/// <summary> /// It takes filtered event data from several windows servers. The servers name are inserted from Config class via DIP /// It takes the content string filter from the Config class most likely webconfig. It then returns all event record log data between two datetimes. /// It uses VMI to query the servers /// </summary> /// <param name="fromTime">DataTime from where to start the search span. The time is included in the search</param> /// <param name="toTime">DateTime to is bigger - more in future time then from. Marks end of time span filter uses the time is included in search </param> /// <param name="maxRows">Not implemented yet</param> /// <param name="timeOutSec">Not implemented yet</param> /// <returns></returns> public List<IEventRecord> GetByTimeFilter(DateTime fromTime, DateTime toTime, int maxRows, int timeOutSec) { // DateTime fromTime = DateTime.Now.AddHours(-1*lag); // string strFromTime = String.Format(Global_Const.DATE_FORMAT_STR, fromTime) + ".000000+000"; // string dmtfDateTime = ManagementDateTimeConverter.ToDmtfDateTime(DateTime.Now); string strFromTime = ManagementDateTimeConverter.ToDmtfDateTime(fromTime);// DateTime outDateTime String.Format(Global_Const.DATE_FORMAT_STR, fromTime) + ".000000+000"; string strToTime = ManagementDateTimeConverter.ToDmtfDateTime(toTime);// String.Format(Global_Const.DATE_FORMAT_STR, toTime) + ".000000+000"; string wmiQuery = String.Format( "SELECT * FROM Win32_NTLogEvent WHERE Logfile = '{0}' AND TimeGenerated >= '{1}' AND TimeGenerated <= '{2}' ", Global_Const.SOURCE, strFromTime, strToTime); List<IEventRecord> eventRecMergedList = new List<IEventRecord>(); if (Config == null) { throw new NullReferenceException( "There is no configuration object and therefore no list of servers. Config object is null. It is the Func IOC that should have set this in the code. Something trivial is missing."); } if (Config.ServersToQuery == null) { throw new NullReferenceException("The list of servers from Config is null. That is bad."); } List<IEventRecord> eventRecordList = new List<IEventRecord>(); //TODO break out this logic so it can be tested. // Here comes three nested list. Its for every server, for every event record check every searchTerm if ok then add it. var searchTermList = Config.FilterTerm; int sTCount=searchTermList.Count; bool multiSearch = (searchTermList.Count() > 1); foreach (var serv in Config.ServersToQuery) { var mos = new ManagementObjectSearcher("\\\\" + serv + "\\root\\cimv2", wmiQuery); var mossos = mos.Get(); foreach (var mo in mossos) { var eventRec = new EventRecord((ManagementObject) mo); //Filter out all data that contains records that we are interested in. for (int index = 0; index < sTCount; index++) { var searchTerm = searchTermList[index]; if (eventRec.SourceName.Contains(searchTerm) || eventRec.Message.Contains(searchTerm) || eventRec.InsertionStrings.Contains(searchTerm)) { eventRec.SearchTerm = "Word_" + index.ToString(CultureInfo.InvariantCulture); eventRecordList.Add(eventRec); break; } } } eventRecMergedList = (List<IEventRecord>) eventRecMergedList.Concat(eventRecordList).ToList(); eventRecordList.Clear(); } //var eventRecMergedList = EventRecordList.Concat(EventRecordList2).OrderBy(e => e.TimeGenerated); List<IEventRecord> returnEventList = new List<IEventRecord>(eventRecMergedList.OrderByDescending(e => e.TimeGenerated)); return returnEventList; }
public List<IEventRecord> GetByTimeFilter(DateTime fromTime, DateTime toTime, int maxRows, int timeOutSec) { var eventRecordList = new List<IEventRecord>(); ManagementObject vmi = null; // ManagementObject vmi = A.Fake<ManagementObject>(); var er1 = new EventRecord(vmi) { Category = "0", ComputerName = "Herkules", EventCode = "2264", EventType = "2", InsertionStrings = @"C:\Users\Patrik\AppData\Local\Temp\iisexpress\IIS Temporary Compressed Files\Clr4IntegratedAppPoo", Logfile = "Application", Message = @"The directory jabberjowitch specified for caching compressed content C:\Users\Patrik\AppData\Local\Temp\iisexpress\IIS Temporary Compressed Files\Clr4IntegratedAppPool is invalid. Static compression is being disabled.", RecordNumber = "460172", SourceName = "IIS Express", TimeGenerated = DateTime.Now, //"20130619182551.000000-000", // TimeWritten = "20130619182551.000000-000", Type = "Varning" }; eventRecordList.Add(er1); ManagementObject vmi2 = null; var er2 = new EventRecord(vmi2) { Category = "0", ComputerName = "Herkules", EventCode = "0", EventType = "3", InsertionStrings = @"The EventTestWriter was initilized. Go DTD. Do not fail me. jabberjowitch", Logfile = "Application", Message = String.Empty, RecordNumber = "460171", SourceName = "application", TimeGenerated = DateTime.Now, //"20130619182521.000000-000", // TimeWritten = "20130619182521.000000-000", Type = "Information" }; eventRecordList.Add(er2); // https://github.com/FakeItEasy/FakeItEasy ManagementObject vmi3 = null; // var er3 = A.Fake<EventRecord>(() => new EventRecord(vmi3)); // var foo = A.Fake<Foo>(() => new Foo("string passed to constructor")); IEventRecord er3 = A.Fake<IEventRecord>(); // A.CallTo(er3).WithReturnType<string>().Returns("hello world"); eventRecordList.Add(er3); Random rnd = new Random(); for (int i = 4; i <= 20; i++) { var erN = A.Fake<IEventRecord>(); A.CallTo(erN).WithReturnType<string>().Returns("Default Mockstring: " + i.ToString()); A.CallTo(() => erN.ComputerName).Returns("Herkules"); A.CallTo(() => erN.EventCode).Returns(rnd.Next(0,2000).ToString()); A.CallTo(() => erN.EventType).Returns(rnd.Next(0, 5).ToString()); A.CallTo(() => erN.RecordNumber).Returns((460175+rnd.Next(1,200)).ToString()); A.CallTo(() => erN.SourceName).Returns("application"); A.CallTo(() => erN.Message).Returns("jabberjowitch is not a project"); A.CallTo(() => erN.TimeGenerated).Returns(DateTime.Now);// + rnd.Next(111,999).ToString()); eventRecordList.Add(erN); } return eventRecordList; }