diff --git a/TimberWinR.ServiceHost/Program.cs b/TimberWinR.ServiceHost/Program.cs
index 56a2355..0e6a47d 100644
--- a/TimberWinR.ServiceHost/Program.cs
+++ b/TimberWinR.ServiceHost/Program.cs
@@ -96,13 +96,13 @@ namespace TimberWinR.ServiceHost
_nlogListener = new TcpInputListener(_cancellationToken, 5140);
outputRedis.Connect(_nlogListener);
- foreach (Configuration.IISW3CLog iisw3cConfig in manager.Config.IISW3C)
+ foreach (Inputs.IISW3CLog iisw3cConfig in manager.Config.IISW3C)
{
var elistner = new IISW3CInputListener(iisw3cConfig, _cancellationToken);
outputRedis.Connect(elistner);
}
- foreach (Configuration.WindowsEvent eventConfig in manager.Config.Events)
+ foreach (Inputs.WindowsEvent eventConfig in manager.Config.Events)
{
var elistner = new WindowsEvtInputListener(eventConfig, _cancellationToken);
outputRedis.Connect(elistner);
diff --git a/TimberWinR.ServiceHost/TimberWinR.ServiceHost.csproj b/TimberWinR.ServiceHost/TimberWinR.ServiceHost.csproj
index 98e50fb..a26d36e 100644
--- a/TimberWinR.ServiceHost/TimberWinR.ServiceHost.csproj
+++ b/TimberWinR.ServiceHost/TimberWinR.ServiceHost.csproj
@@ -63,6 +63,7 @@
PreserveNewest
+ Designer
diff --git a/TimberWinR.UnitTests/Configuration.cs b/TimberWinR.UnitTests/Configuration.cs
index 17a14ca..12cad81 100644
--- a/TimberWinR.UnitTests/Configuration.cs
+++ b/TimberWinR.UnitTests/Configuration.cs
@@ -229,7 +229,7 @@ namespace TimberWinR.UnitTests
string iCheckpoint;
string binaryFormat = "PRINT";
- TimberWinR.Configuration.WindowsEvent evt = c.Events.ToArray()[0];
+ TimberWinR.Inputs.WindowsEvent evt = c.Events.ToArray()[0];
Assert.AreEqual(source, evt.Source);
Assert.AreEqual(fullText, evt.FullText);
@@ -253,7 +253,7 @@ namespace TimberWinR.UnitTests
bool splitLongLines = false;
string iCheckpoint;
- TimberWinR.Configuration.TailFileInput log = c.Logs.ToArray()[0];
+ TimberWinR.Inputs.TailFileInput log = c.Logs.ToArray()[0];
Assert.AreEqual(name, log.Name);
Assert.AreEqual(location, log.Location);
@@ -307,7 +307,7 @@ namespace TimberWinR.UnitTests
bool consolidateLogs = false;
string iCheckpoint;
- TimberWinR.Configuration.IISW3CLog iisw3c = c.IISW3C.ToArray()[0];
+ TimberWinR.Inputs.IISW3CLog iisw3c = c.IISW3C.ToArray()[0];
Assert.AreEqual(name, iisw3c.Name);
Assert.AreEqual(location, iisw3c.Location);
diff --git a/TimberWinR/Configuration.cs b/TimberWinR/Configuration.cs
index 0afdc6d..ecb7865 100644
--- a/TimberWinR/Configuration.cs
+++ b/TimberWinR/Configuration.cs
@@ -19,77 +19,6 @@ namespace TimberWinR
public class Configuration
{
- private class MissingRequiredTagException : Exception
- {
- public MissingRequiredTagException(string tagName)
- : base(
- string.Format("Missing required tag \"{0}\"", tagName))
- {
- }
- }
-
- private class MissingRequiredAttributeException : Exception
- {
- public MissingRequiredAttributeException(XElement e, string attributeName)
- : base(
- string.Format("{0}:{1} Missing required attribute \"{2}\" for element <{3}>", e.Document.BaseUri,
- ((IXmlLineInfo)e).LineNumber, attributeName, e.Name.ToString()))
- {
- }
- }
-
- private class InvalidAttributeNameException : Exception
- {
- public InvalidAttributeNameException(XAttribute a)
- : base(
- string.Format("{0}:{1} Invalid Attribute Name <{2} {3}>", a.Document.BaseUri,
- ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.Name.ToString()))
- {
- }
- }
-
- private class InvalidAttributeDateValueException : Exception
- {
- public InvalidAttributeDateValueException(XAttribute a)
- : base(
- string.Format(
- "{0}:{1} Invalid date format given for attribute. Format must be \"yyyy-MM-dd hh:mm:ss\". <{2} {3}>",
- a.Document.BaseUri,
- ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.ToString()))
- {
- }
- }
-
- private class InvalidAttributeIntegerValueException : Exception
- {
- public InvalidAttributeIntegerValueException(XAttribute a)
- : base(
- string.Format("{0}:{1} Integer value not given for attribute. <{2} {3}>", a.Document.BaseUri,
- ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.ToString()))
- {
- }
- }
-
- private class InvalidAttributeValueException : Exception
- {
- public InvalidAttributeValueException(XAttribute a)
- : base(
- string.Format("{0}:{1} Invalid Attribute Value <{2} {3}>", a.Document.BaseUri,
- ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.ToString()))
- {
- }
- }
-
- private class InvalidElementNameException : Exception
- {
- public InvalidElementNameException(XElement e)
- : base(
- string.Format("{0}:{1} Invalid Element Name <{2}> <{3}>", e.Document.BaseUri,
- ((IXmlLineInfo)e).LineNumber, e.Parent.Name, e.ToString()))
- {
- }
- }
-
private static List _events = new List();
public IEnumerable Events
@@ -184,29 +113,11 @@ namespace TimberWinR
IEnumerable inputs =
from el in config.Root.Elements("Inputs")
select el;
- Dictionary allPossibleFields = new Dictionary()
- {
- { "EventLog", typeof(string) },
- { "RecordNumber", typeof(int) },
- { "TimeGenerated", typeof(DateTime) },
- { "TimeWritten", typeof(DateTime) },
- { "EventID", typeof(int) },
- { "EventType", typeof(int) },
- { "EventTypeName", typeof(string) },
- { "EventCategory", typeof(int) },
- { "EventCategoryName", typeof(string) },
- { "SourceName", typeof(string) },
- { "Strings", typeof(string) },
- { "ComputerName", typeof(string) },
- { "SID", typeof(string) },
- { "Message", typeof(string) },
- { "Data", typeof(string) }
- };
string tagName = "Inputs";
if (inputs.Count() == 0)
{
- throw new MissingRequiredTagException(tagName);
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredTagException(tagName);
}
// WINDOWS EVENTS
@@ -216,35 +127,7 @@ namespace TimberWinR
foreach (XElement e in xml_events)
{
- // Required attributes.
- string source;
-
-
- // Parse required attributes.
- string attributeName;
-
- attributeName = "source";
- try
- {
- source = e.Attribute("source").Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
-
- // Parse fields.
- IEnumerable xml_fields =
- from el in e.Elements("Fields").Elements("Field")
- select el;
-
- List fields = parseFields(xml_fields, allPossibleFields);
-
- // Parse parameters.
- Params_WindowsEvent args = parseParams_Event(e.Attributes());
-
- WindowsEvent evt = new WindowsEvent(source, fields, args);
- _events.Add(evt);
+ WindowsEvent.Parse(_events, e);
}
@@ -254,54 +137,9 @@ namespace TimberWinR
from el in inputs.Elements("Logs").Elements("Log")
select el;
- allPossibleFields = new Dictionary()
- {
- { "LogFilename", typeof(string) },
- { "Index", typeof(int) },
- { "Text", typeof(string) }
- };
-
foreach (XElement e in xml_logs)
{
- // Required attributes.
- string name;
- string location;
-
-
- // Parse required attributes.
- string attributeName;
-
- attributeName = "name";
- try
- {
- name = e.Attribute(attributeName).Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
-
- attributeName = "location";
- try
- {
- location = e.Attribute("location").Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
-
- // Parse fields.
- IEnumerable xml_fields =
- from el in e.Elements("Fields").Elements("Field")
- select el;
- List fields = parseFields(xml_fields, allPossibleFields);
-
- // Parse parameters.
- Params_TextLog args = parseParams_Log(e.Attributes());
-
- TailFileInput log = new TailFileInput(name, location, fields, args);
- _logs.Add(log);
+ TailFileInput.Parse(_logs, e);
}
@@ -310,161 +148,21 @@ namespace TimberWinR
IEnumerable xml_iis =
from el in inputs.Elements("IISLogs").Elements("IISLog")
select el;
- allPossibleFields = new Dictionary()
- {
- { "LogFilename", typeof(string) },
- { "LogRow", typeof(int) },
- { "UserIP", typeof(string) },
- { "UserName", typeof(string) },
- { "Date", typeof(DateTime) },
- { "Time", typeof(DateTime) },
- { "ServiceInstance", typeof(string) },
- { "HostName", typeof(string) },
- { "ServerIP", typeof(string) },
- { "TimeTaken", typeof(int) },
- { "BytesSent", typeof(int) },
- { "BytesReceived", typeof(int) },
- { "StatusCode", typeof(int) },
- { "Win32StatusCode", typeof(int) },
- { "RequestType", typeof(string) },
- { "Target", typeof(string) },
- { "Parameters", typeof(string) }
- };
foreach (XElement e in xml_iis)
{
- // Required attributes.
- string name;
- string location;
-
-
- // Parse required attributes.
- string attributeName;
-
- attributeName = "name";
- try
- {
- name = e.Attribute(attributeName).Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
-
- attributeName = "location";
- try
- {
- location = e.Attribute("location").Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
-
- // Parse fields.
- IEnumerable xml_fields =
- from el in e.Elements("Fields").Elements("Field")
- select el;
-
-
-
- List fields = parseFields(xml_fields, allPossibleFields);
-
- // Parse parameters.
- Params_IISLog args = parseParams_IIS(e.Attributes());
-
-
- IISLog iis = new IISLog(name, location, fields, args);
- _iislogs.Add(iis);
+ IISLog.Parse(_iislogs, e);
}
-
// IISW3C LOGS
IEnumerable xml_iisw3c =
from el in inputs.Elements("IISW3CLogs").Elements("IISW3CLog")
select el;
- allPossibleFields = new Dictionary()
- {
- { "LogFilename", typeof(string) },
- { "LogRow", typeof(int) },
- { "date", typeof(DateTime) },
- { "time", typeof(DateTime) },
- { "c-ip", typeof(string) },
- { "cs-username", typeof(string) },
- { "s-sitename", typeof(string) },
- { "s-computername", typeof(int) },
- { "s-ip", typeof(string) },
- { "s-port", typeof(int) },
- { "cs-method", typeof(string) },
- { "cs-uri-stem", typeof(string) },
- { "cs-uri-query", typeof(string) },
- { "sc-status", typeof(int) },
- { "sc-substatus", typeof(int) },
- { "sc-win32-status", typeof(int) },
- { "sc-bytes", typeof(int) },
- { "cs-bytes", typeof(int) },
- { "time-taken", typeof(int) },
- { "cs-version", typeof(string) },
- { "cs-host", typeof(string) },
- { "cs(User-Agent)", typeof(string) },
- { "cs(Cookie)", typeof(string) },
- { "cs(Referer)", typeof(string) },
- { "s-event", typeof(string) },
- { "s-process-type", typeof(string) },
- { "s-user-time", typeof(double) },
- { "s-kernel-time", typeof(double) },
- { "s-page-faults", typeof(int) },
- { "s-total-procs", typeof(int) },
- { "s-active-procs", typeof(int) },
- { "s-stopped-procs", typeof(int) }
- };
-
foreach (XElement e in xml_iisw3c)
{
- // Required attributes.
- string name;
- string location;
-
-
- // Parse required attributes.
- string attributeName;
-
- attributeName = "name";
- try
- {
- name = e.Attribute(attributeName).Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
-
- attributeName = "location";
- try
- {
- location = e.Attribute("location").Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
-
- // Parse fields.
- IEnumerable xml_fields =
- from el in e.Elements("Fields").Elements("Field")
- select el;
-
-
- List fields = parseFields(xml_fields, allPossibleFields);
-
- // Parse parameters.
- Params_IISW3CLog args = parseParams_IISW3C(e.Attributes());
-
-
- IISW3CLog iisw3c = new IISW3CLog(name, location, fields, args);
- _iisw3clogs.Add(iisw3c);
+ IISW3CLog.Parse(_iisw3clogs, e);
}
}
@@ -480,10 +178,8 @@ namespace TimberWinR
{
switch (e.Name.ToString())
{
- case "Grok":
- TimberWinR.Filters.GrokFilter.Params_GrokFilter args = parseParams_GrokFilter(e.Elements());
- GrokFilter grok = new GrokFilter(args);
- _filters.Add(grok);
+ case GrokFilter.TagName:
+ GrokFilter.Parse(_filters, e);
break;
case MutateFilter.TagName:
MutateFilter.Parse(_filters, e);
@@ -492,979 +188,6 @@ namespace TimberWinR
}
}
- static List parseFields(IEnumerable xml_fields, Dictionary allPossibleFields)
- {
- List fields = new List();
- foreach (XElement f in xml_fields)
- {
- // Parse field name.
- string name;
- string attributeName = "name";
- try
- {
- name = f.Attribute(attributeName).Value;
- }
- catch (NullReferenceException)
- {
- throw new MissingRequiredAttributeException(f, attributeName);
- }
-
- // Ensure field name is valid.
- if (allPossibleFields.ContainsKey(name))
- {
- fields.Add(new FieldDefinition(name, allPossibleFields[name]));
- }
- else
- {
- throw new InvalidAttributeValueException(f.Attribute("name"));
- }
- }
-
- // If no fields are provided, default to all fields.
- if (fields.Count == 0)
- {
- foreach (KeyValuePair entry in allPossibleFields)
- {
- fields.Add(new FieldDefinition(entry.Key, entry.Value));
- }
- }
-
- return fields;
- }
-
- static Params_WindowsEvent parseParams_Event(IEnumerable attributes)
- {
- Params_WindowsEvent.Builder p = new Params_WindowsEvent.Builder();
-
- foreach (XAttribute a in attributes)
- {
- string val = a.Value;
- IXmlLineInfo li = ((IXmlLineInfo)a);
-
- switch (a.Name.ToString())
- {
- case "source":
- break;
- case "fullText":
- if (val == "ON" || val == "true")
- {
- p.WithFullText(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithFullText(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "resolveSIDS":
- if (val == "ON" || val == "true")
- {
- p.WithResolveSIDS(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithResolveSIDS(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "formatMsg":
- if (val == "ON" || val == "true")
- {
- p.WithFormatMsg(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithFormatMsg(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "msgErrorMode":
- if (val == "NULL" || val == "ERROR" || val == "MSG")
- {
- p.WithMsgErrorMode(val);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "fullEventCode":
- if (val == "ON" || val == "true")
- {
- p.WithFullEventCode(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithFullEventCode(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "direction":
- if (val == "FW" || val == "BW")
- {
- p.WithDirection(val);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "stringsSep":
- p.WithStringsSep(val);
- break;
- case "iCheckpoint":
- p.WithICheckpoint(val);
- break;
- case "binaryFormat":
- if (val == "ASC" || val == "PRINT" || val == "HEX")
- {
- p.WithBinaryFormat(val);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- default:
- throw new InvalidAttributeNameException(a);
- }
- }
-
- return p.Build();
- }
-
- static Params_TextLog parseParams_Log(IEnumerable attributes)
- {
- Params_TextLog.Builder p = new Params_TextLog.Builder();
-
- foreach (XAttribute a in attributes)
- {
- string val = a.Value;
- int valInt;
-
- switch (a.Name.ToString())
- {
- case "name":
- break;
- case "location":
- break;
- case "iCodepage":
- if (int.TryParse(val, out valInt))
- {
- p.WithICodepage(valInt);
- }
- else
- {
- throw new InvalidAttributeIntegerValueException(a);
- }
- break;
- case "recurse":
- if (int.TryParse(val, out valInt))
- {
- p.WithRecurse(valInt);
- }
- else
- {
- throw new InvalidAttributeIntegerValueException(a);
- }
- break;
- case "splitLongLines":
- if (val == "ON" || val == "true")
- {
- p.WithSplitLongLines(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithSplitLongLines(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "iCheckpoint":
- p.WithICheckpoint(val);
- break;
- default:
- throw new InvalidAttributeNameException(a);
- }
- }
-
- return p.Build();
- }
-
- static Params_IISLog parseParams_IIS(IEnumerable attributes)
- {
- Params_IISLog.Builder p = new Params_IISLog.Builder();
-
- foreach (XAttribute a in attributes)
- {
- string val = a.Value;
- int valInt;
-
- switch (a.Name.ToString())
- {
- case "name":
- break;
- case "location":
- break;
- case "iCodepage":
- if (int.TryParse(val, out valInt))
- {
- p.WithICodepage(valInt);
- }
- else
- {
- throw new InvalidAttributeIntegerValueException(a);
- }
- break;
- case "recurse":
- if (int.TryParse(val, out valInt))
- {
- p.WithRecurse(valInt);
- }
- else
- {
- throw new InvalidAttributeIntegerValueException(a);
- }
- break;
- case "minDateMod":
- DateTime dt;
- if (DateTime.TryParseExact(val,
- "yyyy-MM-dd hh:mm:ss",
- CultureInfo.InvariantCulture,
- DateTimeStyles.None,
- out dt))
- {
- p.WithMinDateMod(val);
- }
- else
- {
- throw new InvalidAttributeDateValueException(a);
- }
- break;
- case "locale":
- p.WithLocale(val);
- break;
- case "iCheckpoint":
- p.WithICheckpoint(val);
- break;
- default:
- throw new InvalidAttributeNameException(a);
- }
- }
-
- return p.Build();
- }
-
- static Params_IISW3CLog parseParams_IISW3C(IEnumerable attributes)
- {
- Params_IISW3CLog.Builder p = new Params_IISW3CLog.Builder();
-
- foreach (XAttribute a in attributes)
- {
- string val = a.Value;
- int valInt;
-
- switch (a.Name.ToString())
- {
- case "name":
- break;
- case "location":
- break;
- case "iCodepage":
- if (int.TryParse(val, out valInt))
- {
- p.WithICodepage(valInt);
- }
- else
- {
- throw new InvalidAttributeIntegerValueException(a);
- }
- break;
- case "recurse":
- if (int.TryParse(val, out valInt))
- {
- p.WithRecurse(valInt);
- }
- else
- {
- throw new InvalidAttributeIntegerValueException(a);
- }
- break;
- case "minDateMod":
- DateTime dt;
- if (DateTime.TryParseExact(val,
- "yyyy-MM-dd hh:mm:ss",
- CultureInfo.InvariantCulture,
- DateTimeStyles.None,
- out dt))
- {
- p.WithMinDateMod(val);
- }
- else
- {
- throw new InvalidAttributeDateValueException(a);
- }
- break;
- case "dQuotes":
- if (val == "ON" || val == "true")
- {
- p.WithDQuotes(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithDQuotes(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "dirTime":
- if (val == "ON" || val == "true")
- {
- p.WithDirTime(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithDirTime(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "consolidateLogs":
- if (val == "ON" || val == "true")
- {
- p.WithConsolidateLogs(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithConsolidateLogs(false);
- }
- else
- {
- throw new InvalidAttributeValueException(a);
- }
- break;
- case "iCheckpoint":
- p.WithICheckpoint(val);
- break;
- default:
- throw new InvalidAttributeNameException(a);
- }
- }
-
- return p.Build();
- }
-
- static TimberWinR.Filters.GrokFilter.Params_GrokFilter parseParams_GrokFilter(IEnumerable elements)
- {
- TimberWinR.Filters.GrokFilter.Params_GrokFilter.Builder p = new TimberWinR.Filters.GrokFilter.Params_GrokFilter.Builder();
-
- foreach (XElement e in elements)
- {
- string val;
- string attributeName;
- switch (e.Name.ToString())
- {
- case "Match":
- attributeName = "value";
- try
- {
- val = e.Attribute(attributeName).Value;
- }
- catch
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
- p.WithMatch(val);
-
- attributeName = "field";
- try
- {
- val = e.Attribute(attributeName).Value;
- }
- catch
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
- p.WithField(val);
- break;
-
- case "AddField":
- string name, value;
- attributeName = "name";
- try
- {
- name = e.Attribute(attributeName).Value;
- }
- catch
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
- attributeName = "value";
- try
- {
- value = e.Attribute(attributeName).Value;
- }
- catch
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
- TimberWinR.Filters.Pair addField = new TimberWinR.Filters.Pair(name, value);
- p.WithAddField(addField);
- break;
- case "DropIfMatch":
- attributeName = "value";
- try
- {
- val = e.Attribute(attributeName).Value;
- }
- catch
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
- if (val == "ON" || val == "true")
- {
- p.WithDropIfMatch(true);
- }
- else if (val == "OFF" || val == "false")
- {
- p.WithDropIfMatch(false);
- }
- else
- {
- throw new InvalidAttributeValueException(e.Attribute(attributeName));
- }
- break;
- case "RemoveField":
- attributeName = "value";
- try
- {
- val = e.Attribute(attributeName).Value;
- }
- catch
- {
- throw new MissingRequiredAttributeException(e, attributeName);
- }
- p.WithRemoveField(val);
- break;
- default:
- throw new InvalidElementNameException(e);
- }
- }
-
- return p.Build();
- }
-
- public class WindowsEvent
- {
- public string Source { get; private set; }
- public List Fields { get; private set; }
-
- // Parameters
- public bool FullText { get; private set; }
- public bool ResolveSIDS { get; private set; }
- public bool FormatMsg { get; private set; }
- public string MsgErrorMode { get; private set; }
- public bool FullEventCode { get; private set; }
- public string Direction { get; private set; }
- public string StringsSep { get; private set; }
- public string ICheckpoint { get; private set; }
- public string BinaryFormat { get; private set; }
-
- public WindowsEvent(string source, List fields, Params_WindowsEvent args)
- {
- Source = source;
- Fields = fields;
-
- FullText = args.FullText;
- ResolveSIDS = args.ResolveSIDS;
- FormatMsg = args.FormatMsg;
- MsgErrorMode = args.MsgErrorMode;
- Direction = args.Direction;
- StringsSep = args.StringsSep;
- ICheckpoint = args.ICheckpoint;
- BinaryFormat = args.BinaryFormat;
- }
-
- public override string ToString()
- {
- StringBuilder sb = new StringBuilder();
- sb.Append("WindowsEvent\n");
- sb.Append(String.Format("Source: {0}\n", Source));
- sb.Append("Fields:\n");
- foreach (FieldDefinition f in Fields)
- {
- sb.Append(String.Format("\t{0}\n", f.Name));
- }
- sb.Append("Parameters:\n");
- sb.Append(String.Format("\tfullText: {0}\n", FullText));
- sb.Append(String.Format("\tresolveSIDS: {0}\n", ResolveSIDS));
- sb.Append(String.Format("\tformatMsg: {0}\n", FormatMsg));
- sb.Append(String.Format("\tmsgErrorMode: {0}\n", MsgErrorMode));
- sb.Append(String.Format("\tfullEventCode: {0}\n", FullEventCode));
- sb.Append(String.Format("\tdirection: {0}\n", Direction));
- sb.Append(String.Format("\tstringsSep: {0}\n", StringsSep));
- sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
- sb.Append(String.Format("\tbinaryFormat: {0}\n", BinaryFormat));
-
- return sb.ToString();
- }
- }
-
- public class TailFileInput
- {
- public string Name { get; private set; }
- public string Location { get; private set; }
- public List Fields { get; private set; }
-
- // Parameters
- public int ICodepage { get; private set; }
- public int Recurse { get; private set; }
- public bool SplitLongLines { get; private set; }
- public string ICheckpoint { get; private set; }
-
- public TailFileInput(string name, string location, List fields, Params_TextLog args)
- {
- Name = name;
- Location = location;
- Fields = fields;
-
- ICodepage = args.ICodepage;
- Recurse = args.Recurse;
- SplitLongLines = args.SplitLongLines;
- ICheckpoint = args.ICheckpoint;
- }
-
- public override string ToString()
- {
- StringBuilder sb = new StringBuilder();
- sb.Append("TextLog\n");
- sb.Append(String.Format("Name: {0}\n", Name));
- sb.Append(String.Format("Location: {0}\n", Location));
- sb.Append("Fields:\n");
- foreach (FieldDefinition f in Fields)
- {
- sb.Append(String.Format("\t{0}\n", f.Name));
- }
- sb.Append("Parameters:\n");
- sb.Append(String.Format("\tiCodepage: {0}\n", ICodepage));
- sb.Append(String.Format("\trecurse: {0}\n", Recurse));
- sb.Append(String.Format("\tsplitLongLines: {0}\n", SplitLongLines));
- sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
-
- return sb.ToString();
- }
- }
-
- public class IISLog
- {
- public string Name { get; private set; }
- public string Location { get; private set; }
- public List Fields { get; private set; }
-
- // Parameters
- public int ICodepage { get; private set; }
- public int Recurse { get; private set; }
- public string MinDateMod { get; private set; }
- public string Locale { get; private set; }
- public string ICheckpoint { get; private set; }
-
- public IISLog(string name, string location, List fields, Params_IISLog args)
- {
- Name = name;
- Location = location;
- Fields = fields;
-
- ICodepage = args.ICodepage;
- Recurse = args.Recurse;
- MinDateMod = args.MinDateMod;
- Locale = args.Locale;
- ICheckpoint = args.ICheckpoint;
- }
-
- public override string ToString()
- {
- StringBuilder sb = new StringBuilder();
- sb.Append("IISLog\n");
- sb.Append(String.Format("Name: {0}\n", Name));
- sb.Append(String.Format("Location: {0}\n", Location));
- sb.Append("Fields:\n");
- foreach (FieldDefinition f in Fields)
- {
- sb.Append(String.Format("\t{0}\n", f.Name));
- }
- sb.Append("Parameters:\n");
- sb.Append(String.Format("\tiCodepage: {0}\n", ICodepage));
- sb.Append(String.Format("\trecurse: {0}\n", Recurse));
- sb.Append(String.Format("\tminDateMod: {0}\n", MinDateMod));
- sb.Append(String.Format("\tlocale: {0}\n", Locale));
- sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
-
- return sb.ToString();
- }
- }
-
- public class IISW3CLog
- {
- public string Name { get; private set; }
- public string Location { get; private set; }
- public List Fields { get; private set; }
-
- // Parameters
- public int ICodepage { get; private set; }
- public int Recurse { get; private set; }
- public string MinDateMod { get; private set; }
- public bool DQuotes { get; private set; }
- public bool DirTime { get; private set; }
- public bool ConsolidateLogs { get; private set; }
- public string ICheckpoint { get; private set; }
-
- public IISW3CLog(string name, string location, List fields, Params_IISW3CLog args)
- {
- Name = name;
- Location = location;
- Fields = fields;
-
- ICodepage = args.ICodepage;
- Recurse = args.Recurse;
- MinDateMod = args.MinDateMod;
- DQuotes = args.DQuotes;
- DirTime = args.DirTime;
- ConsolidateLogs = args.ConsolidateLogs;
- ICheckpoint = args.ICheckpoint;
- }
-
- public override string ToString()
- {
- StringBuilder sb = new StringBuilder();
- sb.Append("IISW3CLog\n");
- sb.Append(String.Format("Name: {0}\n", Name));
- sb.Append(String.Format("Location: {0}\n", Location));
- sb.Append("Fields:\n");
- foreach (FieldDefinition f in Fields)
- {
- sb.Append(String.Format("\t{0}\n", f.Name));
- }
- sb.Append("Parameters:\n");
- sb.Append(String.Format("\tiCodepage: {0}\n", ICodepage));
- sb.Append(String.Format("\trecurse: {0}\n", Recurse));
- sb.Append(String.Format("\tminDateMod: {0}\n", MinDateMod));
- sb.Append(String.Format("\tdQuotes: {0}\n", DQuotes));
- sb.Append(String.Format("\tdirTime: {0}\n", DirTime));
- sb.Append(String.Format("\tconsolidateLogs: {0}\n", ConsolidateLogs));
- sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
-
- return sb.ToString();
- }
- }
-
- public class Params_WindowsEvent
- {
- public bool FullText { get; private set; }
- public bool ResolveSIDS { get; private set; }
- public bool FormatMsg { get; private set; }
- public string MsgErrorMode { get; private set; }
- public bool FullEventCode { get; private set; }
- public string Direction { get; private set; }
- public string StringsSep { get; private set; }
- public string ICheckpoint { get; private set; }
- public string BinaryFormat { get; private set; }
-
- public class Builder
- {
- // Default values for parameters.
- private bool fullText = true;
- private bool resolveSIDS = true;
- private bool formatMsg = true;
- private string msgErrorMode = "MSG";
- private bool fullEventCode = false;
- private string direction = "FW";
- private string stringsSep = "|";
- private string iCheckpoint;
- private string binaryFormat = "PRINT";
-
- public Builder WithFullText(bool value)
- {
- fullText = value;
- return this;
- }
-
- public Builder WithResolveSIDS(bool value)
- {
- resolveSIDS = value;
- return this;
- }
-
- public Builder WithFormatMsg(bool value)
- {
- formatMsg = value;
- return this;
- }
-
- public Builder WithMsgErrorMode(string value)
- {
- msgErrorMode = value;
- return this;
- }
-
- public Builder WithFullEventCode(bool value)
- {
- fullEventCode = value;
- return this;
- }
-
- public Builder WithDirection(string value)
- {
- direction = value;
- return this;
- }
-
- public Builder WithStringsSep(string value)
- {
- stringsSep = value;
- return this;
- }
-
- public Builder WithICheckpoint(string value)
- {
- iCheckpoint = value;
- return this;
- }
-
- public Builder WithBinaryFormat(string value)
- {
- binaryFormat = value;
- return this;
- }
-
- public Params_WindowsEvent Build()
- {
- return new Params_WindowsEvent()
- {
- FullText = fullText,
- ResolveSIDS = resolveSIDS,
- FormatMsg = formatMsg,
- MsgErrorMode = msgErrorMode,
- FullEventCode = fullEventCode,
- Direction = direction,
- StringsSep = stringsSep,
- ICheckpoint = iCheckpoint,
- BinaryFormat = binaryFormat
- };
- }
- }
- }
-
- public class Params_TextLog
- {
- public int ICodepage { get; private set; }
- public int Recurse { get; private set; }
- public bool SplitLongLines { get; private set; }
- public string ICheckpoint { get; private set; }
-
- public class Builder
- {
- // Default values for parameters.
- private int iCodepage = 0;
- private int recurse = 0;
- private bool splitLongLines = false;
- private string iCheckpoint;
-
- public Builder WithICodepage(int value)
- {
- iCodepage = value;
- return this;
- }
-
- public Builder WithRecurse(int value)
- {
- recurse = value;
- return this;
- }
-
- public Builder WithSplitLongLines(bool value)
- {
- splitLongLines = value;
- return this;
- }
-
- public Builder WithICheckpoint(string value)
- {
- iCheckpoint = value;
- return this;
- }
-
- public Params_TextLog Build()
- {
- return new Params_TextLog()
- {
- ICodepage = iCodepage,
- Recurse = recurse,
- SplitLongLines = splitLongLines,
- ICheckpoint = iCheckpoint
- };
- }
- }
-
-
- }
-
- public class Params_IISLog
- {
- public int ICodepage { get; private set; }
- public int Recurse { get; private set; }
- public string MinDateMod { get; private set; }
- public string Locale { get; private set; }
- public string ICheckpoint { get; private set; }
-
- public class Builder
- {
- // Default values for parameters.
- private int iCodepage = -2;
- private int recurse = 0;
- private string minDateMod;
- private string locale = "DEF";
- private string iCheckpoint;
-
- public Builder WithICodepage(int value)
- {
- iCodepage = value;
- return this;
- }
-
- public Builder WithRecurse(int value)
- {
- recurse = value;
- return this;
- }
-
- public Builder WithMinDateMod(string value)
- {
- minDateMod = value;
- return this;
- }
-
- public Builder WithLocale(string value)
- {
- locale = value;
- return this;
- }
-
- public Builder WithICheckpoint(string value)
- {
- iCheckpoint = value;
- return this;
- }
-
- public Params_IISLog Build()
- {
- return new Params_IISLog()
- {
- ICodepage = iCodepage,
- Recurse = recurse,
- MinDateMod = minDateMod,
- Locale = locale,
- ICheckpoint = iCheckpoint
- };
- }
- }
- }
-
- public class Params_IISW3CLog
- {
- public int ICodepage { get; private set; }
- public int Recurse { get; private set; }
- public string MinDateMod { get; private set; }
- public bool DQuotes { get; private set; }
- public bool DirTime { get; private set; }
- public bool ConsolidateLogs { get; private set; }
- public string ICheckpoint { get; private set; }
-
- public class Builder
- {
- // Default values for parameters.
- private int iCodepage = -2;
- private int recurse = 0;
- private string minDateMod;
- private bool dQuotes = false;
- private bool dirTime = false;
- private bool consolidateLogs = false;
- private string iCheckpoint;
-
- public Builder WithICodepage(int value)
- {
- iCodepage = value;
- return this;
- }
-
- public Builder WithRecurse(int value)
- {
- recurse = value;
- return this;
- }
-
- public Builder WithMinDateMod(string value)
- {
- minDateMod = value;
- return this;
- }
-
- public Builder WithDQuotes(bool value)
- {
- dQuotes = value;
- return this;
- }
-
- public Builder WithDirTime(bool value)
- {
- dirTime = value;
- return this;
- }
-
- public Builder WithConsolidateLogs(bool value)
- {
- consolidateLogs = value;
- return this;
- }
-
- public Builder WithICheckpoint(string value)
- {
- iCheckpoint = value;
- return this;
- }
-
- public Params_IISW3CLog Build()
- {
- return new Params_IISW3CLog()
- {
- ICodepage = iCodepage,
- Recurse = recurse,
- MinDateMod = minDateMod,
- DQuotes = dQuotes,
- DirTime = dirTime,
- ConsolidateLogs = consolidateLogs,
- ICheckpoint = iCheckpoint
- };
- }
- }
- }
}
}
\ No newline at end of file
diff --git a/TimberWinR/ConfigurationErrors.cs b/TimberWinR/ConfigurationErrors.cs
new file mode 100644
index 0000000..6e2a2b3
--- /dev/null
+++ b/TimberWinR/ConfigurationErrors.cs
@@ -0,0 +1,80 @@
+using System;
+using System.Xml;
+using System.Xml.Linq;
+
+namespace TimberWinR
+{
+ public class ConfigurationErrors
+ {
+ public class MissingRequiredTagException : Exception
+ {
+ public MissingRequiredTagException(string tagName)
+ : base(
+ string.Format("Missing required tag \"{0}\"", tagName))
+ {
+ }
+ }
+
+ public class MissingRequiredAttributeException : Exception
+ {
+ public MissingRequiredAttributeException(XElement e, string attributeName)
+ : base(
+ string.Format("{0}:{1} Missing required attribute \"{2}\" for element <{3}>", e.Document.BaseUri,
+ ((IXmlLineInfo)e).LineNumber, attributeName, e.Name.ToString()))
+ {
+ }
+ }
+
+ public class InvalidAttributeNameException : Exception
+ {
+ public InvalidAttributeNameException(XAttribute a)
+ : base(
+ string.Format("{0}:{1} Invalid Attribute Name <{2} {3}>", a.Document.BaseUri,
+ ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.Name.ToString()))
+ {
+ }
+ }
+
+ public class InvalidAttributeDateValueException : Exception
+ {
+ public InvalidAttributeDateValueException(XAttribute a)
+ : base(
+ string.Format(
+ "{0}:{1} Invalid date format given for attribute. Format must be \"yyyy-MM-dd hh:mm:ss\". <{2} {3}>",
+ a.Document.BaseUri,
+ ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.ToString()))
+ {
+ }
+ }
+
+ public class InvalidAttributeIntegerValueException : Exception
+ {
+ public InvalidAttributeIntegerValueException(XAttribute a)
+ : base(
+ string.Format("{0}:{1} Integer value not given for attribute. <{2} {3}>", a.Document.BaseUri,
+ ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.ToString()))
+ {
+ }
+ }
+
+ public class InvalidAttributeValueException : Exception
+ {
+ public InvalidAttributeValueException(XAttribute a)
+ : base(
+ string.Format("{0}:{1} Invalid Attribute Value <{2} {3}>", a.Document.BaseUri,
+ ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.ToString()))
+ {
+ }
+ }
+
+ public class InvalidElementNameException : Exception
+ {
+ public InvalidElementNameException(XElement e)
+ : base(
+ string.Format("{0}:{1} Invalid Element Name <{2}> <{3}>", e.Document.BaseUri,
+ ((IXmlLineInfo)e).LineNumber, e.Parent.Name, e.ToString()))
+ {
+ }
+ }
+ }
+}
diff --git a/TimberWinR/Filters/DateFilter.cs b/TimberWinR/Filters/DateFilter.cs
index ace1062..554fa08 100644
--- a/TimberWinR/Filters/DateFilter.cs
+++ b/TimberWinR/Filters/DateFilter.cs
@@ -1,10 +1,10 @@
-using Newtonsoft.Json.Linq;
-using System;
+using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Text;
using Newtonsoft.Json.Linq;
+using System.Xml.Linq;
namespace TimberWinR.Filters
{
@@ -15,12 +15,88 @@ namespace TimberWinR.Filters
public bool ConvertToUTC { get; private set; }
public List Patterns { get; private set; }
- public DateFilter(Params_DateFilter args)
+ public static void Parse(List filters, XElement dateElement)
{
- Field = args.Field;
- Target = args.Target;
- ConvertToUTC = args.ConvertToUTC;
- Patterns = args.Patterns;
+ filters.Add(parseDate(dateElement));
+ }
+
+ static DateFilter parseDate(XElement e)
+ {
+ return new DateFilter(e);
+ }
+
+ DateFilter(XElement parent)
+ {
+ Patterns = new List();
+
+ ParseField(parent);
+ ParseTarget(parent);
+ ParseConvertToUTC(parent);
+ ParsePatterns(parent);
+ }
+
+ private void ParseField(XElement parent)
+ {
+ string attributeName = "field";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+ Field = a.Value;
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseTarget(XElement parent)
+ {
+ string attributeName = "field";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+ Field = a.Value;
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseConvertToUTC(XElement parent)
+ {
+ string attributeName = "convertToUTC";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ ConvertToUTC = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ ConvertToUTC = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParsePatterns(XElement parent)
+ {
+ foreach (var e in parent.Elements("Pattern"))
+ {
+ string pattern = e.Value;
+ Patterns.Add(pattern);
+ }
}
public override string ToString()
@@ -73,55 +149,5 @@ namespace TimberWinR.Filters
json[Target] = ts;
}
- public class Params_DateFilter
- {
- public string Field { get; private set; }
- public string Target { get; private set; }
- public bool ConvertToUTC { get; private set; }
- public List Patterns { get; private set; }
-
- public class Builder
- {
- private string field;
- private string target;
- private bool convertToUTC = false;
- private List patterns;
-
- public Builder WithField(string value)
- {
- field = value;
- return this;
- }
-
- public Builder WithTarget(string value)
- {
- target = value;
- return this;
- }
-
- public Builder WithConvertToUTC(bool value)
- {
- convertToUTC = value;
- return this;
- }
-
- public Builder WithPattern(string value)
- {
- patterns.Add(value);
- return this;
- }
-
- public Params_DateFilter Build()
- {
- return new Params_DateFilter()
- {
- Field = field,
- Target = target,
- ConvertToUTC = convertToUTC,
- Patterns = patterns
- };
- }
- }
- }
}
}
diff --git a/TimberWinR/Filters/GrokFilter.cs b/TimberWinR/Filters/GrokFilter.cs
index ce64335..e48574f 100644
--- a/TimberWinR/Filters/GrokFilter.cs
+++ b/TimberWinR/Filters/GrokFilter.cs
@@ -6,24 +6,143 @@ using System.Globalization;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
+using System.Xml.Linq;
namespace TimberWinR.Filters
{
public class GrokFilter : FilterBase
{
+ public const string TagName = "Grok";
+
public string Match { get; private set; }
public string Field { get; private set; }
- public Pair AddField { get; private set; }
+ public List AddFields { get; private set; }
public bool DropIfMatch { get; private set; }
- public string RemoveField { get; private set; }
+ public List RemoveFields { get; private set; }
- public GrokFilter(Params_GrokFilter args)
+ public static void Parse(List filters, XElement grokElement)
{
- Match = args.Match;
- Field = args.Field;
- AddField = args.AddField;
- DropIfMatch = args.DropIfMatch;
- RemoveField = args.RemoveField;
+ filters.Add(parseGrok(grokElement));
+ }
+
+ static GrokFilter parseGrok(XElement e)
+ {
+ return new GrokFilter(e);
+ }
+
+ GrokFilter(XElement parent)
+ {
+ AddFields = new List();
+ RemoveFields = new List();
+
+ ParseMatch(parent);
+ ParseAddFields(parent);
+ ParseDropIfMatch(parent);
+ ParseRemoveFields(parent);
+ }
+
+ private void ParseMatch(XElement parent)
+ {
+ XElement e = parent.Element("Match");
+
+ if (e != null)
+ {
+ string attributeName = "value";
+ try
+ {
+ Match = e.Attribute(attributeName).Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(e, attributeName);
+ }
+
+ }
+ }
+
+ private void ParseAddFields(XElement parent)
+ {
+ foreach (var e in parent.Elements("AddField"))
+ {
+ string attributeName = "field";
+ string field, value;
+
+ try
+ {
+ field = e.Attribute(attributeName).Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(e, attributeName);
+ }
+
+ attributeName = "value";
+ try
+ {
+ value = e.Attribute(attributeName).Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(e, attributeName);
+ }
+
+ FieldValuePair a = new FieldValuePair(field, value);
+ AddFields.Add(a);
+ }
+ }
+
+ private void ParseDropIfMatch(XElement parent)
+ {
+ XElement e = parent.Element("DropIfMatch");
+
+ if (e != null)
+ {
+ string attributeName = "value";
+ string value;
+ try
+ {
+ value = e.Attribute(attributeName).Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(e, attributeName);
+ }
+
+
+ if (value == "ON" || value == "true")
+ {
+ DropIfMatch = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ DropIfMatch = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(e.Attribute(attributeName));
+ }
+ }
+ }
+
+ private void ParseRemoveFields(XElement parent)
+ {
+ foreach (var e in parent.Elements("RemoveField"))
+ {
+ if (e != null)
+ {
+ string attributeName = "value";
+ string value;
+ try
+ {
+ value = e.Attribute(attributeName).Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(e, attributeName);
+ }
+ RemoveFields.Add(e.Attribute("value").Value);
+ }
+ }
}
public override string ToString()
@@ -73,66 +192,15 @@ namespace TimberWinR.Filters
json[fieldName] = fieldValue;
}
-
-
- public class Params_GrokFilter
+ public class FieldValuePair
{
- public string Match { get; private set; }
- public string Field { get; private set; }
- public Pair AddField { get; private set; }
- public bool DropIfMatch { get; private set; }
- public string RemoveField { get; private set; }
+ public string Field { get; set; }
+ public string Value { get; set; }
- public class Builder
+ public FieldValuePair(string field, string value)
{
- private string match;
- private string field;
- private Pair addField;
- private bool dropIfMatch = false;
- private string removeField;
-
- public Builder WithField(string value)
- {
- field = value;
- return this;
- }
-
- public Builder WithMatch(string value)
- {
- match = value;
- return this;
- }
-
- public Builder WithAddField(Pair value)
- {
- addField = value;
- return this;
- }
-
- public Builder WithDropIfMatch(bool value)
- {
- dropIfMatch = value;
- return this;
- }
-
- public Builder WithRemoveField(string value)
- {
- removeField = value;
- return this;
- }
-
- public Params_GrokFilter Build()
- {
- return new Params_GrokFilter()
- {
- Match = match,
- Field = field,
- AddField = addField,
- DropIfMatch = dropIfMatch,
- RemoveField = removeField
- };
- }
-
+ Field = field;
+ Value = value;
}
}
}
diff --git a/TimberWinR/Inputs/IISLog.cs b/TimberWinR/Inputs/IISLog.cs
new file mode 100644
index 0000000..02a1963
--- /dev/null
+++ b/TimberWinR/Inputs/IISLog.cs
@@ -0,0 +1,229 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Text;
+using System.Xml.Linq;
+
+namespace TimberWinR.Inputs
+{
+ public class IISLog : InputBase
+ {
+ public string Name { get; private set; }
+ public string Location { get; private set; }
+ public List Fields { get; private set; }
+
+ // Parameters
+ public int ICodepage { get; private set; }
+ public int Recurse { get; private set; }
+ public string MinDateMod { get; private set; }
+ public string Locale { get; private set; }
+ public string ICheckpoint { get; private set; }
+
+ public static void Parse(List iislogs, XElement iislogElement)
+ {
+ iislogs.Add(parseIISLog(iislogElement));
+ }
+
+ static IISLog parseIISLog(XElement e)
+ {
+ return new IISLog(e);
+ }
+
+ public IISLog(XElement parent)
+ {
+ ParseName(parent);
+ ParseLocation(parent);
+
+ // Default values for parameters.
+ ICodepage = -2;
+ Recurse = 0;
+ Locale = "DEF";
+
+ ParseICodepage(parent);
+ ParseRecurse(parent);
+ ParseMinDateMod(parent);
+ ParseLocale(parent);
+ ParseICheckpoint(parent);
+
+ ParseFields(parent);
+ }
+
+ private void ParseName(XElement parent)
+ {
+ string attributeName = "name";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Name = a.Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(parent, attributeName);
+ }
+ }
+
+ private void ParseLocation(XElement parent)
+ {
+ string attributeName = "location";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Location = a.Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(parent, attributeName);
+ }
+ }
+
+ private void ParseICodepage(XElement parent)
+ {
+ string attributeName = "iCodepage";
+ int valInt;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ if (int.TryParse(a.Value, out valInt))
+ {
+ ICodepage = valInt;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a);
+ }
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseRecurse(XElement parent)
+ {
+ string attributeName = "recurse";
+ int valInt;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ if (int.TryParse(a.Value, out valInt))
+ {
+ Recurse = valInt;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a);
+ }
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseMinDateMod(XElement parent)
+ {
+ string attributeName = "minDateMod";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ DateTime dt;
+ if (DateTime.TryParseExact(a.Value,
+ "yyyy-MM-dd hh:mm:ss",
+ CultureInfo.InvariantCulture,
+ DateTimeStyles.None,
+ out dt))
+ {
+ MinDateMod = a.Value;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeDateValueException(a);
+ }
+
+ Locale = a.Value;
+ }
+ catch { }
+ }
+
+ private void ParseLocale(XElement parent)
+ {
+ string attributeName = "locale";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Locale = a.Value;
+ }
+ catch { }
+ }
+
+ private void ParseICheckpoint(XElement parent)
+ {
+ string attributeName = "iCheckpoint";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ ICheckpoint = a.Value;
+ }
+ catch { }
+ }
+
+ private void ParseFields(XElement parent)
+ {
+ Dictionary allPossibleFields = new Dictionary()
+ {
+ { "LogFilename", typeof(string) },
+ { "LogRow", typeof(int) },
+ { "UserIP", typeof(string) },
+ { "UserName", typeof(string) },
+ { "Date", typeof(DateTime) },
+ { "Time", typeof(DateTime) },
+ { "ServiceInstance", typeof(string) },
+ { "HostName", typeof(string) },
+ { "ServerIP", typeof(string) },
+ { "TimeTaken", typeof(int) },
+ { "BytesSent", typeof(int) },
+ { "BytesReceived", typeof(int) },
+ { "StatusCode", typeof(int) },
+ { "Win32StatusCode", typeof(int) },
+ { "RequestType", typeof(string) },
+ { "Target", typeof(string) },
+ { "Parameters", typeof(string) }
+ };
+
+ Fields = base.parseFields(parent, allPossibleFields);
+ }
+
+ public override string ToString()
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.Append("IISLog\n");
+ sb.Append(String.Format("Name: {0}\n", Name));
+ sb.Append(String.Format("Location: {0}\n", Location));
+ sb.Append("Fields:\n");
+ foreach (FieldDefinition f in Fields)
+ {
+ sb.Append(String.Format("\t{0}\n", f.Name));
+ }
+ sb.Append("Parameters:\n");
+ sb.Append(String.Format("\tiCodepage: {0}\n", ICodepage));
+ sb.Append(String.Format("\trecurse: {0}\n", Recurse));
+ sb.Append(String.Format("\tminDateMod: {0}\n", MinDateMod));
+ sb.Append(String.Format("\tlocale: {0}\n", Locale));
+ sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
+
+ return sb.ToString();
+ }
+ }
+}
diff --git a/TimberWinR/Inputs/IISW3CInputListener.cs b/TimberWinR/Inputs/IISW3CInputListener.cs
index 1674e4d..f2ba8d9 100644
--- a/TimberWinR/Inputs/IISW3CInputListener.cs
+++ b/TimberWinR/Inputs/IISW3CInputListener.cs
@@ -21,10 +21,10 @@ namespace TimberWinR.Inputs
public class IISW3CInputListener : InputListener
{
private int _pollingIntervalInSeconds = 1;
- private TimberWinR.Configuration.IISW3CLog _arguments;
+ private TimberWinR.Inputs.IISW3CLog _arguments;
- public IISW3CInputListener(TimberWinR.Configuration.IISW3CLog arguments, CancellationToken cancelToken, int pollingIntervalInSeconds = 1)
+ public IISW3CInputListener(TimberWinR.Inputs.IISW3CLog arguments, CancellationToken cancelToken, int pollingIntervalInSeconds = 1)
: base(cancelToken)
{
_arguments = arguments;
diff --git a/TimberWinR/Inputs/IISW3CLog.cs b/TimberWinR/Inputs/IISW3CLog.cs
new file mode 100644
index 0000000..ff31d49
--- /dev/null
+++ b/TimberWinR/Inputs/IISW3CLog.cs
@@ -0,0 +1,291 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Xml.Linq;
+
+namespace TimberWinR.Inputs
+{
+ public class IISW3CLog : InputBase
+ {
+ public string Name { get; private set; }
+ public string Location { get; private set; }
+ public List Fields { get; private set; }
+
+ // Parameters
+ public int ICodepage { get; private set; }
+ public int Recurse { get; private set; }
+ public string MinDateMod { get; private set; }
+ public bool DQuotes { get; private set; }
+ public bool DirTime { get; private set; }
+ public bool ConsolidateLogs { get; private set; }
+ public string ICheckpoint { get; private set; }
+
+ public static void Parse(List iisw3clogs, XElement iisw3clogElement)
+ {
+ iisw3clogs.Add(parseIISW3CLog(iisw3clogElement));
+ }
+
+ static IISW3CLog parseIISW3CLog(XElement e)
+ {
+ return new IISW3CLog(e);
+ }
+
+ public IISW3CLog(XElement parent)
+ {
+ ParseName(parent);
+ ParseLocation(parent);
+
+ // Default values for parameters.
+ ICodepage = -2;
+ Recurse = 0;
+ DQuotes = false;
+ DirTime = false;
+ ConsolidateLogs = false;
+
+ ParseICodepage(parent);
+ ParseRecurse(parent);
+ ParseDQuotes(parent);
+ ParseDirTime(parent);
+ ParseConsolidateLogs(parent);
+ ParseICheckpoint(parent);
+
+ ParseFields(parent);
+ }
+
+ private void ParseName(XElement parent)
+ {
+ string attributeName = "name";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Name = a.Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(parent, attributeName);
+ }
+ }
+
+ private void ParseLocation(XElement parent)
+ {
+ string attributeName = "location";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Location = a.Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(parent, attributeName);
+ }
+ }
+
+ private void ParseICodepage(XElement parent)
+ {
+ string attributeName = "iCodepage";
+ int valInt;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ if (int.TryParse(a.Value, out valInt))
+ {
+ ICodepage = valInt;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a);
+ }
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseRecurse(XElement parent)
+ {
+ string attributeName = "recurse";
+ int valInt;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ if (int.TryParse(a.Value, out valInt))
+ {
+ Recurse = valInt;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a);
+ }
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseDQuotes(XElement parent)
+ {
+ string attributeName = "dQuotes";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ DQuotes = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ DQuotes = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseDirTime(XElement parent)
+ {
+ string attributeName = "dirTime";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ DirTime = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ DirTime = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseConsolidateLogs(XElement parent)
+ {
+ string attributeName = "consolidateLogs";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ ConsolidateLogs = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ ConsolidateLogs = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseICheckpoint(XElement parent)
+ {
+ string attributeName = "iCheckpoint";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ ICheckpoint = a.Value;
+ }
+ catch { }
+ }
+
+ private void ParseFields(XElement parent)
+ {
+ Dictionary allPossibleFields = new Dictionary()
+ {
+ { "LogFilename", typeof(string) },
+ { "LogRow", typeof(int) },
+ { "date", typeof(DateTime) },
+ { "time", typeof(DateTime) },
+ { "c-ip", typeof(string) },
+ { "cs-username", typeof(string) },
+ { "s-sitename", typeof(string) },
+ { "s-computername", typeof(int) },
+ { "s-ip", typeof(string) },
+ { "s-port", typeof(int) },
+ { "cs-method", typeof(string) },
+ { "cs-uri-stem", typeof(string) },
+ { "cs-uri-query", typeof(string) },
+ { "sc-status", typeof(int) },
+ { "sc-substatus", typeof(int) },
+ { "sc-win32-status", typeof(int) },
+ { "sc-bytes", typeof(int) },
+ { "cs-bytes", typeof(int) },
+ { "time-taken", typeof(int) },
+ { "cs-version", typeof(string) },
+ { "cs-host", typeof(string) },
+ { "cs(User-Agent)", typeof(string) },
+ { "cs(Cookie)", typeof(string) },
+ { "cs(Referer)", typeof(string) },
+ { "s-event", typeof(string) },
+ { "s-process-type", typeof(string) },
+ { "s-user-time", typeof(double) },
+ { "s-kernel-time", typeof(double) },
+ { "s-page-faults", typeof(int) },
+ { "s-total-procs", typeof(int) },
+ { "s-active-procs", typeof(int) },
+ { "s-stopped-procs", typeof(int) }
+ };
+
+ Fields = base.parseFields(parent, allPossibleFields);
+ }
+
+ public override string ToString()
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.Append("IISW3CLog\n");
+ sb.Append(String.Format("Name: {0}\n", Name));
+ sb.Append(String.Format("Location: {0}\n", Location));
+ sb.Append("Fields:\n");
+ foreach (FieldDefinition f in Fields)
+ {
+ sb.Append(String.Format("\t{0}\n", f.Name));
+ }
+ sb.Append("Parameters:\n");
+ sb.Append(String.Format("\tiCodepage: {0}\n", ICodepage));
+ sb.Append(String.Format("\trecurse: {0}\n", Recurse));
+ sb.Append(String.Format("\tminDateMod: {0}\n", MinDateMod));
+ sb.Append(String.Format("\tdQuotes: {0}\n", DQuotes));
+ sb.Append(String.Format("\tdirTime: {0}\n", DirTime));
+ sb.Append(String.Format("\tconsolidateLogs: {0}\n", ConsolidateLogs));
+ sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
+
+ return sb.ToString();
+ }
+ }
+}
diff --git a/TimberWinR/Inputs/InputBase.cs b/TimberWinR/Inputs/InputBase.cs
new file mode 100644
index 0000000..d1c52a9
--- /dev/null
+++ b/TimberWinR/Inputs/InputBase.cs
@@ -0,0 +1,56 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Xml.Linq;
+
+namespace TimberWinR.Inputs
+{
+ public abstract class InputBase
+ {
+ internal List parseFields(XElement parent, Dictionary allPossibleFields)
+ {
+ IEnumerable xml_fields =
+ from el in parent.Elements("Fields").Elements("Field")
+ select el;
+
+ List fields = new List();
+
+ foreach (XElement f in xml_fields)
+ {
+ // Parse field name.
+ string name;
+ string attributeName = "name";
+ try
+ {
+ name = f.Attribute(attributeName).Value;
+ }
+ catch (NullReferenceException)
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(f, attributeName);
+ }
+
+ // Ensure field name is valid.
+ if (allPossibleFields.ContainsKey(name))
+ {
+ fields.Add(new FieldDefinition(name, allPossibleFields[name]));
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(f.Attribute("name"));
+ }
+ }
+
+ // If no fields are provided, default to all fields.
+ if (fields.Count == 0)
+ {
+ foreach (KeyValuePair entry in allPossibleFields)
+ {
+ fields.Add(new FieldDefinition(entry.Key, entry.Value));
+ }
+ }
+
+ return fields;
+ }
+
+ }
+}
diff --git a/TimberWinR/Inputs/TailFileInput.cs b/TimberWinR/Inputs/TailFileInput.cs
new file mode 100644
index 0000000..5e62eca
--- /dev/null
+++ b/TimberWinR/Inputs/TailFileInput.cs
@@ -0,0 +1,198 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Xml.Linq;
+
+namespace TimberWinR.Inputs
+{
+ public class TailFileInput : InputBase
+ {
+ public string Name { get; private set; }
+ public string Location { get; private set; }
+ public List Fields { get; private set; }
+
+ // Parameters
+ public int ICodepage { get; private set; }
+ public int Recurse { get; private set; }
+ public bool SplitLongLines { get; private set; }
+ public string ICheckpoint { get; private set; }
+
+ public static void Parse(List logs, XElement logElement)
+ {
+ logs.Add(parseLog(logElement));
+ }
+
+ static TailFileInput parseLog(XElement e)
+ {
+ return new TailFileInput(e);
+ }
+
+ public TailFileInput(XElement parent)
+ {
+ ParseName(parent);
+ ParseLocation(parent);
+
+ // Default values for parameters.
+ ICodepage = 0;
+ Recurse = 0;
+ SplitLongLines = false;
+
+ ParseICodepage(parent);
+ ParseRecurse(parent);
+ ParseSplitLongLines(parent);
+ ParseICheckpoint(parent);
+
+ ParseFields(parent);
+ }
+
+ private void ParseName(XElement parent)
+ {
+ string attributeName = "name";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Name = a.Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(parent, attributeName);
+ }
+ }
+
+ private void ParseLocation(XElement parent)
+ {
+ string attributeName = "location";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Location = a.Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(parent, attributeName);
+ }
+ }
+
+ private void ParseICodepage(XElement parent)
+ {
+ string attributeName = "iCodepage";
+ int valInt;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ if (int.TryParse(a.Value, out valInt))
+ {
+ ICodepage = valInt;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a);
+ }
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseRecurse(XElement parent)
+ {
+ string attributeName = "recurse";
+ int valInt;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ if (int.TryParse(a.Value, out valInt))
+ {
+ Recurse = valInt;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a);
+ }
+ }
+ catch
+ {
+ }
+ }
+
+ private void ParseSplitLongLines(XElement parent)
+ {
+ string attributeName = "splitLongLines";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ SplitLongLines = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ SplitLongLines = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseICheckpoint(XElement parent)
+ {
+ string attributeName = "iCheckpoint";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ ICheckpoint = a.Value;
+ }
+ catch { }
+ }
+
+ private void ParseFields(XElement parent)
+ {
+ Dictionary allPossibleFields = new Dictionary()
+ {
+ { "LogFilename", typeof(string) },
+ { "Index", typeof(int) },
+ { "Text", typeof(string) }
+ };
+
+ Fields = base.parseFields(parent, allPossibleFields);
+ }
+
+ public override string ToString()
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.Append("TextLog\n");
+ sb.Append(String.Format("Name: {0}\n", Name));
+ sb.Append(String.Format("Location: {0}\n", Location));
+ sb.Append("Fields:\n");
+ foreach (FieldDefinition f in Fields)
+ {
+ sb.Append(String.Format("\t{0}\n", f.Name));
+ }
+ sb.Append("Parameters:\n");
+ sb.Append(String.Format("\tiCodepage: {0}\n", ICodepage));
+ sb.Append(String.Format("\trecurse: {0}\n", Recurse));
+ sb.Append(String.Format("\tsplitLongLines: {0}\n", SplitLongLines));
+ sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
+
+ return sb.ToString();
+ }
+ }
+}
\ No newline at end of file
diff --git a/TimberWinR/Inputs/TailFileInputListener.cs b/TimberWinR/Inputs/TailFileInputListener.cs
index 2d5c23f..6b1c275 100644
--- a/TimberWinR/Inputs/TailFileInputListener.cs
+++ b/TimberWinR/Inputs/TailFileInputListener.cs
@@ -23,9 +23,9 @@ namespace TimberWinR.Inputs
public class TailFileInputListener : InputListener
{
private int _pollingIntervalInSeconds = 1;
- private TimberWinR.Configuration.TailFileInput _arguments;
+ private TimberWinR.Inputs.TailFileInput _arguments;
- public TailFileInputListener(TimberWinR.Configuration.TailFileInput arguments, CancellationToken cancelToken, int pollingIntervalInSeconds = 1)
+ public TailFileInputListener(TimberWinR.Inputs.TailFileInput arguments, CancellationToken cancelToken, int pollingIntervalInSeconds = 1)
: base(cancelToken)
{
_arguments = arguments;
diff --git a/TimberWinR/Inputs/WindowsEvent.cs b/TimberWinR/Inputs/WindowsEvent.cs
new file mode 100644
index 0000000..1822823
--- /dev/null
+++ b/TimberWinR/Inputs/WindowsEvent.cs
@@ -0,0 +1,315 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Xml.Linq;
+
+namespace TimberWinR.Inputs
+{
+ public class WindowsEvent : InputBase
+ {
+ public string Source { get; private set; }
+ public List Fields { get; private set; }
+
+ // Parameters
+ public bool FullText { get; private set; }
+ public bool ResolveSIDS { get; private set; }
+ public bool FormatMsg { get; private set; }
+ public string MsgErrorMode { get; private set; }
+ public bool FullEventCode { get; private set; }
+ public string Direction { get; private set; }
+ public string StringsSep { get; private set; }
+ public string ICheckpoint { get; private set; }
+ public string BinaryFormat { get; private set; }
+
+ public static void Parse(List events, XElement eventElement)
+ {
+ events.Add(parseEvent(eventElement));
+ }
+
+ static WindowsEvent parseEvent(XElement e)
+ {
+ return new WindowsEvent(e);
+ }
+
+ WindowsEvent(XElement parent)
+ {
+
+ ParseSource(parent);
+
+ // Default values for parameters.
+ FullText = true;
+ ResolveSIDS = true;
+ FormatMsg = true;
+ MsgErrorMode = "MSG";
+ FullEventCode = false;
+ Direction = "FW";
+ StringsSep = "|";
+ BinaryFormat = "PRINT";
+
+ ParseFullText(parent);
+ ParseResolveSIDS(parent);
+ ParseFormatMsg(parent);
+ ParseMsgErrorMode(parent);
+ ParseFullEventCode(parent);
+ ParseDirection(parent);
+ ParseStringsSep(parent);
+ ParseBinaryFormat(parent);
+
+ ParseFields(parent);
+ }
+
+ private void ParseSource(XElement parent)
+ {
+ string attributeName = "source";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ Source = a.Value;
+ }
+ catch
+ {
+ throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(parent, attributeName);
+ }
+ }
+
+ private void ParseFullText(XElement parent)
+ {
+ string attributeName = "fullText";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ FullText = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ FullText = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseResolveSIDS(XElement parent)
+ {
+ string attributeName = "resolveSIDS";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ ResolveSIDS = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ ResolveSIDS = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseFormatMsg(XElement parent)
+ {
+ string attributeName = "formatMsg";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ FormatMsg = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ FormatMsg = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseMsgErrorMode(XElement parent)
+ {
+ string attributeName = "msgErrorMode";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "NULL" || value == "ERROR" || value == "MSG")
+ {
+ MsgErrorMode = value;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseFullEventCode(XElement parent)
+ {
+ string attributeName = "fullEventCode";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ON" || value == "true")
+ {
+ FullEventCode = true;
+ }
+ else if (value == "OFF" || value == "false")
+ {
+ FullEventCode = false;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseDirection(XElement parent)
+ {
+ string attributeName = "direction";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "FW" || value == "BW")
+ {
+ Direction = value;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseStringsSep(XElement parent)
+ {
+ string attributeName = "stringsSep";
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ StringsSep = a.Value;
+ }
+ catch { }
+ }
+
+ private void ParseBinaryFormat(XElement parent)
+ {
+ string attributeName = "binaryFormat";
+ string value;
+
+ try
+ {
+ XAttribute a = parent.Attribute(attributeName);
+
+ value = a.Value;
+
+ if (value == "ASC" || value == "PRINT" || value == "HEX")
+ {
+ BinaryFormat = value;
+ }
+ else
+ {
+ throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(parent.Attribute(attributeName));
+ }
+ }
+ catch { }
+ }
+
+ private void ParseFields(XElement parent)
+ {
+ Dictionary allPossibleFields = new Dictionary()
+ {
+ { "EventLog", typeof(string) },
+ { "RecordNumber", typeof(int) },
+ { "TimeGenerated", typeof(DateTime) },
+ { "TimeWritten", typeof(DateTime) },
+ { "EventID", typeof(int) },
+ { "EventType", typeof(int) },
+ { "EventTypeName", typeof(string) },
+ { "EventCategory", typeof(int) },
+ { "EventCategoryName", typeof(string) },
+ { "SourceName", typeof(string) },
+ { "Strings", typeof(string) },
+ { "ComputerName", typeof(string) },
+ { "SID", typeof(string) },
+ { "Message", typeof(string) },
+ { "Data", typeof(string) }
+ };
+
+ Fields = base.parseFields(parent, allPossibleFields);
+ }
+
+ public override string ToString()
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.Append("WindowsEvent\n");
+ sb.Append(String.Format("Source: {0}\n", Source));
+ sb.Append("Fields:\n");
+ foreach (FieldDefinition f in Fields)
+ {
+ sb.Append(String.Format("\t{0}\n", f.Name));
+ }
+ sb.Append("Parameters:\n");
+ sb.Append(String.Format("\tfullText: {0}\n", FullText));
+ sb.Append(String.Format("\tresolveSIDS: {0}\n", ResolveSIDS));
+ sb.Append(String.Format("\tformatMsg: {0}\n", FormatMsg));
+ sb.Append(String.Format("\tmsgErrorMode: {0}\n", MsgErrorMode));
+ sb.Append(String.Format("\tfullEventCode: {0}\n", FullEventCode));
+ sb.Append(String.Format("\tdirection: {0}\n", Direction));
+ sb.Append(String.Format("\tstringsSep: {0}\n", StringsSep));
+ sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
+ sb.Append(String.Format("\tbinaryFormat: {0}\n", BinaryFormat));
+
+ return sb.ToString();
+ }
+ }
+}
\ No newline at end of file
diff --git a/TimberWinR/Inputs/WindowsEvtInputListener.cs b/TimberWinR/Inputs/WindowsEvtInputListener.cs
index 738dbc5..ac95fce 100644
--- a/TimberWinR/Inputs/WindowsEvtInputListener.cs
+++ b/TimberWinR/Inputs/WindowsEvtInputListener.cs
@@ -23,9 +23,9 @@ namespace TimberWinR.Inputs
public class WindowsEvtInputListener : InputListener
{
private int _pollingIntervalInSeconds = 1;
- private TimberWinR.Configuration.WindowsEvent _arguments;
+ private TimberWinR.Inputs.WindowsEvent _arguments;
- public WindowsEvtInputListener(TimberWinR.Configuration.WindowsEvent arguments, CancellationToken cancelToken, int pollingIntervalInSeconds = 1)
+ public WindowsEvtInputListener(TimberWinR.Inputs.WindowsEvent arguments, CancellationToken cancelToken, int pollingIntervalInSeconds = 1)
: base(cancelToken)
{
_arguments = arguments;
diff --git a/TimberWinR/TimberWinR.csproj b/TimberWinR/TimberWinR.csproj
index 7fa39f8..f7bb167 100644
--- a/TimberWinR/TimberWinR.csproj
+++ b/TimberWinR/TimberWinR.csproj
@@ -64,16 +64,22 @@
+
+
+
+
+
+