in Lib/Collectors/EventLogCollector.cs [190:264]
public void ExecuteWindows(CancellationToken cancellationToken)
{
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
return;
}
void ParseWindowsLog(EventLogEntry entry)
{
if (opts.GatherVerboseLogs || entry.EntryType.ToString() == "Warning" || entry.EntryType.ToString() == "Error")
{
var sentences = entry.Message.Split('.');
//Let's add the periods back.
for (var i = 0; i < sentences.Length; i++)
{
sentences[i] = string.Concat(sentences[i], ".");
}
EventLogObject obj = new EventLogObject($"{entry.TimeGenerated.ToString("o", CultureInfo.InvariantCulture)} {entry.EntryType.ToString()} {entry.Message}")
{
Level = entry.EntryType.ToString(),
Summary = sentences[0],
Source = string.IsNullOrEmpty(entry.Source) ? null : entry.Source,
Timestamp = entry.TimeGenerated,
Data = new List<string>() { entry.Message }
};
HandleChange(obj);
}
}
EventLog[] logs = EventLog.GetEventLogs();
foreach (var log in logs)
{
if (cancellationToken.IsCancellationRequested)
{
break;
}
try
{
EventLogEntryCollection coll = log.Entries;
if (opts.SingleThread)
{
foreach (EventLogEntry? entry in coll)
{
if (cancellationToken.IsCancellationRequested)
{
break;
}
if (entry != null)
{
ParseWindowsLog(entry);
}
}
}
else
{
List<EventLogEntry> coll2 = new List<EventLogEntry>();
ParallelOptions po = new ParallelOptions();
po.CancellationToken = cancellationToken;
foreach (EventLogEntry? entry in coll)
{
if (entry != null)
{
coll2.Add(entry);
}
}
Parallel.ForEach(coll2, po, entry => ParseWindowsLog(entry));
}
}
catch (Exception e)
{
Log.Debug(e, "Error parsing log {0}", log.Source);
}
}
}