/// <summary>
/// The behaviour of the method depends on the mode of the reader. In the "live" mode it'll be waiting for an appearing
/// of the new event item, otherwise It'll just return null
/// </summary>
/// <param name="cancellationToken">Token for interrupting of the reader</param>
/// <returns></returns>
public EventLogItem ReadNextEventLogItem(CancellationToken cancellationToken = default)
{
if (_lgpReader == null)
{
SetNextLgpReader();
}
if (_settings.LiveMode && _lgpFilesWatcher == null)
{
StartLgpFilesWatcher();
}
EventLogItem item = null;
while (!cancellationToken.IsCancellationRequested)
{
try
{
item = _lgpReader.ReadNextEventLogItem(cancellationToken);
}
catch (ObjectDisposedException)
{
item = null;
_lgpReader = null;
break;
}
if (item == null)
{
var newReader = SetNextLgpReader();
if (_settings.LiveMode)
{
if (!newReader)
{
_lgpChangedCreated.Reset();
var waitHandle = WaitHandle.WaitAny(
new[] { _lgpChangedCreated, cancellationToken.WaitHandle }, _settings.ReadingTimeout);
if (_settings.ReadingTimeout != Timeout.Infinite && waitHandle == WaitHandle.WaitTimeout)
{
throw new EventLogReaderTimeoutException();
}
_lgpChangedCreated.Reset();
}
}
else
{
if (!newReader)
{
break;
}
}
}
else
{
_settings.ItemId++;
item.Id = _settings.ItemId;
break;
}
}
return(item);
}
private EventLogItem ParseEventLogItemData(StringBuilder eventLogItemData, long endPosition,
CancellationToken cancellationToken = default)
{
var parsedData = BracketsParser.ParseBlock(eventLogItemData);
var eventLogItem = new EventLogItem
{
TransactionStatus = GetTransactionPresentation(parsedData[1]),
FileName = LgpFileName,
EndPosition = endPosition,
LgfEndPosition = _lgfReader.GetPosition()
};
try
{
eventLogItem.DateTime = _timeZone.ToUtc(DateTime.ParseExact(parsedData[0], "yyyyMMddHHmmss",
CultureInfo.InvariantCulture));
}
catch
{
eventLogItem.DateTime = DateTime.MinValue;
}
var transactionData = parsedData[2];
eventLogItem.TransactionNumber = Convert.ToInt64(transactionData[1], 16);
var transactionDate = new DateTime().AddSeconds(Convert.ToInt64(transactionData[0], 16) / 10000);
eventLogItem.TransactionDateTime = transactionDate == DateTime.MinValue
? transactionDate
: _timeZone.ToUtc(transactionDate);
var(value, uuid) = _lgfReader.GetReferencedObjectValue(ObjectType.Users, parsedData[3], cancellationToken);
eventLogItem.UserUuid = uuid;
eventLogItem.User = value;
eventLogItem.Computer = _lgfReader.GetObjectValue(ObjectType.Computers, parsedData[4], cancellationToken);
var application = _lgfReader.GetObjectValue(ObjectType.Applications, parsedData[5], cancellationToken);
eventLogItem.Application = GetApplicationPresentation(application);
eventLogItem.Connection = parsedData[6];
var ev = _lgfReader.GetObjectValue(ObjectType.Events, parsedData[7], cancellationToken);
eventLogItem.Event = GetEventPresentation(ev);
var severity = (string)parsedData[8];
eventLogItem.Severity = GetSeverityPresentation(severity);
eventLogItem.Comment = parsedData[9];
(value, uuid) = _lgfReader.GetReferencedObjectValue(ObjectType.Metadata, parsedData[10], cancellationToken);
eventLogItem.MetadataUuid = uuid;
eventLogItem.Metadata = value;
eventLogItem.Data = GetData(parsedData[11]).Trim();
eventLogItem.DataPresentation = parsedData[12];
eventLogItem.Server = _lgfReader.GetObjectValue(ObjectType.Servers, parsedData[13], cancellationToken);
var mainPort = _lgfReader.GetObjectValue(ObjectType.MainPorts, parsedData[14], cancellationToken);
if (mainPort != "")
{
eventLogItem.MainPort = int.Parse(mainPort);
}
var addPort = _lgfReader.GetObjectValue(ObjectType.AddPorts, parsedData[15], cancellationToken);
if (addPort != "")
{
eventLogItem.AddPort = int.Parse(addPort);
}
eventLogItem.Session = parsedData[16];
return(eventLogItem);
}