public IEnumerable <string> GetKeywordDisplayNames(string ProviderName, EventLogHandle eventHandle) { lock (this) { ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture); ProviderMetadata pm = GetProviderMetadata(key); return(NativeWrapper.EvtFormatMessageRenderKeywords(pm.Handle, eventHandle, UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageKeyword)); } }
public string GetOpcodeDisplayName(string ProviderName, EventLogHandle eventHandle) { lock (this) { ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture); ProviderMetadata pm = GetProviderMetadata(key); return(NativeWrapper.EvtFormatMessageRenderName(pm.Handle, eventHandle, UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageOpcode)); } }
private void AddCacheEntry(ProviderMetadataId key, ProviderMetadata pm) { if (this.IsCacheFull()) { this.FlushOldestEntry(); } CacheItem item = new CacheItem(pm); this.cache.Add(key, item); }
private void AddCacheEntry(ProviderMetadataId key, ProviderMetadata pm) { if (IsCacheFull()) { FlushOldestEntry(); } CacheItem value = new CacheItem(pm); cache.Add(key, value); return; }
public string GetFormatDescription(string ProviderName, EventLogHandle eventHandle, string[] values) { lock (this) { ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture); ProviderMetadata pm = GetProviderMetadata(key); try { return(NativeWrapper.EvtFormatMessageFormatDescription(pm.Handle, eventHandle, values)); } catch (EventLogNotFoundException) { return(null); } } }
internal EventMetadata(uint id, byte version, byte channelId, byte level, byte opcode, short task, long keywords, string template, string description, ProviderMetadata pmReference) { this.id = id; this.version = version; this.channelId = channelId; this.level = level; this.opcode = opcode; this.task = task; this.keywords = keywords; this.template = template; this.description = description; this.pmReference = pmReference; }
private ProviderMetadata GetProviderMetadata(ProviderMetadataId key) { if (!IsProviderinCache(key)) { ProviderMetadata pm; try { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo, _logfile); } catch (EventLogNotFoundException) { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo); } AddCacheEntry(key, pm); return(pm); } else { CacheItem cacheItem = _cache[key]; ProviderMetadata pm = cacheItem.ProviderMetadata; // // check Provider metadata to be sure it's hasn't been // uninstalled since last time it was used. // try { pm.CheckReleased(); UpdateCacheValueInfoForHit(cacheItem); } catch (EventLogException) { DeleteCacheEntry(key); try { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo, _logfile); } catch (EventLogNotFoundException) { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo); } AddCacheEntry(key, pm); } return(pm); } }
public string GetFormatDescription(string ProviderName, EventLogHandle eventHandle) { lock (this) { ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture); try { ProviderMetadata pm = GetProviderMetadata(key); return(NativeWrapper.EvtFormatMessageRenderName(pm.Handle, eventHandle, UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageEvent)); } catch (EventLogNotFoundException) { return(null); } } }
internal EventMetadata(uint id, byte version, byte channelId, byte level, byte opcode, short task, long keywords, string template, string description, ProviderMetadata pmReference) { _id = id; _version = version; _channelId = channelId; _level = level; _opcode = opcode; _task = task; _keywords = keywords; _template = template; _description = description; _pmReference = pmReference; }
private static EventDescriptor CreateEventDescriptor(ProviderMetadata providerMetaData, EventMetadata emd) { long keywords = 0L; foreach (EventKeyword keyword in emd.Keywords) { keywords |= keyword.Value; } byte channel = 0; foreach (EventLogLink link in providerMetaData.LogLinks) { if (string.Equals(link.LogName, emd.LogLink.LogName, StringComparison.OrdinalIgnoreCase)) { break; } channel = (byte) (channel + 1); } return new EventDescriptor((int) emd.Id, emd.Version, channel, (byte) emd.Level.Value, (byte) emd.Opcode.Value, emd.Task.Value, keywords); }
private void AddLogsForProviderToInternalMap(EventLogSession eventLogSession, string providerName) { try { ProviderMetadata metadata = new ProviderMetadata(providerName, eventLogSession, CultureInfo.CurrentCulture); foreach (EventLogLink link in metadata.LogLinks) { if (!this._providersByLogMap.ContainsKey(link.LogName.ToLower(CultureInfo.InvariantCulture))) { EventLogConfiguration configuration = new EventLogConfiguration(link.LogName, eventLogSession); if ((configuration.LogType == EventLogType.Debug) || (configuration.LogType == EventLogType.Analytical)) { if (!this.Force.IsPresent) { continue; } this.ValidateLogName(link.LogName, eventLogSession); } base.WriteVerbose(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderLogLink"), new object[] { providerName, link.LogName })); StringCollection strings = new StringCollection(); strings.Add(providerName.ToLower(CultureInfo.InvariantCulture)); this._providersByLogMap.Add(link.LogName.ToLower(CultureInfo.InvariantCulture), strings); } else { StringCollection strings2 = this._providersByLogMap[link.LogName.ToLower(CultureInfo.InvariantCulture)]; if (!strings2.Contains(providerName.ToLower(CultureInfo.InvariantCulture))) { base.WriteVerbose(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderLogLink"), new object[] { providerName, link.LogName })); strings2.Add(providerName.ToLower(CultureInfo.InvariantCulture)); } } } } catch (EventLogException exception) { Exception exception2 = new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderMetadataUnavailable"), new object[] { providerName, exception.Message }), exception); base.WriteError(new ErrorRecord(exception2, "ProviderMetadataUnavailable", ErrorCategory.NotSpecified, null)); } }
private ProviderMetadata GetProviderMetadata(ProviderMetadataId key) { if (!this.IsProviderinCache(key)) { ProviderMetadata metadata; try { metadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo, this.logfile); } catch (EventLogNotFoundException) { metadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo); } this.AddCacheEntry(key, metadata); return(metadata); } CacheItem cacheItem = this.cache[key]; ProviderMetadata providerMetadata = cacheItem.ProviderMetadata; try { providerMetadata.CheckReleased(); UpdateCacheValueInfoForHit(cacheItem); } catch (EventLogException) { this.DeleteCacheEntry(key); try { providerMetadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo, this.logfile); } catch (EventLogNotFoundException) { providerMetadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo); } this.AddCacheEntry(key, providerMetadata); } return(providerMetadata); }
public CacheItem(ProviderMetadata pm) { this.pm = pm; theTime = DateTime.Now; }
private void LoadProvider() { if (string.IsNullOrEmpty(_providerName)) { throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderNotSpecified")), "ProviderName"); } using (EventLogSession session = new EventLogSession()) { foreach (string providerName in session.GetProviderNames()) { if (string.Equals(providerName, _providerName, StringComparison.OrdinalIgnoreCase)) { try { _providerMetadata = new ProviderMetadata(providerName); } catch (EventLogException exc) { string msg = string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderMetadataUnavailable"), providerName, exc.Message); throw new Exception(msg, exc); } break; } } } if (_providerMetadata == null) { string msg = string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("NoProviderFound"), _providerName); throw new ArgumentException(msg); } }
private ProviderMetadata GetProviderMetadata(ProviderMetadataId key) { if (!this.IsProviderinCache(key)) { ProviderMetadata metadata; try { metadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo, this.logfile); } catch (EventLogNotFoundException) { metadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo); } this.AddCacheEntry(key, metadata); return metadata; } CacheItem cacheItem = this.cache[key]; ProviderMetadata providerMetadata = cacheItem.ProviderMetadata; try { providerMetadata.CheckReleased(); UpdateCacheValueInfoForHit(cacheItem); } catch (EventLogException) { this.DeleteCacheEntry(key); try { providerMetadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo, this.logfile); } catch (EventLogNotFoundException) { providerMetadata = new ProviderMetadata(key.ProviderName, this.session, key.TheCultureInfo); } this.AddCacheEntry(key, providerMetadata); } return providerMetadata; }
public CacheItem(ProviderMetadata pm) { _pm = pm; _theTime = DateTime.Now; }
public static void Main(string[] args) { int exitCode = 0; bool listProviders = true; String providerName = ""; try { // // Get command line information. // if (args.Length > 0) { if (args[0] == "/?" || args[0] == "-?") { Console.WriteLine( "Usage: ProviderMetadata [<providerName>]\n" + "<providerName> is the name of an existing event provider\n" + "When <providerName> is not specified, the names of the first 20 providers will be listed.\n" + "EXAMPLE: ProviderMetadata.exe \"Application Error\"." ); Environment.Exit(0); } else { providerName = args[0]; listProviders = false; } } if (listProviders) { // // List the first 20 providers. // EventLogSession session = new EventLogSession(); int count = 0; foreach (string provName in session.GetProviderNames()) { Console.WriteLine("\t{0}", provName); if (++count >= 20) { break; } } } else { // // Read the specified provider's metadata. // ProviderMetadata providerMetadata = new ProviderMetadata(providerName); Console.WriteLine("MessageFilePath for provider '{0}' is '{1}'.", providerName, providerMetadata.MessageFilePath); // // Read the provider's event metadata. // Console.WriteLine("Provider '{0}' contains event metadata for the following event ids:", providerName); foreach (EventMetadata eventMetadata in providerMetadata.Events) { Console.WriteLine("\t{0}", eventMetadata.Id); } } } catch(Exception e) { Console.WriteLine(e.ToString()); exitCode = 1; } Environment.Exit(exitCode); }
internal EventLogLink(uint channelId, ProviderMetadata pmReference) { _channelId = channelId; _pmReference = pmReference; _syncObject = new object(); }
internal EventLogLink(uint channelId, ProviderMetadata pmReference) { ChannelId = channelId; _pmReference = pmReference; _syncObject = new object(); }
internal EventOpcode(int value, ProviderMetadata pmReference) { _value = value; _pmReference = pmReference; _syncObject = new object(); }
internal EventKeyword(long value, ProviderMetadata pmReference) { this.value = value; this.pmReference = pmReference; this.syncObject = new object(); }
public CacheItem(ProviderMetadata pm) { ProviderMetadata = pm; TheTime = DateTime.Now; }
private void ProcessListProvider() { EventLogSession session = this.CreateSession(); foreach (string str in this._listProvider) { bool flag = false; foreach (string str2 in session.GetProviderNames()) { WildcardPattern pattern = new WildcardPattern(str, WildcardOptions.IgnoreCase); if ((!WildcardPattern.ContainsWildcardCharacters(str) && (str.ToLower(CultureInfo.CurrentCulture) == str2.ToLower(CultureInfo.CurrentCulture))) || pattern.IsMatch(str2)) { try { ProviderMetadata sendToPipeline = new ProviderMetadata(str2, session, CultureInfo.CurrentCulture); base.WriteObject(sendToPipeline); flag = true; } catch (EventLogException exception) { Exception exception2 = new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderMetadataUnavailable"), new object[] { str2, exception.Message }), exception); base.WriteError(new ErrorRecord(exception2, "ProviderMetadataUnavailable", ErrorCategory.NotSpecified, null)); } } } if (!flag) { Exception exception3 = new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("NoMatchingProvidersFound"), new object[] { this._computerName, str })); base.WriteError(new ErrorRecord(exception3, "NoMatchingProvidersFound", ErrorCategory.ObjectNotFound, null)); } } }
internal EventLogLink(uint channelId, ProviderMetadata pmReference) { this.channelId = channelId; this.pmReference = pmReference; this.syncObject = new object(); }
// // AddLogsForProviderToInternalMap helper. // Retrieves log names to which _providerName writes. // NOTE: there are many misconfigured providers in the system. // We therefore catch EventLogException exceptions and write them out as non-terminating errors. // The results are added to _providersByLogMap dictionary. // private void AddLogsForProviderToInternalMap(EventLogSession eventLogSession, string providerName) { try { ProviderMetadata providerMetadata = new ProviderMetadata(providerName, eventLogSession, CultureInfo.CurrentCulture); System.Collections.IEnumerable logLinks = providerMetadata.LogLinks; foreach (EventLogLink logLink in logLinks) { if (!_providersByLogMap.ContainsKey(logLink.LogName.ToLowerInvariant())) { // // Skip direct ETW channels unless -force is present. // Error out for direct channels unless -oldest is present. // EventLogConfiguration logObj = new EventLogConfiguration(logLink.LogName, eventLogSession); if (logObj.LogType == EventLogType.Debug || logObj.LogType == EventLogType.Analytical) { if (!Force.IsPresent) { continue; } ValidateLogName(logLink.LogName, eventLogSession); } WriteVerbose(string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderLogLink"), providerName, logLink.LogName)); StringCollection provColl = new StringCollection(); provColl.Add(providerName.ToLowerInvariant()); _providersByLogMap.Add(logLink.LogName.ToLowerInvariant(), provColl); } else { // // Log is there: add provider, if needed // StringCollection coll = _providersByLogMap[logLink.LogName.ToLowerInvariant()]; if (!coll.Contains(providerName.ToLowerInvariant())) { WriteVerbose(string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderLogLink"), providerName, logLink.LogName)); coll.Add(providerName.ToLowerInvariant()); } } } } catch (System.Diagnostics.Eventing.Reader.EventLogException exc) { string msg = string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderMetadataUnavailable"), providerName, exc.Message); Exception outerExc = new Exception(msg, exc); WriteError(new ErrorRecord(outerExc, "ProviderMetadataUnavailable", ErrorCategory.NotSpecified, null)); return; } }
//called from EventMetadata internal EventLevel(int value, ProviderMetadata pmReference) { _value = value; _pmReference = pmReference; _syncObject = new object(); }
//called from EventMetadata internal EventLevel(int value, ProviderMetadata pmReference) { this.value = value; this.pmReference = pmReference; this.syncObject = new object(); }
// // Process ListProvider parameter set // private void ProcessListProvider() { EventLogSession eventLogSession = CreateSession(); foreach (string provPattern in _listProvider) { bool bMatchFound = false; foreach (string provName in eventLogSession.GetProviderNames()) { WildcardPattern wildProvPattern = new WildcardPattern(provPattern, WildcardOptions.IgnoreCase); if (((!WildcardPattern.ContainsWildcardCharacters(provPattern)) && string.Equals(provPattern, provName, StringComparison.CurrentCultureIgnoreCase)) || (wildProvPattern.IsMatch(provName))) { try { ProviderMetadata provObj = new ProviderMetadata(provName, eventLogSession, CultureInfo.CurrentCulture); WriteObject(provObj); bMatchFound = true; } catch (System.Diagnostics.Eventing.Reader.EventLogException exc) { string msg = string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("ProviderMetadataUnavailable"), provName, exc.Message); Exception outerExc = new Exception(msg, exc); WriteError(new ErrorRecord(outerExc, "ProviderMetadataUnavailable", ErrorCategory.NotSpecified, null)); continue; } } } if (!bMatchFound) { string msg = string.Format(CultureInfo.InvariantCulture, _resourceMgr.GetString("NoMatchingProvidersFound"), _computerName, provPattern); Exception exc = new Exception(msg); WriteError(new ErrorRecord(exc, "NoMatchingProvidersFound", ErrorCategory.ObjectNotFound, null)); } } }
private void AddCacheEntry(ProviderMetadataId key, ProviderMetadata pm) { if (IsCacheFull()) FlushOldestEntry(); CacheItem value = new CacheItem(pm); _cache.Add(key, value); return; }
private ProviderMetadata GetProviderMetadata(ProviderMetadataId key) { if (!IsProviderinCache(key)) { ProviderMetadata pm; try { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo, _logfile); } catch (EventLogNotFoundException) { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo); } AddCacheEntry(key, pm); return pm; } else { CacheItem cacheItem = _cache[key]; ProviderMetadata pm = cacheItem.ProviderMetadata; // // check Provider metadata to be sure it's hasn't been // uninstalled since last time it was used. // try { pm.CheckReleased(); UpdateCacheValueInfoForHit(cacheItem); } catch (EventLogException) { DeleteCacheEntry(key); try { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo, _logfile); } catch (EventLogNotFoundException) { pm = new ProviderMetadata(key.ProviderName, _session, key.TheCultureInfo); } AddCacheEntry(key, pm); } return pm; } }
internal EventTask(int value, ProviderMetadata pmReference) { this.value = value; this.pmReference = pmReference; this.syncObject = new object(); }
//called from EventMetadata internal EventKeyword(long value, ProviderMetadata pmReference) { this.value = value; this.pmReference = pmReference; this.syncObject = new object(); }
internal EventTask(int value, ProviderMetadata pmReference) { Value = value; _pmReference = pmReference; _syncObject = new object(); }
private void LoadProvider() { if (string.IsNullOrEmpty(this.providerName)) { throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderNotSpecified"), new object[0]), "ProviderName"); } using (EventLogSession session = new EventLogSession()) { foreach (string str in session.GetProviderNames()) { if (string.Equals(str, this.providerName, StringComparison.OrdinalIgnoreCase)) { try { this.providerMetadata = new ProviderMetadata(str); goto Label_00D2; } catch (EventLogException exception) { throw new Exception(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("ProviderMetadataUnavailable"), new object[] { str, exception.Message }), exception); } } } } Label_00D2: if (this.providerMetadata == null) { throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, this._resourceMgr.GetString("NoProviderFound"), new object[] { this.providerName })); } }