diff --git a/TimberWinR.UnitTests/TimberWinR.UnitTests.csproj b/TimberWinR.UnitTests/TimberWinR.UnitTests.csproj
index 0481388..0f2b2b6 100644
--- a/TimberWinR.UnitTests/TimberWinR.UnitTests.csproj
+++ b/TimberWinR.UnitTests/TimberWinR.UnitTests.csproj
@@ -47,6 +47,9 @@
+
+ Designer
+
diff --git a/TimberWinR.UnitTests/testconf.xml b/TimberWinR.UnitTests/testconf.xml
index 2844078..9b5e2c9 100644
--- a/TimberWinR.UnitTests/testconf.xml
+++ b/TimberWinR.UnitTests/testconf.xml
@@ -1,18 +1,17 @@
-
-
+
-
+
-
+
diff --git a/TimberWinR.UnitTests/testconf.xsd b/TimberWinR.UnitTests/testconf.xsd
new file mode 100644
index 0000000..a43cb5c
--- /dev/null
+++ b/TimberWinR.UnitTests/testconf.xsd
@@ -0,0 +1,190 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/TimberWinR.sln b/TimberWinR.sln
index 4a4ba26..7325495 100644
--- a/TimberWinR.sln
+++ b/TimberWinR.sln
@@ -14,6 +14,11 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TimberWinR.ServiceHost", "T
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TimberWinR.UnitTests", "TimberWinR.UnitTests\TimberWinR.UnitTests.csproj", "{4410C95C-B22F-4B68-B132-84545AAA7A31}"
EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{1B2F600B-2400-45B9-A28E-CFC391D9EFA9}"
+ ProjectSection(SolutionItems) = preProject
+ README.md = README.md
+ EndProjectSection
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
diff --git a/TimberWinR/Configuration.cs b/TimberWinR/Configuration.cs
index bf3b30f..cb02bf9 100644
--- a/TimberWinR/Configuration.cs
+++ b/TimberWinR/Configuration.cs
@@ -1,7 +1,9 @@
using System;
using System.Collections.Generic;
+using System.Data.Odbc;
using System.Linq;
using System.Text;
+using System.Xml;
using System.Xml.Linq;
using System.IO;
using System.Globalization;
@@ -10,6 +12,16 @@ namespace TimberWinR
{
public class Configuration
{
+ private class InvalidAttributeValueException : Exception
+ {
+ public InvalidAttributeValueException(XAttribute a, string badValue)
+ : base(
+ string.Format("{0}:{1} Invalid Attribute <{2} {3}=\"{4}\">", a.Document.BaseUri,
+ ((IXmlLineInfo)a).LineNumber, a.Parent.Name, a.Name, badValue))
+ {
+ }
+ }
+
private static List _events = new List();
public IEnumerable Events { get { return _events; } }
@@ -162,6 +174,7 @@ namespace TimberWinR
foreach (XAttribute a in attributes)
{
string val = a.Value;
+ IXmlLineInfo li = ((IXmlLineInfo)a);
switch (a.Name.ToString())
{
@@ -178,7 +191,7 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for fullText.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
case "resolveSIDS":
@@ -192,7 +205,7 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for resolveSIDS.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
case "formatMsg":
@@ -206,7 +219,7 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for formatMsg.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
case "msgErrorMode":
@@ -216,7 +229,7 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for msgErrorMode.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
case "fullEventCode":
@@ -230,7 +243,7 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for fullEventCode.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
case "direction":
@@ -240,7 +253,7 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for direction.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
case "stringsSep":
@@ -256,11 +269,11 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for binaryFormat.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
default:
- Console.WriteLine(String.Format("ERROR. WindowsEvents encountered unknown attribute: {0}.", a.Name.ToString()));
+ throw new Exception(String.Format("ERROR. WindowsEvents encountered unknown attribute: {0}.", a.Name.ToString()));
break;
}
}
@@ -314,7 +327,7 @@ namespace TimberWinR
}
else
{
- Console.WriteLine("ERROR. Unknown value declared for Logs:splitLongLines.");
+ throw new InvalidAttributeValueException(a, val);
}
break;
case "iCheckpoint":
@@ -396,15 +409,13 @@ namespace TimberWinR
static void parseXMLConf(string xmlConfFile)
{
- XDocument config = XDocument.Load(xmlConfFile);
+ XDocument config = XDocument.Load(xmlConfFile, LoadOptions.SetLineInfo | LoadOptions.SetBaseUri);
IEnumerable inputs =
from el in config.Root.Descendants("Inputs")
select el;
-
-
- // WINDOWS EVENTS
+ // WINDOWS EVENTSexc
IEnumerable xml_events =
from el in inputs.Descendants("WindowsEvents").Descendants("Events")
select el;
@@ -420,8 +431,7 @@ namespace TimberWinR
Params_WindowsEvents args = parseParams_Events(e.Attributes());
-
- WindowsEvents evt = new WindowsEvents(source, fields, args);
+ WindowsEvents evt = new WindowsEvents(source, fields, args);
_events.Add(evt);
}
@@ -526,7 +536,7 @@ namespace TimberWinR
sb.Append(String.Format("\tstringsSep: {0}\n", StringsSep));
sb.Append(String.Format("\tiCheckpoint: {0}\n", ICheckpoint));
sb.Append(String.Format("\tbinaryFormat: {0}\n", BinaryFormat));
-
+
return sb.ToString();
}
}
diff --git a/TimberWinR/Inputs/WindowsEvtInputListener.cs b/TimberWinR/Inputs/WindowsEvtInputListener.cs
index fb62ce4..b5e3e4a 100644
--- a/TimberWinR/Inputs/WindowsEvtInputListener.cs
+++ b/TimberWinR/Inputs/WindowsEvtInputListener.cs
@@ -68,14 +68,14 @@ namespace TimberWinR.Inputs
{
var record = rs.getRecord();
var json = new JObject();
- foreach (var fieldName in _arguments.Fields)
+ foreach (var field in _arguments.Fields)
{
- object v = record.getValue(fieldName);
+ object v = record.getValue(field.Name);
- // if (field.FieldType == typeof(DateTime))
- // v = field.ToDateTime(v).ToUniversalTime();
+ if (field.FieldType == typeof(DateTime))
+ v = field.ToDateTime(v).ToUniversalTime();
- json.Add(new JProperty(fieldName, v));
+ json.Add(new JProperty(field.Name, v));
}
json.Add(new JProperty("type", "Win32-Eventlog"));
ProcessJson(json.ToString());
@@ -92,31 +92,5 @@ namespace TimberWinR.Inputs
System.Threading.Thread.Sleep(_pollingIntervalInSeconds * 1000);
}
}
-
- public static FieldDefinitions FieldDefinitions
- {
- get
- {
- return new FieldDefinitions()
- {
- {"EventLog", typeof (string)},
- {"RecordNumber", typeof (string)},
- {"TimeGenerated", typeof (DateTime)},
- {"TimeWritten", typeof (DateTime)},
- {"EventID", typeof (int)},
- {"EventType", typeof (int)},
- {"EventTypeName", typeof (string)},
- {"EventCategory", typeof (int)},
- {"EventCategoryName", typeof (string)},
- {"SourceName", typeof (string)},
- {"Strings", typeof (string)},
- {"ComputerName", typeof (string)},
- {"SID", typeof (string)},
- {"Message", typeof (string)},
- {"Data", typeof (string)}
- };
- }
- }
-
}
}