Last active
August 3, 2022 02:45
-
-
Save maddyblue/cdf2e423329ae06e37d0 to your computer and use it in GitHub Desktop.
c# event log watcher
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| docker run --rm -e \ | |
| LOGSTASH_CONFIG_URL=https://gist.githubusercontent.com/mjibson/cdf2e423329ae06e37d0/raw/logstash.conf \ | |
| -p 9292:9292 \ | |
| -p 9200:9200 \ | |
| -p 5123:5123 \ | |
| pblittle/docker-logstash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Newtonsoft.Json; | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.Net.Sockets; | |
| using System.Threading; | |
| namespace logstashtest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { | |
| var w = new LogsWatcher(); | |
| if (!EventLog.SourceExists("testsrc")) | |
| { | |
| EventLog.CreateEventSource("testsrc", "Application"); | |
| } | |
| Thread.Sleep(1000); | |
| EventLog.WriteEntry("testsrc", "test event"); | |
| Thread.Sleep(1000 * 30 * 1000); | |
| } | |
| } | |
| public class LogsWatcher | |
| { | |
| List<EventLog> logs { get; set; } | |
| public LogsWatcher() | |
| { | |
| OnStart(new string[] { }); | |
| } | |
| protected /*override*/ void OnStart(string[] args) | |
| { | |
| var names = new string[] { | |
| "Application", | |
| "System", | |
| }; | |
| logs = new List<EventLog>(); | |
| foreach (var n in names) | |
| { | |
| var log = new EventLog(n); | |
| log.EnableRaisingEvents = true; | |
| log.EntryWritten += new EntryWrittenEventHandler(OnEntryWritten); | |
| logs.Add(log); | |
| Console.WriteLine("added {0}", n); | |
| } | |
| } | |
| protected void OnEntryWritten(object source, EntryWrittenEventArgs evt) | |
| { | |
| var e = evt.Entry; | |
| Console.WriteLine("got {0}: {1}", e.Source, e.Message); | |
| var v = new | |
| { | |
| EntryType = e.EntryType, | |
| Index = e.Index, | |
| InstanceId = e.InstanceId, | |
| MachineName = e.MachineName, | |
| Message = e.Message, | |
| Source = e.Source, | |
| TimeGenerated = e.TimeGenerated.ToUniversalTime(), | |
| TimeWritten = e.TimeWritten.ToUniversalTime(), | |
| UserName = e.UserName, | |
| }; | |
| var msg = JsonConvert.SerializeObject(v); | |
| var data = System.Text.Encoding.UTF8.GetBytes(msg); | |
| Console.WriteLine(msg); | |
| using (var client = new TcpClient("192.168.59.103", 5123)) | |
| using (var stream = client.GetStream()) | |
| { | |
| stream.Write(data, 0, data.Length); | |
| stream.Flush(); | |
| Console.WriteLine("sent {0} {1}", client.Connected, stream.CanWrite); | |
| } | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| #stdin { | |
| # type => "stdin-type" | |
| #} | |
| #file { | |
| # type => "syslog" | |
| # path => [ "/var/log/*.log", "/var/log/messages", "/var/log/syslog" ] | |
| #start_position => "beginning" | |
| #} | |
| #tcp { | |
| # port => 5123 | |
| #} | |
| tcp { | |
| port => 5123 | |
| codec => json_lines | |
| tags => [ "net-json" ] | |
| } | |
| } | |
| #filter { | |
| #json { | |
| #source => "message" | |
| #} | |
| #} | |
| output { | |
| stdout { | |
| codec => rubydebug | |
| } | |
| elasticsearch { | |
| embedded => true | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment