static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"..\..\..\HTTP_Server.etl"); playback.AddLogFiles(@"..\..\..\HTTP_Server.evtx"); IObservable<SystemEvent> all = playback.GetObservable<SystemEvent>(); all.Count().Subscribe(Console.WriteLine); playback.Run(); }
public void PlayTwoBothEtlAndEvtx() { var p = new Playback(); p.AddEtlFiles(EtlFileName); p.AddLogFiles(EvtxFileName); int parseCount = 0; int fastSendCount = 0; p.GetObservable<Deliver>().Subscribe(e => { parseCount++; }); p.GetObservable<FastResp>().Subscribe(e => { fastSendCount++; }); p.Run(); Assert.AreEqual(581, parseCount); // there seems to be one event that was lost in the etl->evt conversion... Assert.AreEqual(579, fastSendCount); // and one more event here... }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddLogFiles(@"HTTP_Server.evtx"); IObservable <SystemEvent> all = playback.GetObservable <SystemEvent>(); using (all.Count().Subscribe(Console.WriteLine)) { playback.Run(); Console.ReadLine(); } }
static void CountAllTwoFiles() { // The file HTTP_Server.evtx is Windows Event Log, obtained by converting HTTP_Server.etl // It contains the same exact events, so let's count total # of events in the two files Console.WriteLine("----- CountAllTwoFiles -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddLogFiles(@"HTTP_Server.evtx"); var all = playback.GetObservable <SystemEvent>(); all.Count().Subscribe(Console.WriteLine); playback.Run(); }
public void PlayTwoBothEtlAndEvtx() { var p = new Playback(); p.AddEtlFiles(EtlFileName); p.AddLogFiles(EvtxFileName); int parseCount = 0; int fastSendCount = 0; p.GetObservable <Deliver>().Subscribe(e => { parseCount++; }); p.GetObservable <FastResp>().Subscribe(e => { fastSendCount++; }); p.Run(); Assert.AreEqual(582, parseCount); Assert.AreEqual(578, fastSendCount); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"..\..\..\HTTP_Server.etl"); playback.AddLogFiles(@"..\..\..\HTTP_Server.evtx"); IObservable<SystemEvent> all = playback.GetObservable<SystemEvent>(); var counts = from window in all.Window(TimeSpan.FromSeconds(5), playback.Scheduler) from Count in window.Count() select Count; var withTime = counts.Timestamp(playback.Scheduler); withTime.Subscribe(ts => Console.WriteLine("{0} {1}", ts.Timestamp, ts.Value)); playback.Run(); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddLogFiles(@"HTTP_Server.evtx"); IObservable <SystemEvent> all = playback.GetObservable <SystemEvent>(); var counts = from window in all.Window(TimeSpan.FromSeconds(5), playback.Scheduler) from Count in window.Count() select Count; var withTime = counts.Timestamp(playback.Scheduler); using (withTime.Subscribe(ts => Console.WriteLine("{0} {1}", ts.Timestamp, ts.Value))) { playback.Run(); Console.ReadLine(); } }
readonly List <ValidationRecord> _toValidate; // set breakpoint after scope.Run() and manualy valudate this protected RxTestSuite(params string[] files) { Playback = new Playback(); foreach (var file in files) { string ext = Path.GetExtension(file).ToLowerInvariant(); switch (ext) { case ".etl": Playback.AddEtlFiles(file); break; case ".evtx": Playback.AddLogFiles(file); break; default: throw new Exception("Unknown file type " + ext); } } _toValidate = new List <ValidationRecord>(); }
private static void Main(string[] args) { if (args.Length < 2) { Console.WriteLine( @"Usage: TxFmt files... Supported files are .man : Manifest .etl : Event Trace Log .evtx : Event Log"); Environment.Exit(1); } try { var pb = new Playback(); string asmDir = Path.Combine(Path.GetTempPath(), "TxFmt"); if (Directory.Exists(asmDir)) { Directory.Delete(asmDir, true); } Directory.CreateDirectory(asmDir); foreach (string a in args) { string ext = Path.GetExtension(a).ToLower(); switch (ext) { case ".etl": pb.AddEtlFiles(a); break; case ".evtx": pb.AddLogFiles(a); break; case ".man": string manifest = File.ReadAllText(a); Dictionary <string, string> generated = ManifestParser.Parse(manifest); string assemblyPath = Path.Combine(asmDir, Path.ChangeExtension(Path.GetFileName(a), ".dll")); AssemblyBuilder.OutputAssembly(generated, new string[] {}, assemblyPath); break; default: throw new Exception("unknown extension " + ext); } } var knownTypes = new List <Type>(); foreach (string a in Directory.GetFiles(asmDir, "*.dll")) { Assembly assembly = Assembly.LoadFrom(a); knownTypes.AddRange(assembly.GetTypes()); } pb.KnownTypes = knownTypes.ToArray(); IObservable <SystemEvent> all = pb.GetObservable <SystemEvent>(); all.Subscribe(e => { if (!e.ToString().StartsWith(" DocumentServiceId")) { Console.WriteLine("{0} {1}", e.Header.EventId, e.ToString()); } ; }); pb.Run(); } catch (Exception ex) { ConsoleColor color = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.Red; Console.Error.WriteLine(ex.Message + "\n\n" + ex.StackTrace); Console.ForegroundColor = color; } }
private static void Main(string[] args) { if (args.Length < 2) { Console.WriteLine( @"Usage: TxFmt files... Supported files are .man : Manifest .etl : Event Trace Log .evtx : Event Log"); Environment.Exit(1); } try { var pb = new Playback(); string asmDir = Path.Combine(Path.GetTempPath(), "TxFmt"); if (Directory.Exists(asmDir)) Directory.Delete(asmDir, true); Directory.CreateDirectory(asmDir); foreach (string a in args) { string ext = Path.GetExtension(a).ToLower(); switch (ext) { case ".etl": pb.AddEtlFiles(a); break; case ".evtx": pb.AddLogFiles(a); break; case ".man": string manifest = File.ReadAllText(a); Dictionary<string, string> generated = ManifestParser.Parse(manifest); string assemblyPath = Path.Combine(asmDir, Path.ChangeExtension(Path.GetFileName(a), ".dll")); AssemblyBuilder.OutputAssembly(generated, new string[]{}, assemblyPath); break; default: throw new Exception("unknown extension " + ext); } } var knownTypes = new List<Type>(); foreach (string a in Directory.GetFiles(asmDir, "*.dll")) { Assembly assembly = Assembly.LoadFrom(a); knownTypes.AddRange(assembly.GetTypes()); } pb.KnownTypes = knownTypes.ToArray(); IObservable<SystemEvent> all = pb.GetObservable<SystemEvent>(); all.Subscribe(e=> { if (!e.ToString().StartsWith(" DocumentServiceId")) { Console.WriteLine("{0} {1}", e.Header.EventId, e.ToString()); }; }); pb.Run(); } catch (Exception ex) { ConsoleColor color = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.Red; Console.Error.WriteLine(ex.Message + "\n\n" + ex.StackTrace); Console.ForegroundColor = color; } }
static void CountAllTwoFiles() { // The file HTTP_Server.evtx is Windows Event Log, obtained by converting HTTP_Server.etl // It contains the same exact events, so let's count total # of events in the two files Console.WriteLine("----- CountAllTwoFiles -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddLogFiles(@"HTTP_Server.evtx"); var all = playback.GetObservable<SystemEvent>(); all.Count().Subscribe(Console.WriteLine); playback.Run(); }
public void PlayTwoBothEtlAndEvtx() { var p = new Playback(); p.AddEtlFiles(EtlFileName); p.AddLogFiles(EvtxFileName); int parseCount = 0; int fastSendCount = 0; p.GetObservable<Deliver>().Subscribe(e => { parseCount++; }); p.GetObservable<FastResp>().Subscribe(e => { fastSendCount++; }); p.Run(); Assert.AreEqual(582, parseCount); Assert.AreEqual(578, fastSendCount); }