示例#1
0
        private static void UploadEvtxFiles(
            string _filePattern,
            string _queryFile,
            string consoleLogOption,
            string _outputFileName,
            string blobConnectionString,
            string blobContainerName,
            KustoConnectionStringBuilder kscbAdmin,
            KustoConnectionStringBuilder kscbIngest,
            bool _demoMode,
            string _tableName,
            bool _resetTable)
        {
            string[] files;
            if (Path.IsPathRooted(_filePattern))
            {
                string dir     = Path.GetDirectoryName(Path.GetFullPath(_filePattern));
                string pattern = Path.GetFileName(_filePattern);
                files = Directory.GetFiles(dir, pattern);
            }
            else
            {
                // input
                string rootDir = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);

                // Get directory and file parts of complete relative pattern
                string pattern = Path.GetFileName(_filePattern);
                string relDir  = pattern.Substring(0, _filePattern.Length - pattern.Length);
                // Get absolute path (root+relative)
                string absPath = Path.GetFullPath(Path.Combine(rootDir, relDir));

                // Search files mathing the pattern
                files = Directory.GetFiles(absPath, pattern, SearchOption.TopDirectoryOnly);
            }

            if (files != null && files.Length > 0)
            {
                var etw = EvtxAsDictionaryObservable.FromFiles(files);
                if (kscbAdmin != null)
                {
                    // output to kusto
                    var ku = CreateUploader(UploadTimespan, blobConnectionString, blobContainerName, kscbAdmin, kscbIngest, _demoMode, _tableName, _resetTable);
                    RunUploader(ku, etw, _queryFile);
                }
                else if (!string.IsNullOrEmpty(_outputFileName))
                {
                    // output to file
                    var fileOutput = new FileOutput(_outputFileName);
                    RunFileOutput(fileOutput, etw, _queryFile);
                }
                else
                {
                    // output to console
                    bool tableFormat   = consoleLogOption == "table" ? true : false;
                    var  consoleOutput = new ConsoleOutput(tableFormat);
                    RunConsoleOutput(consoleOutput, etw, _queryFile);
                }
            }
        }
示例#2
0
        private static void UploadEvtxFiles(
            string _filePattern,
            string _queryFile,
            string _outputFileName,
            KustoConnectionStringBuilder kscbAdmin,
            KustoConnectionStringBuilder kscbIngest,
            bool _demoMode,
            string _tableName,
            bool _resetTable)
        {
            string[] files;
            if (Path.IsPathRooted(_filePattern))
            {
                string dir     = Path.GetDirectoryName(Path.GetFullPath(_filePattern));
                string pattern = Path.GetFileName(_filePattern);
                files = Directory.GetFiles(dir, pattern);
            }
            else
            {
                // input
                string rootDir = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);

                // Get directory and file parts of complete relative pattern
                string pattern = Path.GetFileName(_filePattern);
                string relDir  = pattern.Substring(0, _filePattern.Length - pattern.Length);
                // Get absolute path (root+relative)
                string absPath = Path.GetFullPath(Path.Combine(rootDir, relDir));

                // Search files mathing the pattern
                files = Directory.GetFiles(absPath, pattern, SearchOption.TopDirectoryOnly);
            }

            if (files != null && files.Length > 0)
            {
                var etw = EvtxAsDictionaryObservable.FromFiles(files);
                var ku  = CreateUploader(UploadTimespan, _outputFileName, kscbAdmin, kscbIngest, _demoMode, _tableName, _resetTable);
                RunUploader(ku, etw, _queryFile);
            }
        }