Added Interval parameter for WindowsEvents and bumped up default interval to 60 seconds.

2014-11-06 10:47:51 -05:00
parent a0c571b9c0
commit e28e893120
4 changed files with 15 additions and 12 deletions
--- a/TimberWinR.ServiceHost/Properties/AssemblyInfo.cs
+++ b/TimberWinR.ServiceHost/Properties/AssemblyInfo.cs
@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.3.8.0")]
-[assembly: AssemblyFileVersion("1.3.8.0")]
+[assembly: AssemblyVersion("1.3.9.0")]
+[assembly: AssemblyFileVersion("1.3.9.0")]
--- a/TimberWinR/Inputs/WindowsEvtInputListener.cs
+++ b/TimberWinR/Inputs/WindowsEvtInputListener.cs
@@ -26,11 +26,11 @@ namespace TimberWinR.Inputs
        private TimberWinR.Parser.WindowsEvent _arguments;
        private long _receivedMessages;

-        public WindowsEvtInputListener(TimberWinR.Parser.WindowsEvent arguments, CancellationToken cancelToken, int pollingIntervalInSeconds = 5)
+        public WindowsEvtInputListener(TimberWinR.Parser.WindowsEvent arguments, CancellationToken cancelToken)
            : base(cancelToken, "Win32-Eventlog")
        {
            _arguments = arguments;
-            _pollingIntervalInSeconds = pollingIntervalInSeconds;
+            _pollingIntervalInSeconds = arguments.Interval;

            foreach (string eventHive in _arguments.Source.Split(','))
            {
@@ -52,6 +52,7 @@ namespace TimberWinR.Inputs
                        new JProperty("messages", _receivedMessages),
                        new JProperty("binaryFormat", _arguments.BinaryFormat.ToString()),
                        new JProperty("direction", _arguments.Direction.ToString()),
+                        new JProperty("interval", _arguments.Interval),
                        new JProperty("formatMsg", _arguments.FormatMsg),
                        new JProperty("fullEventCode", _arguments.FullEventCode),
                        new JProperty("fullText", _arguments.FullText),
@@ -67,8 +68,7 @@ namespace TimberWinR.Inputs
        {
            LogQuery oLogQuery = new LogQuery();          

-            LogManager.GetCurrentClassLogger().Info("WindowsEvent Input Listener Ready");
-            
+            LogManager.GetCurrentClassLogger().Info("WindowsEvent Input Listener Ready");            

            // Instantiate the Event Log Input Format object
            var iFmt = new EventLogInputFormat()
@@ -85,18 +85,17 @@ namespace TimberWinR.Inputs
          
            oLogQuery = null;

-            Dictionary<string, Int64> logFileMaxRecords = new Dictionary<string, Int64>();         
-        
+            Dictionary<string, Int64> logFileMaxRecords = new Dictionary<string, Int64>();                 
       
            // Execute the query
            while (!CancelToken.IsCancellationRequested)
            {
                try
                {
-                    oLogQuery = new LogQuery();
-
                    Thread.CurrentThread.Priority = ThreadPriority.BelowNormal;

+                    oLogQuery = new LogQuery();
+                 
                    var qfiles = string.Format("SELECT Distinct [EventLog] FROM {0}", location);
                    var rsfiles = oLogQuery.Execute(qfiles, iFmt);
                    for (; !rsfiles.atEnd(); rsfiles.moveNext())
--- a/TimberWinR/Parser.cs
+++ b/TimberWinR/Parser.cs
@@ -245,9 +245,12 @@ namespace TimberWinR.Parser
        public List<Field> Fields { get; set; }
        [JsonProperty(PropertyName = "formatMsg")]
        public bool FormatMsg { get; set; }
-
+        [JsonProperty(PropertyName = "interval")]
+        public int Interval { get; set; }
+        
        public WindowsEvent()
        {
+            Interval = 60; // Every minute
            Source = "System";
            StringsSep = "|";
            FormatMsg = true;
--- a/TimberWinR/mdocs/WindowsEvents.md
+++ b/TimberWinR/mdocs/WindowsEvents.md
@@ -2,7 +2,7 @@

 The WindowsEvents input will collect events from the Windows Event Viewer.   The source parameter indicates which event 
 logs to collect data from.  You can specify more than one log by using the comma, i.e.  "Application,System" will collect
-logs from the Application and System event logs.
+logs from the Application and System event logs.  The default interval for scanning for new Events is 60 seconds.

 ## Parameters
 The following parameters are allowed when configuring WindowsEvents.
@@ -18,6 +18,7 @@ The following parameters are allowed when configuring WindowsEvents.
 | *fullText*        | bool   |Retrieve the full text message                                           | true,false                   | **true** |
 | *resolveSIDS*     | bool   |Resolve SID values into full account names                               | true,false                   | **true** |
 | *formatMsg*       | bool   |Format the text message as a single line.                                | true,false                   | **true** |
+| *interval*        | integer  | Interval in seconds to sleep during checks                            | Interval                     | 60 |

 ### source format
 The source indicates where to collect the event(s) from, it can be of these form(s):