public void Should_Parse_Logs() { try { // Instantiate the LogQuery object LogQuery oLogQuery = new LogQuery(); // Instantiate the Event Log Input Format object EventLogInputFormat oEVTInputFormat = new EventLogInputFormat(); // Set its "direction" parameter to "BW" oEVTInputFormat.direction = "BW"; // Create the query string query = @"SELECT TOP 50 SourceName, EventID, Message FROM System"; // Execute the query LogRecordSet oRecordSet = oLogQuery.Execute(query, oEVTInputFormat); // Browse the recordset for (; !oRecordSet.atEnd(); oRecordSet.moveNext()) { //Console.WriteLine(oRecordSet.getRecord().toNativeString(",")); } // Close the recordset oRecordSet.close(); } catch (System.Runtime.InteropServices.COMException exc) { Console.WriteLine("Unexpected error: " + exc.Message); } }
private void EventWatcher(object ploc) { string location = ploc.ToString(); LogQuery oLogQuery = new LogQuery(); LogManager.GetCurrentClassLogger().Info("WindowsEvent Input Listener Ready"); // Instantiate the Event Log Input Format object var iFmt = new EventLogInputFormat() { binaryFormat = _arguments.BinaryFormat.ToString(), direction = _arguments.Direction.ToString(), formatMsg = _arguments.FormatMsg, fullEventCode = _arguments.FullEventCode, fullText = _arguments.FullText, msgErrorMode = _arguments.MsgErrorMode.ToString(), stringsSep = _arguments.StringsSep, resolveSIDs = _arguments.ResolveSIDS }; oLogQuery = null; Dictionary <string, Int64> logFileMaxRecords = new Dictionary <string, Int64>(); // Execute the query while (!CancelToken.IsCancellationRequested) { try { Thread.CurrentThread.Priority = ThreadPriority.BelowNormal; oLogQuery = new LogQuery(); var qfiles = string.Format("SELECT Distinct [EventLog] FROM {0}", location); var rsfiles = oLogQuery.Execute(qfiles, iFmt); for (; !rsfiles.atEnd(); rsfiles.moveNext()) { var record = rsfiles.getRecord(); string logName = record.getValue("EventLog") as string; if (!logFileMaxRecords.ContainsKey(logName)) { var qcount = string.Format("SELECT max(RecordNumber) as MaxRecordNumber FROM {0}", logName); var rcount = oLogQuery.Execute(qcount, iFmt); var qr = rcount.getRecord(); var lrn = (Int64)qr.getValueEx("MaxRecordNumber"); logFileMaxRecords[logName] = lrn; } } foreach (string fileName in logFileMaxRecords.Keys.ToList()) { var lastRecordNumber = logFileMaxRecords[fileName]; var query = string.Format("SELECT * FROM {0} where RecordNumber > {1}", location, lastRecordNumber); var rs = oLogQuery.Execute(query, iFmt); // Browse the recordset for (; !rs.atEnd(); rs.moveNext()) { var record = rs.getRecord(); var json = new JObject(); foreach (var field in _arguments.Fields) { object v = record.getValue(field.Name); if (field.Name == "Data") { v = ToPrintable(v.ToString()); } json.Add(new JProperty(field.Name, v)); } var lrn = (Int64)record.getValueEx("RecordNumber"); logFileMaxRecords[fileName] = lrn; record = null; ProcessJson(json); _receivedMessages++; json = null; } // Close the recordset rs.close(); rs = null; GC.Collect(); } } catch (System.Threading.ThreadAbortException tex) { Thread.ResetAbort(); break; } catch (Exception ex) { LogManager.GetCurrentClassLogger().Error(ex); } try { Thread.CurrentThread.Priority = ThreadPriority.Normal; System.Threading.Thread.Sleep(_pollingIntervalInSeconds * 1000); } catch (System.Threading.ThreadAbortException tex) { Thread.ResetAbort(); break; } catch (Exception ex) { LogManager.GetCurrentClassLogger().Error(ex); } } Finished(); }