EventLog Path not found - c#

I have a simple program designed to send Event Logs when used. I managed to get most of the event logs out of the system, but there are some that throw an Exception (EventLogException : {"The system cannot find the path specified"}).
This program works for every file, except the ones with a "%4" in their names (example : Microsoft-Windows-Wired-AutoConfig%4Operational.evtx)
The code is the following :
EventLogSession Session = new EventLogSession();
Console.WriteLine("Collecting Info started %4");
Console.WriteLine("Creating Temp Folder");
Directory.CreateDirectory(Environment.CurrentDirectory + "\\Temp");
Console.WriteLine("Acquiring System logs");
foreach (string #item in Session.GetLogNames())
{
try
{
Session.ExportLogAndMessages(#item, PathType.LogName, "*", Environment.CurrentDirectory + "\\Temp\\" + #item + ".evtx");
}
catch(EventLogException EvLgEx)
{
{ }
}
}
Console.WriteLine("Done aquiring logs");
Any help is greatly appreciated.

Related

Log Appium testresults to console

Appium won't log the test results (of the UI-tests, executed with adb emulator) to the debug output (Deug.WriteLine).
According to the documentation, get test logs is possible with the following line
ILogs logs = driver.Manage().Logs;
Hower, Appium has different log types:
Browser
Client
Driver
Profiler
Server
I tried every single log type with the following code. But by executing I don't get any result and the test will (where I put the code) fail. Does anyone have a solution for this problem?
ReadOnlyCollection<LogEntry> logs = _driver.Manage().Logs.GetLog(LogType.Browser);
// ReadOnlyCollection<LogEntry> logs = _driver.Manage().Logs.GetLog(LogType.Client);
// ReadOnlyCollection<LogEntry> logs = _driver.Manage().Logs.GetLog(LogType.Driver);
// ReadOnlyCollection<LogEntry> logs = _driver.Manage().Logs.GetLog(LogType.Profiler);
// ReadOnlyCollection<LogEntry> logs = _driver.Manage().Logs.GetLog(LogType.Server);
foreach (var log in logs)
{
Debug.WriteLine("Time: " + log.Timestamp);
Debug.WriteLine("Message: " + log.Message);
Debug.WriteLine("Level: " + log.Level);
}
I just figure out.
Check this article first
relaxed Security AppiumService
Get the log type
IReadOnlyCollection<string> logTypes = driver.Manage().Logs.AvailableLogTypes;
foreach (string logType in logTypes)
{
Console.WriteLine(logType);
//logcat
//bugreport
//server
}
Print logs
public static void PrintLogs(string logType)
{
try
{
ILogs _logs = driver.Manage().Logs;
var browserLogs = _logs.GetLog(logType);
if (browserLogs.Count > 0)
{
foreach (var log in browserLogs)
{
//log the message in a file
Console.WriteLine(log);
}
}
}
catch(Exception e)
{
//There are no log types present
Console.WriteLine(e.ToString());
}
Picture : C# Console Print appium log
In java I am doing it using the following code:
List<LogEntry> logEntries = driver.manage().logs().get("logcat").getAll();
for (LogEntry logEntry : logEntries) {
System.out.println(logEntry);
}
Not sure if this method works for C#. Please give it a try
List<LogEntry> logEntries = _driver.Manage().Logs().Get("logcat").GetAll();

C# Windows Service Not Compressing Folder Correctly

Im currently building a Windows service that will be used to create backups of logs. Currently, the logs are stored at the path E:\Logs and intent is to copy the contents, timestamp their new folder and compress it. After this, you should have E:\Logs and E:\Logs_[Timestamp].zip. The zip will be moved to C:\Backups\ for later processing. Currently, I am using the following to try and zip the log folder:
var logDirectory = "E://Logs";
var timeStamp = DateTime.Now.ToString("yyyyMMddHHmm");
var zippedFolder = logDirectory + "_" + timeStamp + ".zip";
System.IO.Compression.ZipFile.CreateFromDirectory(logDirectory, zippedFolder);
While this appears to create a zip folder, I get the error Windows cannot open the folder. The Compressed (zipped) Folder E:\Logs_201805161035.zip is invalid.
To address any troubleshooting issues, the service is running with an AD account that has a sufficient permission level to perform administrative tasks. Another thing to consider is that the service kicks off when its FileSystemWatcher detects a new zip folder in the path C:\Aggregate. Since there are many zip folders that are added to C:\Aggregate at once, the FileSystemWatcher creates a new Task for each zip found. You can see how this works in the following:
private void FileFoundInDrops(object sender, FileSystemEventArgs e)
{
var aggregatePath = new DirectoryInfo("C://Aggregate");
if (e.FullPath.Contains(".zip"))
{
Task task = Task.Factory.StartNew(() =>
{
try
{
var logDirectory = "E://Logs";
var timeStamp = DateTime.Now.ToString("yyyyMMddHHmm");
var zippedFolder = logDirectory + "_" + timeStamp + ".zip";
ZipFile.CreateFromDirectory(logDirectory, zippedFolder);
}
catch (Exception ex)
{
Log.WriteLine(System.DateTime.Now.ToString() + " - ERROR: " + ex);
}
});
task.Dispose();
}
}
How can I get around the error I am receiving? Any help would be appreciated!

Event Log - EntryWrittenEventArgs returning Event ID's

I am working on a simple C# Windows Service that listens to the EventLog via the "EntryWrittenEventHandler" handler and watch for logon logoff events and then write them to a DB.
The service was working as expected for a few days and then suddenly I am not seeing anything get written on logon and logoff events. I am seeing the EntryWrittenEventHandler handler be triggered on each new Security EventLog write...but within the EntryWrittenEventArgs class...I am seeing every entry be reported as "Event ID 0" and this message:
"
Message
"The description for Event ID '0' in Source '' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:"
string
message
"The description for Event ID '0' in Source '' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:"
string
+ owner
{System.Diagnostics.EventLogInternal}
System.Diagnostics.EventLogInternal
ReplacementStrings
{string[0]} string[]
Source
"" string
+ TimeGenerated
{12/31/1969 7:00:00 PM}
System.DateTime
+ TimeWritten
{12/31/1969 7:00:00 PM}
System.DateTime
UserName
null string"
Not sure whats going on. Opening the EventLog on the server in question...I can see all the entries as expected. The date is also from 1969...which is weird as well.
Here is my code of what is going on so far:
public Audit()
{
CanHandleSessionChangeEvent = true;
//Start the EventLog Watcher
startEventLogWatch();
}
private void startEventLogWatch()
{
EventLog eLog = new EventLog("Security");
eLog.EntryWritten += new EntryWrittenEventHandler(EventLog_OnEntryWritten);
eLog.EnableRaisingEvents = true;
}
private void EventLog_OnEntryWritten(object source, EntryWrittenEventArgs e)
{
try
{
if (e.Entry.InstanceId.ToString() == "4624")
{
EventAudit eventAuditEntry = new EventAudit();
eventAuditEntry = LogonEvent(e);
if (eventAuditEntry.ADUserName != null)
{
WriteDBEntry(eventAuditEntry);
}
}
else if (e.Entry.InstanceId.ToString() == "4647")
{
EventAudit eventAuditEntry = new EventAudit();
eventAuditEntry = LogoffEvent(e);
if (eventAuditEntry.ADUserName != null)
{
WriteDBEntry(eventAuditEntry);
}
}
}
catch (Exception ex)
{
eventLog1.WriteEntry("A general error has occured. The error message is as follows: " + ex.Message.ToString(), EventLogEntryType.Error, 2001);
}
}

Directory.CreateDirectory(Path) does not create the given folder

This code is running in a ASP Page.
try
{
DirectoryInfo di = Directory.CreateDirectory(destDir);
DirectoryInfo diOut = Directory.CreateDirectory(destDir + "\\output");
if (di.Exists)
{
ErrorLog(Server.MapPath("Logs/ErrorLog"),"created or existing destDir: " + destDir );
}
if (diOut.Exists)
{
ErrorLog(Server.MapPath("Logs/ErrorLog"),"created or existing outputDir:" + destDir +"\\output" );
}
}
catch(Exception e)
{
ErrorLog(Server.MapPath("Logs/ErrorLog"),"caught error: " + e.ToString() );
}
The value of dst dir is:
d:\foo-server\THE\jobgenerator\xmlinput\tmp_JobGenerator_09_08_201216_09_21_718374_THE
The parent folder d:\foo-server\THE\jobgenerator\xmlinput already exists.
The log output says that the destDir has been created but when I check the folder I can see that there has been nothing created. The Site is running on a IIS, the configured user has full permission on the parent folder.
I dont understand why the di.Exists results in true even if the folder has not been created. Also no Exception will be thrown.
Thanks for the help.

Reading EventLog C# Errors

I have this code in my ASP.NET application written in C# that is trying to read the eventlog, but it returns an error.
EventLog aLog = new EventLog();
aLog.Log = "Application";
aLog.MachineName = "."; // Local machine
foreach (EventLogEntry entry in aLog.Entries)
{
if (entry.Source.Equals("tvNZB"))
Label_log.Text += "<p>" + entry.Message;
}
One of the entries it returns is "The description for Event ID '0' in Source 'tvNZB' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Service started successfully.'"
I only want the 'Service started successfully'. Any ideas?
Try this :)
EventLog aLog = new EventLog();
aLog.Log = "Application";
aLog.MachineName = "."; // Local machine
string message = "\'Service started\'";
foreach (EventLogEntry entry in aLog.Entries)
{
if (entry.Source.Equals("tvNZB")
&& entry.EntryType == EventLogEntryType.Information)
{
if (entry.Message.EndsWith(message))
{
Console.Out.WriteLine("> " + entry.Message);
//do stuff
}
}
}
It works on Win XP home. The message might be different on another OS.
Best way: dump entry.Message by System.Diagnostics.Trace.Write and see the exact message.
Hope it works smoothly :)

Categories