/// <summary>Counts the system log events of required type</summary> /// <param name="value">the type of log event (Error, Event, Information etc)</param> /// <returns> /// Returns the number of System log entries of specified type /// </returns> public int GetSpecificEventEntriesCount(EventLogEntryType value) { // TODO : Implement GetSpecificEventEntriesCount EventLogEntryCollection systemEvents = (new EventLog("System", ".")).Entries; return(systemEvents.Cast <EventLogEntry>().Count(x => x.EntryType == value)); }
private void LoadLogFromEventLog(DateTime?dateTime) { LogPresenterList.Clear(); EventLogEntryCollection applicationEntries = EventLog.GetEventLogs().FirstOrDefault(f => f.LogDisplayName == "Application").Entries; IEnumerable <EventLogEntry> beSafeLogEntries = applicationEntries.Cast <EventLogEntry>().Where(w => w.Source == Resources.ApplicationName && w.InstanceId == BeSafe_Log_EventID); List <EventLogEntry> beSafeLogsFilteredByDate = (dateTime != null) ? beSafeLogEntries.Where(w => w.TimeWritten.Date.CompareTo(dateTime.Value.Date) == 0).ToList() : beSafeLogEntries.ToList(); foreach (EventLogEntry ev in beSafeLogsFilteredByDate) { if (!ev.Data.Any()) { continue; } PluginResult pluginResult = Deserialize <PluginResult>(ev.Data); LogPresenterList.Add(new LogPresenter { Date = ev.TimeWritten, ScannedObject = pluginResult.ScannedObjectString, PluginName = pluginResult.PluginInfo.ToString(), Risk = pluginResult.RiskRate, PluginMessage = pluginResult.Message, }); } logPresenterBindingSource.DataSource = LogPresenterList.ToList(); }
string GetDayHours(EventLogEntryCollection sec_events, DateTime curr_selected_date) { string user_name = Environment.UserDomainName + @"\" + Environment.UserName; DateTime curr_date = new DateTime(); DateTime start_time = new DateTime(), end_time = new DateTime(); bool start_time_first = false; bool date_today = false; string res = "0"; if (curr_selected_date.Date == DateTime.Today) { curr_date = DateTime.Now; start_time = DateTime.Today; end_time = DateTime.Now; date_today = true; } else { curr_date = curr_selected_date.Date; start_time = curr_selected_date.Date.AddHours(10.0); //start work usually at 10.00 end_time = curr_selected_date.Date.AddHours(19.0); //end work last time at 19.00 } foreach (EventLogEntry curr_event in sec_events.Cast <EventLogEntry>().OrderBy <EventLogEntry, DateTime>(o => o.TimeGenerated)) { //EventID(InstanceId)=528 - Succesful user logon (Win7 - 4624) //EventId=551 - User initiated logoff (Win7 - 4647) if (curr_event.EntryType == EventLogEntryType.SuccessAudit && (curr_event.InstanceId == 528 || curr_event.InstanceId == 551 || curr_event.InstanceId == 4624 || curr_event.InstanceId == 4647) && curr_event.TimeGenerated.Date == curr_date.Date) { if (curr_event.UserName == user_name || (curr_event.ReplacementStrings.Length > 2 && curr_event.ReplacementStrings[2] + @"\" + curr_event.ReplacementStrings[1] == user_name) || (curr_event.ReplacementStrings.Length > 6 && curr_event.ReplacementStrings[6] + @"\" + curr_event.ReplacementStrings[5] == user_name)) { if ((curr_event.InstanceId == 528 || curr_event.InstanceId == 4624) && !start_time_first) { start_time = curr_event.TimeGenerated; start_time_first = true; } else if (curr_event.InstanceId == 551 || curr_event.InstanceId == 4647) { if (!date_today) { end_time = curr_event.TimeGenerated; } } double work_hours = (end_time - start_time).TotalHours; res = work_hours.ToString("F1"); } } } return(res); }
public static void ReadEventLog() { EventLog eventLog = new EventLog(evlLocationManual); EventLogEntryCollection eventLogEntries = eventLog.Entries; int eventLogEntryCount = eventLogEntries.Count; for (int i = 0; i < eventLogEntries.Count; i++) { EventLogEntry entry = eventLog.Entries[i]; //Do Some processing on the entry } LogEntries = eventLogEntries.Cast <EventLogEntry>().ToList(); }