/// <summary>Counts the system log events of required type</summary>
/// <param name="value">the type of log event (Error, Event, Information etc)</param>
/// <returns>
/// Returns the number of System log entries of specified type
/// </returns>
public int GetSpecificEventEntriesCount(EventLogEntryType value)
{
// TODO : Implement GetSpecificEventEntriesCount
EventLogEntryCollection systemEvents = (new EventLog("System", ".")).Entries;
return(systemEvents.Cast <EventLogEntry>().Count(x => x.EntryType == value));
}
private void LoadLogFromEventLog(DateTime?dateTime)
{
LogPresenterList.Clear();
EventLogEntryCollection applicationEntries = EventLog.GetEventLogs().FirstOrDefault(f => f.LogDisplayName == "Application").Entries;
IEnumerable <EventLogEntry> beSafeLogEntries = applicationEntries.Cast <EventLogEntry>().Where(w => w.Source == Resources.ApplicationName && w.InstanceId == BeSafe_Log_EventID);
List <EventLogEntry> beSafeLogsFilteredByDate = (dateTime != null) ? beSafeLogEntries.Where(w => w.TimeWritten.Date.CompareTo(dateTime.Value.Date) == 0).ToList() : beSafeLogEntries.ToList();
foreach (EventLogEntry ev in beSafeLogsFilteredByDate)
{
if (!ev.Data.Any())
{
continue;
}
PluginResult pluginResult = Deserialize <PluginResult>(ev.Data);
LogPresenterList.Add(new LogPresenter
{
Date = ev.TimeWritten,
ScannedObject = pluginResult.ScannedObjectString,
PluginName = pluginResult.PluginInfo.ToString(),
Risk = pluginResult.RiskRate,
PluginMessage = pluginResult.Message,
});
}
logPresenterBindingSource.DataSource = LogPresenterList.ToList();
}
string GetDayHours(EventLogEntryCollection sec_events, DateTime curr_selected_date)
{
string user_name = Environment.UserDomainName + @"\" + Environment.UserName;
DateTime curr_date = new DateTime();
DateTime start_time = new DateTime(), end_time = new DateTime();
bool start_time_first = false;
bool date_today = false;
string res = "0";
if (curr_selected_date.Date == DateTime.Today)
{
curr_date = DateTime.Now;
start_time = DateTime.Today;
end_time = DateTime.Now;
date_today = true;
}
else
{
curr_date = curr_selected_date.Date;
start_time = curr_selected_date.Date.AddHours(10.0); //start work usually at 10.00
end_time = curr_selected_date.Date.AddHours(19.0); //end work last time at 19.00
}
foreach (EventLogEntry curr_event in sec_events.Cast <EventLogEntry>().OrderBy <EventLogEntry, DateTime>(o => o.TimeGenerated))
{
//EventID(InstanceId)=528 - Succesful user logon (Win7 - 4624)
//EventId=551 - User initiated logoff (Win7 - 4647)
if (curr_event.EntryType == EventLogEntryType.SuccessAudit && (curr_event.InstanceId == 528 || curr_event.InstanceId == 551 ||
curr_event.InstanceId == 4624 || curr_event.InstanceId == 4647) && curr_event.TimeGenerated.Date == curr_date.Date)
{
if (curr_event.UserName == user_name ||
(curr_event.ReplacementStrings.Length > 2 && curr_event.ReplacementStrings[2] + @"\" + curr_event.ReplacementStrings[1] == user_name) ||
(curr_event.ReplacementStrings.Length > 6 && curr_event.ReplacementStrings[6] + @"\" + curr_event.ReplacementStrings[5] == user_name))
{
if ((curr_event.InstanceId == 528 || curr_event.InstanceId == 4624) && !start_time_first)
{
start_time = curr_event.TimeGenerated;
start_time_first = true;
}
else if (curr_event.InstanceId == 551 || curr_event.InstanceId == 4647)
{
if (!date_today)
{
end_time = curr_event.TimeGenerated;
}
}
double work_hours = (end_time - start_time).TotalHours;
res = work_hours.ToString("F1");
}
}
}
return(res);
}
public static void ReadEventLog()
{
EventLog eventLog = new EventLog(evlLocationManual);
EventLogEntryCollection eventLogEntries = eventLog.Entries;
int eventLogEntryCount = eventLogEntries.Count;
for (int i = 0; i < eventLogEntries.Count; i++)
{
EventLogEntry entry = eventLog.Entries[i];
//Do Some processing on the entry
}
LogEntries = eventLogEntries.Cast <EventLogEntry>().ToList();
}