public RESTStatus GetEventLogs(SQLLib sql, EventLogSearch eventlogsearch, NetworkConnectionInfo ni) { if (ni.HasAcl(ACLFlags.ChangeServerSettings) == false) { ni.Error = "Access denied"; ni.ErrorID = ErrorFlags.AccessDenied; return(RESTStatus.Denied); } EventLogs = new EventLogReportFullList(); EventLogs.Data = new List <EventLogReportFull>(); if (eventlogsearch == null) { return(RESTStatus.Success); } if (eventlogsearch.QTY < 1) { eventlogsearch.QTY = 500; } string SQLQuery = "SELECT TOP " + eventlogsearch.QTY + " * FROM EventLog WHERE "; List <SQLParam> SQLQueryArgs = new List <SQLParam>(); if (eventlogsearch.MachineID != null) { if (Computers.MachineExists(sql, eventlogsearch.MachineID) == false) { ni.Error = "Invalid Data"; ni.ErrorID = ErrorFlags.InvalidData; return(RESTStatus.NotFound); } SQLQuery += "MachineID=@m AND "; SQLQueryArgs.Add(new SQLParam("@m", eventlogsearch.MachineID)); } if (eventlogsearch.Source != null) { SQLQuery += "Source=@s AND "; SQLQueryArgs.Add(new SQLParam("@s", eventlogsearch.Source)); } if (eventlogsearch.EventLogType != null) { SQLQuery += "EventLogType=@t AND "; SQLQueryArgs.Add(new SQLParam("@t", eventlogsearch.EventLogType)); } if (eventlogsearch.FromDate != null) { SQLQuery += "TimeGenerated>=@tgf AND "; SQLQueryArgs.Add(new SQLParam("@tgf", eventlogsearch.FromDate)); } if (eventlogsearch.ToDate != null) { SQLQuery += "TimeGenerated<=@tgt AND "; SQLQueryArgs.Add(new SQLParam("@tgt", eventlogsearch.ToDate)); } if (eventlogsearch.EventLogBook != null) { SQLQuery += "EventLog=@evtb AND "; SQLQueryArgs.Add(new SQLParam("@evtb", eventlogsearch.EventLogBook)); } if (eventlogsearch.CategoryNumber != null) { SQLQuery += "CategoryNumber=@catnum AND "; SQLQueryArgs.Add(new SQLParam("@catnum", eventlogsearch.CategoryNumber)); } SQLQuery = SQLQuery.Trim(); SQLQuery += " 1=1 "; SQLQuery += " ORDER BY TimeGenerated DESC"; lock (ni.sqllock) { SqlDataReader dr = sql.ExecSQLReader(SQLQuery, SQLQueryArgs.ToArray()); while (dr.Read()) { EventLogReportFull ev = new EventLogReportFull(); ev.Category = Convert.ToString(dr["Category"]); ev.CategoryNumber = Convert.ToInt32(dr["CategoryNumber"]); ev.Data = (byte[])dr["Data"]; ev.EventLog = Convert.ToString(dr["EventLog"]); ev.EventLogType = Convert.ToInt32(dr["EventLogType"]); ev.InstanceID = Convert.ToInt64(dr["InstanceID"]); ev.JSONReplacementStrings = Convert.ToString(dr["JSONReplacementStrings"]); ev.LogID = Convert.ToString(dr["LogID"]); ev.MachineID = Convert.ToString(dr["MachineID"]); ev.Message = Convert.ToString(dr["Message"]); ev.Reported = SQLLib.GetDTUTC(dr["Reported"]); ev.Source = Convert.ToString(dr["Source"]); ev.TimeGenerated = SQLLib.GetDTUTC(dr["TimeGenerated"]); ev.TimeWritten = SQLLib.GetDTUTC(dr["TimeWritten"]); EventLogs.Data.Add(ev); } dr.Close(); } return(RESTStatus.Success); }
private void cmdQuery_Click(object sender, EventArgs e) { EventLogSearch ls = new EventLogSearch(); if (lstBook.Text.Trim() != "" && lstBook.Text != "(any)") { ls.EventLogBook = lstBook.Text.Trim(); } if (lstSources.Text.Trim() != "") { ls.Source = lstSources.Text.Trim(); } if (DTTo.Enabled == true) { ls.ToDate = DTTo.Value; } if (DTFrom.Enabled == true) { ls.FromDate = DTFrom.Value; } if (lstStatus.SelectedIndex > 0) { ls.EventLogType = 1 << (lstStatus.SelectedIndex - 1); } if (txtEventID.Text.Trim() != "") { int i = 0; if (int.TryParse(txtEventID.Text, out i) == true) { ls.CategoryNumber = i; } } ls.MachineID = MachineID; int.TryParse(txtQTY.Text, out ls.QTY); if (ls.QTY < 1) { ls.QTY = 1000; } txtQTY.Text = ls.QTY.ToString(); List <EventLogReportFull> evl = Program.net.GetEventLogs(ls); lstData.Items.Clear(); if (evl != null) { foreach (EventLogReportFull ev in evl) { int imgindex = 0; string Text = ""; switch (ev.EventLogType) { case 1: imgindex = 3; Text = "Error"; break; case 2: imgindex = 2; Text = "Warning"; break; case 0: case 4: imgindex = 4; Text = "Information"; break; case 8: imgindex = 0; Text = "Success Audit"; break; case 16: imgindex = 1; Text = "Failure Audit"; break; default: imgindex = 4; Text = "?"; break; } ListViewItem i = new ListViewItem(Text, imgindex); i.SubItems.Add(ev.TimeGenerated.ToLongDateString() + " " + ev.TimeGenerated.ToLongTimeString()); i.SubItems.Add(GetComputerName(ev.MachineID)); i.SubItems.Add(ev.EventLog); i.SubItems.Add(ev.Source); i.SubItems.Add(ev.CategoryNumber.ToString()); i.Tag = ev; lstData.Items.Add(i); } } if (lstData.Items.Count == 0) { if (evl == null) { lblResults.Text = "Nothing"; } else { lblResults.Text = lstData.Items.Count.ToString() + " item" + (lstData.Items.Count == 1 ? "" : "s"); } } else { lblResults.Text = lstData.Items.Count.ToString() + " item" + (lstData.Items.Count == 1 ? "" : "s"); } }