示例#1
0
        public void GetLogInformation_UsingLogName_DoesNotThrow(string logName)
        {
            using (var session = new EventLogSession())
            {
                EventLogConfiguration configuration;
                try
                {
                    configuration = new EventLogConfiguration(logName, session);
                }
                catch (EventLogNotFoundException)
                {
                    throw new SkipTestException(nameof(EventLogNotFoundException));
                }

                using (configuration)
                {
                    EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);

                    Assert.Equal(logInfo.CreationTime, logInfo.CreationTime);
                    Assert.Equal(logInfo.LastAccessTime, logInfo.LastAccessTime);
                    Assert.Equal(logInfo.LastWriteTime, logInfo.LastWriteTime);
                    Assert.Equal(logInfo.FileSize, logInfo.FileSize);
                    Assert.Equal(logInfo.Attributes, logInfo.Attributes);
                    Assert.Equal(logInfo.RecordCount, logInfo.RecordCount);
                    Assert.Equal(logInfo.OldestRecordNumber, logInfo.OldestRecordNumber);
                    Assert.Equal(logInfo.IsLogFull, logInfo.IsLogFull);
                }
            }
        }
示例#2
0
        public static object[] GetEventLogDisplayObjects(string computerName, bool filterForTasks = true)
        {
            var ret = new List <ListControlItem>();

            try
            {
                using (var session = GetEventLogSession(computerName))
                {
                    foreach (var s in session.GetLogNames())
                    {
                        try
                        {
                            var cfg = new EventLogConfiguration(s, session);
                            if (!filterForTasks || IsValidTaskLog(cfg))
                            {
                                ret.Add(new ListControlItem(session.GetLogDisplayName(s), s));
                            }
                        }
                        catch (Exception e) { Debug.WriteLine($"Couldn't get display name for event log '{s}': {e.Message}"); }
                    }
                    ret.Sort();
                }
            }
            catch { }
            return(ret.ToArray());
        }
示例#3
0
        public static void Main(string[] args)
        {
            int    exitCode    = 0;
            String channelPath = "Application";

            try
            {
                //
                // Parse the command line.
                //
                if (args.Length > 0)
                {
                    if (args[0] == "/?" || args[0] == "-?")
                    {
                        Console.WriteLine("Usage: ChannelConfig [<channelPath> [<newMaxLogSizeInBytes>]]\n" +
                                          "<channelPath> is the name of an existing event channel.\n" +
                                          "EXAMPLE: ChannelConfig Microsoft-Windows-TaskScheduler/Operational 10485760\n");
                        Environment.Exit(0);
                    }
                    else
                    {
                        channelPath = args[0];
                    }
                }

                //
                // Read a configuration property of the specified channel.
                //
                EventLogConfiguration config = new EventLogConfiguration(channelPath);
                Console.WriteLine("The {0} log's configured maximum size is {1} bytes.", channelPath, config.MaximumSizeInBytes);

                //
                // Set and save a configuration property value:
                // double the current maximum log size, if not supplied on the command line.
                //
                if (args.Length > 1)
                {
                    config.MaximumSizeInBytes = Convert.ToInt64(args[1], CultureInfo.InvariantCulture);
                }
                else
                {
                    config.MaximumSizeInBytes *= 2;
                }

                config.SaveChanges();
                Console.WriteLine("The {0} log's maximum size has been re-configured to {1} bytes.", channelPath, config.MaximumSizeInBytes);
            }
            catch (UnauthorizedAccessException e)
            {
                Console.WriteLine("You do not have the correct permissions. " +
                                  "Try re-running the sample with administrator privileges.\n" + e.ToString());
                exitCode = 1;
            }
            catch (Exception e)
            {
                Console.WriteLine(e.ToString());
                exitCode = 1;
            }
            Environment.Exit(exitCode);
        }
        public void SetProperties_SaveChanges_NotAdmin_Throws()
        {
            const string LogName = "Application";

            using (var session = new EventLogSession())
            {
                EventLogConfiguration configuration = null;
                try
                {
                    configuration = new EventLogConfiguration(LogName, session);
                }
                catch (EventLogNotFoundException)
                {
                    configuration?.Dispose();
                    return;
                }

                configuration.IsEnabled          = false;
                configuration.SecurityDescriptor = string.Empty;
                configuration.LogFilePath        = null;
                configuration.LogMode            = EventLogMode.Retain;
                configuration.ProviderLevel      = 1;
                configuration.ProviderKeywords   = 1;
                configuration.MaximumSizeInBytes = long.MaxValue;
                Assert.Throws <UnauthorizedAccessException>(() => configuration.SaveChanges());

                configuration.Dispose();
                session.CancelCurrentOperations();
            }
        }
示例#5
0
        public static List <EventLogConfiguration> GetEventLogs(string computerName, bool filterForTasks = true)
        {
            var ret = new List <EventLogConfiguration>();

            try
            {
                using (var session = GetEventLogSession(computerName))
                {
                    foreach (var s in session.GetLogNames())
                    {
                        try
                        {
                            var cfg = new EventLogConfiguration(s, session);
                            if (!filterForTasks || IsValidTaskLog(cfg))
                            {
                                ret.Add(cfg);
                            }
                        }
                        catch (Exception e) { Debug.WriteLine($"Couldn't get config for event log '{s}': {e.Message}"); }
                    }
                }
            }
            catch { }
            return(ret);
        }
示例#6
0
 private static bool IsDirect(EventLogConfiguration log)
 {
     if (log.LogType != EventLogType.Debug)
     {
         return(log.LogType == EventLogType.Analytical);
     }
     return(true);
 }
示例#7
0
        public void GetLogInformation_UsingLogName_DoesNotThrow(string logName)
        {
            DateTime?creationTime, lastAccessTime, lastWriteTime;
            long?    fileSize, recordCount, oldestRecordNumber;
            int?     attributes;
            bool?    isLogFull;

            using (var session = new EventLogSession())
            {
                EventLogConfiguration configuration = null;
                try
                {
                    configuration = new EventLogConfiguration(logName, session);
                }
                catch (EventLogNotFoundException)
                {
                    configuration?.Dispose();
                    return;
                }

                EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
                creationTime       = logInfo.CreationTime;
                lastAccessTime     = logInfo.LastAccessTime;
                lastWriteTime      = logInfo.LastWriteTime;
                fileSize           = logInfo.FileSize;
                attributes         = logInfo.Attributes;
                recordCount        = logInfo.RecordCount;
                oldestRecordNumber = logInfo.OldestRecordNumber;
                isLogFull          = logInfo.IsLogFull;

                configuration.Dispose();
            }
            using (var session = new EventLogSession())
            {
                using (var configuration = new EventLogConfiguration(logName, session))
                {
                    EventLogInformation logInfo = session.GetLogInformation(configuration.LogName, PathType.LogName);
                    Assert.Equal(creationTime, logInfo.CreationTime);
                    Assert.Equal(lastAccessTime, logInfo.LastAccessTime);
                    Assert.Equal(lastWriteTime, logInfo.LastWriteTime);
                    Assert.Equal(fileSize, logInfo.FileSize);
                    Assert.Equal(attributes, logInfo.Attributes);
                    Assert.Equal(recordCount, logInfo.RecordCount);
                    Assert.Equal(oldestRecordNumber, logInfo.OldestRecordNumber);
                    Assert.Equal(isLogFull, logInfo.IsLogFull);
                }
            }
        }
示例#8
0
        public static List <string> GetEventProviders(string computerName, string log = null, bool getDisplayName = false)
        {
            var ret = new List <string>();

            try
            {
                using (var session = GetEventLogSession(computerName))
                {
                    IEnumerable <string> names;
                    if (string.IsNullOrEmpty(log))
                    {
                        names = session.GetProviderNames();
                    }
                    else
                    {
                        using (var ec = new EventLogConfiguration(log, session))
                            names = ec.ProviderNames;
                    }
                    if (names != null)
                    {
                        ret.AddRange(names);
                        ret.Sort(StringComparer.OrdinalIgnoreCase);
                        if (getDisplayName)
                        {
                            for (var i = 0; i < ret.Count; i++)
                            {
                                var dn = ret[i];
                                try
                                {
                                    var md = new ProviderMetadata(ret[i], session, CultureInfo.CurrentUICulture);
                                    if (!string.IsNullOrEmpty(md.DisplayName))
                                    {
                                        dn = md.DisplayName;
                                    }
                                    var spl = dn.Split('-');
                                    dn = spl[spl.Length - 1];
                                }
                                catch { }
                                ret[i] = string.Concat(ret[i], "|", dn);
                            }
                        }
                    }
                }
            }
            catch { }
            return(ret);
        }
        public static string[] GetEventProviders(string computerName, string log = null, bool getDisplayName = false)
        {
            bool isLocal = (string.IsNullOrEmpty(computerName) || computerName == "." || computerName.Equals(Environment.MachineName, StringComparison.CurrentCultureIgnoreCase));

            try
            {
                using (EventLogSession session = isLocal ? new EventLogSession() : new EventLogSession(computerName))
                {
                    IEnumerable <string> names = null;
                    if (string.IsNullOrEmpty(log))
                    {
                        names = session.GetProviderNames();
                    }
                    else
                    {
                        using (EventLogConfiguration ec = new EventLogConfiguration(log, session))
                            names = ec.ProviderNames;
                    }
                    if (names != null && getDisplayName)
                    {
                        var ret = new List <string>(names);
                        ret.Sort();
                        for (int i = 0; i < ret.Count; i++)
                        {
                            string dn = ret[i];
                            try
                            {
                                var md = new ProviderMetadata(ret[i], session, System.Globalization.CultureInfo.CurrentUICulture);
                                if (!string.IsNullOrEmpty(md.DisplayName))
                                {
                                    dn = md.DisplayName;
                                }
                                var spl = dn.Split('-');
                                dn = spl[spl.Length - 1];
                            }
                            catch { }
                            ret[i] = string.Concat(ret[i], "|", dn);
                        }
                        return(ret.ToArray());
                        //return new List<string>(names).ToArray();
                    }
                }
            }
            catch {}
            return(new string[0]);
        }
示例#10
0
        private static bool IsValidTaskLog(EventLogConfiguration log)
        {
            if (log == null)
            {
                return(false);
            }
            var canFwd = Array.Exists(ForwardLogs, s => string.Equals(s, log.LogName, StringComparison.OrdinalIgnoreCase));

            if (!canFwd && log.IsClassicLog)
            {
                return(false);
            }
            if (IsDirect(log))
            {
                return(false);
            }
            return(true);
        }
示例#11
0
        public string[] GetAllLogNames()
        {
            System.Collections.Generic.IList <string> allLogs = new System.Collections.Generic.List <string>();
            using (EventLogSession logSession = new EventLogSession())
            {
                IEnumerable <string> logNames = logSession.GetLogNames();
                foreach (string logName in logNames)
                {
                    using (EventLogConfiguration logConfig = new EventLogConfiguration(logName))
                    {
                        if (logConfig.IsEnabled)
                        {
                            allLogs.Add(logName);
                        }
                    }
                }
            }

            return(allLogs.Cast <string>().ToArray());
        }
        /// <summary>
        /// Create event log data based on the log name.
        /// </summary>
        /// <param name="logName">The name of the log</param>
        public EventLogData(string logName)
        {
            try
            {
                using (EventLogConfiguration logConfig = new EventLogConfiguration(logName))
                {
                    Name               = logConfig.LogName ?? string.Empty;
                    Provider           = logConfig.OwningProviderName ?? string.Empty;
                    MaximumSize        = logConfig.MaximumSizeInBytes / 1024;
                    Retention          = Enum.GetName(typeof(EventLogMode), logConfig.LogMode);
                    IsEnabled          = logConfig.IsEnabled;
                    IsClassic          = logConfig.IsClassicLog;
                    LogType            = Enum.GetName(typeof(EventLogType), logConfig.LogType);
                    Isolation          = Enum.GetName(typeof(EventLogIsolation), logConfig.LogIsolation);
                    DebugGuid          = logConfig.ProviderControlGuid ?? Guid.Empty;
                    Providers          = logConfig.ProviderNames == null ? new List <string>() : logConfig.ProviderNames.ToList <string>();
                    FilePath           = logConfig.LogFilePath ?? string.Empty;
                    SecurityDescriptor = logConfig.SecurityDescriptor ?? string.Empty; //new RawSecurityDescriptor(logConfig.SecurityDescriptor);
                }
            }
            catch (UnauthorizedAccessException uae)
            {
                // trying to access the Security log while running as non-admin causes this exception.

                Name               = string.Empty;
                Provider           = string.Empty;
                MaximumSize        = 0;
                Retention          = string.Empty;
                IsEnabled          = false;
                IsClassic          = false;
                LogType            = string.Empty;
                Isolation          = string.Empty;
                DebugGuid          = Guid.Empty;
                Providers          = new List <string>();
                FilePath           = string.Empty;
                SecurityDescriptor = string.Empty;

                Logger.Error(uae, CultureInfo.CurrentCulture, "Access denied to event log '{0}' while processing event logs: {1}{2}{3}", logName, uae.Message, Environment.NewLine, uae.StackTrace);
            }
        }
        public void EventLogConfiguration_CheckProperties_RemainsTheSame(string logName)
        {
            bool         isEnabled;
            string       securityDescriptor;
            EventLogMode logMode;
            int?         providerBufferSize;
            long         maximumSizeInBytes;
            int?         providerMinimumNumberOfBuffers;
            int?         providerMaximumNumberOfBuffers;
            int?         providerLatency;
            int?         providerLevel;
            long?        providerKeywords;
            Guid?        providerControlGuid;

            using (var session = new EventLogSession())
            {
                EventLogConfiguration configuration = null;
                try
                {
                    configuration = new EventLogConfiguration(logName, session);
                }
                catch (EventLogNotFoundException)
                {
                    configuration?.Dispose();
                    return;
                }

                Assert.Equal(logName, configuration.LogName);
                Assert.NotEmpty(configuration.ProviderNames);
                Assert.Equal("Application", configuration.LogIsolation.ToString());

                if (logName.Equals("Application"))
                {
                    Assert.Equal(EventLogType.Administrative, configuration.LogType);
                    Assert.True(configuration.IsClassicLog);
                    Assert.Contains("Application.evtx", configuration.LogFilePath);
                    Assert.Empty(configuration.OwningProviderName);
                }
                else
                {
                    Assert.Equal(EventLogType.Operational, configuration.LogType);
                    Assert.False(configuration.IsClassicLog);
                    Assert.Contains("Microsoft-Windows-TaskScheduler%4Operational.evtx", configuration.LogFilePath);
                    Assert.Equal("Microsoft-Windows-TaskScheduler", configuration.OwningProviderName);
                }

                isEnabled                      = configuration.IsEnabled;
                securityDescriptor             = configuration.SecurityDescriptor;
                logMode                        = configuration.LogMode;
                providerBufferSize             = configuration.ProviderBufferSize;
                maximumSizeInBytes             = configuration.MaximumSizeInBytes;
                providerMinimumNumberOfBuffers = configuration.ProviderMinimumNumberOfBuffers;
                providerMaximumNumberOfBuffers = configuration.ProviderMaximumNumberOfBuffers;
                providerLevel                  = configuration.ProviderLevel;
                providerKeywords               = configuration.ProviderKeywords;
                providerControlGuid            = configuration.ProviderControlGuid;
                providerLatency                = configuration.ProviderLatency;

                configuration.Dispose();
            }
            using (var session = new EventLogSession())
            {
                using (var configuration = new EventLogConfiguration(logName, session))
                {
                    Assert.Equal(isEnabled, configuration.IsEnabled);
                    Assert.Equal(securityDescriptor, configuration.SecurityDescriptor);
                    Assert.Equal(logMode, configuration.LogMode);
                    Assert.Equal(providerBufferSize, configuration.ProviderBufferSize);
                    Assert.Equal(maximumSizeInBytes, configuration.MaximumSizeInBytes);
                    Assert.Equal(providerMinimumNumberOfBuffers, configuration.ProviderMinimumNumberOfBuffers);
                    Assert.Equal(providerMaximumNumberOfBuffers, configuration.ProviderMaximumNumberOfBuffers);
                    Assert.Equal(providerLevel, configuration.ProviderLevel);
                    Assert.Equal(providerKeywords, configuration.ProviderKeywords);
                    Assert.Equal(providerControlGuid, configuration.ProviderControlGuid);
                    Assert.Equal(providerLatency, configuration.ProviderLatency);
                }
            }
        }