public static IDictionary <string, object> Deserialize(string eventXml)
{
var beforeCulture = Thread.CurrentThread.CurrentCulture;
try
{
var sanitizedXmlString = XmlScrubber.VerifyAndRepairXml(eventXml);
var xe = XElement.Parse(sanitizedXmlString);
var systemData = xe.Element(ElementNames.System);
Dictionary <string, object> instance = XmlEventParseHelpers.ConvertSystemPropertiesToDictionary(xe);
var eventData = xe.Element(ElementNames.EventData);
var userData = xe.Element(ElementNames.UserData);
// Convert the EventData to named properties
if (eventData != null)
{
instance["EventData"] = XmlEventParseHelpers.ParseEventData(eventData);
}
// An event will never have EventData and UserData.
// If there is UserData, then it should replace EventData.
if (userData != null)
{
instance["EventData"] = XmlEventParseHelpers.ParseUserData(userData);
}
return(instance);
}
finally
{
Thread.CurrentThread.CurrentCulture = beforeCulture;
}
}
/// <summary>
/// Parse a single event into dynamic object type, from the xml of the Windows Event
/// </summary>
/// <param name="eventXml">the xml string of an EventRecord object</param>
/// <returns>a dynamic representing the windows event</returns>
public static string RetrieveExtendedData(string eventXml)
{
try
{
eventXml = XmlScrubber.VerifyAndRepairXml(eventXml);
var xe = XElement.Parse(eventXml);
var eventData = xe.Element(ElementNames.EventData);
// Convert the EventData string
if (eventData != null)
{
return(eventData.ToString());
}
var userData = xe.Element(ElementNames.UserData);
// Return the UserData string
if (userData != null)
{
return(userData.ToString());
}
// If the event has neither EventData or UserData, return null...
return(null);
}
catch (Exception ex)
{
// Log Exception and return null
EventInstance eventInstance = new EventInstance(101, 0, EventLogEntryType.Error);
eventLog.WriteEvent(eventInstance, eventXml, ex.ToString());
return(null);
}
}
public static IDictionary <string, object> Deserialize(this EventLogRecord e, bool includeBookmark = false)
{
var beforeCulture = Thread.CurrentThread.CurrentCulture;
try
{
var sanitizedXmlString = XmlScrubber.VerifyAndRepairXml(e.ToXml());
var xe = XElement.Parse(sanitizedXmlString);
var systemData = xe.Element(ElementNames.System);
Dictionary <string, object> instance = XmlEventParseHelpers.ConvertSystemPropertiesToDictionary(xe);
var eventData = xe.Element(ElementNames.EventData);
var userData = xe.Element(ElementNames.UserData);
// Convert the EventData to named properties
if (eventData != null)
{
instance["EventData"] = XmlEventParseHelpers.ParseEventData(eventData);
}
// Convert the EventData to named properties
if (userData != null)
{
instance["UserData"] = XmlEventParseHelpers.ParseUserData(userData);
}
if (includeBookmark)
{
instance.Add("BookmarkChannel", GetBookmarkChannel(e.Bookmark));
}
return(instance);
}
finally
{
Thread.CurrentThread.CurrentCulture = beforeCulture;
}
}