private void check_log(string name) { try { SecureString pwd = new SecureString(); foreach ( char c in remote_passw_) pwd.AppendChar(c); EventLogSession session = remote_machine_name_ != "" ? new EventLogSession(remote_machine_name_, remote_domain_, remote_username_, pwd, SessionAuthentication.Default) : null; pwd.Dispose(); string query_string = "*"; EventLogQuery query = new EventLogQuery(name, PathType.LogName, query_string); using (EventLogReader reader = new EventLogReader(query)) for (EventRecord rec = reader.ReadEvent(); rec != null; rec = reader.ReadEvent()) lock (this) --log_names_[name]; } catch (Exception e) { logger.Error("error checking log " + name + " on " + remote_machine_name_ + " : " + e.Message); } // mark log as fully read lock (this) { log_names_[name] = -log_names_[name]; if (log_names_[name] == 0) // convention - 0 entries log_names_[name] = int.MinValue; } }
protected void DatePicker1_DateChanged(object sender, EventArgs e) { EmployeeProfile emp = (EmployeeProfile)Session["EmployeeProfile"]; SecureString pw = (SecureString)Session["SecureString"]; DatePicker dp = (DatePicker)sender; DateTime now = DateTime.Now; DateTime endDate = now; DateTime startDate = dp.SelectedDate; string queryString = String.Format(AppConfig.EventQuery, startDate.ToUniversalTime().ToString("o"), endDate.ToUniversalTime().ToString("o")); // Query the Application log on the remote computer. EventLogQuery query = new EventLogQuery("System", PathType.LogName, queryString); if (AppConfig.RemoteQuery) { string passwd = emp.Password; query.Session = new EventLogSession( emp.Machine, // Remote Computer emp.Domain, // Domain emp.Name, // Username pw, SessionAuthentication.Default); } EventLogReader logReader = new EventLogReader(query); Session["EventLogQuery"] = queryString; Generator testClass = new Generator(logReader); List<TimeEntry> table = testClass.DisplayEventAndLogInformation(logReader); Attendance1.Text = String.Format("Query: {0}", Session["EventLogQuery"]); GridView1.DataSource = table; GridView1.DataBind(); TotalOT.Text = "Total Overtime: " + testClass.TotalOvertime; }
public void AddWatcher(string source, string log, int id) { if (source == log && log == null) { throw new ArgumentNullException("Either source or log must be set!"); } // if legeacy if (System.Environment.OSVersion.Version.Major < 6) { string queryString = "Select * from __InstanceCreationEvent Where TargetInstance ISA 'Win32_NTLogEvent'"; if (source != null) queryString += " AND TargetInstance.Sourcename = '" + source + "'"; if (log != null) queryString += " AND TargetInstance.LogFile = '" + log + "'"; queryString += " AND (TargetInstance.EventCode = " + id + ")"; ManagementEventWatcher managementWatcher = new ManagementEventWatcher(new EventQuery(queryString)); managementWatcher.Start(); managementWatcher.EventArrived += EventRecordWritten; managementWatchers.Add(managementWatcher); } else { string queryString = "<QueryList><Query Id='0' Path='" + log + "'><Select Path='" + log + "'>*[System[Provider[@Name='" + source + "']]] and *[System[EventID=" + id + "]]</Select></Query></QueryList>"; EventLogQuery query = new EventLogQuery(log, PathType.LogName, queryString); EventLogWatcher eventWatcher = new EventLogWatcher(query); eventWatcher.EventRecordWritten += EventRecordWritten; eventWatcher.Enabled = true; eventWatchers.Add(eventWatcher); } }
public override IResult Execute(IResult previousResults) { try { var result ="unknown issue"; var query = new EventLogQuery("Application", PathType.LogName, Query); using (var reader = new EventLogReader(query)) { var nextEvent = reader.ReadEvent(); while (nextEvent != null) { result = GetDescriptionFromEntry(nextEvent.FormatDescription()); nextEvent = reader.ReadEvent(); } } result = GetDescriptionFromEntry(result); SettingsManager.SetTemporarySettingString(SettingKey, result); return new NextResult(); } catch (Exception e) { return new ExceptionOccurred(e); } }
/// <summary> /// Uploads new file to FTP /// </summary> public void FTPUpload() { try { //Setup ftp address setup FtpWebRequest request = (FtpWebRequest)WebRequest.Create(host); //FTP Login details request.Credentials = new NetworkCredential(username, password); //Use active connection request.UsePassive = false; //Set FTP method request.Method = WebRequestMethods.Ftp.UploadFile; //Get the log for windows backup EventLogQuery query = new EventLogQuery("Microsoft-Windows-Backup", PathType.LogName); //Newest first query.ReverseDirection = true; //Make reader from query EventLogReader reader = new EventLogReader(query); //Get FTP Stream and setup streamwriter for string Stream requestStream = request.GetRequestStream(); StreamWriter streamWriter = new StreamWriter(requestStream, Encoding.ASCII); //Eventrecord holder EventRecord eventRecord; //Set culture info to en-us, error in eventrecord.formatdescription, that takes locale to format Thread.CurrentThread.CurrentCulture = tempCultureInfo; //Write root json streamWriter.WriteLine("<Logs>"); //As long as there is events, write them out in xml format while ((eventRecord = reader.ReadEvent()) != null) { streamWriter.Write("<LogEntry>"); streamWriter.Write("<Time>"); streamWriter.Write(eventRecord.TimeCreated); streamWriter.Write("</Time>"); streamWriter.Write("<Message>"); streamWriter.Write(eventRecord.FormatDescription()); streamWriter.Write("</Message>"); streamWriter.WriteLine("</LogEntry>"); } //End json root streamWriter.Write("</Logs>"); //Reset locale back to normal Thread.CurrentThread.CurrentCulture = startCultureInfo; //Close streams and remove all used resources streamWriter.Close(); } catch(Exception e) { //Most likely connection issue LogToFile("Exeption cought: " + e.Message); return; } }
public static IEnumerable<ApplicationError> GetByDateTimeDescending(int max = 0) { var query = @"<QueryList> <Query Id=""0"" Path=""Application""> <Select Path=""Application"">*[System[Provider[@Name='ASP.NET 2.0.50727.0' or @Name='ASP.NET 4.0.30319.0'] and (Level=2 or Level=3 or Level=4)]]</Select> </Query> </QueryList>"; var elq = new EventLogQuery("Application", PathType.LogName, query) {ReverseDirection = true}; using (var elr = new EventLogReader(elq)) { var events = new List<EventRecord>(); max = (max == 0) ? int.MaxValue : max; var i = 0; var entries = 0; for (var eventInstance = elr.ReadEvent(); null != eventInstance && entries < max; eventInstance = elr.ReadEvent(), i++) { var parsedEvent = ParseEntry(eventInstance); if (parsedEvent != null && parsedEvent.SiteIisId != 0) { entries++; yield return parsedEvent; } } } }
public object[] QueryActiveLog() { // TODO: Extend structured query to two different event logs. EventLogQuery eventsQuery = new EventLogQuery("Application", PathType.LogName, Query); EventLogReader logReader = new EventLogReader(eventsQuery); return DisplayEventAndLogInformation(logReader); }
public LogPublisher(EventLog eventLog, Topic topic) { this.topic = topic; // Creates an EventLog watcher and subscribes to EventRecordWritten event var query = new EventLogQuery(eventLog.Log, PathType.LogName); watcher = new EventLogWatcher(query); watcher.EventRecordWritten += WatcherEventRecordWritten; watcher.Enabled = true; }
private static IEnumerable<EventLogRecord> LogRecordCollection(string filename, string xpathquery = "*") { var eventLogQuery = new EventLogQuery(filename, PathType.FilePath, xpathquery); using (var eventLogReader = new EventLogReader(eventLogQuery)) { EventLogRecord eventLogRecord; while ((eventLogRecord = (EventLogRecord) eventLogReader.ReadEvent()) != null) yield return eventLogRecord; } }
private void compute_time() { date_now.Text = DateTime.Now.Date.Date.ToString(); string query = "*[System/EventID=12]"; EventLogQuery event_query = new EventLogQuery("System", PathType.LogName, query); try { EventLogReader reader = new EventLogReader(event_query); for (EventRecord eventdetail = reader.ReadEvent(); eventdetail != null; eventdetail = reader.ReadEvent()) { DateTime log_created = eventdetail.TimeCreated.Value; if (log_created.Date.ToString() == DateTime.Now.Date.ToString()) { double logout_hour = 0.0; double login_hour = log_created.TimeOfDay.TotalHours; if (login_hour < minimum_login_hour) { logout_hour = minimum_login_hour + working_hours; } else if (login_hour > maximum_login_hour) { logout_hour = maximum_login_hour + working_hours; } else { logout_hour = login_hour + working_hours; } TimeSpan span = TimeSpan.FromHours(logout_hour); login_time = eventdetail.TimeCreated.Value; logout_time = DateTime.Today.Add(span); login.Text = login_time.ToString("hh:mm tt"); logout.Text = logout_time.ToString("hh:mm tt"); double time_now = DateTime.Now.TimeOfDay.TotalHours; double countdown_hour = logout_hour - time_now; if (countdown_hour < 0) { countdown_hour = 0; } TimeSpan t = TimeSpan.FromHours(countdown_hour); hours = t.Hours; minutes = t.Minutes; seconds = t.Seconds; } } } catch (EventLogNotFoundException e) { Console.WriteLine("Error while readig event logs"); } }
/// <param name="startDate">yyyy-MM-dd</param> /// <param name="endDate">yyyy-MM-dd</param> public DataTable EventLogGet(string siteId, string startDate, string endDate, int pageNumber, int pageSize, out int recordAmount, out int pageAmount) { recordAmount = 0; pageAmount = 0; Regex regex = new Regex(@"<Data Name='SiteID'>(\d+)</Data>", RegexOptions.Compiled); string path = "System"; string query = "*[System/Provider/@EventSourceName='W3SVC']"; EventLogQuery eventLogQuery = new EventLogQuery(path, PathType.LogName, query); EventLogReader eventLogReader = new EventLogReader(eventLogQuery); List<string> listLog = new List<string>(); EventRecord eventInstance; while ((eventInstance = eventLogReader.ReadEvent()) != null) { string createDate = eventInstance.TimeCreated.Value.ToString("yyyy-MM-dd"); if (string.Compare(createDate, startDate) >= 0 && string.Compare(createDate, endDate) <= 0) { Match match = regex.Match(eventInstance.ToXml()); if (siteId == match.Groups[1].ToString()) { listLog.Add(eventInstance.FormatDescription()); } } } DataTable dtLogPage = new DataTable(); dtLogPage.Columns.Add("LogContent", typeof(string)); if (listLog.Count == 0) { return dtLogPage; } recordAmount = listLog.Count; pageAmount = (int)Math.Ceiling(recordAmount * 1.0 / pageSize); List<string> listLogPage = Tools.GetPage(listLog, pageNumber, pageSize, pageAmount); DataRow newRow; foreach (string log in listLogPage) { newRow = dtLogPage.NewRow(); newRow["LogContent"] = log; dtLogPage.Rows.Add(newRow); } return dtLogPage; }
private DataTable GetStartupShutdownLogs(int NoofEventstoGet) { DataTable dtLogs = new DataTable("SystemLogs"); dtLogs.Columns.Add("Message"); dtLogs.Columns.Add("TimeGenerated"); dtLogs.Columns.Add("ID"); DataRow dr; try { string query = "*[System/EventID=6005 or System/EventID=6006]"; EventLogQuery eventsQuery = new EventLogQuery("System", PathType.LogName, query); try { EventLogReader logReader = new EventLogReader(eventsQuery); int i = 1; for (EventRecord eventdetail = logReader.ReadEvent(); eventdetail != null; eventdetail = logReader.ReadEvent()) { dr = dtLogs.NewRow(); dr["Message"] = eventdetail.Id == 6005 ? "System Startup" : "System Shutdown"; dr["TimeGenerated"] = eventdetail.TimeCreated.ToString(); dr["ID"] = i++; dtLogs.Rows.Add(dr); } if (dtLogs.Rows.Count > NoofEventstoGet) { DataView dview = dtLogs.DefaultView; dview.RowFilter = "ID <=" + i + " AND ID >=" + (i - NoofEventstoGet); dview.Sort = "ID Desc"; dtLogs = dview.ToTable(); } } catch (EventLogNotFoundException ex) { LogManager.WriteLog("Error while reading the event logs" + ex.Message, LogManager.enumLogLevel.Error); } } catch (Exception ex) { LogManager.WriteLog("GetSystemLogs:" + ex.Message, LogManager.enumLogLevel.Error); } return dtLogs; }
public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark) { if (eventQuery == null) throw new ArgumentNullException("eventQuery"); string logfile = null; if (eventQuery.ThePathType == PathType.FilePath) logfile = eventQuery.Path; this.cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, logfile, 50 ); //explicit data this.eventQuery = eventQuery; //implicit this.batchSize = 64; this.eventsBuffer = new IntPtr[batchSize]; // // compute the flag. // int flag = 0; if (this.eventQuery.ThePathType == PathType.LogName) flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryChannelPath; else flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath; if (this.eventQuery.ReverseDirection) flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryReverseDirection; if (this.eventQuery.TolerateQueryErrors) flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryTolerateQueryErrors; EventLogPermissionHolder.GetEventLogPermission().Demand(); handle = NativeWrapper.EvtQuery(this.eventQuery.Session.Handle, this.eventQuery.Path, this.eventQuery.Query, flag); EventLogHandle bookmarkHandle = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark); if (!bookmarkHandle.IsInvalid) { using (bookmarkHandle) { NativeWrapper.EvtSeek(handle, 1, bookmarkHandle, 0, UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToBookmark); } } }
public static ApplicationError GetById(int eventLogId) { var query = string.Format(@"<QueryList> <Query Id=""0"" Path=""Application""> <Select Path=""Application"">*[System[(EventRecordID={0})]]</Select> </Query> </QueryList>", eventLogId); var elq = new EventLogQuery("Application", PathType.LogName, query); using (var elr = new EventLogReader(elq)) { var eventInstance = elr.ReadEvent(); return eventInstance == null ? null : ParseEntry(eventInstance); } }
public List<IEvent> ReadEventLogData() { List<IEvent> coll = new List<IEvent>(); string queryString = "<QueryList>" + " <Query Id='0' Path='Microsoft-Windows-Diagnostics-Performance/Operational'>" + " <Select Path='Microsoft-Windows-Diagnostics-Performance/Operational'>*[System[(EventID=100)]]</Select>" + " </Query>" + "</QueryList>"; try { EventLogQuery eventsQuery = new EventLogQuery("System", PathType.LogName, queryString); EventLogReader logReader = new EventLogReader(eventsQuery); //create an array of strings for xpath enum. String[] xPathRefs = new String[4]; xPathRefs[0] = "Event/EventData/Data[@Name='BootEndTime']"; xPathRefs[1] = "Event/EventData/Data[@Name='BootTime']"; xPathRefs[2] = "Event/EventData/Data[@Name='MainPathBootTime']"; xPathRefs[3] = "Event/EventData/Data[@Name='BootPostBootTime']"; IEnumerable<String> xPathEnum = xPathRefs; EventLogPropertySelector logPropertyContext = new EventLogPropertySelector(xPathEnum); for (EventRecord eventDetail = logReader.ReadEvent(); eventDetail != null; eventDetail = logReader.ReadEvent()) { IList<object> logEventProps; // Cast the EventRecord into an EventLogRecord to retrieve property values. // This will fetch the event properties we requested through the // context created by the EventLogPropertySelector logEventProps = ((EventLogRecord)eventDetail).GetPropertyValues(logPropertyContext); if (eventDetail.Id == 100) { int boot = Convert.ToInt32(logEventProps[1]); int mainPath = Convert.ToInt32(logEventProps[2]); int postBoot = Convert.ToInt32(logEventProps[3]); DateTime date = (DateTime)logEventProps[0]; coll.Add(new StartupEvent(date, boot, mainPath, postBoot, (int)eventDetail.Level)); } } } catch (EventLogNotFoundException e) { Console.WriteLine("Error while reading the event logs"); } return coll; }
public EventLogWatcher(EventLogQuery eventQuery, EventBookmark bookmark, bool readExistingEvents) { if (eventQuery == null) throw new ArgumentNullException("eventQuery"); if (bookmark != null) readExistingEvents = false; //explicit data this.eventQuery = eventQuery; this.readExistingEvents = readExistingEvents; if (this.eventQuery.ReverseDirection) throw new InvalidOperationException(); this.eventsBuffer = new IntPtr[64]; this.cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, null, 50); this.bookmark = bookmark; }
public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark) { if (eventQuery == null) { throw new ArgumentNullException("eventQuery"); } string logfile = null; if (eventQuery.ThePathType == PathType.FilePath) { logfile = eventQuery.Path; } this.cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, logfile, 50); this.eventQuery = eventQuery; this.batchSize = 0x40; this.eventsBuffer = new IntPtr[this.batchSize]; int flags = 0; if (this.eventQuery.ThePathType == PathType.LogName) { flags |= 1; } else { flags |= 2; } if (this.eventQuery.ReverseDirection) { flags |= 0x200; } if (this.eventQuery.TolerateQueryErrors) { flags |= 0x1000; } EventLogPermissionHolder.GetEventLogPermission().Demand(); this.handle = NativeWrapper.EvtQuery(this.eventQuery.Session.Handle, this.eventQuery.Path, this.eventQuery.Query, flags); EventLogHandle bookmarkHandleFromBookmark = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark); if (!bookmarkHandleFromBookmark.IsInvalid) { using (bookmarkHandleFromBookmark) { NativeWrapper.EvtSeek(this.handle, 1L, bookmarkHandleFromBookmark, 0, Microsoft.Win32.UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToBookmark); } } }
public static int Main(string[] argv) { EventLogQuery evtQuery; EventLogReader evtReader; if (argv.Length < 1) { Console.Error.WriteLine("Event2Text version " + VERSION_MAJOR + "." + VERSION_MINOR); Console.Error.WriteLine("USAGE: evt2txt.exe infile"); return ERROR_ARGUMENTS; } if (!File.Exists(argv[0])) { Console.Error.WriteLine("Input file not found: " + argv[0]); return ERROR_FILE_NOT_FOUND; } try { evtQuery = new EventLogQuery(argv[0], PathType.FilePath); evtReader = new EventLogReader(evtQuery); } catch (Exception e) { Console.Error.WriteLine("Input file specified is not a valid log file!"); Console.Error.WriteLine(e); return ERROR_BAD_EVENT_FILE; } for (EventRecord record = evtReader.ReadEvent(); null != record; record = evtReader.ReadEvent()) { Console.WriteLine(record.ToXml()); } return 0; }
public void ReadEvents(string query = "*[System/EventID=903]") { var eventsQuery = new EventLogQuery("Application", PathType.LogName, query); try { var logReader = new EventLogReader(eventsQuery); // This is a crazy f*****g for loop. Took me a while to realize what was going on. for (EventRecord eventdetail = logReader.ReadEvent(); eventdetail != null; eventdetail = logReader.ReadEvent()) { // Read Event details eventdetail.ToXml(); } } catch (EventLogNotFoundException e) { Console.WriteLine(Resources.EventViewerReader_Thing_Error_while_reading_the_event_logs); } }
public static IObservable<EventRecord> FromLog(string name) { var q = new EventLogQuery(name, PathType.LogName); var watcher = new EventLogWatcher(q); return Observable.Create<EventRecord>(o => { watcher.EventRecordWritten += (sender, args) => { if (args.EventException != null) o.OnError(args.EventException); else o.OnNext(args.EventRecord); }; watcher.Enabled = true; return watcher; }); }
public void QueryActiveLog() { string eventQueryFileName = @"D:\Alex\Github\ConsoleAppTests\q.txt"; Console.WriteLine(File.Exists(eventQueryFileName) ? "File exists." : "File does not exist."); string queryString = File.ReadAllText(eventQueryFileName); Console.WriteLine(queryString); // Query two different event logs using a structured query. //string queryString = // "<QueryList>" + // " <Query Id=\"0\" Path=\"Application\">" + // " <Select Path=\"Application\">" + // " *[System[(Level <= 3) and" + // " TimeCreated[timediff(@SystemTime) <= 86400000]]]" + // " </Select>" + // " <Suppress Path=\"Application\">" + // " *[System[(Level = 2)]]" + // " </Suppress>" + // " <Select Path=\"System\">" + // " *[System[(Level=1 or Level=2 or Level=3) and" + // " TimeCreated[timediff(@SystemTime) <= 86400000]]]" + // " </Select>" + // " </Query>" + // "</QueryList>"; EventLogQuery eventsQuery = new EventLogQuery("Application", PathType.LogName, queryString); EventLogReader logReader = new EventLogReader(eventsQuery); // Display event info DisplayEventAndLogInformation(logReader); }
public void QueryActiveLog(string[] args) { try { // Query a specific event log using an XML structured query. // Note: You can create your own sample XML Structured queries by simply opening up Windows Event Viewer on a Windows Host running Windows Vista or Later and // using the 'Create a Custom View...' option. When you use the 'Filter Custom View' option, the raw XML of your filtered choices will be available // which you can then use in the 'queryString' variable below. Additional inforamtion can be found on Ned Pyle's blogpost below: // http://blogs.technet.com/b/askds/archive/2011/09/27/3455548.aspx //string queryString = "*[System[Provider[@Name='VSS']] and TimeCreated[timediff(@SystemTime) <= 86400000]]]"; //string queryString = "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing']] and System/EventID=4672]"; //string queryString = "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=4672) and TimeCreated[timediff(@SystemTime) <= 3600000]]]"; string queryString = ( " <QueryList>" + " <Query Id='0' Path='" + args[0] + "'>" + " <Select Path='" + args[0] + "'>*[System[Provider[@Name='" + args[1] + "'] and (EventID=" + args[2] + ") and TimeCreated[timediff(@SystemTime) <=" + args[3] + "]]]</Select>" + " </Query>" + " </QueryList>"); EventLogQuery eventsQuery = new EventLogQuery(args[0], PathType.LogName, queryString); EventLogReader logReader = new EventLogReader(eventsQuery); // Display event info DisplayEventLogInformation(logReader); } catch (Exception Error) { if (Error is IndexOutOfRangeException) { Console.WriteLine("The [Log_Name], [Event_ID] and [Provider_Name] Variables must ALL be present!"); Environment.Exit(3); } } }
static void Main(string[] args) { if (args.Length != 2) { Console.WriteLine("Usage: GetEventLog activityId machines"); Console.WriteLine("Example: GetEventLog \"0724A8D0-D873-4CB3-8762-C9A70084DD98\" \"server1.company.com,server2.company.com\""); return; } string activityId = args[0]; string machineNames = args[1]; string adfsAdminLogName = "AD FS 2.0/Admin"; string[] machineNamesArray = machineNames.Split(new char[1] { ',' }); foreach (string machineName in machineNamesArray) { Console.WriteLine(); Console.WriteLine("--------------------------------------------------------------------------------"); Console.WriteLine("Getting AD FS event logs with correlation activity ID " + activityId + " from " + machineName); string query = "*[System/Correlation/@ActivityID=\"{" + activityId + "}\"]"; EventLogQuery eventLogQuery = new EventLogQuery(adfsAdminLogName, PathType.LogName, query); eventLogQuery.Session = new EventLogSession(machineName); EventLogReader eventLogReader = new EventLogReader(eventLogQuery); for (EventRecord eventRecord = eventLogReader.ReadEvent(); eventRecord != null; eventRecord = eventLogReader.ReadEvent()) { //Console.WriteLine("eventRecord.ActivityId=" + eventRecord.ActivityId); Console.WriteLine(); Console.WriteLine("--------------------------------------------------------------------------------"); Console.WriteLine("Event ID: " + eventRecord.Id); Console.WriteLine("Logged: " + eventRecord.TimeCreated); Console.WriteLine(eventRecord.FormatDescription()); } } }
public EventLogReader(EventLogQuery eventQuery) { throw new NotImplementedException(); }
public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark) { throw new NotImplementedException(); }
public EventLogReader(EventLogQuery eventQuery) : this(eventQuery, null) { }
public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark) { if (eventQuery == null) { throw new ArgumentNullException("eventQuery"); } string logfile = null; if (eventQuery.ThePathType == PathType.FilePath) { logfile = eventQuery.Path; } _cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, logfile, 50); // explicit data _eventQuery = eventQuery; // implicit _batchSize = 64; _eventsBuffer = new IntPtr[_batchSize]; // // compute the flag. // int flag = 0; if (_eventQuery.ThePathType == PathType.LogName) { flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryChannelPath; } else { flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath; } if (_eventQuery.ReverseDirection) { flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryReverseDirection; } if (_eventQuery.TolerateQueryErrors) { flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryTolerateQueryErrors; } _handle = NativeWrapper.EvtQuery(_eventQuery.Session.Handle, _eventQuery.Path, _eventQuery.Query, flag); EventLogHandle bookmarkHandle = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark); if (!bookmarkHandle.IsInvalid) { using (bookmarkHandle) { NativeWrapper.EvtSeek(_handle, 1, bookmarkHandle, 0, UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToBookmark); } } }
public EventLogWatcher(EventLogQuery eventQuery, EventBookmark bookmark) : this(eventQuery, bookmark, false) { }
public EventLogWatcher(EventLogQuery eventQuery) : this(eventQuery, null, false) { }
public static IEnumerable<ApplicationError> GetBySite(int siteIisId, StatsRange range) { Int64 msLookback = 0; switch (range) { case StatsRange.LastMonth: msLookback = 2592000000; break; case StatsRange.LastWeek: msLookback = 604800000; break; case StatsRange.Last24Hours: msLookback = 86400000; break; } var query = string.Format(@"<QueryList> <Query Id=""0"" Path=""Application""> <Select Path=""Application"">*[System[Provider[@Name='ASP.NET 2.0.50727.0' or @Name='ASP.NET 4.0.30319.0'] and (Level=2 or Level=3){0}]]</Select> </Query> </QueryList>", (msLookback == 0) ? null : "and TimeCreated[timediff(@SystemTime) <= " + msLookback + "]"); var elq = new EventLogQuery("Application", PathType.LogName, query) { ReverseDirection = true}; using (var elr = new EventLogReader(elq)) { var events = new List<EventRecord>(); for (var eventInstance = elr.ReadEvent(); null != eventInstance; eventInstance = elr.ReadEvent()) { if (eventInstance.Properties.Count() > 9 && eventInstance.Properties[8].Value.ToString().StartsWith("/LM/W3SVC/" + siteIisId + "/")) events.Add(eventInstance); } return events.Select(ParseEntry); } }
private static bool remote_event_log_exists(string log, string remote_machine_name, string remote_domain_name, string remote_user_name, string remote_password_name) { try { SecureString pwd = new SecureString(); foreach (char c in remote_password_name) pwd.AppendChar(c); EventLogSession session = remote_machine_name.Trim() != "" ? new EventLogSession(remote_machine_name, remote_domain_name, remote_user_name, pwd, SessionAuthentication.Default) : null; pwd.Dispose(); EventLogQuery query = new EventLogQuery(log, PathType.LogName); if (session != null) query.Session = session; EventLogReader reader = new EventLogReader(query); if (reader.ReadEvent(TimeSpan.FromMilliseconds(500)) != null) return true; } catch(Exception e) { logger.Error("can't login " + e.Message); } return false; }
private static IEnumerable<EventRecord> GetEventRecords(string logName) { var query = new EventLogQuery(logName, PathType.LogName) { ReverseDirection = true }; using (var reader = new EventLogReader(query)) for (var eventInstance = reader.ReadEvent(); eventInstance != null; eventInstance = reader.ReadEvent()) yield return eventInstance; }
public EventLogWatcher(EventLogQuery eventQuery, EventBookmark bookmark, bool readExistingEvents) { throw new NotImplementedException(); }
private List<EventSummary> GetEvents(string query) { int numberOfEvents = 0; List<EventSummary> eventSummaries = new List<EventSummary>(100); EventSummary eventSummary; EventLogQuery logQuery = new EventLogQuery(eventFilters.log.ToString(), PathType.LogName, query); logQuery.Session = new EventLogSession(eventFilters.MachineName); EventLogReader logReader = new EventLogReader(logQuery); if (eventFilters.maxRecords < 100) { eventFilters.maxRecords = 100; } // For each event returned from the query for (EventRecord eventInstance = logReader.ReadEvent(); eventInstance != null; eventInstance = logReader.ReadEvent()) { try { // Cast the EventRecord into an EventLogRecord to retrieve property values. eventSummary = new EventSummary(); eventSummary.EventID = eventInstance.Id; eventSummary.EventRecordID = eventInstance.RecordId; eventSummary.Description = eventInstance.FormatDescription(); eventSummary.LevelDisplayName = ((LogLevel)eventInstance.Level).ToString(); eventSummary.LogLevel = eventInstance.Level; eventSummary.ProviderName = eventInstance.ProviderName; eventSummary.TimeCreated = eventInstance.TimeCreated; eventSummaries.Add(eventSummary); if (++numberOfEvents == eventFilters.maxRecords) { break; } } catch (Exception e) { Debug.Print("Couldn't render event!"); Debug.Print(string.Format("Exception: Event {0} may not have an XML representation \n\n", ++numberOfEvents)); Debug.Print(e.Message); } } return eventSummaries; }
public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark) { Contract.Requires(eventQuery.Session != null); }
public EventLogReader(EventLogQuery eventQuery) { Contract.Requires(eventQuery.Session != null); }
public EventLogWatcher(EventLogQuery eventQuery !!, EventBookmark bookmark, bool readExistingEvents)
public void QueryExternalFile() { string queryString = "*[System/Level=2]"; // XPATH Query string eventLogLocation = @"C:\MyEvents.evtx"; EventLogQuery eventsQuery = new EventLogQuery(eventLogLocation, PathType.FilePath, queryString); try { EventLogReader logReader = new EventLogReader(eventsQuery); // Display event info DisplayEventAndLogInformation(logReader); } catch (EventLogNotFoundException e) { Console.WriteLine("Could not find the external log to query! " + e.Message); return; } }