static bool CollectEVT(string Book)
{
EventLog eventLog;
eventLog = new EventLog(Book);
try
{
foreach (EventLogEntry log in eventLog.Entries)
{
EventLogReport ev = new EventLogReport();
ev.Category = log.Category;
ev.CategoryNumber = log.CategoryNumber;
ev.Data = log.Data;
ev.EventLog = Book;
ev.EventLogType = (int)log.EntryType;
ev.InstanceID = log.InstanceId;
ev.LogID = "";
ev.MachineID = SystemInfos.SysInfo.MachineID;
ev.Message = log.Message;
ev.Source = log.Source;
ev.TimeGenerated = log.TimeGenerated;
ev.TimeWritten = log.TimeWritten;
ev.JSONReplacementStrings = JsonConvert.SerializeObject(log.ReplacementStrings);
CommonUtilities.CalcEventLogID(ev);
HasEVTLogs.Add(ev.LogID);
lst.Add(ev);
}
}
catch
{
FoxEventLog.WriteEventLog("Cannot collect EventLog " + Book, EventLogEntryType.Error);
}
return(true);
}
public RESTStatus ReportEventLog(SQLLib sql, ListEventLogReport EventLogList, NetworkConnectionInfo ni)
{
if (ni.HasAcl(ACLFlags.ComputerLogin) == false)
{
ni.Error = "Access denied";
ni.ErrorID = ErrorFlags.AccessDenied;
return(RESTStatus.Denied);
}
EventLogList.MachineID = ni.Username;
lock (ni.sqllock)
{
if (Convert.ToInt32(sql.ExecSQLScalar("SELECT COUNT(*) FROM ComputerAccounts WHERE MachineID=@m",
new SQLParam("@m", EventLogList.MachineID))) == 0)
{
ni.Error = "Invalid MachineID";
ni.ErrorID = ErrorFlags.InvalidValue;
return(RESTStatus.Denied);
}
}
if (EventLogList.Items == null)
{
ni.Error = "Invalid Items";
ni.ErrorID = ErrorFlags.InvalidValue;
return(RESTStatus.Fail);
}
if (EventLogList.Items.Count == 0)
{
return(RESTStatus.Created);
}
DateTime DT = DateTime.Now;
foreach (EventLogReport ar in EventLogList.Items)
{
if (NullTest.Test(ar) == false)
{
ni.Error = "Invalid Items";
ni.ErrorID = ErrorFlags.InvalidValue;
return(RESTStatus.Fail);
}
CommonUtilities.CalcEventLogID(ar);
}
List <SQLParam> sqlparams = new List <SQLParam>();
sqlparams.Add(new SQLParam("@id", EventLogList.MachineID));
int count = 1;
string vars = "";
foreach (EventLogReport ar in EventLogList.Items)
{
sqlparams.Add(new SQLParam("@p" + count.ToString(), ar.LogID));
vars += "@p" + count.ToString() + ",";
count++;
}
if (vars.EndsWith(",") == true)
{
vars = vars.Substring(0, vars.Length - 1);
}
List <string> LogIDinDB = new List <string>();
lock (ni.sqllock)
{
SqlDataReader dr = sql.ExecSQLReader("SELECT LogID FROM EventLog WHERE MachineID=@id and LogID in (" + vars + ")", sqlparams.ToArray());
while (dr.Read())
{
LogIDinDB.Add(Convert.ToString(dr["LogID"]));
}
dr.Close();
}
List <EventLogReport> RemoveEVL = new List <EventLogReport>();
foreach (EventLogReport ar in EventLogList.Items)
{
if (LogIDinDB.Contains(ar.LogID) == true)
{
RemoveEVL.Add(ar);
continue;
}
if (SettingsManager.Settings.KeepEventLogDays > 0)
{
if (ar.TimeGenerated < DateTime.UtcNow.AddDays(0 - SettingsManager.Settings.KeepEventLogDays))
{
RemoveEVL.Add(ar);
continue;
}
}
}
foreach (EventLogReport ar in RemoveEVL)
{
EventLogList.Items.Remove(ar);
}
List <EventLogReportFull> car = new List <EventLogReportFull>();
lock (ni.sqllock)
{
try
{
sql.BeginTransaction();
sql.SEHError = true;
foreach (EventLogReport ar in EventLogList.Items)
{
EventLogReportFull arr = new EventLogReportFull();
ClassCopy.CopyClassData(ar, arr);
arr.Reported = DateTime.UtcNow;
arr.MachineID = EventLogList.MachineID;
List <SQLData> d = sql.InsertFromClassPrep(arr);
foreach (SQLData dd in d)
{
if (dd.Column == "ID")
{
dd.Data = DBNull.Value;
break;
}
}
car.Add(arr);
sql.InsertFromClass("EventLog", arr);
}
sql.CommitTransaction();
}
catch (Exception ee)
{
sql.RollBackTransaction();
FoxEventLog.WriteEventLog("DB Error: Cannot insert data to EventLog: " + ee.ToString() + "\r\n\r\nJSON: " +
JsonConvert.SerializeObject(car, Formatting.Indented), System.Diagnostics.EventLogEntryType.Error);
return(RESTStatus.ServerError);
}
finally
{
sql.SEHError = false;
}
}
Thread t = new Thread(new ParameterizedThreadStart(new DReportingThread(ReportingThread)));
t.Start(car);
return(RESTStatus.Created);
}
static bool CollectEVT2(string Book)
{
try
{
EventLogSession session = new EventLogSession();
bool Found = false;
foreach (string logName in session.GetLogNames())
{
if (Book == logName)
{
Found = true;
break;
}
}
if (Found == false)
{
return(true);
}
EventLogReader evt = new EventLogReader(Book);
EventRecord log;
while ((log = evt.ReadEvent()) != null)
{
EventLogReport ev = new EventLogReport();
ev.Category = "(" + log.Id + ")";
ev.CategoryNumber = log.Id;
ev.Data = new byte[0];
ev.EventLog = Book;
switch (log.LevelDisplayName.ToLower())
{
case "information":
ev.EventLogType = (int)EventLogEntryType.Information; break;
case "warning":
ev.EventLogType = (int)EventLogEntryType.Warning; break;
case "error":
ev.EventLogType = (int)EventLogEntryType.Error; break;
default:
ev.EventLogType = (int)EventLogEntryType.Information; break;
}
ev.InstanceID = log.Id;
ev.LogID = "";
ev.MachineID = SystemInfos.SysInfo.MachineID;
ev.Message = MakeNiceXML(log.ToXml());
ev.Source = log.ProviderName;
ev.TimeGenerated = log.TimeCreated == null?DateTime.Now: log.TimeCreated.Value;
ev.TimeWritten = log.TimeCreated == null ? DateTime.Now : log.TimeCreated.Value;
ev.JSONReplacementStrings = "[]";
CommonUtilities.CalcEventLogID(ev);
HasEVTLogs.Add(ev.LogID);
lst.Add(ev);
}
}
catch
{
FoxEventLog.WriteEventLog("Cannot collect EventLog " + Book, EventLogEntryType.Error);
}
return(true);
}
