Exemplo n.º 1
0
        public ISource CreateInstance(string entry, IPlugInContext context)
        {
            var config = context.Configuration;

            if (!OperatingSystem.IsWindows())
            {
                throw new PlatformNotSupportedException($"Source type '{entry}' is only supported on Windows");
            }

            switch (entry.ToLowerInvariant())
            {
            case WINDOWS_EVENT_LOG_POLLING_SOURCE:
                var pollingOptions = new WindowsEventLogPollingSourceOptions();
                ParseWindowsEventLogSourceOptions(config, pollingOptions);
                ParseEventLogPollingSourceOptions(config, pollingOptions);
                var weps = new WindowsEventPollingSource(config[ConfigConstants.ID],
                                                         config["LogName"], config["Query"], context.BookmarkManager, pollingOptions, context);
                return(weps);

            case WINDOWS_EVENT_LOG_SOURCE:
                var eventOpts = new WindowsEventLogSourceOptions();
                ParseWindowsEventLogSourceOptions(config, eventOpts);
                var source = new EventLogSource(config[ConfigConstants.ID], config["LogName"], config["Query"],
                                                context.BookmarkManager, eventOpts, context);
                return(source);

            case WINDOWS_PERFORMANCE_COUNTER_SOURCE:
                var performanceCounterSource = new PerformanceCounterSource(context);
                return(performanceCounterSource);

            case WINDOWS_ETW_EVENT_SOURCE:
                var providerName          = config["ProviderName"];
                var traceLevelString      = DefaultMissingConfig(config["TraceLevel"], "Verbose");
                var matchAnyKeywordString = DefaultMissingConfig(config["MatchAnyKeyword"], ulong.MaxValue.ToString());

                if (string.IsNullOrWhiteSpace(providerName))
                {
                    throw new Exception($"A provider name must be specified for the WindowsEtwEventSource.");
                }

                TraceEventLevel traceLevel;
                ulong           matchAnyKeyword;

                if (!Enum.TryParse <TraceEventLevel>(traceLevelString, out traceLevel))
                {
                    var validNames = string.Join(", ", Enum.GetNames(typeof(TraceEventLevel)));
                    throw new Exception($"{traceLevelString} is not a valid trace level value ({validNames}) for the WindowsEtwEventSource.");
                }

                matchAnyKeyword = ParseMatchAnyKeyword(matchAnyKeywordString);

                var eventSource = new EtwEventSource(providerName, traceLevel, matchAnyKeyword, context);
                return(eventSource);

            default:
                throw new Exception($"Source type {entry} not recognized.");
            }
        }
Exemplo n.º 2
0
        public EventLogSource(string id, string logName, string query, IBookmarkManager bookmarkManager, WindowsEventLogSourceOptions options, IPlugInContext context)
            : base(id, logName, query, bookmarkManager, context)
        {
            Id       = id;
            _options = options;

            _eventLogQuery = string.IsNullOrWhiteSpace(query)
                ? new EventLogQuery(_logName, PathType.LogName)
                : new EventLogQuery(_logName, PathType.LogName, _query);

            InitialPosition          = options.InitialPosition;
            InitialPositionTimestamp = options.InitialPositionTimestamp;
        }
Exemplo n.º 3
0
        private void LoadInitialPositionSettings(IConfiguration config, WindowsEventLogSourceOptions options)
        {
            var initialPositionConfig = config["InitialPosition"];

            if (!string.IsNullOrEmpty(initialPositionConfig))
            {
                switch (initialPositionConfig.ToLower())
                {
                case "eos":
                    options.InitialPosition = InitialPositionEnum.EOS;
                    break;

                case "0":
                    options.InitialPosition = InitialPositionEnum.BOS;
                    break;

                case "bookmark":
                    options.InitialPosition = InitialPositionEnum.Bookmark;
                    break;

                case "timestamp":
                    options.InitialPosition = InitialPositionEnum.Timestamp;
                    string initialPositionTimeStamp = config["InitialPositionTimestamp"];
                    if (string.IsNullOrWhiteSpace(initialPositionTimeStamp))
                    {
                        throw new Exception("Missing initial position timestamp.");
                    }

                    try
                    {
                        var timeZone  = Utility.ParseTimeZoneKind(config["TimeZoneKind"]);
                        var timestamp = DateTime.Parse(initialPositionTimeStamp, null, System.Globalization.DateTimeStyles.RoundtripKind);
                        options.InitialPositionTimestamp = timeZone == DateTimeKind.Utc
                                ? DateTime.SpecifyKind(timestamp, DateTimeKind.Utc)
                                : DateTime.SpecifyKind(timestamp, DateTimeKind.Local).ToUniversalTime();
                    }
                    catch
                    {
                        throw new Exception($"Invalid InitialPositionTimestamp {initialPositionTimeStamp}");
                    }

                    break;

                default:
                    throw new Exception($"Invalid InitialPosition {initialPositionConfig}");
                }
            }
        }
Exemplo n.º 4
0
        private void ParseWindowsEventLogSourceOptions(IConfiguration config, WindowsEventLogSourceOptions options)
        {
            if (config["CustomFilters"] is not null)
            {
                options.CustomFilters = config["CustomFilters"].Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
                var badFilters = string.Join(",", options.CustomFilters.Where(i => EventInfoFilters.GetFilter(i) == null));
                if (!string.IsNullOrWhiteSpace(badFilters))
                {
                    throw new ConfigurationException($"Custom filter/s '{badFilters}' do not exist. Please check the filter names.");
                }
            }

            if (bool.TryParse(config["IncludeEventData"], out var ied))
            {
                options.IncludeEventData = ied;
            }

            if (bool.TryParse(config["BookmarkOnBufferFlush"], out var bookmarkOnBufferFlush))
            {
                options.BookmarkOnBufferFlush = bookmarkOnBufferFlush;
            }

            LoadInitialPositionSettings(config, options);
        }