public void TestSavingOutdatedBookmarkPollingSource() { string logName = "Application"; string logSource = nameof(TestSavingOutdatedBookmark); string query = $"*[System[Provider[@Name = '{logSource}']]]"; DeleteExistingBookmarkFile(logSource); if (!EventLog.SourceExists(logSource)) { EventLog.CreateEventSource(logSource, logName); } using (WindowsEventPollingSource source = new WindowsEventPollingSource(logName, query, false, new PluginContext(null, null, null, _bookmarkManager))) { source.Id = logSource; source.InitialPosition = InitialPositionEnum.Bookmark; source.Start(); System.Threading.Thread.Sleep(1000); EventLog.WriteEntry(logSource, "TestSavingOutdatedBookmark test message"); System.Threading.Thread.Sleep(1000); var lastSavedBookmark = source._lastSavedBookmark; // execute a save bookmark operation at the '0' position source.SaveBookmarkInternal(0, false); // assert that 'SaveBookmarkInternal' does not throw exception, // and the saved bookmark remains the latest position. Assert.Equal(lastSavedBookmark, source._lastSavedBookmark); } }
public void TestEventXml2PollingSource() { ListEventSink records = new ListEventSink(); var config = TestUtility.GetConfig("Sources", "ApplicationLogWithEventData"); using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(config, null, null, _bookmarkManager))) { source.Subscribe(records); source.Start(); string msg = $"Message generated by EventLogTest {DateTime.Now}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); source.Stop(); } string xml = ((RawEventRecordEnvelope)records[0]).GetMessage("xml2"); var xDocument = XDocument.Parse(xml); var xRoot = xDocument.Root; Assert.Equal("Event", xRoot.Name.LocalName); XNamespace ns = xRoot.GetDefaultNamespace(); Assert.NotNull(xRoot.Element(ns + "System")); Assert.NotNull(xRoot.Element(ns + "EventData")); }
public void TestInitialPositionBookMarkPollingSource() { ListEventSink records = new ListEventSink(); string sourceId = "TestInitialPositionBookMark"; DeleteExistingBookmarkFile(sourceId); //This should generate a water mark file using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Bookmark; source.Start(); var nowUtc = DateTime.UtcNow; string msg = $"Message generated by EventLogTest {nowUtc}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id)); Assert.NotNull(foundRecord); Assert.True(foundRecord.Timestamp >= nowUtc); // Assert that the record exists and was created after the source stop. source.Stop(); //Write some new logs after the source stop DateTime dateTime2Utc = DateTime.UtcNow; int eventId2 = (int)(DateTime.Now.Ticks % ushort.MaxValue); msg = $"Message generated by EventLogTest {dateTime2Utc}"; records.Clear(); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId2); System.Threading.Thread.Sleep(1000); records.Clear(); source.Reset(); source.Start(); System.Threading.Thread.Sleep(5000); //Should get the record when the source is stopped var foundRecord2 = records.FirstOrDefault(r => eventId2.Equals(((RawEventRecordEnvelope)r).Data.Id)); Assert.NotNull(foundRecord2); Assert.True(foundRecord2.Timestamp >= dateTime2Utc); // Assert that the record exists and was created after the source stop. } }
public void TestInitialPositionTimeStampPollingSource() { ListEventSink records = new ListEventSink(); DateTime initialTimestamp = DateTime.Now.AddDays(-1); DateTime nowUtc = DateTime.UtcNow; string sourceId = "TestInitialPositionTimeStamp"; DeleteExistingBookmarkFile(sourceId); using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, PollingSourceQuery, false, new PluginContext(null, null, null, _bookmarkManager))) { source.Subscribe(records); source.Id = sourceId; source.InitialPosition = InitialPositionEnum.Timestamp; source.InitialPositionTimestamp = initialTimestamp; source.Start(); do { EventLog.WriteEntry(LogSource, "A fresh message", EventLogEntryType.Information, 0); System.Threading.Thread.Sleep(1000); }while (source.LastEventLatency > new TimeSpan(0, 0, 1)); source.Stop(); Assert.True(records.Count > 0, "There is an event after the timestamp."); Assert.True(records[0].Timestamp >= initialTimestamp.ToUniversalTime() && records[0].Timestamp < nowUtc, "There is an earlier event after the initial timestamp."); DateTime dateTime1 = records[records.Count - 1].Timestamp; //Write some new logs after the source stop DateTime dateTime2 = DateTime.Now; string msg = $"Message generated by EventLogTest {dateTime2}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); records.Clear(); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); source.Reset(); source.Start(); System.Threading.Thread.Sleep(5000); //Should get the record when the source is stopped Assert.True(records.Count > 0, "Should get the new record."); var foundRecord = records.FirstOrDefault(r => eventId.Equals(((RawEventRecordEnvelope)r).Data.Id)); Assert.True(foundRecord.Timestamp >= dateTime1); // Assert that the record exists and was created after the source stop. } }
public void TestInitialPositionEOSPollingSource() { ListEventSink records = new ListEventSink(); using (WindowsEventPollingSource source = new WindowsEventPollingSource(LogName, null, false, new PluginContext(null, null, null, _bookmarkManager))) { source.Subscribe(records); source.Start(); string msg = $"Message generated by EventLogTest {DateTime.Now}"; int eventId = (int)(DateTime.Now.Ticks % ushort.MaxValue); EventLog.WriteEntry(LogSource, msg, EventLogEntryType.Information, eventId); System.Threading.Thread.Sleep(1000); source.Stop(); } Assert.True(records.Count > 0); }