public EventData()
{
Provider = string.Empty;
Id = new EventId();
Level = new EventLevelData();
Version = 0;
Task = new EventTaskData();
Opcode = new EventOpcodeData();
Keywords = new List <EventKeywordData>();
LoggedTo = new EventLogData();
Message = string.Empty;
Parameters = new OrderedDictionary();
}
/// <summary>
/// Creates event data associated with a specific provider with the specified event metadata.
/// </summary>
/// <param name="providerName">The name of the provider.</param>
/// <param name="metadata">The event metadata.</param>
public EventData(string providerName, EventMetadata metadata)
{
if (metadata != null)
{
Provider = string.IsNullOrEmpty(providerName) ? string.Empty : providerName;
Id = new EventId(metadata.Id);
Level = new EventLevelData(metadata.Level.DisplayName, metadata.Level.Value);
Version = metadata.Version;
Task = new EventTaskData(metadata.Task.Name, metadata.Task.DisplayName, metadata.Task.Value, metadata.Task.EventGuid);
Opcode = new EventOpcodeData(metadata.Opcode.DisplayName, metadata.Opcode.Value);
Keywords = EventKeywordData.GetKeywords(metadata.Keywords);
LoggedTo = string.IsNullOrEmpty(metadata.LogLink.LogName) ? new EventLogData() : new EventLogData(metadata.LogLink.LogName);
Message = metadata.Description ?? string.Empty;
// only check the template for parameters if the event has an actual message string
//Parameters = string.IsNullOrEmpty(metadata.Description) ? new OrderedDictionary() : GetEventParametersFromXmlTemplate(metadata.Template);
Parameters = string.IsNullOrEmpty(metadata.Template) ? new OrderedDictionary() : GetEventParametersFromXmlTemplate(metadata.Template);
// use the officially defined level information when it exists, otherwise we try to guess the level from Id.Severity which may or may not be accurate
// previously, there was a question mark added to the end of the level name to denote this case but it was removed since it seems like a valid guess
if (string.IsNullOrEmpty(Level.Name))
{
Level = new EventLevelData(string.Format(CultureInfo.CurrentCulture, "{0}", Id.Severity), (int)Enum.Parse(typeof(NtSeverity), Id.Severity));
}
// odd case but fairly common
if (string.IsNullOrEmpty(metadata.Description) && !string.IsNullOrEmpty(metadata.Template))
{
Logger.Debug(CultureInfo.CurrentCulture, "Event did not have a message but had message parameters defined. {0}", this);
}
// another odd case but seems to be normal for "Classic" events so log only the non-classic instances
if (!string.IsNullOrEmpty(metadata.Description) && metadata.Description.Contains("%1") && string.IsNullOrEmpty(metadata.Template) && (Keywords.Count(keyword => keyword.Name.Equals("Classic")) == 0))
{
Logger.Debug(CultureInfo.CurrentCulture, "Event had a message with a parameter but no message parameters were defined. {0}", this);
}
}
else
{
Provider = string.Empty;
Id = new EventId();
Level = new EventLevelData();
Version = 0;
Task = new EventTaskData();
Opcode = new EventOpcodeData();
Keywords = new List <EventKeywordData>();
LoggedTo = new EventLogData();
Message = string.Empty;
Parameters = new OrderedDictionary();
}
}