private log_entry_line to_log_entry(EventRecord rec, string log_name) { log_entry_line entry = new log_entry_line(); try { entry.add("Log", log_name); entry.add("EventID", "" + rec.Id); entry.add("level", event_level((StandardEventLevel) rec.Level)); entry.analyze_and_add("timestamp", rec.TimeCreated.Value); try { var task = rec.Task != 0 ? rec.TaskDisplayName : ""; entry.add("Category", task ?? ""); } catch { entry.add("Category", ""); } entry.add("Machine Name", rec.MachineName); entry.add("Source", "" + rec.ProviderName); string user_id = rec.UserId != null ? rec.UserId.Value : ""; if (user_id != "") user_id = new SecurityIdentifier(user_id).Translate(typeof(NTAccount)).ToString();; entry.add("User Name", user_id); /* 1.5.14+ this generates waaaay too many errors - just ignore for now try { var keywords = rec.KeywordsDisplayNames; entry.add("Keywords", keywords != null ? util.concatenate(keywords, ",") : ""); } catch { entry.add("Keywords", ""); }*/ // note: this throws a lot of exceptions; however, we don't have much of a choice here - just showing the raw properties is rather useless try { var desc = rec.FormatDescription(); if ( desc == null) desc = util.concatenate( rec.Properties.Select(x => x.Value.ToString()), "\r\n"); entry.add("msg", desc ?? ""); } catch { try { string desc = util.concatenate( rec.Properties.Select(x => x.Value.ToString()), "\r\n"); entry.add("msg", desc); } catch { entry.add("msg", ""); } } } catch (Exception e) { logger.Fatal("can't convert EventRectord to entry " + e.Message); } return entry; }