0 people like it.

Parallel Seq windows eventlogs

 1: 
 2: 
 3: 
 4: 
 5: 
 6: 
 7: 
 8: 
 9: 
10: 
11: 
12: 
13: 
14: 
15: 
16: 
17: 
18: 
19: 
20: 
21: 
22: 
23: 
24: 
25: 
26: 
27: 
28: 
29: 
30: 
31: 
32: 
33: 
34: 
35: 
36: 
37: 
38: 
39: 

(* Windows Evenlog Iterator *)
(* TODO: Op codes for eventID *)

open System
open System.Diagnostics

#r "FSharp.PowerPack.Parallel.Seq";;
open Microsoft.FSharp.Collections
open System.Linq

let logEnt (event, desc) = 
    async { 
        (new EventLog(event, ".")).Entries
            |> Seq.cast
            |> PSeq.filter(fun (x:EventLogEntry) -> x.InstanceId = desc )
            |> PSeq.iter(fun x -> printfn "%A" x.TimeGenerated.TimeOfDay) 
    }
    
let getLogData eventList =
        eventList
            |> Seq.map logEnt       
            |> Async.Parallel
            |> Async.RunSynchronously   
            |> ignore          

(* Software Protection Service *)            
getLogData[("application", 1033L)]
(* Real: 00:00:10.870, CPU: 00:00:05.928, GC gen0: 7, gen1: 1, gen2: 0*)

(* Depending on the type of event you are looking to get, 
   it is important to chose the correctly log for the given event.
   For example the below uses the security log to get logon info.
   Current secrurity log has 30,000 entries, this makes the iteration halve in speed.
   (in comparison to application log which has over 60,000 entries)
*)  

(* Logon *)
getLogData[("security", 4624L)]
(* Real: 00:00:06.945, CPU: 00:00:10.639, GC gen0: 20, gen1: 8, gen2: 0 *)
namespace System
namespace System.Diagnostics
namespace Microsoft
namespace Microsoft.FSharp
namespace Microsoft.FSharp.Collections
namespace System.Linq
val logEnt : event:string * desc:'a -> Async<unit>

Full name: Script.logEnt
val event : string
val desc : 'a
val async : AsyncBuilder

Full name: Microsoft.FSharp.Core.ExtraTopLevelOperators.async
Multiple items
type EventLog =
  inherit Component
  new : unit -> EventLog + 3 overloads
  member BeginInit : unit -> unit
  member Clear : unit -> unit
  member Close : unit -> unit
  member EnableRaisingEvents : bool with get, set
  member EndInit : unit -> unit
  member Entries : EventLogEntryCollection
  member Log : string with get, set
  member LogDisplayName : string
  member MachineName : string with get, set
  ...

Full name: System.Diagnostics.EventLog

--------------------
EventLog() : unit
EventLog(logName: string) : unit
EventLog(logName: string, machineName: string) : unit
EventLog(logName: string, machineName: string, source: string) : unit
module Seq

from Microsoft.FSharp.Collections
val cast : source:Collections.IEnumerable -> seq<'T>

Full name: Microsoft.FSharp.Collections.Seq.cast
type EventLogEntry =
  inherit Component
  member Category : string
  member CategoryNumber : int16
  member Data : byte[]
  member EntryType : EventLogEntryType
  member Equals : otherEntry:EventLogEntry -> bool
  member EventID : int
  member Index : int
  member InstanceId : int64
  member MachineName : string
  member Message : string
  ...

Full name: System.Diagnostics.EventLogEntry
val printfn : format:Printf.TextWriterFormat<'T> -> 'T

Full name: Microsoft.FSharp.Core.ExtraTopLevelOperators.printfn
val getLogData : eventList:seq<string * 'a> -> unit

Full name: Script.getLogData
val eventList : seq<string * 'a>
val map : mapping:('T -> 'U) -> source:seq<'T> -> seq<'U>

Full name: Microsoft.FSharp.Collections.Seq.map
Multiple items
type Async
static member AsBeginEnd : computation:('Arg -> Async<'T>) -> ('Arg * AsyncCallback * obj -> IAsyncResult) * (IAsyncResult -> 'T) * (IAsyncResult -> unit)
static member AwaitEvent : event:IEvent<'Del,'T> * ?cancelAction:(unit -> unit) -> Async<'T> (requires delegate and 'Del :> Delegate)
static member AwaitIAsyncResult : iar:IAsyncResult * ?millisecondsTimeout:int -> Async<bool>
static member AwaitTask : task:Task<'T> -> Async<'T>
static member AwaitWaitHandle : waitHandle:WaitHandle * ?millisecondsTimeout:int -> Async<bool>
static member CancelDefaultToken : unit -> unit
static member Catch : computation:Async<'T> -> Async<Choice<'T,exn>>
static member FromBeginEnd : beginAction:(AsyncCallback * obj -> IAsyncResult) * endAction:(IAsyncResult -> 'T) * ?cancelAction:(unit -> unit) -> Async<'T>
static member FromBeginEnd : arg:'Arg1 * beginAction:('Arg1 * AsyncCallback * obj -> IAsyncResult) * endAction:(IAsyncResult -> 'T) * ?cancelAction:(unit -> unit) -> Async<'T>
static member FromBeginEnd : arg1:'Arg1 * arg2:'Arg2 * beginAction:('Arg1 * 'Arg2 * AsyncCallback * obj -> IAsyncResult) * endAction:(IAsyncResult -> 'T) * ?cancelAction:(unit -> unit) -> Async<'T>
static member FromBeginEnd : arg1:'Arg1 * arg2:'Arg2 * arg3:'Arg3 * beginAction:('Arg1 * 'Arg2 * 'Arg3 * AsyncCallback * obj -> IAsyncResult) * endAction:(IAsyncResult -> 'T) * ?cancelAction:(unit -> unit) -> Async<'T>
static member FromContinuations : callback:(('T -> unit) * (exn -> unit) * (OperationCanceledException -> unit) -> unit) -> Async<'T>
static member Ignore : computation:Async<'T> -> Async<unit>
static member OnCancel : interruption:(unit -> unit) -> Async<IDisposable>
static member Parallel : computations:seq<Async<'T>> -> Async<'T []>
static member RunSynchronously : computation:Async<'T> * ?timeout:int * ?cancellationToken:CancellationToken -> 'T
static member Sleep : millisecondsDueTime:int -> Async<unit>
static member Start : computation:Async<unit> * ?cancellationToken:CancellationToken -> unit
static member StartAsTask : computation:Async<'T> * ?taskCreationOptions:TaskCreationOptions * ?cancellationToken:CancellationToken -> Task<'T>
static member StartChild : computation:Async<'T> * ?millisecondsTimeout:int -> Async<Async<'T>>
static member StartChildAsTask : computation:Async<'T> * ?taskCreationOptions:TaskCreationOptions -> Async<Task<'T>>
static member StartImmediate : computation:Async<unit> * ?cancellationToken:CancellationToken -> unit
static member StartWithContinuations : computation:Async<'T> * continuation:('T -> unit) * exceptionContinuation:(exn -> unit) * cancellationContinuation:(OperationCanceledException -> unit) * ?cancellationToken:CancellationToken -> unit
static member SwitchToContext : syncContext:SynchronizationContext -> Async<unit>
static member SwitchToNewThread : unit -> Async<unit>
static member SwitchToThreadPool : unit -> Async<unit>
static member TryCancelled : computation:Async<'T> * compensation:(OperationCanceledException -> unit) -> Async<'T>
static member CancellationToken : Async<CancellationToken>
static member DefaultCancellationToken : CancellationToken

Full name: Microsoft.FSharp.Control.Async

--------------------
type Async<'T>

Full name: Microsoft.FSharp.Control.Async<_>
static member Async.Parallel : computations:seq<Async<'T>> -> Async<'T []>
static member Async.RunSynchronously : computation:Async<'T> * ?timeout:int * ?cancellationToken:Threading.CancellationToken -> 'T
val ignore : value:'T -> unit

Full name: Microsoft.FSharp.Core.Operators.ignore
Raw view Test code New version

More information

Link:http://fssnip.net/5w
Posted:15 years ago
Author:
Tags:

This web site is created using F# and Suave web server. It is hosted on Azure and the source code is on GitHub. Contributions are welcome!

The first version of fssnip.net has been created by @tomaspetricek back in 2010. This web site is a new, open-source and contribution-friendly version.