internal static void Stop(int error_code, string ErrorMethod, string Message, string StackInfo)
{
EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("ALERT: SWELF MAIN UNSALVAGEABLE ERROR: " + ErrorMethod + " " + Message + " " + StackInfo, Error_Operation.EventID.SWELF_MAIN_APP_ERROR);
Error_Operation.WRITE_Stored_Errors();
Error_Operation.SEND_Errors_To_Central_Location();
Environment.Exit(error_code);
}
internal static bool CHECK_If_Running_as_Admin()
{
if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
{
return(true);
}
else
{
LOG_SEC_CHECK_Fail("Settings.CHECK_If_Running_as_Admin() " + Settings.ComputerName + " SWELF not running as admin and was unable to read eventlogs.");
Error_Operation.SEND_Errors_To_Central_Location();
return(false);
}
}
private static void CHECK_If_App_Has_Run_To_Long()
{
var watch = System.Diagnostics.Stopwatch.StartNew();
while (watch.Elapsed.Hours < 1)
{
Thread.Sleep(600000);
}
watch.Stop();
var elapsedTime = watch.Elapsed;
Start_Output_Post_Run();
Error_Operation.Log_Error("CHECK_If_App_Has_Run_To_Long()", "SWELF's time running on machine timer says that SWELF to long (" + elapsedTime.ToString() + ") this could be for many reasons. Most likely is that there are to many log sources your trying to read into SWELF or that some of the logs files are to large to be read in with all the other searchs. Try running SWELF in sequence. ", "", Error_Operation.LogSeverity.Critical);
Error_Operation.SEND_Errors_To_Central_Location();
Error_Operation.WRITE_Stored_Errors();
Environment.Exit((int)Error_Operation.EventID.SWELF_MAIN_APP_ERROR);
}
private static void Start_Run_Plugins()
{
try
{
Settings.Plugin_Search_Terms_Unparsed = Settings.Plugin_Search_Terms_Unparsed.Distinct().ToList();
for (int x = 0; x < Settings.Plugin_Search_Terms_Unparsed.Count; ++x)
{
EventLog_Entry PSLog = new EventLog_Entry();
PSLog.ComputerName = Settings.ComputerName;
PSLog.EventID = Convert.ToInt32(Error_Operation.EventID.Powershell_Plugin);
PSLog.LogName = "SWELF PowerShell Plugin Output";
PSLog.Severity = "Information";
PSLog.CreatedTime = DateTime.Now;
PSLog.TaskDisplayName = "SWELF Powershell Plugin Output";
PSLog.SearchRule = "SWELF_Powershell_Plugin=" + Settings.Plugin_Search_Terms_Unparsed.ElementAt(x);
PSLog.UserID = Environment.UserName;
PSLog.EventData = Powershell_Plugin.Run_PS_Script(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(0), Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(2));
if (PSLog.EventData.ToLower().Contains(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(1).ToLower()))
{
Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.Enqueue(PSLog);
try
{
EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.ElementAt(0));
Log_Network_Forwarder.SEND_Logs(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs);
}
catch (Exception e)
{
Error_Operation.Log_Error("Network_Forwarder.SEND_Logs(), EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(), or Start_Run_Plugins()", Settings.EventLog_w_PlaceKeeper_List.ElementAt(x) + " HostEventLogAgent_Eventlog.WRITE_EventLog " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning);
}
}
}
Settings.PS_PluginDone = true;
GC.Collect();
}
catch (Exception e)
{
Error_Operation.Log_Error("Powershell_Plugin.Run_PS_Script() ", e.StackTrace.ToString(), e.Message.ToString(), Error_Operation.LogSeverity.Warning);
Error_Operation.SEND_Errors_To_Central_Location();
Settings.PS_PluginDone = true;
}
}