Log Parser - Query through MSUtill and Read Record through C# codes

StackOverflow https://stackoverflow.com/questions/10518927

  •  07-06-2021
  •  | 
  •  

Question

i find lot of Threads about Log Parser, but none fulfill my desire,

i need to Apply this query over log parser select * from security

And get the event rows, then read them row by row, knowing which column i access...

please help...

what should be down: 1.Query Windows Event Through LogParser.dll (Using MSUtill Library) 2.Get and put the rows inside any container 3.read rows one by one 4.be capable to separate each cell of row, and read them separately like access event id column, or message column ...

--To the question

there were things, but i didng get them, for example, the person use this, take single row, but i need multi row, i'm wonder what to convert next :| what class i need to use

LogQueryClass logger = new LogQueryClassClass();
            COMIISW3CInputContextClass inputContext = new COMIISW3CInputContextClassClass();
            string query = // i change it during test
            ILogRecord record = logger.Execute(query, inputContext).getRecord();

or another use this : it seem that return single result too

// prepare LogParser Recordset & Record objects
            ILogRecordset rsLP = null;
            ILogRecord rowLP = null;

            LogQueryClassClass LogParser = null;
            COMW3CInputContextClassClass W3Clog = null;

            double UsedBW = 0;
            int Unitsprocessed;
            double sizeInBytes;

            string strSQL = null;

            LogParser = new LogQueryClassClass();
            W3Clog = new COMW3CInputContextClassClass();

            try
            {
                //W3C Logparsing SQL. Replace this SQL query with whatever 
                //you want to retrieve. The example below 
                //will sum up all the bandwidth
                //Usage of a specific folder with name 
                //"userID". Download Log Parser 2.2 
                //from Microsoft and see sample queries.

                strSQL = //the query (i changed it during test)

                // run the query against W3C log
                rsLP = LogParser.Execute(strSQL, W3Clog);

                rowLP = rsLP.getRecord();

                Unitsprocessed = rsLP.inputUnitsProcessed;

                if (rowLP.getValue(0).ToString() == "0" ||
                    rowLP.getValue(0).ToString() == "")
                {
                    //Return 0 if an err occured
                    UsedBW = 0;
                    return UsedBW;
                }

                //Bytes to MB Conversion
                double Bytes = Convert.ToDouble(rowLP.getValue(0).ToString());
                UsedBW = Bytes / (1024 * 1024);

best query i find was this, it search inside registery ( i dont have the orginal query since i changed it

ILogRecordset rs = null;
            try
            {
                LogQueryClass qry = new LogQueryClass();
                COMRegistryInputContextClass registryFormat = new COMRegistryInputContextClass();
                string query = //Chnaged it
                rs = qry.Execute(query, registryFormat);
                for (; !rs.atEnd(); rs.moveNext())
                    Console.WriteLine(rs.getRecord().toNativeString(","));
            }
            finally
            {
                rs.close();
            }

also there are things, which seem to return data to SQL not as live object :|

since i gonna write service, i want to have minimum possible access to data base for exchange data, just store current data

--Edit:

let me add, my query (using passing "log parser.exe" argument) was like this, but it's so rude for me to call a exe file, inside of a service.

myProc.StartInfo.Arguments = " \"select * INTO AuditLogParser from \\\\" + Dns.GetHostName() +
                                         "\\security WHERE TimeGenerated >= '" + startDate +
                                         "' and TimeGenerated <'" + endDate +
                                         "' and (eventid=560 or eventid=540)\" -o:SQL -server:\"" +
                                         Dns.GetHostName() +
                                         "\\sqlexpress\"  -database:SecurityLog -driver:\"SQL Server\" -username:TrainAudit -password:Password.110 -createtable:OFF";
Was it helpful?

Solution

The following sample code uses LogParser to read the file name and size from a local directory named C:\Bat

LogQueryClass logQuery = new LogQueryClassClass();

COMFileSystemInputContextClass inputFormat = new COMFileSystemInputContextClassClass();
inputFormat.recurse = 0;

String strQuery = @"SELECT Name, Size FROM 'C:\Bat\*.*' ORDER BY Name ASC";

ILogRecordset results = logQuery.Execute(strQuery, inputFormat);
while (! results.atEnd())
{
    Console.WriteLine(String.Format("File: {0} Size: {1}", results.getRecord().getValue("Name"), results.getRecord().getValue(1)));
    results.moveNext();
}

Note that I can access the column by the name of the column from the query or by the column index.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top