public IList <object> GetPropertyValues(EventLogPropertySelector propertySelector)
{
if (propertySelector == null)
{
throw new ArgumentNullException("propertySelector");
}
return(NativeWrapper.EvtRenderBufferWithContextUserOrValues(propertySelector.Handle, _handle));
}
/// <summary>
/// Gets the data value from the task specific event data item list.
/// </summary>
/// <param name="name">The name of the data element.</param>
/// <returns>Contents of the requested data element if found. <c>null</c> if no value found.</returns>
/// <remarks>
/// <list type="table">
/// <listheader><term>EventID</term><description>Possible elements</description></listheader>
/// <item><term>100 - Task Started</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserContext</term><description>User account.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>101 - Task Start Failed Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserContext</term><description>User account.</description></item>
/// <item><term>ResultCode</term><description>Error code for failure.</description></item>
/// </list></description>
/// </item>
/// <item><term>102 - Task Completed</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserContext</term><description>User account.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>103 - Task Failure Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserContext</term><description>User account.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// <item><term>ResultCode</term><description>Error code for failure.</description></item>
/// </list></description>
/// </item>
/// <item><term>106 - Task Registered Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserContext</term><description>User account.</description></item>
/// </list></description>
/// </item>
/// <item><term>107 - Time Trigger Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>108 - Event Trigger Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>109 - Task Registration Trigger Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>110 - Task Run Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>111 - Task Termination Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>114 - Missed Task Launch Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>117 - Idle Trigger Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>118 - Boot Trigger Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>119 - Logon Trigger Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserName</term><description>User account.</description></item>
/// <item><term>InstanceId</term><description>Task instance identifier.</description></item>
/// </list></description>
/// </item>
/// <item><term>126 - Failed Task Restart Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>ResultCode</term><description>Error code for failure.</description></item>
/// </list></description>
/// </item>
/// <item><term>129 - Created Task Process Event</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>Path</term><description>Task engine.</description></item>
/// <item><term>ProcessID</term><description>Process ID.</description></item>
/// <item><term>Priority</term><description>Process priority.</description></item>
/// </list></description>
/// </item>
/// <item><term>135 - Task Not Started Without Idle</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// </list></description>
/// </item>
/// <item><term>140 - Task Updated</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserName</term><description>User account.</description></item>
/// </list></description>
/// </item>
/// <item><term>141 - Task deleted</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserName</term><description>User account.</description></item>
/// </list></description>
/// </item>
/// <item><term>142 - Task disabled</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>UserName</term><description>User account.</description></item>
/// </list></description>
/// </item>
/// <item><term>200 - Action start</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>ActionName</term><description>Path of executable.</description></item>
/// <item><term>TaskInstanceId</term><description>Task instance ID.</description></item>
/// <item><term>EnginePID</term><description>Engine process ID.</description></item>
/// </list></description>
/// </item>
/// <item><term>201 - Action success</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>ActionName</term><description>Path of executable.</description></item>
/// <item><term>TaskInstanceId</term><description>Task instance ID.</description></item>
/// <item><term>ResultCode</term><description>Executable result code.</description></item>
/// <item><term>EnginePID</term><description>Engine process ID.</description></item>
/// </list></description>
/// </item>
/// <item><term>202 - Action failure</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>ActionName</term><description>Path of executable.</description></item>
/// <item><term>TaskInstanceId</term><description>Task instance ID.</description></item>
/// <item><term>ResultCode</term><description>Executable result code.</description></item>
/// <item><term>EnginePID</term><description>Engine process ID.</description></item>
/// </list></description>
/// </item>
/// <item><term>203 - Action launch failure</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>ActionName</term><description>Path of executable.</description></item>
/// <item><term>TaskInstanceId</term><description>Task instance ID.</description></item>
/// <item><term>ResultCode</term><description>Executable result code.</description></item>
/// </list></description>
/// </item>
/// <item><term>204 - Action launch failure</term>
/// <description><list type="bullet">
/// <item><term>TaskName</term><description>Full path of task.</description></item>
/// <item><term>ActionName</term><description>Path of executable.</description></item>
/// <item><term>TaskInstanceId</term><description>Task instance ID.</description></item>
/// <item><term>ResultCode</term><description>Executable result code.</description></item>
/// </list></description>
/// </item>
/// <item><term>301 - Task engine exit event</term>
/// <description><list type="bullet">
/// <item><term>TaskEngineName</term><description>Permissions and priority for engine process.</description></item>
/// </list></description>
/// </item>
/// <item><term>310 - Task engine process started</term>
/// <description><list type="bullet">
/// <item><term>TaskEngineName</term><description>Permissions and priority for engine process.</description></item>
/// <item><term>Command</term><description>Engine path.</description></item>
/// <item><term>ProcessID</term><description>Process ID.</description></item>
/// <item><term>ThreadID</term><description>Thread ID.</description></item>
/// </list></description>
/// </item>
/// <item><term>314 - Task engine idle</term>
/// <description><list type="bullet">
/// <item><term>TaskEngineName</term><description>Permissions and priority for engine process.</description></item>
/// </list></description>
/// </item>
/// </list>
/// </remarks>
public string GetDataValue(string name)
{
var propsel = new System.Diagnostics.Eventing.Reader.EventLogPropertySelector(new string[] { string.Format("Event/EventData/Data[@Name='{0}']", name) });
try
{
var logEventProps = ((EventLogRecord)this.EventRecord).GetPropertyValues(propsel);
return(logEventProps[0].ToString());
}
catch { }
return(null);
}
public List<IEvent> ReadEventLogData()
{
List<IEvent> coll = new List<IEvent>();
string queryString =
"<QueryList>" +
" <Query Id='0' Path='Microsoft-Windows-Diagnostics-Performance/Operational'>" +
" <Select Path='Microsoft-Windows-Diagnostics-Performance/Operational'>*[System[(EventID=100)]]</Select>" +
" </Query>" +
"</QueryList>";
try
{
EventLogQuery eventsQuery = new EventLogQuery("System", PathType.LogName, queryString);
EventLogReader logReader = new EventLogReader(eventsQuery);
//create an array of strings for xpath enum.
String[] xPathRefs = new String[4];
xPathRefs[0] = "Event/EventData/Data[@Name='BootEndTime']";
xPathRefs[1] = "Event/EventData/Data[@Name='BootTime']";
xPathRefs[2] = "Event/EventData/Data[@Name='MainPathBootTime']";
xPathRefs[3] = "Event/EventData/Data[@Name='BootPostBootTime']";
IEnumerable<String> xPathEnum = xPathRefs;
EventLogPropertySelector logPropertyContext = new EventLogPropertySelector(xPathEnum);
for (EventRecord eventDetail = logReader.ReadEvent(); eventDetail != null; eventDetail = logReader.ReadEvent())
{
IList<object> logEventProps;
// Cast the EventRecord into an EventLogRecord to retrieve property values.
// This will fetch the event properties we requested through the
// context created by the EventLogPropertySelector
logEventProps = ((EventLogRecord)eventDetail).GetPropertyValues(logPropertyContext);
if (eventDetail.Id == 100)
{
int boot = Convert.ToInt32(logEventProps[1]);
int mainPath = Convert.ToInt32(logEventProps[2]);
int postBoot = Convert.ToInt32(logEventProps[3]);
DateTime date = (DateTime)logEventProps[0];
coll.Add(new StartupEvent(date, boot, mainPath, postBoot, (int)eventDetail.Level));
}
}
}
catch (EventLogNotFoundException e)
{
Console.WriteLine("Error while reading the event logs");
}
return coll;
}
public IList <object> GetPropertyValues(EventLogPropertySelector propertySelector)
{
ArgumentNullException.ThrowIfNull(propertySelector);
return(NativeWrapper.EvtRenderBufferWithContextUserOrValues(propertySelector.Handle, Handle));
}
public IList<object> GetPropertyValues(EventLogPropertySelector propertySelector)
{
if (propertySelector == null)
{
throw new ArgumentNullException("propertySelector");
}
return NativeWrapper.EvtRenderBufferWithContextUserOrValues(propertySelector.Handle, this.handle);
}
public IList<Object> GetPropertyValues(EventLogPropertySelector propertySelector)
{
Contract.Ensures(Contract.Result<System.Collections.Generic.IList<System.Object>>() != null);
return default(IList<Object>);
}
public IList <object> GetPropertyValues(EventLogPropertySelector propertySelector)
{
throw new NotImplementedException();
}
public EventLogInput(InputElement input, SelectorElement selector, EventQueue equeue)
: base(input, selector, equeue)
{
// Event log query with suppressed events logged by this service
StringBuilder qstr = new StringBuilder();
qstr.Append("<QueryList>");
qstr.Append("<Query>");
qstr.Append(selector.Query.Value);
qstr.Append("<Suppress Path=\"Application\">*[System/Provider/@Name=\"F2B\"]</Suppress>");
qstr.Append("</Query>");
qstr.Append("</QueryList>");
EventLogSession session = null;
if (input.Server != string.Empty)
{
SecureString pw = new SecureString();
Array.ForEach(input.Password.ToCharArray(), pw.AppendChar);
session = new EventLogSession(input.Server, input.Domain,
input.Username, pw,
SessionAuthentication.Default);
pw.Dispose();
}
EventLogQuery query = new EventLogQuery(null, PathType.LogName, qstr.ToString());
if (session != null)
{
query.Session = session;
}
// create event watcher (must be enable later)
watcher = new EventLogWatcher(query);
watcher.EventRecordWritten +=
new EventHandler<EventRecordWrittenEventArgs>(
(s, a) => EventRead(s, a));
// event data parsers (e.g. XPath + regex to extract event data)
// (it is important to preserve order - it is later used as array index)
List<Tuple<string, EventDataElement>> tmp = new List<Tuple<string, EventDataElement>>();
tmp.Add(new Tuple<string,EventDataElement>("address", selector.Address));
tmp.Add(new Tuple<string,EventDataElement>("port", selector.Port));
tmp.Add(new Tuple<string,EventDataElement>("username", selector.Username));
tmp.Add(new Tuple<string,EventDataElement>("domain", selector.Domain));
evtmap = new Dictionary<string, Tuple<int, int>>();
evtregex = new List<Regex>();
List<string> xPathRefs = new List<string>();
for (int i = 0; i < tmp.Count; i++)
{
string evtdescr = tmp[i].Item1;
EventDataElement evtdata = tmp[i].Item2;
if (evtdata == null || string.IsNullOrEmpty(evtdata.XPath))
{
if (evtdescr == "address")
{
throw new ArgumentException("No address in " + Name + " configuration");
}
evtmap[evtdescr] = new Tuple<int, int>(i, -1);
continue;
}
Regex regex = null;
if (!string.IsNullOrWhiteSpace(evtdata.Value))
{
string evtstr = evtdata.Value.Trim();
try
{
regex = new Regex(evtstr, RegexOptions.IgnoreCase | RegexOptions.Singleline);
}
catch (ArgumentException ex)
{
Log.Error("Invalid " + Name + " " + evtdescr + " regex: "
+ evtstr + " (" + ex.Message + ")");
throw;
}
}
evtregex.Add(regex);
if (xPathRefs.Contains(evtdata.XPath))
{
int index = xPathRefs.IndexOf(evtdata.XPath);
evtmap[evtdescr] = new Tuple<int, int>(i, index);
}
else
{
xPathRefs.Add(evtdata.XPath);
evtmap[evtdescr] = new Tuple<int, int>(i, xPathRefs.Count - 1);
}
}
Debug.Assert(tmp.Count == evtmap.Count,
"Invalid index map size (tmp[" + tmp.Count
+ "] != map[" + evtmap.Count + "]).");
evtsel = new EventLogPropertySelector(xPathRefs);
}
public IList <Object> GetPropertyValues(EventLogPropertySelector propertySelector)
{
Contract.Ensures(Contract.Result <System.Collections.Generic.IList <System.Object> >() != null);
return(default(IList <Object>));
}
public IList <object> GetPropertyValues(EventLogPropertySelector propertySelector !!)
{
return(NativeWrapper.EvtRenderBufferWithContextUserOrValues(propertySelector.Handle, Handle));