97 lines
3.5 KiB
C#
97 lines
3.5 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Collections.Concurrent;
|
|
using System.Linq;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using System.Diagnostics;
|
|
using Mono.Options;
|
|
using Newtonsoft.Json;
|
|
|
|
|
|
namespace EventPump
|
|
{
|
|
class EventPump
|
|
{
|
|
static ConcurrentQueue<EventLogEntry> events = new ConcurrentQueue<EventLogEntry>();
|
|
|
|
volatile bool RunCollect;
|
|
static List<string> logs = new List<string>();
|
|
static List<int> event_ids = new List<int>();
|
|
static List<EventLog> watching_logs = new List<EventLog>();
|
|
static int verbose = 0;
|
|
static bool showHelp = false;
|
|
|
|
static void Main(string[] args)
|
|
{
|
|
var p = new OptionSet()
|
|
.Add("v", "Verbosely print internal events.", v => ++verbose)
|
|
.Add("log=", "Specify log to collect from, may be used multiple times.", l => logs.Add(l))
|
|
.Add("id=", "Comma separated list of event IDs to filter on", id => {
|
|
string[] elements = id.Split(',');
|
|
foreach (var i in elements) {
|
|
int x = -1;
|
|
int.TryParse(i, out x);
|
|
if (x > 0) event_ids.Add(x);
|
|
}
|
|
})
|
|
.Add("h|?|help", "Show this help.", v => showHelp = true);
|
|
p.Parse(args);
|
|
|
|
if (showHelp) {
|
|
var helpText = @"Usage: EventPump.exe -log Application -id 63,25
|
|
the -id option may contain multiple values separated by
|
|
commas but no whitespace.
|
|
";
|
|
Console.WriteLine();
|
|
Console.WriteLine(helpText);
|
|
Console.WriteLine();
|
|
p.WriteOptionDescriptions(Console.Out);
|
|
Console.WriteLine();
|
|
|
|
return;
|
|
}
|
|
|
|
#if DEBUG
|
|
foreach (var l in logs) Console.WriteLine("Log: {0}", l);
|
|
foreach (var i in event_ids) Console.WriteLine("ID's: {0}", i);
|
|
#endif
|
|
|
|
foreach (var l in logs) {
|
|
var el = new EventLog(l);
|
|
el.EntryWritten += (s, e) => {
|
|
if (event_ids.Any(x => x == e.Entry.InstanceId || x == e.Entry.EventID)) {
|
|
events.Enqueue(e.Entry);
|
|
} else if (event_ids.Count == 0) {
|
|
events.Enqueue(e.Entry);
|
|
}
|
|
};
|
|
el.EnableRaisingEvents = true;
|
|
watching_logs.Add(el);
|
|
}
|
|
|
|
while (true) {
|
|
if (events.Count > 0) {
|
|
EventLogEntry e;
|
|
events.TryDequeue(out e);
|
|
if (e != null) {
|
|
Dictionary<string, dynamic> eventEntry = new Dictionary<string, dynamic>(); ;
|
|
eventEntry.Add("TimeGenerated", e.TimeGenerated);
|
|
eventEntry.Add("EventID", e.EventID);
|
|
eventEntry.Add("InstanceID", e.InstanceId);
|
|
eventEntry.Add("EntryType", e.EntryType);
|
|
eventEntry.Add("EventSource", e.Source);
|
|
eventEntry.Add("MachineName", e.MachineName);
|
|
eventEntry.Add("UserName", e.UserName);
|
|
eventEntry.Add("Message", e.Message);
|
|
Console.WriteLine(JsonConvert.SerializeObject(eventEntry));
|
|
}
|
|
}
|
|
else {
|
|
System.Threading.Thread.Sleep(100);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|