public void InitializeEtwListener()
{
payload = GetNewPayloadObject();
var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"];
EtwProviderSession(EtwListenerConfig.SessionName, EtwListenerConfig.ProviderId, true);
var _etw = EtwTdhObservable.FromSession(EtwListenerConfig.SessionName);
KqlNodeHub = KqlNodeHub.FromKqlQuery(_etw, DefaultOutput, EtwListenerConfig.ObservableName,
EtwListenerConfig.KqlQuery);
GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001);
var textOfJsonConfig =
File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}"));
SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig);
if (SentinelApiConfig.UseMmaCertificate)
{
logAnalyticsX509Certificate2 =
CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId);
}
else
{
logAnalyticsX509Certificate2 = CertificateManagement.FindCertificateByThumbprint("MY",
SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine);
}
GlobalLog.WriteToStringBuilderLog($"SampleData load [{configurationFile}].", 14001);
var sampleData =
File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"XMLFile1.xml"));
UploadBatchToLogAnalytics(sampleData, logAnalyticsX509Certificate2);
}
public static void UploadFolderContents()
{
var d = new DirectoryInfo(@"D:\OSSCWec\TestEventLogs");
var createMechanism = XmlCreationMechanism.XmlWriter;
var Files = d.GetFiles("Archive*.evtx"); //Getting Text files
X509Certificate2 cert = null;
if (SentinelApiConfig.UseMmaCertificate)
{
cert = CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId);
}
else
{
cert = CertificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint,
StoreLocation.LocalMachine);
}
Console.WriteLine($"Attempting to upload {Files.Length}");
foreach (var file in Files)
{
Console.WriteLine($"FileName: {file.FullName}");
Console.WriteLine($"\tUploading file with : {createMechanism.ToString()}", 10003);
UploadEntireFileInBatches(file.FullName, cert, createMechanism);
if (File.Exists(file.FullName))
{
Console.WriteLine($"\tDeleting File: {file.FullName}");
File.Delete(file.FullName);
}
}
}
public static void RegisterWithOms(string thumbprint, string agentGuid, string workspaceId, string workspaceKey, string environmentRootUri)
{
X509Certificate2 cert = CertificateManagement.FindCertificateByThumbprint("My", thumbprint, StoreLocation.LocalMachine);
string rawCert = Convert.ToBase64String(cert.GetRawCertData()); //base64 binary
string date = DateTime.Now.ToString("O");
string xmlContent = "<?xml version=\"1.0\"?><AgentTopologyRequest xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns=\"http://schemas.microsoft.com/WorkloadMonitoring/HealthServiceProtocol/2014/09/\"><FullyQualfiedDomainName>sagebree-dev.redmond.corp.microsoft.com</FullyQualfiedDomainName><EntityTypeId>"
+ agentGuid
+ "</EntityTypeId><AuthenticationCertificate>"
+ rawCert
+ "</AuthenticationCertificate></AgentTopologyRequest>";
SHA256 sha256 = SHA256.Create();
string contentHash = Convert.ToBase64String(sha256.ComputeHash(Encoding.ASCII.GetBytes(xmlContent)));
// AuthKey = SHA256(HMAC(ContentHash, Key));
string authKey = String.Format("{0}; {1}", workspaceId, Sign(date, contentHash, workspaceKey));
try
{
WebRequestHandler clientHandler = new WebRequestHandler();
clientHandler.ClientCertificates.Add(cert);
var client = new HttpClient(clientHandler);
string url = $"https://{workspaceId}.{environmentRootUri}/AgentService.svc/AgentTopologyRequest";
client.DefaultRequestHeaders.Add("x-ms-Date", date);
client.DefaultRequestHeaders.Add("x-ms-version", "August, 2014");
client.DefaultRequestHeaders.Add("x-ms-SHA256_Content", contentHash);
client.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", authKey);
client.DefaultRequestHeaders.Add("user-agent", "MonitoringAgent/OneAgent");
client.DefaultRequestHeaders.Add("Accept-Language", "en-US");
HttpContent httpContent = new StringContent(xmlContent, Encoding.UTF8);
httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/xml");
Task <HttpResponseMessage> response = client.PostAsync(new Uri(url), httpContent);
HttpContent responseContent = response.Result.Content;
string result = responseContent.ReadAsStringAsync().Result;
Console.WriteLine("Return Result: " + result);
Console.WriteLine(response.Result);
}
catch (Exception excep)
{
Console.WriteLine("API Post Exception: " + excep.Message);
}
}
public static void SendDataToODS_ContainerLog(bool useMmaCert)
{
X509Certificate2 cert = null;
if (useMmaCert)
{
cert = CertificateManagement.FindOdsCertificateByWorkspaceId(WorkspaceId);
}
else
{
cert = Find(StoreLocation.LocalMachine, MyThumbprint);
}
// string rawCert = Convert.ToBase64String(cert.GetRawCertData()); //base64 binary
string requestId = Guid.NewGuid().ToString("D");
string jsonContent = File.ReadAllText("ContainerLog.json");
string dateTime = DateTime.Now.ToString("O");
try
{
WebRequestHandler clientHandler = new WebRequestHandler();
clientHandler.ClientCertificates.Add(cert);
var client = new HttpClient(clientHandler);
string url = "https://" + WorkspaceId + ".ods.opinsights.azure.com/OperationalData.svc/PostJsonDataItems?api-version=2016-04-01";
client.DefaultRequestHeaders.Add("X-Request-ID", requestId);
System.Net.Http.HttpContent httpContent = new StringContent(jsonContent, Encoding.UTF8);
httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
Task <System.Net.Http.HttpResponseMessage> response = client.PostAsync(new Uri(url), httpContent);
System.Net.Http.HttpContent responseContent = response.Result.Content;
string result = responseContent.ReadAsStringAsync().Result;
Console.WriteLine("Return Result: " + result);
Console.WriteLine("requestId: " + requestId);
Console.WriteLine(response.Result);
}
catch (Exception excep)
{
Console.WriteLine("API Post Exception: " + excep.Message);
}
}
