public void ExceptionOnce()
{
if (PlatformDetection.IsWindows7) // Null events in PowerShell log
{
return;
}
var query = new EventLogQuery("Application", PathType.LogName, "*[System]")
{
ReverseDirection = true
};
var eventLog = new EventLogReader(query, Helpers.GetBookmark("Application", PathType.LogName));
string levelDisplayName = null, opcodeDisplayName = null, taskDisplayName = null;
using (eventLog)
{
using (var record = (EventLogRecord)eventLog.ReadEvent())
{
ThrowsMaxOnce <EventLogNotFoundException>(() => levelDisplayName = record.LevelDisplayName);
ThrowsMaxOnce <EventLogNotFoundException>(() => opcodeDisplayName = record.OpcodeDisplayName);
ThrowsMaxOnce <EventLogNotFoundException>(() => taskDisplayName = record.TaskDisplayName);
Assert.Equal(levelDisplayName, record.LevelDisplayName);
Assert.Equal(opcodeDisplayName, record.OpcodeDisplayName);
Assert.Equal(taskDisplayName, record.TaskDisplayName);
}
}
}
public void ExceptionOnce()
{
if (PlatformDetection.IsWindows7 || // Null events in PowerShell log
PlatformDetection.IsWindows10Version22000OrGreater || // Windows 11 and Windows Server 2022:
PlatformDetection.IsWindows10Version20348OrGreater) // ActiveIssue("https://github.com/dotnet/runtime/issues/58829")
{
return;
}
var query = new EventLogQuery("Application", PathType.LogName, "*[System]")
{
ReverseDirection = true
};
var eventLog = new EventLogReader(query, Helpers.GetBookmark("Application", PathType.LogName));
string levelDisplayName = null, opcodeDisplayName = null, taskDisplayName = null;
using (eventLog)
{
using (var record = (EventLogRecord)eventLog.ReadEvent())
{
ThrowsMaxOnce <EventLogNotFoundException>(() => levelDisplayName = record.LevelDisplayName);
ThrowsMaxOnce <EventLogNotFoundException>(() => opcodeDisplayName = record.OpcodeDisplayName);
ThrowsMaxOnce <EventLogNotFoundException>(() => taskDisplayName = record.TaskDisplayName);
Assert.Equal(levelDisplayName, record.LevelDisplayName);
Assert.Equal(opcodeDisplayName, record.OpcodeDisplayName);
Assert.Equal(taskDisplayName, record.TaskDisplayName);
}
}
}
public void CastToEventLogRecord_NotNull()
{
if (PlatformDetection.IsWindows7) // Null events in PowerShell log
{
return;
}
var query = new EventLogQuery("Application", PathType.LogName, "*[System]")
{
ReverseDirection = true
};
var eventLog = new EventLogReader(query, Helpers.GetBookmark("Application", PathType.LogName));
using (eventLog)
{
using (var record = (EventLogRecord)eventLog.ReadEvent())
{
Assert.NotNull(record);
}
}
}
public void GetPropertyValues()
{
if (PlatformDetection.IsWindows7) // Null events in PowerShell log
{
return;
}
var query = new EventLogQuery("Application", PathType.LogName, "*[System]")
{
ReverseDirection = true
};
var eventLog = new EventLogReader(query, Helpers.GetBookmark("Application", PathType.LogName));
using (eventLog)
{
using (var record = (EventLogRecord)eventLog.ReadEvent())
{
Assert.Throws <ArgumentNullException>(() => record.GetPropertyValues(null));
Assert.NotNull(record.GetPropertyValues(new EventLogPropertySelector(new [] { "dummy" })));
}
}
}
public void FormatDescription(string log)
{
if (PlatformDetection.IsWindows7) // Null events in PowerShell log
{
return;
}
var query = new EventLogQuery(log, PathType.LogName, "*[System]")
{
ReverseDirection = true
};
using (var eventLog = new EventLogReader(query, Helpers.GetBookmark(log, PathType.LogName)))
{
using (EventRecord record = eventLog.ReadEvent())
{
Assert.IsType <EventLogRecord>(record);
string description = record.FormatDescription();
Assert.Equal(description, record.FormatDescription(null));
Assert.Equal(description, record.FormatDescription(new List <object>()));
}
}
}
public void FormatDescription()
{
if (PlatformDetection.IsWindows7) // Null events in PowerShell log
{
return;
}
var query = new EventLogQuery("Application", PathType.LogName, "*[System]")
{
ReverseDirection = true
};
var eventLog = new EventLogReader(query, Helpers.GetBookmark("Application", PathType.LogName));
using (eventLog)
{
using (var record = (EventLogRecord)eventLog.ReadEvent())
{
Assert.Throws <EventLogNotFoundException>(() => record.FormatDescription(new[] { "dummy" }));
Assert.Null(record.FormatDescription());
Assert.Throws <EventLogNotFoundException>(() => ((EventRecord)record).FormatDescription(new[] { "dummy" }));
Assert.Null(((EventRecord)record).FormatDescription(null));
Assert.Null(((EventRecord)record).FormatDescription());
}
}
}
public void WrongPathType_TolerateQueryErrors_Throws(bool useBookmark)
{
if (PlatformDetection.IsWindows7) // Null events in PowerShell log
{
return;
}
var query = new EventLogQuery(null, PathType.FilePath, "*[System[(Level=2)]]")
{
TolerateQueryErrors = true
};
if (useBookmark)
{
Assert.Throws <EventLogException>(() => new EventLogReader(query, bookmark: null));
Assert.Throws <EventLogException>(() => new EventLogReader(query, bookmark: Helpers.GetBookmark("Application", PathType.LogName)));
}
else
{
Assert.Throws <EventLogException>(() => new EventLogReader(query));
}
}
public void EventLogRecord_CheckProperties_RemainSame()
{
if (PlatformDetection.IsWindows7) // Null events in PowerShell log
{
return;
}
SecurityIdentifier userId;
byte? version, level;
short? opcode;
Guid? providerId, activityId, relatedActivityId;
int? processId, threadId, qualifiers, task;
long? keywords, recordId;
string providerName, machineName, containerLog;
DateTime? timeCreated;
IEnumerable <int> matchedQueryIds;
EventBookmark bookmark, bookmarkArg = Helpers.GetBookmark("Application", PathType.LogName);
var query = new EventLogQuery("Application", PathType.LogName, "*[System]")
{
ReverseDirection = true
};
var eventLog = new EventLogReader(query, bookmarkArg);
using (eventLog)
{
using (var record = (EventLogRecord)eventLog.ReadEvent())
{
userId = record.UserId;
version = record.Version;
opcode = record.Opcode;
providerId = record.ProviderId;
processId = record.ProcessId;
recordId = record.RecordId;
threadId = record.ThreadId;
qualifiers = record.Qualifiers;
level = record.Level;
keywords = record.Keywords;
task = record.Task;
providerName = record.ProviderName;
machineName = record.MachineName;
timeCreated = record.TimeCreated;
containerLog = record.ContainerLog;
matchedQueryIds = record.MatchedQueryIds;
activityId = record.ActivityId;
relatedActivityId = record.RelatedActivityId;
bookmark = record.Bookmark;
}
}
using (eventLog = new EventLogReader(query, bookmarkArg))
{
using (var record = (EventLogRecord)eventLog.ReadEvent())
{
Assert.Equal(userId, record.UserId);
Assert.Equal(version, record.Version);
Assert.Equal(opcode, record.Opcode);
Assert.Equal(providerId, record.ProviderId);
Assert.Equal(processId, record.ProcessId);
Assert.Equal(recordId, record.RecordId);
Assert.Equal(threadId, record.ThreadId);
Assert.Equal(qualifiers, record.Qualifiers);
Assert.Equal(level, record.Level);
Assert.Equal(keywords, record.Keywords);
Assert.Equal(task, record.Task);
Assert.Equal(providerName, record.ProviderName);
Assert.Equal(machineName, record.MachineName);
Assert.Equal(timeCreated, record.TimeCreated);
Assert.Equal(containerLog, record.ContainerLog);
Assert.Equal(matchedQueryIds, record.MatchedQueryIds);
Assert.Equal(activityId, record.ActivityId);
Assert.Equal(relatedActivityId, record.RelatedActivityId);
Assert.NotNull(record.Bookmark);
Assert.NotEqual(bookmark, record.Bookmark);
}
}
}
