public static void Main(string[] args)
{
int exitCode = 0;
String channelPath = "Application";
try
{
//
// Parse the command line.
//
if (args.Length > 0)
{
if (args[0] == "/?" || args[0] == "-?")
{
Console.WriteLine("Usage: ChannelConfig [<channelPath> [<newMaxLogSizeInBytes>]]\n" +
"<channelPath> is the name of an existing event channel.\n" +
"EXAMPLE: ChannelConfig Microsoft-Windows-TaskScheduler/Operational 10485760\n");
Environment.Exit(0);
}
else
{
channelPath = args[0];
}
}
//
// Read a configuration property of the specified channel.
//
EventLogConfiguration config = new EventLogConfiguration(channelPath);
Console.WriteLine("The {0} log's configured maximum size is {1} bytes.", channelPath, config.MaximumSizeInBytes);
//
// Set and save a configuration property value:
// double the current maximum log size, if not supplied on the command line.
//
if (args.Length > 1)
{
config.MaximumSizeInBytes = Convert.ToInt64(args[1], CultureInfo.InvariantCulture);
}
else
{
config.MaximumSizeInBytes *= 2;
}
config.SaveChanges();
Console.WriteLine("The {0} log's maximum size has been re-configured to {1} bytes.", channelPath, config.MaximumSizeInBytes);
}
catch (UnauthorizedAccessException e)
{
Console.WriteLine("You do not have the correct permissions. " +
"Try re-running the sample with administrator privileges.\n" + e.ToString());
exitCode = 1;
}
catch(Exception e)
{
Console.WriteLine(e.ToString());
exitCode = 1;
}
Environment.Exit(exitCode);
}
//
// Process ListLog parameter set
//
private void ProcessListLog()
{
EventLogSession eventLogSession = CreateSession();
foreach (string logPattern in _listLog)
{
bool bMatchFound = false;
foreach (string logName in eventLogSession.GetLogNames())
{
WildcardPattern wildLogPattern = new WildcardPattern(logPattern, WildcardOptions.IgnoreCase);
if (((!WildcardPattern.ContainsWildcardCharacters(logPattern))
&& string.Equals(logPattern, logName, StringComparison.CurrentCultureIgnoreCase))
||
(wildLogPattern.IsMatch(logName)))
{
try
{
EventLogConfiguration logObj = new EventLogConfiguration(logName, eventLogSession);
//
// Skip direct channels matching the wildcard unless -Force is present.
//
if (!Force.IsPresent &&
WildcardPattern.ContainsWildcardCharacters(logPattern) &&
(logObj.LogType == EventLogType.Debug ||
logObj.LogType == EventLogType.Analytical))
{
continue;
}
EventLogInformation logInfoObj = eventLogSession.GetLogInformation(logName, PathType.LogName);
PSObject outputObj = new PSObject(logObj);
outputObj.Properties.Add(new PSNoteProperty("FileSize", logInfoObj.FileSize));
outputObj.Properties.Add(new PSNoteProperty("IsLogFull", logInfoObj.IsLogFull));
outputObj.Properties.Add(new PSNoteProperty("LastAccessTime", logInfoObj.LastAccessTime));
outputObj.Properties.Add(new PSNoteProperty("LastWriteTime", logInfoObj.LastWriteTime));
outputObj.Properties.Add(new PSNoteProperty("OldestRecordNumber", logInfoObj.OldestRecordNumber));
outputObj.Properties.Add(new PSNoteProperty("RecordCount", logInfoObj.RecordCount));
WriteObject(outputObj);
bMatchFound = true;
}
catch (Exception exc)
{
string msg = string.Format(CultureInfo.InvariantCulture,
_resourceMgr.GetString("LogInfoUnavailable"),
logName, exc.Message);
Exception outerExc = new Exception(msg, exc);
WriteError(new ErrorRecord(outerExc, "LogInfoUnavailable", ErrorCategory.NotSpecified, null));
continue;
}
}
}
if (!bMatchFound)
{
string msg = _resourceMgr.GetString("NoMatchingLogsFound");
Exception exc = new Exception(string.Format(CultureInfo.InvariantCulture, msg, _computerName, logPattern));
WriteError(new ErrorRecord(exc, "NoMatchingLogsFound", ErrorCategory.ObjectNotFound, null));
}
}
}
public string[] GetAllLogNames()
{
System.Collections.Generic.IList<string> allLogs = new System.Collections.Generic.List<string>();
using (EventLogSession logSession = new EventLogSession())
{
IEnumerable<string> logNames = logSession.GetLogNames();
foreach (string logName in logNames)
{
using (EventLogConfiguration logConfig = new EventLogConfiguration(logName))
{
if (logConfig.IsEnabled)
{
allLogs.Add(logName);
}
}
}
}
return allLogs.Cast<string>().ToArray();
}
//
// AddLogsForProviderToInternalMap helper.
// Retrieves log names to which _providerName writes.
// NOTE: there are many misconfigured providers in the system.
// We therefore catch EventLogException exceptions and write them out as non-terminating errors.
// The results are added to _providersByLogMap dictionary.
//
private void AddLogsForProviderToInternalMap(EventLogSession eventLogSession, string providerName)
{
try
{
ProviderMetadata providerMetadata = new ProviderMetadata(providerName, eventLogSession, CultureInfo.CurrentCulture);
System.Collections.IEnumerable logLinks = providerMetadata.LogLinks;
foreach (EventLogLink logLink in logLinks)
{
if (!_providersByLogMap.ContainsKey(logLink.LogName.ToLowerInvariant()))
{
//
// Skip direct ETW channels unless -force is present.
// Error out for direct channels unless -oldest is present.
//
EventLogConfiguration logObj = new EventLogConfiguration(logLink.LogName, eventLogSession);
if (logObj.LogType == EventLogType.Debug || logObj.LogType == EventLogType.Analytical)
{
if (!Force.IsPresent)
{
continue;
}
ValidateLogName(logLink.LogName, eventLogSession);
}
WriteVerbose(string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderLogLink"), providerName, logLink.LogName));
StringCollection provColl = new StringCollection();
provColl.Add(providerName.ToLowerInvariant());
_providersByLogMap.Add(logLink.LogName.ToLowerInvariant(), provColl);
}
else
{
//
// Log is there: add provider, if needed
//
StringCollection coll = _providersByLogMap[logLink.LogName.ToLowerInvariant()];
if (!coll.Contains(providerName.ToLowerInvariant()))
{
WriteVerbose(string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderLogLink"), providerName, logLink.LogName));
coll.Add(providerName.ToLowerInvariant());
}
}
}
}
catch (System.Diagnostics.Eventing.Reader.EventLogException exc)
{
string msg = string.Format(CultureInfo.InvariantCulture,
_resourceMgr.GetString("ProviderMetadataUnavailable"),
providerName, exc.Message);
Exception outerExc = new Exception(msg, exc);
WriteError(new ErrorRecord(outerExc, "ProviderMetadataUnavailable", ErrorCategory.NotSpecified, null));
return;
}
}
//
// FindLogNamesMatchingWildcards helper.
// Finds all logs whose names match wildcard patterns in the 'logPatterns' argument.
// For each non-matched pattern, a non-terminating error is written.
// The results are added to _logNamesMatchingWildcard array.
//
private void FindLogNamesMatchingWildcards(EventLogSession eventLogSession, IEnumerable<string> logPatterns)
{
if (_logNamesMatchingWildcard == null)
{
_logNamesMatchingWildcard = new StringCollection();
}
else
{
_logNamesMatchingWildcard.Clear();
}
foreach (string logPattern in logPatterns)
{
bool bMatched = false;
foreach (string actualLogName in eventLogSession.GetLogNames())
{
WildcardPattern wildLogPattern = new WildcardPattern(logPattern, WildcardOptions.IgnoreCase);
if (((!WildcardPattern.ContainsWildcardCharacters(logPattern))
&& (logPattern.Equals(actualLogName, StringComparison.CurrentCultureIgnoreCase)))
||
(wildLogPattern.IsMatch(actualLogName)))
{
//
// Skip direct ETW channels matching wildcards unless -force is present.
// Error out for direct channels unless -oldest is present.
//
EventLogConfiguration logObj;
try
{
logObj = new EventLogConfiguration(actualLogName, eventLogSession);
}
catch (Exception exc)
{
string msg = string.Format(CultureInfo.InvariantCulture,
_resourceMgr.GetString("LogInfoUnavailable"),
actualLogName, exc.Message);
Exception outerExc = new Exception(msg, exc);
WriteError(new ErrorRecord(outerExc, "LogInfoUnavailable", ErrorCategory.NotSpecified, null));
continue;
}
if (logObj.LogType == EventLogType.Debug || logObj.LogType == EventLogType.Analytical)
{
if (WildcardPattern.ContainsWildcardCharacters(logPattern) && !Force.IsPresent)
{
continue;
}
ValidateLogName(actualLogName, eventLogSession);
}
if (!_logNamesMatchingWildcard.Contains(actualLogName.ToLowerInvariant()))
{
_logNamesMatchingWildcard.Add(actualLogName.ToLowerInvariant());
}
bMatched = true;
}
}
if (!bMatched)
{
string msg = _resourceMgr.GetString("NoMatchingLogsFound");
Exception exc = new Exception(string.Format(CultureInfo.InvariantCulture, msg, _computerName, logPattern));
WriteError(new ErrorRecord(exc, "NoMatchingLogsFound", ErrorCategory.ObjectNotFound, logPattern));
}
}
}
//
// ValidateLogName writes an error if logName is not a valid log.
// It also terminates for direct ETW channels unless -Oldest is specified.
//
private bool ValidateLogName(string logName, EventLogSession eventLogSession)
{
EventLogConfiguration logObj;
try
{
logObj = new EventLogConfiguration(logName, eventLogSession);
}
catch (EventLogNotFoundException)
{
string msg = _resourceMgr.GetString("NoMatchingLogsFound");
Exception exc = new Exception(string.Format(CultureInfo.InvariantCulture, msg, _computerName, logName));
WriteError(new ErrorRecord(exc, "NoMatchingLogsFound", ErrorCategory.ObjectNotFound, logName));
return false;
}
catch (Exception exc)
{
string msg = string.Format(CultureInfo.InvariantCulture,
_resourceMgr.GetString("LogInfoUnavailable"),
logName, exc.Message);
Exception outerExc = new Exception(msg, exc);
WriteError(new ErrorRecord(outerExc, "LogInfoUnavailable", ErrorCategory.NotSpecified, null));
return false;
}
if (!Oldest.IsPresent)
{
if (logObj.LogType == EventLogType.Debug || logObj.LogType == EventLogType.Analytical)
{
string msg = _resourceMgr.GetString("SpecifyOldestForLog");
Exception exc = new Exception(string.Format(CultureInfo.InvariantCulture, msg, logName));
ThrowTerminatingError(new ErrorRecord(exc, "SpecifyOldestForLog", ErrorCategory.InvalidArgument, logName));
}
}
return true;
}
private void ProcessListLog()
{
EventLogSession session = this.CreateSession();
foreach (string str in this._listLog)
{
bool flag = false;
foreach (string str2 in session.GetLogNames())
{
WildcardPattern pattern = new WildcardPattern(str, WildcardOptions.IgnoreCase);
if ((!WildcardPattern.ContainsWildcardCharacters(str) && (str.ToLower(CultureInfo.CurrentCulture) == str2.ToLower(CultureInfo.CurrentCulture))) || pattern.IsMatch(str2))
{
try
{
EventLogConfiguration configuration = new EventLogConfiguration(str2, session);
if ((this.Force.IsPresent || !WildcardPattern.ContainsWildcardCharacters(str)) || ((configuration.LogType != EventLogType.Debug) && (configuration.LogType != EventLogType.Analytical)))
{
EventLogInformation logInformation = session.GetLogInformation(str2, PathType.LogName);
PSObject sendToPipeline = new PSObject(configuration);
sendToPipeline.Properties.Add(new PSNoteProperty("FileSize", logInformation.FileSize));
sendToPipeline.Properties.Add(new PSNoteProperty("IsLogFull", logInformation.IsLogFull));
sendToPipeline.Properties.Add(new PSNoteProperty("LastAccessTime", logInformation.LastAccessTime));
sendToPipeline.Properties.Add(new PSNoteProperty("LastWriteTime", logInformation.LastWriteTime));
sendToPipeline.Properties.Add(new PSNoteProperty("OldestRecordNumber", logInformation.OldestRecordNumber));
sendToPipeline.Properties.Add(new PSNoteProperty("RecordCount", logInformation.RecordCount));
base.WriteObject(sendToPipeline);
flag = true;
}
}
catch (Exception exception)
{
Exception exception2 = new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("LogInfoUnavailable"), new object[] { str2, exception.Message }), exception);
base.WriteError(new ErrorRecord(exception2, "LogInfoUnavailable", ErrorCategory.NotSpecified, null));
}
}
}
if (!flag)
{
string format = this._resourceMgr.GetString("NoMatchingLogsFound");
Exception exception3 = new Exception(string.Format(CultureInfo.InvariantCulture, format, new object[] { this._computerName, str }));
base.WriteError(new ErrorRecord(exception3, "NoMatchingLogsFound", ErrorCategory.ObjectNotFound, null));
}
}
}
private void AddLogsForProviderToInternalMap(EventLogSession eventLogSession, string providerName)
{
try
{
ProviderMetadata metadata = new ProviderMetadata(providerName, eventLogSession, CultureInfo.CurrentCulture);
foreach (EventLogLink link in metadata.LogLinks)
{
if (!this._providersByLogMap.ContainsKey(link.LogName.ToLower(CultureInfo.InvariantCulture)))
{
EventLogConfiguration configuration = new EventLogConfiguration(link.LogName, eventLogSession);
if ((configuration.LogType == EventLogType.Debug) || (configuration.LogType == EventLogType.Analytical))
{
if (!this.Force.IsPresent)
{
continue;
}
this.ValidateLogName(link.LogName, eventLogSession);
}
base.WriteVerbose(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderLogLink"), new object[] { providerName, link.LogName }));
StringCollection strings = new StringCollection();
strings.Add(providerName.ToLower(CultureInfo.InvariantCulture));
this._providersByLogMap.Add(link.LogName.ToLower(CultureInfo.InvariantCulture), strings);
}
else
{
StringCollection strings2 = this._providersByLogMap[link.LogName.ToLower(CultureInfo.InvariantCulture)];
if (!strings2.Contains(providerName.ToLower(CultureInfo.InvariantCulture)))
{
base.WriteVerbose(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderLogLink"), new object[] { providerName, link.LogName }));
strings2.Add(providerName.ToLower(CultureInfo.InvariantCulture));
}
}
}
}
catch (EventLogException exception)
{
Exception exception2 = new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderMetadataUnavailable"), new object[] { providerName, exception.Message }), exception);
base.WriteError(new ErrorRecord(exception2, "ProviderMetadataUnavailable", ErrorCategory.NotSpecified, null));
}
}
private void FindLogNamesMatchingWildcards(EventLogSession eventLogSession, IEnumerable<string> logPatterns)
{
if (this._logNamesMatchingWildcard == null)
{
this._logNamesMatchingWildcard = new StringCollection();
}
else
{
this._logNamesMatchingWildcard.Clear();
}
foreach (string str in logPatterns)
{
bool flag = false;
foreach (string str2 in eventLogSession.GetLogNames())
{
WildcardPattern pattern = new WildcardPattern(str, WildcardOptions.IgnoreCase);
if ((!WildcardPattern.ContainsWildcardCharacters(str) && str.Equals(str2, StringComparison.CurrentCultureIgnoreCase)) || pattern.IsMatch(str2))
{
EventLogConfiguration configuration;
try
{
configuration = new EventLogConfiguration(str2, eventLogSession);
}
catch (Exception exception)
{
Exception exception2 = new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("LogInfoUnavailable"), new object[] { str2, exception.Message }), exception);
base.WriteError(new ErrorRecord(exception2, "LogInfoUnavailable", ErrorCategory.NotSpecified, null));
continue;
}
if ((configuration.LogType == EventLogType.Debug) || (configuration.LogType == EventLogType.Analytical))
{
if (WildcardPattern.ContainsWildcardCharacters(str) && !this.Force.IsPresent)
{
continue;
}
this.ValidateLogName(str2, eventLogSession);
}
if (!this._logNamesMatchingWildcard.Contains(str2.ToLower(CultureInfo.InvariantCulture)))
{
this._logNamesMatchingWildcard.Add(str2.ToLower(CultureInfo.InvariantCulture));
}
flag = true;
}
}
if (!flag)
{
string format = this._resourceMgr.GetString("NoMatchingLogsFound");
Exception exception3 = new Exception(string.Format(CultureInfo.InvariantCulture, format, new object[] { this._computerName, str }));
base.WriteError(new ErrorRecord(exception3, "NoMatchingLogsFound", ErrorCategory.ObjectNotFound, str));
}
}
}
private bool ValidateLogName(string logName, EventLogSession eventLogSession)
{
EventLogConfiguration configuration;
try
{
configuration = new EventLogConfiguration(logName, eventLogSession);
}
catch (EventLogNotFoundException)
{
string format = this._resourceMgr.GetString("NoMatchingLogsFound");
Exception exception = new Exception(string.Format(CultureInfo.InvariantCulture, format, new object[] { this._computerName, logName }));
base.WriteError(new ErrorRecord(exception, "NoMatchingLogsFound", ErrorCategory.ObjectNotFound, logName));
return false;
}
catch (Exception exception2)
{
Exception exception3 = new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("LogInfoUnavailable"), new object[] { logName, exception2.Message }), exception2);
base.WriteError(new ErrorRecord(exception3, "LogInfoUnavailable", ErrorCategory.NotSpecified, null));
return false;
}
if (!this.Oldest.IsPresent && ((configuration.LogType == EventLogType.Debug) || (configuration.LogType == EventLogType.Analytical)))
{
string str3 = this._resourceMgr.GetString("SpecifyOldestForLog");
Exception exception4 = new Exception(string.Format(CultureInfo.InvariantCulture, str3, new object[] { logName }));
base.ThrowTerminatingError(new ErrorRecord(exception4, "SpecifyOldestForLog", ErrorCategory.InvalidArgument, logName));
}
return true;
}