public static void BatchEventLog(string sql, string iCheckpoint) { COMEventLogInputContextClassClass Input = new COMEventLogInputContextClassClass(); Input.iCheckpoint = iCheckpoint; ExectuteBatch(sql, Input); }
public static DataTable ParseEventLog(string sql, string iCheckpoint) { COMEventLogInputContextClassClass Input = new COMEventLogInputContextClassClass(); Input.iCheckpoint = iCheckpoint; return(Execute(sql, Input)); }
/// <summary> /// Returns the correct Input Context class for this type of query. It will also sanity check /// all relevant config params and throw exceptions where there are violations (required /// setting missing, badly formed etc) /// </summary> /// <returns></returns> /// <exception cref="ArgumentException">Thrown if a setting is missing</exception> /// <exception cref="FormatException">Thrown if a setting is badly formed</exception> protected override object GetInputContext() { var context = new COMEventLogInputContextClassClass { fullText = myConfig.FullText.GetValueOrDefault(true), resolveSIDs = myConfig.ResolveSIDs.GetValueOrDefault(false), formatMsg = myConfig.FormatMsg.GetValueOrDefault(true), fullEventCode = myConfig.FullEventCode.GetValueOrDefault(false), msgErrorMode = myConfig.MsgErrorMode ?? "MSG", direction = myConfig.Direction ?? "FW", stringsSep = myConfig.StringsSep ?? "|", binaryFormat = myConfig.BinaryFormat ?? "HEX" }; if (!string.IsNullOrEmpty(myConfig.CheckpointFile)) { context.iCheckpoint = myConfig.CheckpointFile; } return(context); }
public static DataTable runQuery(string q, string context, Func <int, bool> updateCallback = null) { Object o = null; switch (context.ToLower()) { case "active directory": o = new COMADSInputContextClassClass(); break; case "iis binary": o = new COMIISBINInputContextClassClass(); break; case "csv file": o = new COMCSVInputContextClassClass(); break; case "windows trace": o = new COMETWInputContextClassClass(); break; case "windows events": o = new COMEventLogInputContextClassClass(); break; case "file system": o = new COMFileSystemInputContextClassClass(); break; case "http error": o = new COMHttpErrorInputContextClassClass(); break; case "iis": o = new COMIISIISInputContextClassClass(); break; case "iis odbc": o = new COMIISODBCInputContextClassClass(); break; case "iis w3c": o = new COMIISW3CInputContextClassClass(); break; case "iis ncsa": o = new COMIISNCSAInputContextClassClass(); break; case "netmon": o = new COMNetMonInputContextClassClass(); break; case "registry": o = new COMRegistryInputContextClassClass(); break; case "textline": o = new COMTextLineInputContextClassClass(); break; case "textword": o = new COMTextWordInputContextClassClass(); break; case "tsv file": o = new COMTSVInputContextClassClass(); break; case "urlscan": o = new COMURLScanLogInputContextClassClass(); break; case "w3c": o = new COMW3CInputContextClassClass(); break; case "xml file": o = new COMXMLInputContextClassClass(); break; case "rpower logs": o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerLogs")); break; case "rpower keys": o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerKeys")); break; case "rpower cc logs": o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerCC")); break; case "rpower dbf": o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerDB")); break; default: o = Activator.CreateInstance(Type.GetTypeFromProgID(context)); break; } if (o == null) { return(null); } else { return(runQuery(q, o, updateCallback)); } }