public static void EntryWritten(object source, EntryWrittenEventArgs e)
{
//判断是否是想要的事件ID,其他地区可以选择相应的ID
if (e.Entry.InstanceId == 20221)
{
//保存到本地作为备用
String fileName = "log.txt";
StreamWriter sw = new StreamWriter(fileName);
sw.WriteLine("已截获的信息:Id={0},Message={1}", e.Entry.InstanceId, e.Entry.Message);
sw.WriteLine(DateTime.Now);
sw.Close();
//只截取需要的账号部分
string str = e.Entry.Message;
int start = str.IndexOf("User = "******"VpnStrategy");
card = str.Substring(start + 8, length - start - 9);
}
signal.Set();
}
private void OnEntryWritten(object sender, EntryWrittenEventArgs e)
{
if (!this.types.Contains(e.Entry.EntryType))
{
return;
}
if (!string.IsNullOrEmpty(this.category) && !this.category.Equals(e.Entry.Category, StringComparison.OrdinalIgnoreCase))
{
return;
}
if (this.eventId.HasValue && this.eventId.Value != e.Entry.InstanceId)
{
return;
}
string key = this.key
.Replace("${type}", typeTranslation[e.Entry.EntryType])
.Replace("${eventId}", e.Entry.InstanceId.ToString());
this.channel.Report(key, this.value);
}
public void GetNewEntry(Object source, EntryWrittenEventArgs e)
{
LogMessage newMessage = new LogMessage(e.Entry);
MessagesBuffer.Enqueue(newMessage);
//int randomNumber = rand.Next(2);
//if (randomNumber == 1)
//{
// MessagesBuffer.Enqueue(SuspiciousLogGenerator.GenerateSample(newMessage));
//}
MessagesBuffer.Enqueue(SuspiciousLogGenerator.GenerateSample(newMessage));
if (MessagesBuffer.Count >= PACKETS_COUNT_CONSTRAINT && !Pause)
{
string[] data = GetLastPackets();
if (queueIsFull != null)
{
queueIsFull(data);
}
}
}
private void OnEntryWritten1(object sender, EntryWrittenEventArgs e)
{
if (e.Entry.EntryType == EventLogEntryType.Error || e.Entry.EntryType == EventLogEntryType.Information)
{
if ((e.Entry.EventID == 4) || (e.Entry.EventID == 472) || (e.Entry.EventID == 477) || (e.Entry.EventID == 517) ||
(e.Entry.EventID == 624) || (e.Entry.EventID == 535) || (e.Entry.EventID == 533) || (e.Entry.EventID == 529) ||
(e.Entry.EventID == 632) || (e.Entry.EventID == 539) || (e.Entry.EventID == 534) || (e.Entry.EventID == 531) ||
(e.Entry.EventID == 636) || (e.Entry.EventID == 660) || (e.Entry.EventID == 6806) || (e.Entry.EventID == 4645) ||
(e.Entry.EventID == 642) || (e.Entry.EventID == 675) || (e.Entry.EventID == 681) || (e.Entry.EventID == 4728) ||
(e.Entry.EventID == 644) || (e.Entry.EventID == 676) || (e.Entry.EventID == 1102) || (e.Entry.EventID == 4732) ||
(e.Entry.EventID == 4740) || (e.Entry.EventID == 4756) || (e.Entry.EventID == 4768) || (e.Entry.EventID == 4776) ||
(e.Entry.EventID == 4738) || (e.Entry.EventID == 4733) || (e.Entry.EventID == 630) || (e.Entry.EventID == 200) ||
(e.Entry.EventID == 4124) || (e.Entry.EventID == 4226) || (e.Entry.EventID == 7901) ||
(e.Entry.EventID == 12294) || (e.Entry.EventID == 9095) || (e.Entry.EventID == 9097) || (e.Entry.EventID == 7023) ||
(e.Entry.EventID == 6183) || (e.Entry.EventID == 55) || (e.Entry.EventID == 1066) || (e.Entry.EventID == 6008) ||
(e.Entry.EventID == 861) || e.Entry.EventID == 7035)
{
//MessageBox.Show("Внимание! В системе произошло событие "+ e.Entry.EventID+ ". Просмотрите журнал событий для выяснения причин.", "Система активного аудита", MessageBoxButtons.OK, MessageBoxIcon.Warning);
DialogResult result;
result = MessageBox.Show("Внимание!" + "\r\n" + "В системе произошло событие " + e.Entry.EventID + "\r\n" + "Время " +
e.Entry.TimeGenerated.ToString() + "\r\n" + "Сообщение: " + e.Entry.Message + "\r\n" + "\r\n" + " Просмотрите журнал событий для выяснения причин.", "Мониторинг событий ИБ", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
}
private void EventLogOnEntryWritten(object sender, EntryWrittenEventArgs entryWrittenEventArgs)
{
var logMsg = new LogMessage();
logMsg.LoggerName = string.IsNullOrEmpty(entryWrittenEventArgs.Entry.Source)
? _baseLoggerName
: string.Format("{0}.{1}", _baseLoggerName, entryWrittenEventArgs.Entry.Source);
logMsg.Message = entryWrittenEventArgs.Entry.Message;
logMsg.TimeStamp = entryWrittenEventArgs.Entry.TimeGenerated;
logMsg.Level = LogUtils.GetLogLevelInfo(GetLogLevel(entryWrittenEventArgs.Entry.EntryType));
logMsg.ThreadName = entryWrittenEventArgs.Entry.InstanceId.ToString();
if (!string.IsNullOrEmpty(entryWrittenEventArgs.Entry.Category))
{
logMsg.Properties.Add("Category", entryWrittenEventArgs.Entry.Category);
}
if (!string.IsNullOrEmpty(entryWrittenEventArgs.Entry.UserName))
{
logMsg.Properties.Add("User Name", entryWrittenEventArgs.Entry.UserName);
}
Notifiable.Notify(logMsg);
}
private void OnEntryWritten(object sender, EntryWrittenEventArgs e)
{
lock (_guard)
{
// no exception should leave the handler
try
{
// we only process some events
EventLogEntry entry = e.Entry;
switch (entry.InstanceId)
{
case 4624:
HandleLogonEvent(entry);
break;
/*
*
* case 4634:
* HandleLogoffEvent(entry);
* break;
*
* case 4647:
* HandleUserInitiatedLogoffEvent(entry);
* break;
* */
default:
break;
}
}
catch (Exception e1)
{
Trace.TraceWarning(e1.Message);
}
}
}
internal void HandleEventLogNotification(object sender, EntryWrittenEventArgs eventArgs)
{
var entry = eventArgs.Entry;
bool allowed = EventLogAsyncReader.IsFirewallEventAllowed(entry.InstanceId);
activityWindow.ShowActivity(allowed ? ActivityWindow.ActivityEnum.Allowed : ActivityWindow.ActivityEnum.Blocked);
if (allowed || !LogEntryViewModel.TryCreateFromEventLogEntry(entry, 0, out CurrentConn view))
{
return;
}
LogHelper.Info($"Handle {view.Direction}-going connection for '{view.FileName}', service: {view.ServiceName} ...");
if (!AddItem(view))
{
//This connection is blocked by a specific rule. No action necessary.
LogHelper.Info($"{view.Direction}-going connection for '{view.FileName}' is blocked by a rule - ignored.");
return;
}
//if (notifierWindow.WindowState == WindowState.Minimized)
//{
// notifierWindow.ShowActivityTrayIcon($"Notifier blocked connections - click tray icon to show"); // max 64 chars!
//}
}
private static void EventLogWritten(object sender, EntryWrittenEventArgs e)
{
string s = string.Empty;
switch (e.Entry.EventID)
{
case LE_Error:
s = "Error Event Written";
break;
case LE_BadEntry:
s = "Bad Entry Event Written";
break;
case LE_Started:
s = "Program Started Event Written";
break;
case LE_Ended:
s = "Program Ended Event Written";
break;
case LE_Login:
s = "Login Event Written";
break;
case LE_Logout:
s = "Logout Event Written";
break;
default:
s = "Event Written";
break;
}
System.Windows.Forms.MessageBox.Show(s);
}
public void MyOnEntryWritten(object source, EntryWrittenEventArgs e)
{
Log.Information(e.Entry.Source);
}
public static void MyOnEntryWritten(Object source, EntryWrittenEventArgs e)
{
Console.WriteLine("Written: " + e.Entry.Message);
}
public void handleNetworkConnection(EntryWrittenEventArgs e)
{
// Disable WiFi if it is enabled.
}
public void handleNetworkDisconnection(EntryWrittenEventArgs e)
{
// Check other interfaces for status and enable wifi if "all" devices are disconnected
}
private void myLog_EntryWritten(object sender, EntryWrittenEventArgs e)
{
var message = e.Entry.Message;
sbErrors.Append($"{message.Replace("\r\n", "<br>")}<br><br><br><br>");
}
public void OnEventLogEntryWritten(object source, EntryWrittenEventArgs e)
{
}
/**
* Notify the User
*
* Do nothing if notifications are disabled
* Grab most recent event
* Parse Event Data
* Decide whether to notify (Is this a recent repeat?)
*
*
* //TODO Persist nofification enabled state
*
**/
private void notify(object sender, EntryWrittenEventArgs e)
{
if (!this.enableBlockNotifications && !this.enableAcceptNotifications)
{
return;
}
//============================
// GET WRITTEN EVENT
//============================
EventLogEntry most_recent = null;
foreach (EventLogEntry entry in myLog.Entries)
{
if (System.DateTime.Now.Ticks - entry.TimeWritten.Ticks < TimeSpan.TicksPerSecond * 8)
{
most_recent = entry;
}
}
//============================
// GENERATE NOTIFICATION TEXT
//============================
ToolTipIcon icon;
TrustBaseEvent parsedEvent = parseEvent(most_recent);
if (parsedEvent.connectionBlocked && !this.enableBlockNotifications)
{
return;
}
if (!parsedEvent.connectionBlocked && !this.enableAcceptNotifications)
{
return;
}
if (parsedEvent.type == EventLogEntryType.Error)
{
icon = ToolTipIcon.Error;
}
else if (parsedEvent.type == EventLogEntryType.Warning)
{
icon = ToolTipIcon.Warning;
}
else if (parsedEvent.type == EventLogEntryType.Information)
{
icon = ToolTipIcon.Info;
}
else
{
icon = ToolTipIcon.None;
}
//=========================================================
//DO NOT NOTIFY FOR THE SAME PROGRAM BLOCKED SEVERAL TIMES
//=========================================================
if (!deduplicator.Keys.Contains <string>(parsedEvent.ProcessName))
{
deduplicator.Add(parsedEvent.ProcessName, DateTime.Now);
trayIcon.ShowBalloonTip(9000, "TrustBase", parsedEvent.Message + "\n" + parsedEvent.HostName + "\n" + parsedEvent.ProcessName, icon);
}
else
{
DateTime last_notification;
deduplicator.TryGetValue(parsedEvent.ProcessName, out last_notification);
if (DateTime.Now.Ticks - last_notification.Ticks > TimeSpan.TicksPerMinute)
{
deduplicator.Remove(parsedEvent.ProcessName);
deduplicator.Add(parsedEvent.ProcessName, DateTime.Now);
trayIcon.ShowBalloonTip(9000, "TrustBase", parsedEvent.Message + "\n" + parsedEvent.HostName + "\n" + parsedEvent.ProcessName, icon);
}
}
}
public void log(EntryWrittenEventArgs e)
{
Console.WriteLine(e.Entry.GetType().GetProperty(_propertyName).GetValue(e.Entry, null).ToString());
}
private void EventLogger_EntryWritten(object sender, EntryWrittenEventArgs e)
{
}
private void HL7ListenerEvents_EntryWritten(object sender, EntryWrittenEventArgs e)
{
}
/// <summary>
/// Extends BeginInvoke so that when a state object is not needed, null does not need to be passed.
/// <example>
/// entrywritteneventhandler.BeginInvoke(sender, e, callback);
/// </example>
/// </summary>
public static IAsyncResult BeginInvoke(this EntryWrittenEventHandler entrywritteneventhandler, Object sender, EntryWrittenEventArgs e, AsyncCallback callback)
{
if (entrywritteneventhandler == null)
{
throw new ArgumentNullException("entrywritteneventhandler");
}
return(entrywritteneventhandler.BeginInvoke(sender, e, callback, null));
}
private void Logs_EntryWritten(object sender, EntryWrittenEventArgs e)
{
}
public void log(EntryWrittenEventArgs e)
{
var rs = e.Entry.ReplacementStrings.Select((s, i) => String.Format(@"{0}: {1}", i, s));
Console.WriteLine(string.Join(@",", rs));
}
public void log_EntryWritten(Object sender, EntryWrittenEventArgs e)
{
newEntries.Add(e.Entry);
}
public void log(EntryWrittenEventArgs e)
{
Console.WriteLine(e.Entry.Message);
}
private void AddEvent(object sender, EntryWrittenEventArgs args) => Events.Add(args.Entry);
private void eventLog1_EntryWritten_1(object sender, EntryWrittenEventArgs e)
{
}
public EventWorker(object source, EntryWrittenEventArgs entry)
{
this.source = source;
this.entry = entry;
}
private void datahouseTestEventLog_EntryWritten(object sender, EntryWrittenEventArgs e)
{
}
void EventLog_EntryWritten (object sender, EntryWrittenEventArgs e)
{
_entriesWritten.Add (e.Entry);
}
public void HandleEntryWritten(object source, EntryWrittenEventArgs e)
{
signal.Set();
_handleEntryWritten(source, e);
}
private void i9eventLog_EntryWritten(object sender, EntryWrittenEventArgs e)
{
}
protected abstract void _handleEntryWritten(object source, EntryWrittenEventArgs e);
