i find lot of Threads about Log Parser, but none fulfill my desire,
i need to Apply this query over log parser select * from security
And get the event rows, then read them row by row, knowing which column i access...
please help...
what should be down: 1.Query Windows Event Through LogParser.dll (Using MSUtill Library) 2.Get and put the rows inside any container 3.read rows one by one 4.be capable to separate each cell of row, and read them separately like access event id column, or message column ...
there were things, but i didng get them, for example, the person use this, take single row, but i need multi row, i'm wonder what to convert next :| what class i need to use
LogQueryClass logger = new LogQueryClassClass();
COMIISW3CInputContextClass inputContext = new COMIISW3CInputContextClassClass();
string query = // i change it during test
ILogRecord record = logger.Execute(query, inputContext).getRecord();
or another use this : it seem that return single result too
// prepare LogParser Recordset & Record objects
ILogRecordset rsLP = null;
ILogRecord rowLP = null;
LogQueryClassClass LogParser = null;
COMW3CInputContextClassClass W3Clog = null;
double UsedBW = 0;
int Unitsprocessed;
double sizeInBytes;
string strSQL = null;
LogParser = new LogQueryClassClass();
W3Clog = new COMW3CInputContextClassClass();
try
{
//W3C Logparsing SQL. Replace this SQL query with whatever
//you want to retrieve. The example below
//will sum up all the bandwidth
//Usage of a specific folder with name
//"userID". Download Log Parser 2.2
//from Microsoft and see sample queries.
strSQL = //the query (i changed it during test)
// run the query against W3C log
rsLP = LogParser.Execute(strSQL, W3Clog);
rowLP = rsLP.getRecord();
Unitsprocessed = rsLP.inputUnitsProcessed;
if (rowLP.getValue(0).ToString() == "0" ||
rowLP.getValue(0).ToString() == "")
{
//Return 0 if an err occured
UsedBW = 0;
return UsedBW;
}
//Bytes to MB Conversion
double Bytes = Convert.ToDouble(rowLP.getValue(0).ToString());
UsedBW = Bytes / (1024 * 1024);
best query i find was this, it search inside registery ( i dont have the orginal query since i changed it
ILogRecordset rs = null;
try
{
LogQueryClass qry = new LogQueryClass();
COMRegistryInputContextClass registryFormat = new COMRegistryInputContextClass();
string query = //Chnaged it
rs = qry.Execute(query, registryFormat);
for (; !rs.atEnd(); rs.moveNext())
Console.WriteLine(rs.getRecord().toNativeString(","));
}
finally
{
rs.close();
}
also there are things, which seem to return data to SQL not as live object :|
let me add, my query (using passing "log parser.exe" argument) was like this, but it's so rude for me to call a exe file, inside of a service.
myProc.StartInfo.Arguments = " \"select * INTO AuditLogParser from \\\\" + Dns.GetHostName() +
"\\security WHERE TimeGenerated >= '" + startDate +
"' and TimeGenerated <'" + endDate +
"' and (eventid=560 or eventid=540)\" -o:SQL -server:\"" +
Dns.GetHostName() +
"\\sqlexpress\" -database:SecurityLog -driver:\"SQL Server\" -username:TrainAudit -password:Password.110 -createtable:OFF";
The following sample code uses LogParser to read the file name and size from a local directory named C:\Bat
LogQueryClass logQuery = new LogQueryClassClass();
COMFileSystemInputContextClass inputFormat = new COMFileSystemInputContextClassClass();
inputFormat.recurse = 0;
String strQuery = @"SELECT Name, Size FROM 'C:\Bat\*.*' ORDER BY Name ASC";
ILogRecordset results = logQuery.Execute(strQuery, inputFormat);
while (! results.atEnd())
{
Console.WriteLine(String.Format("File: {0} Size: {1}", results.getRecord().getValue("Name"), results.getRecord().getValue(1)));
results.moveNext();
}
Note that I can access the column by the name of the column from the query or by the column index.