public void TestBOS() { string sourceId = "TestDirectorySourceBOSBookmark"; Setup(sourceId); WriteLogs("A", 2); WriteLogs("B", 3); ListEventSink logRecords = new ListEventSink(); DirectorySource <IDictionary <string, string>, LogContext> watcher = CreateDirectorySource(sourceId, logRecords); watcher.InitialPosition = InitialPositionEnum.BOS; watcher.Start(); Thread.Sleep(2000); watcher.Stop(); Assert.Equal(5, logRecords.Count); logRecords.Clear(); WriteLogs("B", 1); WriteLogs("C", 5); watcher.Start(); WriteLogs("D", 7); Thread.Sleep(2000); watcher.Stop(); Assert.Equal(13, logRecords.Count); }
public void TestBOSWithIncludeSubdirectories() { string sourceId = "TestBOSWithIncludeSubdirectories"; var subDir1 = "CPU"; var subDir2 = "Memory"; var subdirectories = new string[] { subDir1, subDir2 }; Setup(sourceId, subdirectories); WriteLogs("A", 2, subDir1); WriteLogs("B", 3, subDir2); ListEventSink logRecords = new ListEventSink(); var config = TestUtility.GetConfig("Sources", "IncludeSubdirectories"); DirectorySource <IDictionary <string, string>, LogContext> watcher = CreateDirectorySource(sourceId, "log_?.log", logRecords, config); watcher.InitialPosition = InitialPositionEnum.BOS; watcher.Start(); Thread.Sleep(2000); watcher.Stop(); Assert.Equal(5, logRecords.Count); logRecords.Clear(); WriteLogs("B", 1, subDir1); WriteLogs("C", 5, subDir2); watcher.Start(); WriteLogs("D", 7, subDir1); Thread.Sleep(2000); watcher.Stop(); Assert.Equal(13, logRecords.Count); }
public void TestInitialPositionBookMarkPollingSource() { ListEventSink records = new ListEventSink(); string sourceId = "TestInitialPositionBookMark"; DeleteExistingBookmarkFile(sourceId); //This should generate a water mark file using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Bookmark; source.Start(); var nowUtc = DateTime.UtcNow; string msg = $"Message generated by EventLogTest {nowUtc}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id)); Assert.NotNull(foundRecord); Assert.True(foundRecord.Timestamp >= nowUtc); // Assert that the record exists and was created after the source stop. source.Stop(); //Write some new logs after the source stop DateTime dateTime2Utc = DateTime.UtcNow; int eventId2 = (int)(DateTime.Now.Ticks % ushort.MaxValue); msg = $"Message generated by EventLogTest {dateTime2Utc}"; records.Clear(); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId2); System.Threading.Thread.Sleep(1000); records.Clear(); source.Reset(); source.Start(); System.Threading.Thread.Sleep(5000); //Should get the record when the source is stopped var foundRecord2 = records.FirstOrDefault(r => eventId2.Equals(((RawEventRecordEnvelope)r).Data.Id)); Assert.NotNull(foundRecord2); Assert.True(foundRecord2.Timestamp >= dateTime2Utc); // Assert that the record exists and was created after the source stop. } }
public void TestInitialPositionTimeStampPollingSource() { ListEventSink records = new ListEventSink(); DateTime initialTimestamp = DateTime.Now.AddDays(-1); DateTime nowUtc = DateTime.UtcNow; string sourceId = "TestInitialPositionTimeStamp"; DeleteExistingBookmarkFile(sourceId); using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Timestamp; source.InitialPositionTimestamp = initialTimestamp; source.Start(); do { EventLog.WriteEntry(LogSource, "A fresh message", EventLogEntryType.Information, 0); System.Threading.Thread.Sleep(1000); }while (source.LastEventLatency > new TimeSpan(0, 0, 1)); source.Stop(); Assert.True(records.Count > 0, "There is an event after the timestamp."); Assert.True(records[0].Timestamp >= initialTimestamp.ToUniversalTime() && records[0].Timestamp < nowUtc, "There is an earlier event after the initial timestamp."); DateTime dateTime1 = records[records.Count - 1].Timestamp; //Write some new logs after the source stop DateTime dateTime2 = DateTime.Now; string msg = $"Message generated by EventLogTest {dateTime2}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); records.Clear(); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); source.Reset(); source.Start(); System.Threading.Thread.Sleep(5000); //Should get the record when the source is stopped Assert.True(records.Count > 0, "Should get the new record."); var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id)); Assert.True(foundRecord.Timestamp >= dateTime1); // Assert that the record exists and was created after the source stop. } }
public void TestInitialPositionTimeStamp() { string logName = "Application"; string logSource = "EventLogTest"; ListEventSink records = new ListEventSink(); DateTime initialTimestamp = DateTime.Now.AddDays(-1); DateTime nowUtc = DateTime.UtcNow; string sourceId = "TestInitialPositionTimeStamp"; DeleteExistingBookmarkFile(sourceId); using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null, _bookmarkManager))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Timestamp; source.InitialPositionTimestamp = initialTimestamp; source.Start(); do { EventLog.WriteEntry(logSource, "A fresh message", EventLogEntryType.Information, 0); System.Threading.Thread.Sleep(1000); }while (source.LastEventLatency > new TimeSpan(0, 0, 1)); source.Stop(); Assert.True(records.Count > 0, "There is an event after the timestamp."); Assert.True(records[0].Timestamp >= initialTimestamp.ToUniversalTime() && records[0].Timestamp < nowUtc, "There is an earlier event after the initial timestamp."); DateTime dateTime1 = records[records.Count - 1].Timestamp; //Write some new logs after the source stop DateTime dateTime2 = DateTime.Now; string msg = $"Message generated by EventLogTest {dateTime2}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); records.Clear(); source.Start(); System.Threading.Thread.Sleep(2000); //Should get the record when the source is stopped Assert.True(records.Count > 0, "Should get the new record."); Assert.True(records[0].Timestamp >= dateTime1, "Should pick up new records."); } }
public void TestInitialPositionBookMark() { string logName = "Application"; string logSource = "Test"; ListEventSink records = new ListEventSink(); string sourceId = "TestInitialPositionBookMark"; DeleteExistingBookmarkFile(sourceId); //This should generate a water mark file using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Bookmark; source.Start(); var nowUtc = DateTime.UtcNow; string msg = $"Message generated by EventLogTest {nowUtc}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); if (!EventLog.SourceExists(logSource)) { EventLog.CreateEventSource(logSource, logName); } EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); source.Stop(); //Write some new logs after the source stop DateTime dateTime2Utc = DateTime.UtcNow; msg = $"Message generated by EventLogTest {dateTime2Utc}"; EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); records.Clear(); source.Start(); System.Threading.Thread.Sleep(1000); //Should get the record when the source is stopped var foundRecord = records.FirstOrDefault(r => msg.Equals(((EventRecordEnvelope)r).Data.Description)); Assert.NotNull(foundRecord); Assert.True(foundRecord.Timestamp >= dateTime2Utc); } }
public void TestInitialPositionBOS() { string logName = "Application"; string logSource = "Test"; ListEventSink records = new ListEventSink(); DateTime nowUtc = DateTime.UtcNow; string sourceId = "TestInitialPositionTimeStamp"; DeleteExistingBookmarkFile(sourceId); using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.BOS; source.Start(); do { EventLog.WriteEntry(logSource, "A fresh message", EventLogEntryType.Information, 0); System.Threading.Thread.Sleep(1000); }while (source.LastEventLatency > new TimeSpan(0, 0, 1)); System.Threading.Thread.Sleep(1000); source.Stop(); Assert.True(records.Count > 0); Assert.True(records[0].Timestamp < nowUtc); //Write some new logs after the source stop DateTime dateTime2Utc = DateTime.UtcNow; string msg = $"Message generated by EventLogTest {dateTime2Utc}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); records.Clear(); source.Start(); System.Threading.Thread.Sleep(1000); //Should get the record when the source is stopped Assert.True(records.Count > 0); Assert.True(records[0].Timestamp >= dateTime2Utc); } }
public void TestInitialPositionBookMark() { string logName = "Application"; string logSource = "Test"; ListEventSink records = new ListEventSink(); string sourceId = "TestInitialPositionBookMark"; DeleteExistingBookmarkFile(sourceId); //This should generate a water mark file using (EventLogSource source = new EventLogSource(logName, null, new PluginContext(null, null, null))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Bookmark; source.Start(); string msg = $"Message generated by EvengLogTest {DateTime.Now}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); if (!EventLog.SourceExists(logSource)) { EventLog.CreateEventSource(logSource, logName); } EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); source.Stop(); //Write some new logs afte the source stop DateTime dateTime2 = DateTime.Now; msg = $"Message generated by EvengLogTest {dateTime2}"; EventLog.WriteEntry(logSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); records.Clear(); source.Start(); System.Threading.Thread.Sleep(1000); //Should get the record when the souce is stopped Assert.True(records.Count > 0); Assert.True(records[0].Timestamp >= dateTime2); } }
public void TestInitialPositionBOS(bool acknowledge) { var records = new ListEventSink(); var sourceId = "TestEvtInitialPositionTimeStamp"; var eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); var msg = "A fresh message"; // Write some events before the source is created for (int i = 0; i < 3; i++) { EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); } var now = DateTime.UtcNow; using (var source = CreateSource(sourceId, eventId)) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.BOS; source.Start(); for (int i = 0; i < 5; i++) { EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); } Thread.Sleep(5000); if (acknowledge) { // Send the acknowledgements as if they had come from sources. var bookmark = Assert.IsType <BookmarkInfo>(BookmarkManager.GetBookmark(sourceId)); BookmarkManager.SaveBookmark(bookmark.Id, records.Last().Position, null); } source.Stop(); Thread.Sleep(1000); Assert.True(records[0].Timestamp < now, $"First record should have been written before {now}, but was written at {records[0].Timestamp}"); var lastRecordTimestamp = records.Last().Timestamp; Assert.True(lastRecordTimestamp > now, $"Last record should have been written after {now}, but was written at {records.Last().Timestamp}"); records.Clear(); //Write some new logs after the source stop var newmsg = "A fresh message after source stop"; EventLog.WriteEntry(LogSource, newmsg, EventLogEntryType.Information, eventId); Thread.Sleep(1000); source.Start(); Thread.Sleep(3000); IEnvelope lastRecord; if (acknowledge) { lastRecord = Assert.Single(records); } else { Assert.Equal(9, records.Count); lastRecord = records.Last(); } Assert.True(lastRecord.Timestamp > lastRecordTimestamp); Assert.Matches("after source stop", lastRecord.GetMessage("string")); } }
public void TestInitialPositionBookMark(bool acknowledge) { var records = new ListEventSink(); var sourceId = "TestEvtInitialPositionBookMark"; var eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); var msg = "A fresh message"; // Write some events before the source is created for (int i = 0; i < 3; i++) { EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); } var now = DateTime.UtcNow; using (var source = CreateSource(sourceId, eventId)) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Bookmark; source.Start(); Thread.Sleep(2000); // When using Bookmark as Initial position, and there is no bookmark, it should not process old events. Assert.Empty(records); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); Thread.Sleep(1000); if (acknowledge) { // Send the acknowledgements as if they had come from sources. var bookmark = Assert.IsType <BookmarkInfo>(BookmarkManager.GetBookmark(sourceId)); BookmarkManager.SaveBookmark(bookmark.Id, records.Last().Position, null); } source.Stop(); Thread.Sleep(1000); var lastRecordTimestamp = Assert.Single(records).Timestamp; Assert.True(lastRecordTimestamp > now); records.Clear(); //Write some new logs after the source stop var newmsg = "A fresh message after source stop"; EventLog.WriteEntry(LogSource, newmsg, EventLogEntryType.Information, eventId); Thread.Sleep(1000); source.Start(); Thread.Sleep(1000); // If it's a clean shutdown (i.e. config reload), the bookmark isn't removed from BookmarkManager, // so the source should pick up where it left off according to the previous bookmark value. if (acknowledge) { var lastRecord = Assert.Single(records); Assert.True(lastRecord.Timestamp > lastRecordTimestamp); Assert.Matches("after source stop", lastRecord.GetMessage("string")); } else { // When using Bookmark as Initial position, and there is no bookmark, it should not process old events. // Since we didn't commit the bookmark in this theory, no records should be returned. Assert.Empty(records); } } }