public void InitializeEtwListener() { payload = GetNewPayloadObject(); var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"]; EtwProviderSession(EtwListenerConfig.SessionName, EtwListenerConfig.ProviderId, true); var _etw = EtwTdhObservable.FromSession(EtwListenerConfig.SessionName); KqlNodeHub = KqlNodeHub.FromKqlQuery(_etw, DefaultOutput, EtwListenerConfig.ObservableName, EtwListenerConfig.KqlQuery); GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001); var textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}")); SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig); if (SentinelApiConfig.UseMmaCertificate) { logAnalyticsX509Certificate2 = CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId); } else { logAnalyticsX509Certificate2 = CertificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine); } GlobalLog.WriteToStringBuilderLog($"SampleData load [{configurationFile}].", 14001); var sampleData = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"XMLFile1.xml")); UploadBatchToLogAnalytics(sampleData, logAnalyticsX509Certificate2); }
public static void UploadFolderContents() { var d = new DirectoryInfo(@"D:\OSSCWec\TestEventLogs"); var createMechanism = XmlCreationMechanism.XmlWriter; var Files = d.GetFiles("Archive*.evtx"); //Getting Text files X509Certificate2 cert = null; if (SentinelApiConfig.UseMmaCertificate) { cert = CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId); } else { cert = CertificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine); } Console.WriteLine($"Attempting to upload {Files.Length}"); foreach (var file in Files) { Console.WriteLine($"FileName: {file.FullName}"); Console.WriteLine($"\tUploading file with : {createMechanism.ToString()}", 10003); UploadEntireFileInBatches(file.FullName, cert, createMechanism); if (File.Exists(file.FullName)) { Console.WriteLine($"\tDeleting File: {file.FullName}"); File.Delete(file.FullName); } } }
public static void RegisterWithOms(string thumbprint, string agentGuid, string workspaceId, string workspaceKey, string environmentRootUri) { X509Certificate2 cert = CertificateManagement.FindCertificateByThumbprint("My", thumbprint, StoreLocation.LocalMachine); string rawCert = Convert.ToBase64String(cert.GetRawCertData()); //base64 binary string date = DateTime.Now.ToString("O"); string xmlContent = "<?xml version=\"1.0\"?><AgentTopologyRequest xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns=\"http://schemas.microsoft.com/WorkloadMonitoring/HealthServiceProtocol/2014/09/\"><FullyQualfiedDomainName>sagebree-dev.redmond.corp.microsoft.com</FullyQualfiedDomainName><EntityTypeId>" + agentGuid + "</EntityTypeId><AuthenticationCertificate>" + rawCert + "</AuthenticationCertificate></AgentTopologyRequest>"; SHA256 sha256 = SHA256.Create(); string contentHash = Convert.ToBase64String(sha256.ComputeHash(Encoding.ASCII.GetBytes(xmlContent))); // AuthKey = SHA256(HMAC(ContentHash, Key)); string authKey = String.Format("{0}; {1}", workspaceId, Sign(date, contentHash, workspaceKey)); try { WebRequestHandler clientHandler = new WebRequestHandler(); clientHandler.ClientCertificates.Add(cert); var client = new HttpClient(clientHandler); string url = $"https://{workspaceId}.{environmentRootUri}/AgentService.svc/AgentTopologyRequest"; client.DefaultRequestHeaders.Add("x-ms-Date", date); client.DefaultRequestHeaders.Add("x-ms-version", "August, 2014"); client.DefaultRequestHeaders.Add("x-ms-SHA256_Content", contentHash); client.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", authKey); client.DefaultRequestHeaders.Add("user-agent", "MonitoringAgent/OneAgent"); client.DefaultRequestHeaders.Add("Accept-Language", "en-US"); HttpContent httpContent = new StringContent(xmlContent, Encoding.UTF8); httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/xml"); Task <HttpResponseMessage> response = client.PostAsync(new Uri(url), httpContent); HttpContent responseContent = response.Result.Content; string result = responseContent.ReadAsStringAsync().Result; Console.WriteLine("Return Result: " + result); Console.WriteLine(response.Result); } catch (Exception excep) { Console.WriteLine("API Post Exception: " + excep.Message); } }
public static void SendDataToODS_ContainerLog(bool useMmaCert) { X509Certificate2 cert = null; if (useMmaCert) { cert = CertificateManagement.FindOdsCertificateByWorkspaceId(WorkspaceId); } else { cert = Find(StoreLocation.LocalMachine, MyThumbprint); } // string rawCert = Convert.ToBase64String(cert.GetRawCertData()); //base64 binary string requestId = Guid.NewGuid().ToString("D"); string jsonContent = File.ReadAllText("ContainerLog.json"); string dateTime = DateTime.Now.ToString("O"); try { WebRequestHandler clientHandler = new WebRequestHandler(); clientHandler.ClientCertificates.Add(cert); var client = new HttpClient(clientHandler); string url = "https://" + WorkspaceId + ".ods.opinsights.azure.com/OperationalData.svc/PostJsonDataItems?api-version=2016-04-01"; client.DefaultRequestHeaders.Add("X-Request-ID", requestId); System.Net.Http.HttpContent httpContent = new StringContent(jsonContent, Encoding.UTF8); httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/json"); Task <System.Net.Http.HttpResponseMessage> response = client.PostAsync(new Uri(url), httpContent); System.Net.Http.HttpContent responseContent = response.Result.Content; string result = responseContent.ReadAsStringAsync().Result; Console.WriteLine("Return Result: " + result); Console.WriteLine("requestId: " + requestId); Console.WriteLine(response.Result); } catch (Exception excep) { Console.WriteLine("API Post Exception: " + excep.Message); } }