Separate FileList and TraitTypesList classes. Performance improvement…

… by skipping formatted message for any provider that returns an empty message (means the provider isn't locally registered).
smklancher · Sep 27, 2021 · 609ce86 · 609ce86
1 parent cfe29b5
commit 609ce86
Show file tree

Hide file tree

Showing 15 changed files with 370 additions and 375 deletions.
diff --git a/EventLogAnalyzer/EventLogAnalysis/ComparisonLine.cs b/EventLogAnalyzer/EventLogAnalysis/ComparisonLine.cs
diff --git a/EventLogAnalyzer/EventLogAnalysis/DictionaryOnInsertButSortedListOnAccess.cs b/EventLogAnalyzer/EventLogAnalysis/DictionaryOnInsertButSortedListOnAccess.cs
@@ -41,6 +41,8 @@ public class DictionaryOnInsertButSortedListOnAccess<T> : IList<T>
 
         //private bool mNeedsSort = true;
 
+        private object sortLock = new object();
+
         public int Count
         {
             get
@@ -84,15 +86,21 @@ private List<T> mSortedList
             {
                 if (mListIsDirty)
                 {
-                    mListIsDirty = false;
-                    mList = mDictionary.Values.ToList();
-                    mList.Sort();
-
-                    // If it has been locked then clear the dictionary
-                    if (IsLocked & mDictionary != null)
+                    lock (sortLock)
                     {
-                        mDictionary.Clear();
-                        mDictionary = null;
+                        if (mListIsDirty)
+                        {
+                            mList = mDictionary.Values.ToList();
+                            mList.Sort();
+                            mListIsDirty = false;
+
+                            // If it has been locked then clear the dictionary
+                            if (IsLocked & mDictionary != null)
+                            {
+                                mDictionary.Clear();
+                                mDictionary = null;
+                            }
+                        }
                     }
                 }
 

diff --git a/EventLogAnalyzer/EventLogAnalysis/ELRecord.cs b/EventLogAnalyzer/EventLogAnalysis/ELRecord.cs
@@ -1,6 +1,10 @@
 using System;
+using System.Collections.Generic;
 using System.ComponentModel;
 using System.Diagnostics.Eventing.Reader;
+using System.Linq;
+using System.Text;
+using Serilog;
 
 namespace EventLogAnalysis
 {
@@ -70,40 +74,75 @@ public string GetMessage()
         {
             if (!MessageIsLoaded)
             {
-                try
+                bool skipFormat = ProviderDoesNotUseFormattedMessages(Record.ProviderName);
+                if (Options.Instance.SkipFormattedMessage || skipFormat)
                 {
-                    Message = Record.FormatDescription();
+                    Message = PropertiesAsString();
                 }
-                catch (Exception ex)
+                else
                 {
-                    // TODO: check how different kind of exceptions should be handled, eg ERROR_EVT_INVALID_PUBLISHER_NAME
-                    //  https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
-                    MessageLoadExeption = ex;
-                }
-
-                if (string.IsNullOrEmpty(Message))
-                {
-                    if (Record.Properties.Count > 1)
+                    try
                     {
-                        Message = Record.Properties[0].Value.ToString() ?? string.Empty;
-                        var second = Record.Properties[1].Value.ToString() ?? string.Empty;
-                        AltMessage = true;
+                        Message = Record.FormatDescription();
                     }
-                    else if (Record.Properties.Count > 0)
+                    catch (Exception ex)
                     {
-                        Message = Record.Properties[0].Value.ToString() ?? string.Empty;
-                        AltMessage = true;
+                        // TODO: check how different kind of exceptions should be handled, eg ERROR_EVT_INVALID_PUBLISHER_NAME
+                        //  https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
+                        MessageLoadExeption = ex;
                     }
-                    else
+
+                    if (string.IsNullOrEmpty(Message))
                     {
-                        Message = string.Empty;
-                        AltMessage = true;
+                        if (!skipFormat)
+                        {
+                            Log.Information($"Skipping subsequent formatting for provider {Record.ProviderName} due to empty message.");
+                            if (MessageLoadExeption is not null)
+                            { Log.Information($"Additionally format attempt with provider {Record.ProviderName} threw error: {MessageLoadExeption.Message}."); }
+                            ParentLog.ProvidersNotToFormat.Add(Record.ProviderName);
+                        }
+
+                        if (Record.Properties.Count > 1)
+                        {
+                            Message = Record.Properties[0].Value.ToString() ?? string.Empty;
+                            var second = Record.Properties[1].Value.ToString() ?? string.Empty;
+                            AltMessage = true;
+                        }
+                        else if (Record.Properties.Count > 0)
+                        {
+                            Message = Record.Properties[0].Value.ToString() ?? string.Empty;
+                            AltMessage = true;
+                        }
+                        else
+                        {
+                            Message = string.Empty;
+                            AltMessage = true;
+                        }
                     }
                 }
+
                 MessageIsLoaded = true;
             }
 
             return Message;
         }
+
+        public string PropertiesAsString()
+        {
+            if (Record.Properties.Count == 0) { return string.Empty; }
+            if (Record.Properties.Count == 1) { return Record.Properties[0]?.Value?.ToString() ?? string.Empty; }
+
+            var sb = new StringBuilder();
+            int propIndex = 0;
+            foreach (var p in Record.Properties)
+            {
+                sb.AppendLine($"[{propIndex}] {p.Value}");
+                propIndex++;
+            }
+
+            return sb.ToString();
+        }
+
+        public bool ProviderDoesNotUseFormattedMessages(string providerName) => ParentLog.ProvidersNotToFormat.Contains(providerName);
     }
 }