public void TestPurge()
{
AuditLogEntityModelSettings entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings;
bool isEnabled = entityModelSettings.IsEnabled;
const int createdLogEntries = 10;
const int maximumLogEntries = 5;
try
{
var auditLogEntries = new List <LogonAuditLogEntry>();
// Create 10 audit log entries
for (int i = 0; i < createdLogEntries; i++)
{
auditLogEntries.Add(new LogonAuditLogEntry());
}
Entity.Save(auditLogEntries);
Assert.GreaterOrEqual(GetCountEntityModelAuditLogEntries(), createdLogEntries, "The number of log entries is invalid");
var auditLogSettings = Entity.Get <AuditLogSettings>("tenantAuditLogSettingsInstance", true);
auditLogSettings.MaxAuditLogEntries = maximumLogEntries;
auditLogSettings.Save();
entityModelSettings.IsEnabled = true;
var deleter = new AuditLogEntityModelDeleter();
Assert.Greater(deleter.Purge(), 0, "The number of log entries purged is invalid");
Assert.AreEqual(maximumLogEntries, GetCountEntityModelAuditLogEntries(), "The number of remaining log entries is invalid");
}
finally
{
entityModelSettings.IsEnabled = isEnabled;
}
}
/// <summary>
/// Initializes the <see cref="AuditLogInstance" /> class.
/// </summary>
static AuditLogInstance()
{
IList <IAuditLogWriter> auditLogWriters = new List <IAuditLogWriter>();
try
{
AuditLogConfiguration auditLogConfiguration = ConfigurationSettings.GetAuditLogConfigurationSection();
if (auditLogConfiguration?.EventLogSettings != null && auditLogConfiguration.EventLogSettings.IsEnabled)
{
auditLogWriters.Add(new AuditLogEventLogWriter(EventLog.Application));
}
if (auditLogConfiguration?.EntityModelSettings != null && auditLogConfiguration.EntityModelSettings.IsEnabled)
{
auditLogWriters.Add(new AuditLogEntityModelWriter(new AuditLogEntityModelDeleter()));
}
if (auditLogConfiguration?.SyslogSettings != null && auditLogConfiguration.SyslogSettings.IsEnabled && !string.IsNullOrEmpty(auditLogConfiguration.SyslogSettings.HostName) && auditLogConfiguration.SyslogSettings.Port > 0)
{
IStreamProvider tcpStreamProvider = new TcpStreamProvider(auditLogConfiguration.SyslogSettings.HostName, auditLogConfiguration.SyslogSettings.Port, true, auditLogConfiguration.SyslogSettings.IsSecure, auditLogConfiguration.SyslogSettings.IgnoreSslErrors);
ISyslogMessageSerializer syslogMsgSerializer = new SyslogMessageSerializer();
ISyslogMessageWriter streamWriter = new SyslogStreamWriter(tcpStreamProvider, syslogMsgSerializer);
ISyslogMessageWriter queueingMessageWriter = new SyslogQueueingMessageWriter(streamWriter);
auditLogWriters.Add(new AuditLogSyslogWriter(queueingMessageWriter));
}
}
catch (Exception ex)
{
EventLog.Application.WriteError("AuditLogInstance failed to initialize. Error: {0}.", ex.ToString());
}
AuditLogInstanceInternal = new AuditLog(auditLogWriters);
}
public void TestWriteAuditLogEntryToSyslog()
{
AuditLogSyslogSettings sysLogSettings = ConfigurationSettings.GetAuditLogConfigurationSection().SyslogSettings;
bool isEnabled = sysLogSettings.IsEnabled;
try
{
var mockSyslogMessageWriter = new Mock <ISyslogMessageWriter>(MockBehavior.Strict);
// Ensure event log is enabled
sysLogSettings.IsEnabled = true;
var syslogWriter = new AuditLogSyslogWriter(mockSyslogMessageWriter.Object);
IAuditLogEntryData auditLogEventData = new AuditLogEntryData(false, "logonAuditLogEntryMetadata", new Dictionary <string, object>
{
{ "p1", "p1Value" },
{ "p2", "p2Value" }
});
mockSyslogMessageWriter.Setup(w => w.Write(It.Is <SyslogMessage>(m => ValidateMessage(m, auditLogEventData))));
syslogWriter.Write(auditLogEventData);
mockSyslogMessageWriter.VerifyAll();
}
finally
{
sysLogSettings.IsEnabled = isEnabled;
}
}
public void TestWriteAuditLogEntryToEventLog(AuditLogSeverityEnum_Enumeration severity)
{
var eventLogSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EventLogSettings;
bool isEnabled = eventLogSettings.IsEnabled;
try
{
var mockEventLog = new Mock <IEventLog>(MockBehavior.Strict);
switch (severity)
{
case AuditLogSeverityEnum_Enumeration.AuditLogError:
mockEventLog.Setup(l => l.WriteError(It.Is <string>(s => s.StartsWith("Audit log entry.") && s.Contains("p1Value") && s.Contains("p2Value"))));
break;
case AuditLogSeverityEnum_Enumeration.AuditLogInformation:
mockEventLog.Setup(l => l.WriteInformation(It.Is <string>(s => s.StartsWith("Audit log entry.") && s.Contains("p1Value") && s.Contains("p2Value"))));
break;
case AuditLogSeverityEnum_Enumeration.AuditLogWarning:
mockEventLog.Setup(l => l.WriteWarning(It.Is <string>(s => s.StartsWith("Audit log entry.") && s.Contains("p1Value") && s.Contains("p2Value"))));
break;
}
// Ensure event log is enabled
eventLogSettings.IsEnabled = true;
var eventLogWriter = new AuditLogEventLogWriter(mockEventLog.Object);
// Override severity
AuditLogEntryMetadata metaData = Entity.Get <AuditLogEntryMetadata>("logonAuditLogEntryMetadata", true);
metaData.SeverityFailure_Enum = severity;
metaData.Save();
IAuditLogEntryData auditLogEventData = new AuditLogEntryData(false, "logonAuditLogEntryMetadata", new Dictionary <string, object>
{
{ "p1", "p1Value" },
{ "p2", "p2Value" }
});
eventLogWriter.Write(auditLogEventData);
mockEventLog.VerifyAll();
}
finally
{
eventLogSettings.IsEnabled = isEnabled;
}
}
public void TestWriteNullEvent()
{
var entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings;
bool isEnabled = entityModelSettings.IsEnabled;
try
{
var mockDeleter = new Mock <IAuditLogDeleter>(MockBehavior.Loose);
// Ensure event log is enabled
entityModelSettings.IsEnabled = true;
var entityModelWriter = new AuditLogEntityModelWriter(mockDeleter.Object);
Assert.Throws <ArgumentNullException>(() => entityModelWriter.Write(null));
}
finally
{
entityModelSettings.IsEnabled = isEnabled;
}
}
public void TestWriteNullEvent()
{
var eventLogSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EventLogSettings;
bool isEnabled = eventLogSettings.IsEnabled;
try
{
var mockEventLog = new Mock <IEventLog>(MockBehavior.Strict);
// Ensure event log is enabled
eventLogSettings.IsEnabled = true;
var eventLogWriter = new AuditLogEventLogWriter(mockEventLog.Object);
Assert.Throws <ArgumentNullException>(() => eventLogWriter.Write(null));
}
finally
{
eventLogSettings.IsEnabled = isEnabled;
}
}
public void TestFilterEventByMinimumSeveritySetting()
{
// Set minimum log level to error
var auditLogSettings = Entity.Get <AuditLogSettings>("tenantAuditLogSettingsInstance", true);
auditLogSettings.MinAuditLogSeverity_Enum = AuditLogSeverityEnum_Enumeration.AuditLogError;
auditLogSettings.Save();
var entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings;
bool isEnabled = entityModelSettings.IsEnabled;
try
{
var mockDeleter = new Mock <IAuditLogDeleter>(MockBehavior.Loose);
// Ensure event log is enabled
entityModelSettings.IsEnabled = true;
var entityModelWriter = new AuditLogEntityModelWriter(mockDeleter.Object);
Guid userName = Guid.NewGuid();
IAuditLogEntryData auditLogEventData = new AuditLogEntryData(true, "logonAuditLogEntryMetadata", new Dictionary <string, object>
{
{ "loggedOnUserName", userName.ToString() }
});
entityModelWriter.Write(auditLogEventData);
// Verify that logon event was not created
IEnumerable <LogonAuditLogEntry> logonEvents = Entity.GetInstancesOfType <LogonAuditLogEntry>();
LogonAuditLogEntry logonEvent = logonEvents.FirstOrDefault(l => l.LoggedOnUserName == userName.ToString());
Assert.IsNull(logonEvent, "The logon event was found");
}
finally
{
entityModelSettings.IsEnabled = isEnabled;
}
}
public void TestWriteAuditLogEntryToEntityModel()
{
var entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings;
bool isEnabled = entityModelSettings.IsEnabled;
try
{
var mockDeleter = new Mock <IAuditLogDeleter>(MockBehavior.Loose);
// Ensure event log is enabled
entityModelSettings.IsEnabled = true;
var entityModelWriter = new AuditLogEntityModelWriter(mockDeleter.Object);
string userName = "******" + Guid.NewGuid();
IAuditLogEntryData auditLogEventData = new AuditLogEntryData(false, "logonAuditLogEntryMetadata", new Dictionary <string, object>
{
{ "loggedOnUserName", userName }
});
entityModelWriter.Write(auditLogEventData);
// Verify that logon event was created
IEnumerable <LogonAuditLogEntry> logonEvents = Entity.GetInstancesOfType <LogonAuditLogEntry>();
LogonAuditLogEntry logonEvent = logonEvents.FirstOrDefault(l => l.LoggedOnUserName == userName);
Assert.IsNotNull(logonEvent, "The logon event was not found");
Assert.AreEqual(auditLogEventData.Success, logonEvent.AuditLogEntrySuccess, "Success is invalid");
Assert.AreEqual(auditLogEventData.UserName, logonEvent.AuditLogEntryUser, "Name is invalid");
Assert.AreEqual(auditLogEventData.Message, logonEvent.AuditLogEntryMessage, "Message is invalid");
Assert.AreEqual(auditLogEventData.CreatedDate, logonEvent.AuditLogEntryCreatedDate, "Created Date is invalid");
Assert.AreEqual(auditLogEventData.SeverityEnum, logonEvent.AuditLogEntrySeverity_Enum, "Severity is invalid");
}
finally
{
entityModelSettings.IsEnabled = isEnabled;
}
}