog '{0}' was not found.", config.LogName); return; } foreach (var item in snLog.Entries) { entries.Add(new WrappedLogEntry((EventLogEntry)item)); } } Console.WriteLine("Source: {0}", config.ComputerName ?? "<local>"); Console.WriteLine(" Log name = \t\t {0}", config.LogName); Console.WriteLine(" Number of events = \t {0}", entries.Count.ToString()); Console.WriteLine("-----------------------------------------------------------------"); var firstTime = entries.First().TimeGenerated; var lastTime = DateTime.MinValue; var detailedEntries = new List <DetailedLogEntry>(); var entryCount = 0; var errorCount = 0; var warningCount = 0; foreach (var entry in entries) { entryCount++; lastTime = entry.TimeGenerated; if (entry.EntryType == EventLogEntryType.Error || entry.EntryType == EventLogEntryType.Warning || entry.EntryType == EventLogEntryType.Information) { if (entry.EntryType == EventLogEntryType.Error) { errorCount++; } if (entry.EntryType == EventLogEntryType.Warning) { warningCount++; } detailedEntries.Add(DetailedLogEntry.Create(entry)); } } if (lastTime < firstTime) { var d = lastTime; lastTime = firstTime; firstTime = d; } var grouped = new Dictionary <int, List <DetailedLogEntry> >(); foreach (var entry in detailedEntries) { var key = entry.GetKey(); if (!grouped.TryGetValue(key, out var list)) { list = new List <DetailedLogEntry>(); grouped.Add(key, list); } list.Add(entry); } var ordered = grouped.Values .OrderBy(i => i.First().EntryType) .ThenByDescending(i => i.Count) .ThenByDescending(i => i.First().Message) .ToArray(); using (var writer = new StreamWriter(config.ErrorsFileName)) { Console.WriteLine("Writing aggregated errors to {0}", config.ErrorsFileName); writer.WriteLine("Source: {0}", config.SourceIsFile ? config.FileName : config.ComputerName); writer.WriteLine("Log: {0}", config.SourceIsFile ? "" : config.LogName); writer.WriteLine("First event: {0:yyyy-MM-dd HH:mm:ss.fffff}", firstTime); writer.WriteLine("Last event : {0:yyyy-MM-dd HH:mm:ss.fffff}", lastTime); writer.WriteLine("Event count: {0}", entryCount); writer.WriteLine("Error count: {0}", errorCount); writer.WriteLine("Warning count: {0}", warningCount); writer.WriteLine("Group count: {0}", grouped.Count); writer.WriteLine("=========================================================================="); writer.WriteLine(" Error message summary:"); writer.WriteLine("Count DiffMsg DiffStack Type Message"); writer.WriteLine("----- ------- --------- ----------- -------"); // 3 3 3 Error Invalid manifest: missing "ReleaseDate" element. // 35 1 1 Information ContentTypeManager.Reset called. foreach (var list in ordered) { var first = list[0]; var differentMessageCount = list.Select(i => i.StackTrace).Distinct().Count(); var differentStackTraceCount = list.Select(i => GetStackLines(i.StackTrace)).Distinct().Count(); writer.WriteLine("{0,5}{1,8}{2,10}{3,12} {4}", list.Count, differentMessageCount, differentStackTraceCount, first.EntryType, first.Name); } writer.WriteLine(); writer.WriteLine("##########################################################################"); writer.WriteLine("## Group details ##"); writer.WriteLine("##########################################################################"); writer.WriteLine(); foreach (var list in ordered) { var first = list[0]; if (first.EntryType != EventLogEntryType.Error) { continue; } writer.WriteLine("Name: {0}", first.Name); writer.WriteLine("Type: {0}", first.EntryType); writer.WriteLine("Count: {0}", list.Count); var subGroups = new Dictionary <string, Dictionary <string, int> >(); // Dictionary<stacktrace, Dictionary<message, count>> foreach (var item in list) { var messageLines = GetMessageLines(item.StackTrace) ?? item.Message; var stackLines = GetStackLines(item.StackTrace) ?? string.Empty; if (!subGroups.TryGetValue(stackLines, out var messages)) { messages = new Dictionary <string, int>(); subGroups.Add(stackLines, messages); } if (!messages.ContainsKey(messageLines)) { messages.Add(messageLines, 1); } else { messages[messageLines]++; } } foreach (var entry in subGroups) { writer.WriteLine( "----------------------------------------------------------------------------------------------------------------------------------------------------"); foreach (var subEntry in entry.Value) { writer.WriteLine("Count: {0}: {1}", subEntry.Value, subEntry.Key); } writer.WriteLine(); writer.WriteLine("Stack:"); writer.WriteLine(entry.Key); //stacktrace } writer.WriteLine(); writer.WriteLine(); writer.WriteLine("===================================================================================================================================================="); } } using (var writer = new StreamWriter(config.EventsFileName)) { Console.WriteLine("Writing all events to {0}", config.EventsFileName); writer.WriteLine("First event: {0:yyyy-MM-dd HH:mm:ss.fffff}", firstTime); writer.WriteLine("Last event : {0:yyyy-MM-dd HH:mm:ss.fffff}", lastTime); writer.WriteLine("Entry count: {0}", entryCount); writer.WriteLine("##########################################################################"); foreach (var entry in entries.OrderBy(e => e.TimeGenerated).ThenBy(e => e.Message)) { WriteEntry(entry, writer); writer.WriteLine("##########################################################################"); } } }