using System;
using System.Collections.Generic;
using System.Text;
using System.Text.RegularExpressions;
using System.Diagnostics;
namespace EnvironmentManagement
{
class Program
{
static int Main(string[] args)
{
Regex cmdHelp =
new Regex("^/h",
RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture | RegexOptions.IgnoreCase);
Regex cmdPositive =
new Regex("^/p",
RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture | RegexOptions.IgnoreCase);
Regex cmdNegative =
new Regex("^/n",
RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture | RegexOptions.IgnoreCase);
Regex cmdQuit =
new Regex("^/q",
RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture | RegexOptions.IgnoreCase);
Regex cmdSource =
new Regex("^/s:\"?(?<source>.*)\"?",
RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture | RegexOptions.IgnoreCase);
bool quitMode = false;
bool positiveMatch = true;
string expression = String.Empty;
string source = String.Empty;
foreach (string param in args)
{
if (cmdHelp.IsMatch(param))
{
ShowHelp();
return 0;
}
if (cmdPositive.IsMatch(param))
{
positiveMatch = true;
}
else if (cmdNegative.IsMatch(param))
{
positiveMatch = false;
}
else if (cmdQuit.IsMatch(param))
{
quitMode = true;
}
else if (cmdSource.IsMatch(param))
{
Match match = cmdSource.Match(param);
source = match.Groups["source"].Value;
}
else
{
expression = param;
}
}
if (!quitMode)
{
Console.WriteLine("EventLog Exporter with Regular Expressions");
Console.WriteLine();
}
if (expression == string.Empty)
{
if (!quitMode) Console.Error.WriteLine("Please input regular expressions.");
return 1;
}
else if (source == string.Empty)
{
if (!quitMode) Console.Error.WriteLine("Please input eventlog source name.");
return 1;
}
try
{
ReadEventLogs(source, expression, positiveMatch);
}
catch (Exception e)
{
if (!quitMode)
{
Console.Error.Write(e.Source);
Console.Error.Write(", ");
Console.Error.WriteLine(e.Message);
}
return 1;
}
return 0;
}
private static void ReadEventLogs(string source, string expression, bool positiveMatch)
{
EventLog logs = new EventLog(source);
Regex regex = new Regex(expression,
RegexOptions.Compiled | RegexOptions.CultureInvariant | RegexOptions.ExplicitCapture | RegexOptions.IgnoreCase);
OutputHeader();
foreach (EventLogEntry entry in logs.Entries)
{
if (positiveMatch && regex.IsMatch(entry.Message))
{
OutputLog(entry, source);
}
else if (!positiveMatch && !regex.IsMatch(entry.Message))
{
OutputLog(entry, source);
}
}
}
private static void OutputHeader()
{
Console.Write("\"");
Console.Write("Source");
Console.Write("\",");
Console.Write("\"");
Console.Write("InstanceId");
Console.Write("\",");
Console.Write("\"");
Console.Write("EntryType");
Console.Write("\",");
Console.Write("\"");
Console.Write("Category");
Console.Write("\",");
Console.Write("\"");
Console.Write("ApplicationSource");
Console.Write("\",");
Console.Write("\"");
Console.Write("TimeGenerated");
Console.Write("\",");
Console.Write("\"");
Console.Write("TimeWritten");
Console.Write("\",");
Console.Write("\"");
Console.Write("MachineName");
Console.Write("\",");
Console.Write("\"");
Console.Write("Username");
Console.Write("\",");
Console.Write("\"");
Console.Write("Message");
Console.Write("\"");
Console.WriteLine();
}
private static void OutputLog(EventLogEntry entry, string source)
{
Console.Write("\"");
Console.Write(source);
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.InstanceId.ToString());
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.EntryType.ToString());
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.Category);
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.Source);
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.TimeGenerated.ToString("s"));
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.TimeWritten.ToString("s"));
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.MachineName);
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.UserName);
Console.Write("\",");
Console.Write("\"");
Console.Write(entry.Message.Replace("\"", "'"));
Console.Write("\"");
Console.WriteLine();
}
private static void ShowHelp()
{
Console.WriteLine("EventLog with regular expressions:");
Console.WriteLine();
Console.WriteLine(String.Format("{0} {1}",
System.IO.Path.GetFileNameWithoutExtension(Environment.GetCommandLineArgs()[0]),
"/h /p /n /q /s:{EventLogSource} \"{RegularExpression}\""));
Console.WriteLine();
Console.WriteLine();
Console.WriteLine();
Console.WriteLine("\t/h\tShow help.");
Console.WriteLine("\t/p\tIf regular expressoin is match, to EventLog export.");
Console.WriteLine("\t/p\tIf regular expression is not match, to EventLog export.");
Console.WriteLine("\t/q\tQuit mode.");
Console.WriteLine("\t/s:{EventLogSource}\n\t\tExporting EventLog source name.");
Console.WriteLine("\t\"{RegularExpression}\"\n\t\tSearch keyword");
Console.WriteLine();
}
}
}