Beispiel #1
0
 public void ParseLog(string query)
 {
     var logParser = new LogQueryClassClass();
     var logContext = new COMW3CInputContextClassClass();
     var outputContext = new COMCSVOutputContextClassClass { oDQuotes = @"AUTO" };
     logParser.ExecuteBatch(query, logContext, outputContext);
 }
        public GatherResult GatherLogs()
        {
            var dynamicResults = new List<dynamic>();
            DateTime? lastLogEntryTime = null;
            var logQuery = new LogQueryClassClass();
            var inputFormat = new COMW3CInputContextClassClass();
            const string query = "SELECT TO_TIMESTAMP(date, time) AS [EventTime], * FROM '{0}' WHERE EventTime > TIMESTAMP('{1}','yyyy-MM-dd HH:mm:ss')";

            var results =
                logQuery.Execute(string.Format(query, logLocation, LastLogEntrySent.ToString("yyyy-MM-dd HH:mm:ss")), inputFormat);
            var columnNames = new List<string>();
            var columnCount = results.getColumnCount();
            for (var i = 0; i < columnCount; ++i)
            {
                columnNames.Add(results.getColumnName(i));
            }

            while (!results.atEnd())
            {
                var obj = new ExpandoObject();
                IDictionary<string, object> underObject = obj;
                underObject.Add("Source", "IisLog");
                underObject.Add("Devicename", Environment.MachineName);
                var record = results.getRecord();
                var filtered = false;
                for (var i = 0; i < columnCount; ++i)
                {
                    if (columnNames[i] == "cs(User-Agent)")
                    {
                        var userAgent = (string)record.getValue(i);
                        if (filters.Any(f => userAgent.IndexOf(f) != -1))
                        {
                            filtered = true;
                            break;
                        };
                    }

                    if (columnNames[i] == "EventTime")
                    {
                        var eventDate = DateTime.Parse(((DateTime)record.getValue(i)).ToString("o") + "Z").ToUniversalTime();
                        if (eventDate > LastLogEntrySent) lastLogEntryTime = eventDate;
                        underObject.Add(columnNames[i], eventDate.ToString("o"));
                    }
                    else
                    {
                        underObject.Add(columnNames[i], record.getValue(i));
                    }
                }
                if(!filtered)
                    dynamicResults.Add(underObject);
                results.moveNext();
            }
            return new GatherResult
                {
                    Logs = dynamicResults,
                    LastLogEntryTime = lastLogEntryTime
                };
        }
Beispiel #3
0
        public GatherResult GatherLogs()
        {
            var          dynamicResults   = new List <dynamic>();
            DateTime?    lastLogEntryTime = null;
            var          logQuery         = new LogQueryClassClass();
            var          inputFormat      = new COMW3CInputContextClassClass();
            const string query            = "SELECT TO_TIMESTAMP(date, time) AS [EventTime], * FROM '{0}' WHERE EventTime > TIMESTAMP('{1}','yyyy-MM-dd HH:mm:ss')";

            var results =
                logQuery.Execute(string.Format(query, logLocation, LastLogEntrySent.ToString("yyyy-MM-dd HH:mm:ss")), inputFormat);
            var columnNames = new List <string>();
            var columnCount = results.getColumnCount();

            for (var i = 0; i < columnCount; ++i)
            {
                columnNames.Add(results.getColumnName(i));
            }

            while (!results.atEnd())
            {
                var obj = new ExpandoObject();
                IDictionary <string, object> underObject = obj;
                underObject.Add("Source", "IisLog");
                underObject.Add("Devicename", Environment.MachineName);
                var record   = results.getRecord();
                var filtered = false;
                for (var i = 0; i < columnCount; ++i)
                {
                    if (columnNames[i] == "cs(User-Agent)")
                    {
                        var userAgent = (string)record.getValue(i);
                        if (filters.Any(f => userAgent.IndexOf(f) != -1))
                        {
                            filtered = true;
                            break;
                        }
                        ;
                    }

                    if (columnNames[i] == "EventTime")
                    {
                        var eventDate = DateTime.Parse(((DateTime)record.getValue(i)).ToString("o") + "Z").ToUniversalTime();
                        if (eventDate > LastLogEntrySent)
                        {
                            lastLogEntryTime = eventDate;
                        }
                        underObject.Add(columnNames[i], eventDate.ToString("o"));
                    }
                    else
                    {
                        underObject.Add(columnNames[i], record.getValue(i));
                    }
                }
                if (!filtered)
                {
                    dynamicResults.Add(underObject);
                }
                results.moveNext();
            }
            return(new GatherResult
            {
                Logs = dynamicResults,
                LastLogEntryTime = lastLogEntryTime
            });
        }
Beispiel #4
0
        public static DataTable runQuery(string q, string context, Func <int, bool> updateCallback = null)
        {
            Object o = null;

            switch (context.ToLower())
            {
            case "active directory":
                o = new COMADSInputContextClassClass();
                break;

            case "iis binary":
                o = new COMIISBINInputContextClassClass();
                break;

            case "csv file":
                o = new COMCSVInputContextClassClass();
                break;

            case "windows trace":
                o = new COMETWInputContextClassClass();
                break;

            case "windows events":
                o = new COMEventLogInputContextClassClass();
                break;

            case "file system":
                o = new COMFileSystemInputContextClassClass();
                break;

            case "http error":
                o = new COMHttpErrorInputContextClassClass();
                break;

            case "iis":
                o = new COMIISIISInputContextClassClass();
                break;

            case "iis odbc":
                o = new COMIISODBCInputContextClassClass();
                break;

            case "iis w3c":
                o = new COMIISW3CInputContextClassClass();
                break;

            case "iis ncsa":
                o = new COMIISNCSAInputContextClassClass();
                break;

            case "netmon":
                o = new COMNetMonInputContextClassClass();
                break;

            case "registry":
                o = new COMRegistryInputContextClassClass();
                break;

            case "textline":
                o = new COMTextLineInputContextClassClass();
                break;

            case "textword":
                o = new COMTextWordInputContextClassClass();
                break;

            case "tsv file":
                o = new COMTSVInputContextClassClass();
                break;

            case "urlscan":
                o = new COMURLScanLogInputContextClassClass();
                break;

            case "w3c":
                o = new COMW3CInputContextClassClass();
                break;

            case "xml file":
                o = new COMXMLInputContextClassClass();
                break;

            case "rpower logs":
                o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerLogs"));
                break;

            case "rpower keys":
                o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerKeys"));
                break;

            case "rpower cc logs":
                o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerCC"));
                break;

            case "rpower dbf":
                o = Activator.CreateInstance(Type.GetTypeFromProgID("MSUtil.LogQuery.RPower.RPowerDB"));
                break;

            default:
                o = Activator.CreateInstance(Type.GetTypeFromProgID(context));
                break;
            }

            if (o == null)
            {
                return(null);
            }
            else
            {
                return(runQuery(q, o, updateCallback));
            }
        }