//internal List<EventLogEntryEx> GetMatchingEventLogEntries() //{ // List<EventLogEntryEx> list = new List<EventLogEntryEx>(); // using (diag.EventLog log = new diag.EventLog(EventLog, Computer)) // { // DateTime currentTime = DateTime.Now; // int counter = 0; // int listSize = log.Entries.Count - 1; // for (int i = listSize; i >= 0; i--) // { // try // { // diag.EventLogEntry entry = log.Entries[i]; // if (WithInLastXEntries > 0 && WithInLastXEntries <= counter) // break; // if (WithInLastXMinutes > 0 && entry.TimeGenerated.AddMinutes(WithInLastXMinutes) < currentTime) // break; // EventLogEntryEx newentry = new EventLogEntryEx(); // newentry.Category = entry.Category; // newentry.EntryType = entry.EntryType; // newentry.EventId = (int)(entry.InstanceId & 65535); // newentry.MachineName = entry.MachineName; // newentry.LogName = EventLog; // newentry.Message = entry.Message; // newentry.MessageSummary = newentry.Message.Length > 80 ? newentry.Message.Substring(0, 80) : newentry.Message; // newentry.Source = entry.Source; // newentry.TimeGenerated = entry.TimeGenerated; // newentry.UserName = entry.UserName; // if (MatchEntry(newentry)) // list.Add(newentry); // counter++; // } // catch (Exception ex) // { // if (!ex.ToString().Contains("is out of bounds")) // { // throw; // } // } // } // } // return list; //} private bool MatchEntry(EventLogEntryEx entry) { bool match = true; if (!EventEntryTypeMatch(entry)) { match = false; } else if (Sources.Count > 0 && !Sources.Contains(entry.Source)) { match = false; } else if (EventIds.Count > 0 && !EventIds.Contains(entry.EventId)) { match = false; } else if (TextFilter.Length > 0 && UseRegEx) { System.Text.RegularExpressions.Match regMatch = System.Text.RegularExpressions.Regex.Match(entry.Message, TextFilter, System.Text.RegularExpressions.RegexOptions.Multiline); match = regMatch.Success; } else if (TextFilter.Length > 0 && !ContainsText && (!entry.Message.StartsWith(TextFilter, StringComparison.CurrentCultureIgnoreCase))) { match = false; } else if (TextFilter.Length > 0 && ContainsText && (!entry.Message.ToLower().Contains(TextFilter.ToLower()))) { match = false; } return(match); }
internal int GetMatchingEventLogCount() { int result = 0; LastEntries = new List <EventLogEntryEx>(); using (diag.EventLog log = new diag.EventLog(EventLog, Computer)) { DateTime currentTime = DateTime.Now; int counter = 0; int listSize = log.Entries.Count - 1; for (int i = listSize; i >= 0; i--) { try { diag.EventLogEntry entry = log.Entries[i]; if (WithInLastXEntries > 0 && WithInLastXEntries <= counter) { break; } if (WithInLastXMinutes > 0 && entry.TimeGenerated.AddMinutes(WithInLastXMinutes) < currentTime) { break; } EventLogEntryEx newentry = new EventLogEntryEx(); newentry.Category = entry.Category; newentry.EntryType = entry.EntryType; newentry.EventId = (int)(entry.InstanceId & 65535); newentry.MachineName = entry.MachineName; newentry.LogName = EventLog; newentry.Source = entry.Source; newentry.Message = entry.Message; newentry.MessageSummary = newentry.Message.Length > 80 ? newentry.Message.Substring(0, 80) : newentry.Message; //if (TextFilter.Length > 0) // newentry.Message = entry.Message; newentry.TimeGenerated = entry.TimeGenerated; newentry.UserName = entry.UserName; if (MatchEntry(newentry)) { LastEntries.Add(newentry); result++; } counter++; } catch (Exception ex) { string errStr = ex.ToString(); if (!(errStr.Contains("is out of bounds") || errStr.Contains("outside the bounds"))) { throw; } } } } return(result); }
private void DisplaySelectedItemDetails() { string oldStatusText = toolStripStatusLabelDetails.Text; RTFBuilder rtfBuilder = new RTFBuilder(); string logName = ""; if (lvwEntries2.SelectedItems.Count > 0 && lvwEntries2.SelectedItems[0].Tag is EventLogCollectorEntry) { logName = ((EventLogCollectorEntry)lvwEntries2.SelectedItems[0].Tag).EventLog; } if (lvwDetails.SelectedItems.Count > MAXPREVIEWDISPLAYCOUNT) { Cursor.Current = Cursors.WaitCursor; } //have to limit the maximum number of selected items foreach (ListViewItem lvi in (from ListViewItem l in lvwDetails.SelectedItems select l).Take(MAXPREVIEWDISPLAYCOUNT)) { if (lvi.Tag is EventLogEntryEx) { EventLogEntryEx ev = (EventLogEntryEx)lvi.Tag; rtfBuilder.FontStyle(FontStyle.Bold).Append("Date time: ").AppendLine(ev.TimeGenerated.ToString("yyyy-MM-dd HH:mm:ss")); rtfBuilder.FontStyle(FontStyle.Bold).Append("Type: ").AppendLine(ev.EntryType.ToString()); rtfBuilder.FontStyle(FontStyle.Bold).Append("Computer: ").AppendLine(ev.MachineName); rtfBuilder.FontStyle(FontStyle.Bold).Append("Event log: ").AppendLine(ev.LogName); rtfBuilder.FontStyle(FontStyle.Bold).Append("Source: ").AppendLine(ev.Source); rtfBuilder.FontStyle(FontStyle.Bold).Append("Event ID: ").AppendLine(ev.EventId.ToString()); rtfBuilder.FontStyle(FontStyle.Bold).Append("Message: ").AppendLine(); rtfBuilder.Append(ev.Message.Replace("\r\n", "\r\n\t")).AppendLine(); rtfBuilder.FontStyle(FontStyle.Underline).AppendLine(new String(' ', 250)); rtfBuilder.AppendLine(); } } if (lvwDetails.SelectedItems.Count > MAXPREVIEWDISPLAYCOUNT) { rtfBuilder.FontStyle(FontStyle.Bold).AppendLine(string.Format("Only first {0} entries shown...", MAXPREVIEWDISPLAYCOUNT)); } else if (lvwDetails.SelectedItems.Count == 0) { rtfBuilder.FontStyle(FontStyle.Bold).AppendLine("No entries selected"); } else { rtfBuilder.FontStyle(FontStyle.Bold).AppendLine(string.Format("{0} entry(s)", lvwDetails.SelectedItems.Count)); } rtxDetails.Rtf = rtfBuilder.ToString(); rtxDetails.SelectionStart = 0; rtxDetails.SelectionLength = 0; rtxDetails.ScrollToCaret(); Cursor.Current = Cursors.Default; toolStripStatusLabelDetails.Text = oldStatusText; }
private bool EventEntryTypeMatch(EventLogEntryEx entry) { if (TypeInfo && TypeWarn && TypeErr) { return(true); } else if (!TypeInfo && (entry.EntryType == diag.EventLogEntryType.Information || entry.EntryType == 0) || !TypeWarn && entry.EntryType == diag.EventLogEntryType.Warning || !TypeErr && entry.EntryType == diag.EventLogEntryType.Error || !TypeInfo && entry.EntryType == diag.EventLogEntryType.SuccessAudit || !TypeErr && entry.EntryType == diag.EventLogEntryType.FailureAudit) { return(false); } else { return(true); } }