public void GetLogInformation_UsingLogName_DoesNotThrow(string logName)
{
using (var session = new EventLogSession())
{
EventLogConfiguration configuration;
try
{
configuration = new EventLogConfiguration(logName, session);
}
catch (EventLogNotFoundException)
{
throw new SkipTestException(nameof(EventLogNotFoundException));
}
using (configuration)
{
EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
Assert.Equal(logInfo.CreationTime, logInfo.CreationTime);
Assert.Equal(logInfo.LastAccessTime, logInfo.LastAccessTime);
Assert.Equal(logInfo.LastWriteTime, logInfo.LastWriteTime);
Assert.Equal(logInfo.FileSize, logInfo.FileSize);
Assert.Equal(logInfo.Attributes, logInfo.Attributes);
Assert.Equal(logInfo.RecordCount, logInfo.RecordCount);
Assert.Equal(logInfo.OldestRecordNumber, logInfo.OldestRecordNumber);
Assert.Equal(logInfo.IsLogFull, logInfo.IsLogFull);
}
}
}
public static object[] GetEventLogDisplayObjects(string computerName, bool filterForTasks = true)
{
var ret = new List <ListControlItem>();
try
{
using (var session = GetEventLogSession(computerName))
{
foreach (var s in session.GetLogNames())
{
try
{
var cfg = new EventLogConfiguration(s, session);
if (!filterForTasks || IsValidTaskLog(cfg))
{
ret.Add(new ListControlItem(session.GetLogDisplayName(s), s));
}
}
catch (Exception e) { Debug.WriteLine($"Couldn't get display name for event log '{s}': {e.Message}"); }
}
ret.Sort();
}
}
catch { }
return(ret.ToArray());
}
public static void Main(string[] args)
{
int exitCode = 0;
String channelPath = "Application";
try
{
//
// Parse the command line.
//
if (args.Length > 0)
{
if (args[0] == "/?" || args[0] == "-?")
{
Console.WriteLine("Usage: ChannelConfig [<channelPath> [<newMaxLogSizeInBytes>]]\n" +
"<channelPath> is the name of an existing event channel.\n" +
"EXAMPLE: ChannelConfig Microsoft-Windows-TaskScheduler/Operational 10485760\n");
Environment.Exit(0);
}
else
{
channelPath = args[0];
}
}
//
// Read a configuration property of the specified channel.
//
EventLogConfiguration config = new EventLogConfiguration(channelPath);
Console.WriteLine("The {0} log's configured maximum size is {1} bytes.", channelPath, config.MaximumSizeInBytes);
//
// Set and save a configuration property value:
// double the current maximum log size, if not supplied on the command line.
//
if (args.Length > 1)
{
config.MaximumSizeInBytes = Convert.ToInt64(args[1], CultureInfo.InvariantCulture);
}
else
{
config.MaximumSizeInBytes *= 2;
}
config.SaveChanges();
Console.WriteLine("The {0} log's maximum size has been re-configured to {1} bytes.", channelPath, config.MaximumSizeInBytes);
}
catch (UnauthorizedAccessException e)
{
Console.WriteLine("You do not have the correct permissions. " +
"Try re-running the sample with administrator privileges.\n" + e.ToString());
exitCode = 1;
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
exitCode = 1;
}
Environment.Exit(exitCode);
}
public void SetProperties_SaveChanges_NotAdmin_Throws()
{
const string LogName = "Application";
using (var session = new EventLogSession())
{
EventLogConfiguration configuration = null;
try
{
configuration = new EventLogConfiguration(LogName, session);
}
catch (EventLogNotFoundException)
{
configuration?.Dispose();
return;
}
configuration.IsEnabled = false;
configuration.SecurityDescriptor = string.Empty;
configuration.LogFilePath = null;
configuration.LogMode = EventLogMode.Retain;
configuration.ProviderLevel = 1;
configuration.ProviderKeywords = 1;
configuration.MaximumSizeInBytes = long.MaxValue;
Assert.Throws <UnauthorizedAccessException>(() => configuration.SaveChanges());
configuration.Dispose();
session.CancelCurrentOperations();
}
}
public static List <EventLogConfiguration> GetEventLogs(string computerName, bool filterForTasks = true)
{
var ret = new List <EventLogConfiguration>();
try
{
using (var session = GetEventLogSession(computerName))
{
foreach (var s in session.GetLogNames())
{
try
{
var cfg = new EventLogConfiguration(s, session);
if (!filterForTasks || IsValidTaskLog(cfg))
{
ret.Add(cfg);
}
}
catch (Exception e) { Debug.WriteLine($"Couldn't get config for event log '{s}': {e.Message}"); }
}
}
}
catch { }
return(ret);
}
private static bool IsDirect(EventLogConfiguration log)
{
if (log.LogType != EventLogType.Debug)
{
return(log.LogType == EventLogType.Analytical);
}
return(true);
}
public void GetLogInformation_UsingLogName_DoesNotThrow(string logName)
{
DateTime?creationTime, lastAccessTime, lastWriteTime;
long? fileSize, recordCount, oldestRecordNumber;
int? attributes;
bool? isLogFull;
using (var session = new EventLogSession())
{
EventLogConfiguration configuration = null;
try
{
configuration = new EventLogConfiguration(logName, session);
}
catch (EventLogNotFoundException)
{
configuration?.Dispose();
return;
}
EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
creationTime = logInfo.CreationTime;
lastAccessTime = logInfo.LastAccessTime;
lastWriteTime = logInfo.LastWriteTime;
fileSize = logInfo.FileSize;
attributes = logInfo.Attributes;
recordCount = logInfo.RecordCount;
oldestRecordNumber = logInfo.OldestRecordNumber;
isLogFull = logInfo.IsLogFull;
configuration.Dispose();
}
using (var session = new EventLogSession())
{
using (var configuration = new EventLogConfiguration(logName, session))
{
EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
Assert.Equal(creationTime, logInfo.CreationTime);
Assert.Equal(lastAccessTime, logInfo.LastAccessTime);
Assert.Equal(lastWriteTime, logInfo.LastWriteTime);
Assert.Equal(fileSize, logInfo.FileSize);
Assert.Equal(attributes, logInfo.Attributes);
Assert.Equal(recordCount, logInfo.RecordCount);
Assert.Equal(oldestRecordNumber, logInfo.OldestRecordNumber);
Assert.Equal(isLogFull, logInfo.IsLogFull);
}
}
}
public static List <string> GetEventProviders(string computerName, string log = null, bool getDisplayName = false)
{
var ret = new List <string>();
try
{
using (var session = GetEventLogSession(computerName))
{
IEnumerable <string> names;
if (string.IsNullOrEmpty(log))
{
names = session.GetProviderNames();
}
else
{
using (var ec = new EventLogConfiguration(log, session))
names = ec.ProviderNames;
}
if (names != null)
{
ret.AddRange(names);
ret.Sort(StringComparer.OrdinalIgnoreCase);
if (getDisplayName)
{
for (var i = 0; i < ret.Count; i++)
{
var dn = ret[i];
try
{
var md = new ProviderMetadata(ret[i], session, CultureInfo.CurrentUICulture);
if (!string.IsNullOrEmpty(md.DisplayName))
{
dn = md.DisplayName;
}
var spl = dn.Split('-');
dn = spl[spl.Length - 1];
}
catch { }
ret[i] = string.Concat(ret[i], "|", dn);
}
}
}
}
}
catch { }
return(ret);
}
public static string[] GetEventProviders(string computerName, string log = null, bool getDisplayName = false)
{
bool isLocal = (string.IsNullOrEmpty(computerName) || computerName == "." || computerName.Equals(Environment.MachineName, StringComparison.CurrentCultureIgnoreCase));
try
{
using (EventLogSession session = isLocal ? new EventLogSession() : new EventLogSession(computerName))
{
IEnumerable <string> names = null;
if (string.IsNullOrEmpty(log))
{
names = session.GetProviderNames();
}
else
{
using (EventLogConfiguration ec = new EventLogConfiguration(log, session))
names = ec.ProviderNames;
}
if (names != null && getDisplayName)
{
var ret = new List <string>(names);
ret.Sort();
for (int i = 0; i < ret.Count; i++)
{
string dn = ret[i];
try
{
var md = new ProviderMetadata(ret[i], session, System.Globalization.CultureInfo.CurrentUICulture);
if (!string.IsNullOrEmpty(md.DisplayName))
{
dn = md.DisplayName;
}
var spl = dn.Split('-');
dn = spl[spl.Length - 1];
}
catch { }
ret[i] = string.Concat(ret[i], "|", dn);
}
return(ret.ToArray());
//return new List<string>(names).ToArray();
}
}
}
catch {}
return(new string[0]);
}
private static bool IsValidTaskLog(EventLogConfiguration log)
{
if (log == null)
{
return(false);
}
var canFwd = Array.Exists(ForwardLogs, s => string.Equals(s, log.LogName, StringComparison.OrdinalIgnoreCase));
if (!canFwd && log.IsClassicLog)
{
return(false);
}
if (IsDirect(log))
{
return(false);
}
return(true);
}
public string[] GetAllLogNames()
{
System.Collections.Generic.IList <string> allLogs = new System.Collections.Generic.List <string>();
using (EventLogSession logSession = new EventLogSession())
{
IEnumerable <string> logNames = logSession.GetLogNames();
foreach (string logName in logNames)
{
using (EventLogConfiguration logConfig = new EventLogConfiguration(logName))
{
if (logConfig.IsEnabled)
{
allLogs.Add(logName);
}
}
}
}
return(allLogs.Cast <string>().ToArray());
}
/// <summary>
/// Create event log data based on the log name.
/// </summary>
/// <param name="logName">The name of the log</param>
public EventLogData(string logName)
{
try
{
using (EventLogConfiguration logConfig = new EventLogConfiguration(logName))
{
Name = logConfig.LogName ?? string.Empty;
Provider = logConfig.OwningProviderName ?? string.Empty;
MaximumSize = logConfig.MaximumSizeInBytes / 1024;
Retention = Enum.GetName(typeof(EventLogMode), logConfig.LogMode);
IsEnabled = logConfig.IsEnabled;
IsClassic = logConfig.IsClassicLog;
LogType = Enum.GetName(typeof(EventLogType), logConfig.LogType);
Isolation = Enum.GetName(typeof(EventLogIsolation), logConfig.LogIsolation);
DebugGuid = logConfig.ProviderControlGuid ?? Guid.Empty;
Providers = logConfig.ProviderNames == null ? new List <string>() : logConfig.ProviderNames.ToList <string>();
FilePath = logConfig.LogFilePath ?? string.Empty;
SecurityDescriptor = logConfig.SecurityDescriptor ?? string.Empty; //new RawSecurityDescriptor(logConfig.SecurityDescriptor);
}
}
catch (UnauthorizedAccessException uae)
{
// trying to access the Security log while running as non-admin causes this exception.
Name = string.Empty;
Provider = string.Empty;
MaximumSize = 0;
Retention = string.Empty;
IsEnabled = false;
IsClassic = false;
LogType = string.Empty;
Isolation = string.Empty;
DebugGuid = Guid.Empty;
Providers = new List <string>();
FilePath = string.Empty;
SecurityDescriptor = string.Empty;
Logger.Error(uae, CultureInfo.CurrentCulture, "Access denied to event log '{0}' while processing event logs: {1}{2}{3}", logName, uae.Message, Environment.NewLine, uae.StackTrace);
}
}
public void EventLogConfiguration_CheckProperties_RemainsTheSame(string logName)
{
bool isEnabled;
string securityDescriptor;
EventLogMode logMode;
int? providerBufferSize;
long maximumSizeInBytes;
int? providerMinimumNumberOfBuffers;
int? providerMaximumNumberOfBuffers;
int? providerLatency;
int? providerLevel;
long? providerKeywords;
Guid? providerControlGuid;
using (var session = new EventLogSession())
{
EventLogConfiguration configuration = null;
try
{
configuration = new EventLogConfiguration(logName, session);
}
catch (EventLogNotFoundException)
{
configuration?.Dispose();
return;
}
Assert.Equal(logName, configuration.LogName);
Assert.NotEmpty(configuration.ProviderNames);
Assert.Equal("Application", configuration.LogIsolation.ToString());
if (logName.Equals("Application"))
{
Assert.Equal(EventLogType.Administrative, configuration.LogType);
Assert.True(configuration.IsClassicLog);
Assert.Contains("Application.evtx", configuration.LogFilePath);
Assert.Empty(configuration.OwningProviderName);
}
else
{
Assert.Equal(EventLogType.Operational, configuration.LogType);
Assert.False(configuration.IsClassicLog);
Assert.Contains("Microsoft-Windows-TaskScheduler%4Operational.evtx", configuration.LogFilePath);
Assert.Equal("Microsoft-Windows-TaskScheduler", configuration.OwningProviderName);
}
isEnabled = configuration.IsEnabled;
securityDescriptor = configuration.SecurityDescriptor;
logMode = configuration.LogMode;
providerBufferSize = configuration.ProviderBufferSize;
maximumSizeInBytes = configuration.MaximumSizeInBytes;
providerMinimumNumberOfBuffers = configuration.ProviderMinimumNumberOfBuffers;
providerMaximumNumberOfBuffers = configuration.ProviderMaximumNumberOfBuffers;
providerLevel = configuration.ProviderLevel;
providerKeywords = configuration.ProviderKeywords;
providerControlGuid = configuration.ProviderControlGuid;
providerLatency = configuration.ProviderLatency;
configuration.Dispose();
}
using (var session = new EventLogSession())
{
using (var configuration = new EventLogConfiguration(logName, session))
{
Assert.Equal(isEnabled, configuration.IsEnabled);
Assert.Equal(securityDescriptor, configuration.SecurityDescriptor);
Assert.Equal(logMode, configuration.LogMode);
Assert.Equal(providerBufferSize, configuration.ProviderBufferSize);
Assert.Equal(maximumSizeInBytes, configuration.MaximumSizeInBytes);
Assert.Equal(providerMinimumNumberOfBuffers, configuration.ProviderMinimumNumberOfBuffers);
Assert.Equal(providerMaximumNumberOfBuffers, configuration.ProviderMaximumNumberOfBuffers);
Assert.Equal(providerLevel, configuration.ProviderLevel);
Assert.Equal(providerKeywords, configuration.ProviderKeywords);
Assert.Equal(providerControlGuid, configuration.ProviderControlGuid);
Assert.Equal(providerLatency, configuration.ProviderLatency);
}
}
}
