// string parçalama
public override bool ParseSpecific(String line, bool dontSend)
{
line = line.Trim();
line = line.Replace("\0", "");
if (line == "" || line == " ")
return true;
if (!dontSend)
{
try
{
Rec rRec = new Rec();
rRec.LogName = LogName;
rRec = str_Paracala(line, rRec);
SetRecordData(rRec);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, " MicrosoftIASServerRecorder In ParseSpecific() -->> " + e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, " MicrosoftIASServerRecorder In ParseSpecific() -->> " + e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, " MicrosoftIASServerRecorder In ParseSpecific() -->> " + " Line : " + line);
return true;
}
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false, '"');
try
{
Rec r = new Rec();
string[] fields = line.Split('@');
for (int i = 0; i < fields.Length; i++)
{
fields[i] = fields[i].Trim('#');
}
try
{
//ALLOW#@#Gambling Related#@#Sat Nov 20 00:00:04 EET 2010#@#null#@#null#@#null#@#085.109.179.003#@#mssp_ww#@#www.mackolik.com#@#http://www.mackolik.com/LiveScores/SequenceNo.aspx#@#-
//#Sat Nov 20 00:00:04 EET 2010#
//AOW#@#Search Engines#@#Sat gn 01 02:12:3aclk?saaclk?sa=l% EEf=CErAPuW4eTfbEGpG4hQeO2eiAB--IqJkBqbjrkxDZpMzlARAEKAhQueCHiAJglladhoAhoAHdg_D-A8gBAaoEFk_Q8kKy0eJhL1ltT08nmVqCuykABJwullnum=4%llsig=AGiWqtyIkw--v0IyoK-GySWz_TXKibv4cg.04ad#http:ekJan01 otelgumuslukproxl#@#np@#085.1Co109n0.236#e6RID79.093:36:3i4:06:1FQjCNGtPoh6iH6DqUwHB9nVXMOOkwzL7A%26204#52
//AOW#@#Search Engines#@#Sa Jan01 02:12:3aclk?sa2ht?sa=t/56sDweb%=0eb%llcd=2%5Bv/d=0CB8QFjAB.0ssp_ww#@#null#@#http:32582bt.com/index/mymail.ht.tm52
string[] datearr = fields[2].Split(' ');
string tempdate = datearr[2] + "/" + datearr[1] + "/" + datearr[5].TrimEnd('#') + " " + datearr[3];
DateTime date_time = Convert.ToDateTime(tempdate, CultureInfo.InvariantCulture);
r.Datetime = date_time.ToString("yyyy/MM/dd HH:mm:ss");
Log.Log(LogType.FILE, LogLevel.DEBUG, "Datetime = " + r.Datetime);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "In Catch 1 " + ex.Message);
}
r.EventType = fields[0];
r.CustomStr5 = fields[1];
r.CustomStr3 = fields[6];
r.CustomStr9 = fields[8];
if (fields[9].Length > 898)
{
r.Description = fields[9].Substring(0, 898);
}
else
r.Description = fields[9];
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false);
try
{
Rec r = new Rec();
if (arr.Length < 6)
{
Log.Log(LogType.FILE, LogLevel.WARN, "Different message on parse, moving to description: " + line);
DateTime dt = DateTime.Now;
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
r.Description = line;
}
else
{
String[] dateArr = arr[1].Split('/');
r.Datetime = DateTime.Now.Year + "/" + Convert.ToInt32(dateArr[0]) + "/" + Convert.ToInt32(dateArr[1]) + " " + arr[2] + ":00";
r.EventCategory = arr[0];
r.CustomStr1 = arr[3];
r.CustomStr2 = arr[4];
String[] lastArr = arr[5].Split('-');
if (lastArr.Length > 1)
{
r.CustomStr3 = lastArr[0];
r.CustomStr4 = lastArr[1];
}
else
r.CustomStr3 = arr[5];
}
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
Log.Log(LogType.FILE, LogLevel.DEBUG, "Line Is : " + line);
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false);
try
{
Rec r = new Rec();
for (int i = 0; i < arr.Length; i++)
{
if (arr[i].Contains("Info:"))
{
try
{
r.Datetime = arr[0] + " " + arr[1];
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Onur Date Error" + ex.Message);
continue;
}
r.Description = line;
}
if (line.StartsWith("log - 1") && line.Contains("Info:"))
{
string[] logArr = line.Split('"');
for (int j = 0; j < logArr.Length; j++)
{
r.Datetime = logArr[1].Split(' ')[0] + " " + logArr[1].Split(' ')[1];
}
}
}
r.ComputerName = remoteHost;
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
String[] arr = line.Split(new char[] { '-' });
Rec r = new Rec();
r.Description = line;
r.LogName = LogName;
r.Datetime = DateTime.Now.ToString();
try
{
if (arr.Length >= 6)
{
r.SourceName = arr[0];
r.ComputerName = arr[1];
r.UserName = arr[2];
//[29/Dec/2010:11:42:33 +0200]
string[] dateParts = arr[3].Split(new char[] { ' ', ':' }, StringSplitOptions.RemoveEmptyEntries);
string date = dateParts[0].TrimStart('[') + " " + dateParts[1] + ":" + dateParts[2] + ":" + dateParts[3];
r.Datetime = Convert.ToDateTime(date.TrimStart('[').TrimEnd(']').Trim(), CultureInfo.InvariantCulture).ToString("yyyy-MM-dd HH:mm:ss");
String[] parts = line.Split(new char[] { '"' }, StringSplitOptions.RemoveEmptyEntries);
r.CustomStr1 = parts[1];
r.CustomStr2 = parts[3];
r.CustomStr3 = parts[5];
r.CustomInt1 = Convert_To_Int32(arr[arr.Length - 1]);
}
else
{
Log.Log(LogType.FILE, LogLevel.INFORM, "Line format is not like we want! Line: " + line);
}
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
SetRecordData(r);
}
return true;
}
public void sendDataforRemoteRecorder(string Dal, string virtualhost, Rec rec)
{
try
{
CustomBase cb = new CustomBase();
CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder");
s.SetData(Dal, virtualhost, rec);
}
catch(Exception e)
{
InitializeLogger.L.Log(LogType.FILE, LogLevel.DEBUG, e.Message);
InitializeLogger.L.Log(LogType.FILE, LogLevel.DEBUG, e.StackTrace);
}
InitializeLogger.L.Log(LogType.FILE, LogLevel.DEBUG, "sendDataforRemoteRecorder is finished");
}
public void TwoElement() {
Rec<string, string> rec1, rec2, rec3;
rec1 = new Rec<string, string>("abe", null);
rec2 = new Rec<string, string>("abe", null);
rec3 = new Rec<string, string>("abe", "kat");
Assert.IsTrue(rec1 == rec2);
Assert.IsFalse(rec1 != rec2);
Assert.IsFalse(rec1 == rec3);
Assert.IsTrue(rec1 != rec3);
Assert.IsTrue(rec1.Equals(rec2));
Assert.IsFalse(rec1.Equals(rec3));
//
Assert.IsFalse(rec1.Equals(null));
Assert.IsFalse(rec1.Equals("bamse"));
//
Assert.IsTrue(rec1.GetHashCode() == rec2.GetHashCode());
Assert.IsFalse(rec1.GetHashCode() == rec3.GetHashCode());
//
Assert.AreEqual("abe", rec1.X1);
Assert.IsNull(rec1.X2);
}
public Rec createRec()
{
Rec rec = new Rec();
rec.SourceName = sourceName;
rec.Datetime = dateTime;
rec.LogName = logName;
rec.EventType = eventType;
rec.CustomInt1 = sequenceNo;
rec.CustomInt2 = severity;
rec.CustomInt9 = Convert.ToInt64(sourceportNumber);
rec.CustomStr1 = facility;
rec.CustomStr2 = mnemonic;
rec.CustomStr3 = messageText;
rec.Description = unknownlogformat;
L.Log(LogType.FILE, LogLevel.DEBUG,unknownlogformat);
L.Log(LogType.FILE, LogLevel.DEBUG,messageText);
return rec;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
Log.Log(LogType.FILE, LogLevel.DEBUG, "Line Is : " + line);
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false);
try
{
Rec r = new Rec();
DateTime df = DateTime.Now;
DateTime dt;
string myDateTimeString = arr[0] + arr[1] + "," + df.Year + "," + arr[2];
dt = Convert.ToDateTime(myDateTimeString);
string lastDate = dt.ToString("yyyy-MM-dd HH:mm:ss");
r.Description = line;
r.Datetime = lastDate;
r.ComputerName = remoteHost;
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
private void SetDateTime(ref Rec r, EVENTLOGRECORD recCast)
{
try
{
DateTime d = new DateTime(1970, 1, 1, 0, 0, 0).AddSeconds(Convert.ToDouble(recCast.TimeWritten));
r.Datetime = d.Year + "/" + d.Month + "/" + d.Day + " " + d.Hour + ":" + d.Minute + ":" + d.Second + "." + recCast.TimeWritten;
r.Datetime = Convert.ToDateTime(r.Datetime).AddMinutes(120).ToString("yyyy/MM/dd HH:mm:ss");
}
catch (Exception ex)
{
r.CustomInt1 = recCast.TimeWritten;
Log.Log(LogType.FILE, LogLevel.ERROR, " SetDateTime() -->> An error occurred." + ex.ToString());
}
}
public override void Parse()
{
Log.Log(LogType.FILE, LogLevel.DEBUG, " Parse() -->> is STARTED ");
IntPtr handle = OpenEventLog(remoteHost, Dir);
Byte[] output = new byte[65536];
Int32 bytesRead = 0;
Int32 minNumberOfBytesNeeded = 0;
try
{
Int32 flags = 0;
if (Position == 0)
{
flags = (Int32)ReadFlags.EVENTLOG_SEQUENTIAL_READ | (Int32)ReadFlags.EVENTLOG_FORWARDS_READ;
}
else
{
flags = (Int32)ReadFlags.EVENTLOG_SEEK_READ | (Int32)ReadFlags.EVENTLOG_FORWARDS_READ;
}
Int32 readLineCount = 0;
while (ReadEventLog(handle, flags, (UInt32)Position, output, output.Length, ref bytesRead, ref minNumberOfBytesNeeded))
{
Object rec = new EVENTLOGRECORD();
Int32 dw = 0;
bool changed = false;
while (bytesRead > dw)
{
Rec r = new Rec();
ByteArrayToStructure(output, dw, ref rec);
EVENTLOGRECORD recCast = (EVENTLOGRECORD)rec;
if (Position != recCast.RecordNumber)
{
changed = true;
IntPtr ptr = IntPtr.Zero;
SetDateTime(ref r, recCast);
r.SourceName = GetSourceName(ptr, bytesRead, dw, output);
//r.EventCategory = recCast.EventCategory.ToString();
//r.EventType = ((EventType)(recCast.EventType)).ToString();
Log.Log(LogType.FILE, LogLevel.DEBUG, " Parse() -->> Event log source name is : " + r.SourceName);
if (r.SourceName.ToLower() == "hmbs")
{
r.ComputerName = GetComputerName(ptr, bytesRead, dw, output, r.SourceName.Length);
//r.EventId = GetEventId(recCast.EventID);
//Log.Log(LogType.FILE, LogLevel.INFORM, "Event_Id :" + r.EventId);
//r.Recordnum = recCast.RecordNumber;
//r.LogName = Dir;
Int32 offset = dw + recCast.StringOffset;
ptr = Marshal.AllocHGlobal(bytesRead);
Marshal.Copy(output, offset, ptr, bytesRead - offset);
String str = Marshal.PtrToStringAnsi(ptr);
//List<String> lst = new List<String>();
//for (Int32 i = 0; i < recCast.NumStrings; i++)
//{
// ptr = Marshal.AllocHGlobal(bytesRead);
// Marshal.Copy(output, offset, ptr, bytesRead - offset);
// String str = Marshal.PtrToStringAnsi(ptr);
// lst.Add(str);
// Marshal.FreeHGlobal(ptr);
// offset += str.Length + 1;
//}
//r.Description = GetString((UInt32)recCast.EventID, r.SourceName, "EventMessageFile", lst);
PrivateParse(ref r, str);
SetRecordData(r);
}//end of if hmbs
Position = recCast.RecordNumber;
//Log.Log(LogType.FILE, LogLevel.DEBUG, " Parse() -->> Last position is : " + Position.ToString());
SetRegistry();
}//end of if
if (maxReadLineCount != -1)
{
readLineCount++;
if (readLineCount > maxReadLineCount)
{
if (threadSleepTime <= 0)
{
Thread.Sleep(60000); // previous value is 60000
}
else
{
Thread.Sleep(threadSleepTime);
}
readLineCount = 0;
}
}
dw += recCast.Length;
}
if (!changed)
break;
}
Log.Log(LogType.FILE, LogLevel.DEBUG, " Parse() -->> is successfully FINISHED. ");
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, " Parse() -->> An error occurred : " + e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, " Parse() -->> An error occurred : " + e.StackTrace);
}
Int32 error = Marshal.GetLastWin32Error();
if (error == 87)
{
Log.Log(LogType.FILE, LogLevel.ERROR, " Parse() -->> Win Error on parse, probably eventlog cleared. Error code(" + error + ")");
Log.Log(LogType.FILE, LogLevel.ERROR, " Parse() -->> Starting from begining.");
Position = 0;
SetRegistry();
}
CloseEventLog(handle);
}
private void PrivateParse(ref Rec r, string str)
{
try
{
/*LOG[HMBS|2011.1.31-17:03:33|volkan.ak|UPDATE|Alacak Bilgi Sistemi|Banka-Şube Girişi|
* d_u_f_branch|
* branch_bank_code("1"), branch_code("1"), branch_addrress(""), branch_phone(""),
* branch_fax(""), branche_name("ANKARA SUBESI 2")|
* branch_bank_code("1"), branch_code("1"), branch_addrress("2"), branch_phone("3"), branch_fax("4"), branche_name("ANKARA SUBESI")|1-1-||]*/
if (str.Length > 4000)
{
r.Description = str.Remove(3999);
}
r.Description = str;
string[] parts = str.Split(new char[] { '|' });
r.UserName = parts[2];
r.EventCategory = parts[3];
r.EventType = parts[10];
r.CustomStr1 = parts[4];
r.CustomStr2 = parts[5];
r.LogName = "HMBSEventLogRecorder";
if (parts[7].Length > 4000)
{
parts[7] = parts[7].Remove(3999);
}
r.CustomStr3 = parts[7];
if (parts[8].Length > 4000)
{
parts[8] = parts[8].Remove(3999);
}
r.CustomStr4 = parts[8];
r.CustomStr5 = parts[6];
r.CustomStr7 = parts[9];
r.CustomStr8 = parts[11];
r.CustomStr9 = parts[12];
r.CustomStr10 = parts[13];
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, " PrivateParse() -->> An error occurred." + ex.ToString());
}
}
public void Rec8IsCovariant()
{
Rec <A0, A1, A2, A3, A4, A5, A6, A7> t = _.t(new B0(), new B1(), new B2(), new B3(), new B4(), new B5(), new B6(), new B7());
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific");
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | Line : " + line);
if (line == "")
return true;
string[] arrStrings = line.Split(' ');
string myDatestring = (arrStrings[1] + " " + arrStrings[2]).Trim();
Log.Log(LogType.FILE, LogLevel.DEBUG, "myDatestring: " + "'" + myDatestring + "'");
try
{
Rec r = new Rec();
try
{
r.Description = line;
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | Description : " + r.Description);
}
catch (Exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific | Description : ");
}
try
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | Datetime_0 : " + myDatestring);
string[] a = myDatestring.Split(' ')[0].Split('.');
string[] b = myDatestring.Split(' ')[1].Split(':');
string c = a[2] + "-" + a[1] + "-" + a[0] + " " + b[0] + ":" + b[1] + ":" + b[2];
DateTime dt = Convert.ToDateTime(c);
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | Datetime_1 : " + dt.ToString("yyyy-MM-dd HH:mm:ss"));
r.Datetime = dt.ToString("yyyy-MM-dd HH:mm:ss");
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | Datetime_2 : " + r.Datetime);
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific | Datetime : " + exception.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific | Datetime : " + exception.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific | Datetime : " + exception.ToString());
}
try
{
r.CustomInt10 = Convert.ToInt32(arrStrings[0].Trim('(').Trim(')'));
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | CustomInt10 : " + r.CustomInt10);
}
catch (Exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific | CustomInt10 : ");
}
try
{
string s = (Between(line, "(", ")"));
string s1 = (Between(s, "(", ")"));
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | UserName : "******"ParseSpecific | UserName : "******"ParseSpecific | UserName : "******"ParseSpecific | CustomStr3 : " + r.CustomStr3);
}
catch (Exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific | CustomStr3 : ");
}
try
{
string str4 = (After(line, ")>"));
if (str4.Length > 899)
{
r.CustomStr4 = str4.Substring(0, 899);
}
else
{
r.CustomStr4 = str4;
}
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | CustomStr4 : " + r.CustomStr4);
}
catch (Exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific | CustomStr4 : ");
}
Log.Log(LogType.FILE, LogLevel.INFORM, "Record is sending now.");
SetRecordData(r);
Log.Log(LogType.FILE, LogLevel.INFORM, "Record sended.");
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ParseSpecific : " + exception.Message);
}
return true;
}
public bool CoderParse(string line, String fileName)
{
L.Log(LogType.FILE, LogLevel.DEBUG, " NetScalerNetworkBalancerV_1_0_0Recorder In CoderParse() -->> Started. " + line);
if (string.IsNullOrEmpty(line))
{
return true;
}
try
{
Rec r = new Rec();
if (line.Length > 10)
{
string[] lineArr = SpaceSplit(line, false);
r.LogName = LogName;
try
{
string date = lineArr[0];
string time = lineArr[1];
string dateTime = date + " " + time;
DateTime dt = Convert.ToDateTime(dateTime);
r.Datetime = dt.ToString(dateFormat);
L.Log(LogType.FILE, LogLevel.DEBUG, "Datetime : " + r.Datetime);
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "Datetime Error: " + ex.Message);
}
try
{
if (lineArr.Length > 3)
{
r.EventType = lineArr[3];
L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + r.EventType);
}
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "EventType Error: " + ex.Message);
}
try
{
if (lineArr.Length > 6)
{
r.CustomStr2 = lineArr[6];
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + r.CustomStr2);
}
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr2 Error: " + ex.Message);
}
try
{
if (lineArr.Length > 7)
{
r.CustomStr3 = lineArr[7];
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + r.CustomStr3);
}
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr3 Error: " + ex.Message);
}
try
{
if (lineArr.Length > 2)
{
r.CustomStr4 = lineArr[2];
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + r.CustomStr4);
}
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr4 Error: " + ex.Message);
}
try
{
if (lineArr.Length > 8)
{
r.CustomStr6 = lineArr[8];
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr6: " + r.CustomStr6);
}
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr6 Error: " + ex.Message);
}
try
{
if (!string.IsNullOrEmpty(tempCustomVar1))
{
r.CustomStr10 = tempCustomVar1;
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr10: " + r.CustomStr10);
}
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr10 Error: " + ex.Message);
}
try
{
if (lineArr[4].Length > 899)
{
r.Description = lineArr[4].Substring(0, 899);
r.CustomStr1 = lineArr[4].Substring(899, 1799);
}
else
{
r.Description = lineArr[4];
}
L.Log(LogType.FILE, LogLevel.DEBUG, "Description : " + line);
}
catch (Exception ex)
{
L.Log(LogType.FILE, LogLevel.ERROR, "Description : " + ex.Message);
}
r.CustomStr8 = fileName;
if (line.Length > 899)
{
r.CustomStr7 = line.Substring(0, 899);
}
else
{
r.CustomStr7 = line;
}
}
CustomServiceBase customServiceBase = base.GetInstanceService("Security Manager Remote Recorder");
try
{
L.Log(LogType.FILE, LogLevel.INFORM, " NetScalerNetworkBalancerV_1_0_0Recorder In CoderParse() -->> Record sending." + last_recordnum + " - " + lastFile + " - " + last_recordnum);
if (line.Length > 10)
{
customServiceBase.SetData(Dal, virtualhost, r);
}
customServiceBase.SetReg(Id, last_recordnum.ToString(), line, lastFile, "", LastRecordDate);
L.Log(LogType.FILE, LogLevel.DEBUG, " NetScalerNetworkBalancerV_1_0_0Recorder In CoderParse() -->> Record sended.");
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, " NetScalerNetworkBalancerV_1_0_0Recorder In CoderParse() -->> Record sending Error." + exception.Message);
}
}
catch (Exception e)
{
L.Log(LogType.FILE, LogLevel.ERROR, "Coder Parse Error: " + e.Message);
L.Log(LogType.FILE, LogLevel.ERROR, "Coder Parse Error: " + e.StackTrace);
L.Log(LogType.FILE, LogLevel.ERROR, "Coder Parse Error: | Line : " + line);
return false;
}
return true;
}
public void Rec11IsCovariant()
{
Rec <A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10> t = _.t(new B0(), new B1(), new B2(), new B3(), new B4(), new B5(), new B6(), new B7(), new B8(), new B9(), new B10());
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Starts");
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific() | line : " + line);
if (string.IsNullOrEmpty(line) == true)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Line İs Null or Empty");
return true;
}
string sKeyWord = "zaman kaynakip hedefip tür kuralno izin kategori url";
dictHash = new Dictionary<String, Int32>();
String[] fields = sKeyWord.Split(' ');
Int32 count = 0;
foreach (String field in fields)
{
dictHash.Add(field, count);
count++;
}
if (!dontSend)
{
String[] arr = SpaceSplit(line, false); ;
try
{
Rec r = new Rec();
string tempDescription = arr[dictHash["url"]];
r.CustomStr3 = arr[dictHash["kaynakip"]];
r.CustomStr4 = arr[dictHash["hedefip"]];
try
{
r.CustomStr6 = tempDescription.Substring(0, tempDescription.IndexOf('/'));
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr6 Error: " + exception.Message);
}
r.EventCategory = arr[dictHash["kategori"]];
r.LogName = LogName;
DateTime dtFile = new DateTime(1970, 1, 1, 0, 0, 0);
r.Datetime = dtFile.AddSeconds(ObjectToDouble(arr[dictHash["zaman"]], 0)).ToString();
r.CustomStr2 = arr[dictHash["tür"]];
r.CustomInt1 = ObjectToInt32(arr[dictHash["kuralno"]], 0);
r.CustomInt2 = ObjectToInt32(arr[dictHash["izin"]], 0);
r.CustomStr5 = getIzin(ObjectToInt32(arr[dictHash["izin"]], -1));
r.CustomStr9 = FileName;
try
{
if (tempDescription.Length > 899)
{
r.Description = tempDescription.Substring(0, 899);
r.CustomStr10 = tempDescription.Substring(899, tempDescription.Length - 899);
}
else
{
r.Description = tempDescription;
}
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Description Error: " +exception.Message);
}
Log.Log(LogType.FILE, LogLevel.INFORM, "Setting Record Data");
SetRecordData(r);
Log.Log(LogType.FILE, LogLevel.INFORM, "Finish Record Data");
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | Line : " + line);
return true;
}
}
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParsingEnds");
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false);
try
{
Rec r = new Rec();
if (arr[4] != "kernel:")
{
DateTime dt = DateTime.Now;
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
Log.Log(LogType.FILE, LogLevel.WARN, "Non labris message on parse, moving to description: " + line);
r.Description = line;
}
else if (arr.Length < 21)
{
DateTime dt = DateTime.Parse(DateTime.Now.Year + " " + arr[0] + " " + arr[1] + " " + arr[2]);
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
Log.Log(LogType.FILE, LogLevel.WARN, "Different message on parse, moving to description: " + line);
r.Description = line;
}
else
{
DateTime dt = DateTime.Parse(DateTime.Now.Year + " " + arr[0] + " " + arr[1] + " " + arr[2]);
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
r.CustomStr1 = arr[3] + " " + arr[4].TrimEnd(':');
r.CustomStr2 = arr[5] + " " + arr[6];
r.EventCategory = arr[8] + " " + arr[9];
r.CustomStr6 = arr[10];
r.CustomStr5 = arr[11].Split('=')[1];
r.CustomStr3 = arr[12].Split('=')[1];
r.CustomStr4 = arr[13].Split('=')[1];
try
{
r.CustomInt1 = Convert.ToInt32(arr[13].Split('=')[1]);
}
catch
{
r.CustomInt1 = -1;
}
r.CustomStr7 = arr[14].Split('=')[1];
r.CustomStr8 = arr[15].Split('=')[1];
try
{
r.CustomInt2 = Convert.ToInt32(arr[16].Split('=')[1]);
}
catch
{
r.CustomInt2 = -1;
}
try
{
r.CustomInt10 = Convert.ToInt32(arr[17].Split('=')[1]);
}
catch
{
r.CustomInt10 = -1;
}
Int32 count = 18;
String[] str9 = arr[18].Split('=');
if (str9.Length < 2)
count++;
r.CustomStr9 = arr[count++].Split('=')[1];
try
{
r.CustomInt3 = Convert.ToInt32(arr[count++].Split('=')[1]);
}
catch
{
r.CustomInt3 = -1;
}
try
{
r.CustomInt4 = Convert.ToInt32(arr[count++].Split('=')[1]);
}
catch
{
r.CustomInt4 = -1;
}
for(Int32 i = count; i < arr.Length; i++)
r.Description += arr[i] + " ";
if (remoteHost != "")
r.ComputerName = remoteHost;
else
{
String[] arrLocation = Dir.Split('\\');
if (arrLocation.Length > 1)
r.ComputerName = arrLocation[2];
}
}
if (r.Description.Length > 900)
{
if (r.Description.Length > 1800)
{
r.CustomStr10 = r.Description.Substring(900, 900);
}
else
{
r.CustomStr10 = r.Description.Substring(900, r.Description.Length - 900 - 2);
}
r.Description = r.Description.Substring(0, 900);
Log.Log(LogType.FILE, LogLevel.DEBUG, "Description text splitted to CustomStr10");
}
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
// eski --->> 192.168.20.62 eucfcu\sgurbuz [28/Dec/2010:10:35:36 +0000] "GET http://www.playboy.com/ HTTP/1.1" "sx"
//192.168.20.100 - 192.168.20.100 - EUCFCU\gaktas - [29/Dec/2010:10:56:00 +0200] - "GET http://forum.memurlar.net/htc/banner.htc HTTP/1.1" - ""
//192.168.20.159 - leventaydos.eucfcu.local - EUCFCU\laydos - [30/Dec/2010:10:10:14 +0200] - "GET http://forum.memurlar.net/htc/banner.htc HTTP/1.1" - ""
//192.168.20.191 - mypc-d106bee486 - EUCFCU\btanrikulu - [30/Dec/2010:13:05:29 +0200] - "GET http://ecl.labs.popcap.com/v118/facebook/bj2/js/kt_common.js HTTP/1.1" - ""
//Yeni format
//192.168.20.186 209.85.149.189 "EUCFCU\mgcelik" [22/Feb/2011:10:13:05 +0200] "CONNECT chatenabled.mail.google.com:443 HTTP/1.0" 403 1091 1834 "" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.3; .NET4.0C; .NET4.0E)" "im" 10 "-" "Genel" 0.024 "-" Neutral -
//192.168.20.180 69.63.189.16 "EUCFCU\lsutcu" [22/Feb/2011:10:13:27 +0200] "POST http://www.facebook.com/ajax/chat/buddy_list.php?__a=1 HTTP/1.1" 403 1947 1832 "http://www.facebook.com/?sk=messages#!/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB0.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.3; .NET4.0C; .NET4.0E)" "ch" 10 "-" "Genel" 0.052 "-" Neutral -
if (line.StartsWith("#"))
return true;
String[] arr = line.Split(new char[] { ' ' });
Rec r = new Rec();
if (line.Length > 891)
{
r.Description = line.Substring(0, 890);
r.Description = r.Description.Replace("'", "|");
}
else
{
r.Description = line;
r.Description = r.Description.Replace("'", "|");
}
r.LogName = LogName;
r.Datetime = DateTime.Now.ToString();
try
{
if (arr.Length >= 6)
{
r.SourceName = arr[0];
r.ComputerName = arr[1];
r.UserName = arr[2].Trim('"');
string[] dateParts = arr[3].Split(new char[] { ' ', ':' }, StringSplitOptions.RemoveEmptyEntries);
string date = dateParts[0].TrimStart('[') + " " + dateParts[1] + ":" + dateParts[2] + ":" + dateParts[3];
r.Datetime = Convert.ToDateTime(date.Trim().Trim(':').Trim(), CultureInfo.InvariantCulture).ToString("yyyy-MM-dd HH:mm:ss");
string[] parts = line.Split(new char[] { '"' });
string[] url = parts[3].Split(' ');
r.EventType = url[0];
if (url[1].Length > 891)
r.CustomStr1 = url[1].Substring(0, 890);
else
r.CustomStr1 = url[1];
r.CustomStr3 = url[2];
string[] ints = parts[4].Trim().Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
r.CustomInt1 = Convert_To_Int32(ints[0].Trim());
r.CustomInt2 = Convert_To_Int32(ints[1].Trim());
r.CustomInt3 = Convert_To_Int32(ints[2].Trim());
r.CustomStr2 = parts[7];
r.CustomStr10 = parts[5];
//if (parts.Length > 3)
//{
// r.CustomStr3 = parts[3];
//}
}
else
{
Log.Log(LogType.FILE, LogLevel.INFORM, "Line format is not like we want! Line: " + line);
}
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
}
SetRecordData(r);
}
return true;
}
private bool SendData(Rec rec)
{
try
{
L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record");
L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data");
if (usingRegistry)
{
CustomServiceBase s = base.GetInstanceService("Security Manager Sender");
s.SetData(rec);
}
else
{
CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder");
s.SetData(Dal, virtualhost, rec);
s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime);
}
L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data");
return true;
}
catch (Exception exception)
{
return false;
}
}
public override bool ParseSpecific(string line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
String[] arr = SpaceSplit(line, false, '"');
if (arr.Length < 3)
return true;
try
{
if (!dontSend)
{
Rec r = new Rec();
r.Description = "";
String eventType = arr[2].TrimEnd(':');
arr[1] = arr[1].TrimStart('(');
arr[1] = arr[1].TrimEnd(')');
DateTime currentDate = DateTime.Now;
r.Datetime = currentDate.Year + "/" + currentDate.Month + "/" + currentDate.Day + " " + arr[0];
Int32 runItr = 2;
switch (eventType)
{
case "IN":
case "OUT":
{
r.EventType = eventType;
r.EventCategory = arr[3].TrimEnd('"').TrimStart('"');
r.UserName = arr[4];
runItr = 5;
} break;
case "UNSUPPORTED":
{
r.EventType = eventType;
r.EventCategory = arr[3].TrimEnd('"').TrimStart('"');
r.UserName = arr[5];
runItr = 6;
} break;
};
for (Int32 i = runItr; i < arr.Length; i++)
{
r.Description = arr[i] + " ";
}
r.Description = r.Description.Trim();
r.LogName = LogName;
SetRecordData(r);
}
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
return true;
}
public void Rec16IsCovariant()
{
Rec <A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11, A12, A13, A14, A15> t = _.t(new B0(), new B1(), new B2(), new B3(), new B4(), new B5(), new B6(), new B7(), new B8(), new B9(), new B10(), new B11(), new B12(), new B13(), new B14(), new B15());
}
public void Rec22IsCovariant()
{
Rec <A0, A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11, A12, A13, A14, A15, A16, A17, A18, A19, A20, A21> t = _.t(new B0(), new B1(), new B2(), new B3(), new B4(), new B5(), new B6(), new B7(), new B8(), new B9(), new B10(), new B11(), new B12(), new B13(), new B14(), new B15(), new B16(), new B17(), new B18(), new B19(), new B20(), new B21());
}
void SlogSyslogEvent(LogMgrEventArgs args)
{
var rec = new Rec();
try
{
L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record");
L.Log(LogType.FILE, LogLevel.DEBUG, " Log : " + args.Message);
try
{
rec.LogName = "WatchGuardWebSyslogV_1_0_0Recorder";
rec.Datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss");
rec.Description = args.Message.Length > 899 ? args.Message.Substring(0, 899) : args.Message;
rec.Description = args.Message.Replace("'", "|");
string line = args.Message;
string[] lineArr = line.Split();
string[] subLineArr = line.Split((char[])null, StringSplitOptions.RemoveEmptyEntries);
for (int i = 0; i < lineArr.Length; i++)
{
if (lineArr[i].StartsWith("op"))
{
rec.EventType = SplitFunction(lineArr[i]);
L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType);
}
if (lineArr[i].StartsWith("proxy_act"))
{
rec.CustomStr2 = SplitFunction(lineArr[i]);
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2);
}
if (lineArr[i].StartsWith("dstname"))
{
rec.CustomStr6 = SplitFunction(lineArr[i]);
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr6: " + rec.CustomStr6);
}
if (lineArr[i].StartsWith("arg"))
{
rec.CustomStr7 = SplitFunction(lineArr[i]);
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr7: " + rec.CustomStr7);
}
try
{
if (lineArr[i].StartsWith("sent_bytes"))
{
rec.CustomInt5 = Convert.ToInt32(SplitFunction(lineArr[i]));
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5);
}
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt5 Type Casting Error: " + exception.Message);
}
try
{
if (lineArr[i].StartsWith("rcvd_bytes"))
{
rec.CustomInt6 = Convert.ToInt32(SplitFunction(lineArr[i]));
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt6: " + rec.CustomInt6);
}
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt6 Type Casting Error: " + exception.Message);
}
try
{
if (lineArr[i].StartsWith("elapsed_time"))
{
rec.CustomStr8 = SplitFunction(lineArr[i]);
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr8: " + rec.CustomStr8);
}
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr8 Type Casting Error: " + exception.Message);
}
if (lineArr[i].ToLower() == "tcp")
{
try
{
IPAddress sourceIp = IPAddress.Parse(lineArr[i + 1]);
rec.CustomStr3 = sourceIp.ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3);
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr3 Error: " + exception.Message);
}
try
{
IPAddress destIp = IPAddress.Parse(lineArr[i + 2]);
rec.CustomStr4 = destIp.ToString();
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4);
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr4 Error: " + exception.Message);
}
}
if (lineArr[i].ToLower() == "udp")
{
try
{
IPAddress sourceIp = IPAddress.Parse(lineArr[i + 3]);
rec.CustomStr3 = sourceIp.ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3);
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr3 Error: " + exception.Message);
}
try
{
IPAddress destIp = IPAddress.Parse(lineArr[i + 4]);
rec.CustomStr4 = destIp.ToString();
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4);
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr4 Error: " + exception.Message);
}
}
}
rec.EventCategory = subLineArr[10];
try
{
string msg1 = After(line, "msg=");
string msg2 = Before(msg1, "\" ");
rec.CustomStr1 = msg2.Replace('"', ' ').Trim();
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr1: " + rec.CustomStr1);
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr1 Error: " + exception.Message);
}
if (lineArr.Length > 8)
{
if (lineArr[8].Contains("-"))
{
rec.CustomStr5 = lineArr[5].Split('-')[0];
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5);
}
}
try
{
if (subLineArr.Length > 16)
{
rec.CustomInt3 = Convert.ToInt32(lineArr[16]);
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3: " + rec.CustomInt3);
}
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt3 Type Casting Error: " + exception.Message);
}
try
{
if (subLineArr.Length > 17)
{
rec.CustomInt4 = Convert.ToInt32(lineArr[17]);
L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt4: " + rec.CustomInt4);
}
}
catch (Exception exception)
{
L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt4 Type Casting Error: " + exception.Message);
}
//try
//{
// if (lineArr.Length > 8)
// {
// rec.EventCategory = lineArr[10];
// L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory);
// }
//}
//catch (Exception exception)
//{
// L.Log(LogType.FILE, LogLevel.ERROR, "EventCategory Error: " + exception.Message);
//}
}
catch (Exception e)
{
L.Log(LogType.FILE, LogLevel.ERROR, "ERROR------------");
L.Log(LogType.FILE, LogLevel.ERROR, e.Message);
L.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
}
L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record");
L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data");
if (usingRegistry)
{
CustomServiceBase s = base.GetInstanceService("Security Manager Sender");
s.SetData(rec);
}
else
{
CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder");
s.SetData(Dal, virtualhost, rec);
s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime);
}
L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data");
}
catch (Exception er)
{
L.Log(LogType.FILE, LogLevel.ERROR, er.ToString());
L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message);
}
}
public bool DebugTestThatAllTablesValidate(IDataConnector genericData,
out Rec<string, ColumnDefinition[]> reason)
{
reason = new Rec<string, ColumnDefinition[]>();
#if (!ISWIN)
foreach (var s in schema)
{
if (!genericData.VerifyTableExists(s.X1, s.X2))
{
reason = s;
return false;
}
}
#else
foreach (var s in schema.Where(s => !genericData.VerifyTableExists(s.X1, s.X2)))
{
reason = s;
return false;
}
#endif
return true;
}
private void sendData(Rec rec)
{
if (usingRegistry)
{
CustomServiceBase s = base.GetInstanceService("Security Manager Sender");
s.SetData(rec);
}
else
{
CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder");
s.SetData(Dal, virtualhost, rec);
}
}
public override bool ParseSpecific(String line, bool dontSend)
{
if (line == "")
return true;
if (!dontSend)
{
try
{
string readingFileName = "";
if (!string.IsNullOrEmpty(lastFile))
{
string[] lastFileParts = lastFile.Split(new char[] { '/', '\\', '.' }, StringSplitOptions.RemoveEmptyEntries);
readingFileName = lastFileParts[lastFileParts.Length - 2];
}
String[] parts = line.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
Rec rec = new Rec();
rec.Description = line;
rec.LogName = LogName;
rec.EventCategory = readingFileName;
rec.Datetime = DateTime.Now.ToString();
try
{
//Feb 8 08:32:07 toprak syslog: Oracle Cluster Ready Services starting up automatically.
//Deamon
//Apr 19 21:06:09 bulut /usr/sbin/collect[1287816]: Forcing data buffer flush
if (parts.Length >= 5)
{
Log.Log(LogType.FILE, LogLevel.INFORM, " parts[1] : " + parts[1] + " parts[0] : " + parts[0] + " parts[2] : " + parts[2]);
int dt = DateTime.Now.Year;
string date = parts[1] + "/" + parts[0] + "/" + dt.ToString() + " " + parts[2];
Log.Log(LogType.FILE, LogLevel.INFORM, " date " + date);
rec.Datetime = Convert.ToDateTime(date, CultureInfo.InvariantCulture).ToString("yyyy-MM-dd HH:mm:ss");
rec.ComputerName = parts[3];
//auth,daemon,kern,lpr,mail,syslog,user
switch (readingFileName)
{
case "auth":
{
rec.CustomStr2 = parts[4].Split('[')[0];
rec.CustomStr3 = parts[4].Split('[')[1].TrimEnd(':').TrimEnd(']');
string allLeftStr = "";
for (int i = 5; i < parts.Length; i++)
{
allLeftStr += parts[i] + " ";
}
rec.CustomStr1 = allLeftStr.Trim();
}
break;
case "daemon":
{
rec.CustomStr4 = parts[4].Split('[')[0];
rec.CustomStr5 = parts[4].Split('[')[1].TrimEnd(':').TrimEnd(']');
string allLeftStr = "";
for (int i = 5; i < parts.Length; i++)
{
allLeftStr += parts[i] + " ";
}
rec.CustomStr2 = allLeftStr.Trim();
}
break;
case "kern":
{
rec.CustomStr4 = parts[4].TrimEnd(':');
string allLeftStr = "";
for (int i = 5; i < parts.Length; i++)
{
allLeftStr += parts[i] + " ";
}
rec.CustomStr2 = allLeftStr.Trim();
}
break;
case "lpr":
break;
case "mail":
{
rec.CustomStr1 = parts[4].Split('[')[0];
rec.CustomStr2 = parts[4].Split('[')[1].TrimEnd(':').TrimEnd(']');
string allLeftStr = "";
for (int i = 5; i < parts.Length; i++)
{
allLeftStr += parts[i] + " ";
}
rec.CustomStr3 = allLeftStr.Trim();
}
break;
case "syslog":
{
rec.CustomStr1 = parts[4].TrimEnd(':');
string allLeftStr = "";
for (int i = 5; i < parts.Length; i++)
{
allLeftStr += parts[i] + " ";
}
rec.CustomStr2 = allLeftStr.Trim();
}
break;
case "user":
{
rec.CustomStr1 = parts[4].TrimEnd(':');
string allLeftStr = "";
for (int i = 5; i < parts.Length; i++)
{
allLeftStr += parts[i] + " ";
}
rec.CustomStr2 = allLeftStr.Trim();
}
break;
default:
{
Log.Log(LogType.FILE, LogLevel.INFORM, " ParseSpecific() --> File name is null or there is no such file name. readingFileName : " + readingFileName);
}
break;
}
}
else
{
Log.Log(LogType.FILE, LogLevel.INFORM, " ParseSpecific() --> Line format is not like we want! Line: " + line);
}
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, " Inner Hata : " + ex.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, ex.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() --> Line : " + line);
return true;
}
SetRecordData(rec);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, " Outher Hata : " + ex.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, ex.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() --> Line : " + line);
}
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | Line : " + line);
if (Position != 0)
{
RecordFields.lineNumber++;
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | lineNumber : " + RecordFields.lineNumber);
}
else if (Position == 0)
{
RecordFields.lineNumber = 0;
}
if (line == "")
return true;
String[] lineArr = line.Split(' ');
try
{
Rec r = new Rec();
r.LogName = LogName;
//if (line.Length > 899)
//{
// r.Description = line.Substring(0, 899);
// Log.Log(LogType.FILE, LogLevel.DEBUG, "Description : " + r.Description);
//}
//else
//{
// r.Description = line;
// Log.Log(LogType.FILE, LogLevel.DEBUG, "Description : " + r.Description);
//}
try
{
DateTime dt;
string[] dateArr = lineArr[3].Replace('[', ' ').Trim().Split(':')[0].Split('/');
string[] timeArr = lineArr[3].Replace('[', ' ').Trim().Split(':');
string myDateTimeString = dateArr[1] + "-" + dateArr[0] + "-" + dateArr[2] + "," + timeArr[1] + ":" + timeArr[2] + ":" + timeArr[3];
dt = Convert.ToDateTime(myDateTimeString);
r.Datetime = dt.ToString(dateFormat);
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "DateTime Parsing Error: " + exception.Message);
}
try
{
r.EventType = lineArr[5].Replace('"', ' ').Trim();
if (!string.IsNullOrEmpty(remoteHost))
{
r.ComputerName = remoteHost;
}
r.CustomStr1 = lineArr[7].Replace('"', ' ').Trim();
r.CustomStr3 = lineArr[0].Replace('"', ' ').Trim();
r.Description = lineArr[6];
try
{
r.CustomInt1 = Convert.ToInt32(lineArr[8]);
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1 Cast Error: " + exception.Message);
r.CustomInt1 = 0;
}
try
{
r.CustomInt2 = Convert.ToInt32(lineArr[9]);
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt2 Cast Error: " + exception.Message);
r.CustomInt2 = 0;
}
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "String Parsing Error: " + exception.Message);
}
#region Writelog
if (!string.IsNullOrEmpty(r.EventType))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType" + r.EventType);
}
if (!string.IsNullOrEmpty(r.ComputerName))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType" + r.ComputerName);
}
if (!string.IsNullOrEmpty(r.CustomStr1))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType" + r.CustomStr1);
}
if (!string.IsNullOrEmpty(r.CustomStr2))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType" + r.CustomStr2);
}
if (!string.IsNullOrEmpty(r.CustomStr3))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType" + r.CustomStr3);
}
if (!string.IsNullOrEmpty(r.CustomStr4))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType" + r.CustomStr4);
}
if (!string.IsNullOrEmpty(r.CustomStr9))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType" + r.CustomStr9);
}
#endregion
Log.Log(LogType.FILE, LogLevel.INFORM, "Record is sending now.");
SetRecordData(r);
Log.Log(LogType.FILE, LogLevel.INFORM, "Record sended.");
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
return true;
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false);
try
{
Rec r = new Rec();
if (arr.Length < 4)
{
Log.Log(LogType.FILE, LogLevel.WARN, "Different message on parse, moving to description: " + line);
DateTime dt = DateTime.Now;
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
r.Description = line;
}
else
{
DateTime dt = DateTime.Parse(DateTime.Now.Year + " " + arr[0] + " " + arr[1] + " " + arr[2]);
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
r.SourceName = arr[3];
r.EventCategory = arr[4];
for (Int32 i = 5; i < arr.Length; i++)
r.Description += arr[i] + " ";
}
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | Line : " + line);
Log.Log(LogType.FILE, LogLevel.DEBUG, "ParseSpecific | dontSend : " + dontSend);
Rec r = new Rec();
if (line == "")
return true;
try
{
if (line.StartsWith("#"))
{
if (line.StartsWith("#Fields:"))
{
if (dictHash != null)
dictHash.Clear();
dictHash = new Dictionary<String, Int32>();
String[] fields = line.Split('\t');
String[] first = fields[0].Split(' ');
fields[0] = first[1];
Int32 count = 0;
foreach (String field in fields)
{
dictHash.Add(field, count);
count++;
}
String add = "";
foreach (KeyValuePair<String, Int32> kvp in dictHash)
{
add += kvp.Key + ",";
Log.Log(LogType.FILE, LogLevel.DEBUG, "key : " + kvp.Key);
}
SetLastKeywords(add);
keywordsFound = true;
}
return true;
}
else if (!line.StartsWith("#"))
{
String[] arr = line.Split('\t');
r.Datetime = arr[dictHash["date"]] + " " + arr[dictHash["time"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "Datetime : " + r.Datetime);
r.LogName = LogName;
try
{
r.EventCategory = arr[dictHash["IP protocol"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory : " + r.EventCategory);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "EventCategory : " + ex.Message);
}
try
{
r.EventType = arr[dictHash["action"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "EventType : " + r.EventType);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "EventType : " + ex.Message);
}
try
{
r.UserName = arr[dictHash["session ID"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "UserName : "******"UserName : "******"LogName : " + r.LogName);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "LogName : " + ex.Message);
}
try
{
r.ComputerName = arr[dictHash["computer"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "ComputerName : " + r.ComputerName);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ComputerName : " + ex.Message);
}
try
{
r.CustomStr1 = arr[dictHash["username"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr1 : " + r.CustomStr1);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "ComputerName : " + ex.Message);
}
try
{
r.CustomStr3 = arr[dictHash["source"]].Split(':')[0];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3 : " + r.CustomStr3);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr3 : " + ex.Message);
}
try
{
r.CustomStr4 = arr[dictHash["destination"]].Split(':')[0];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4 : " + r.CustomStr4);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr4 : " + ex.Message);
}
try
{
r.CustomStr5 = arr[dictHash["original client IP"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5 : " + r.CustomStr5);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr5 : " + ex.Message);
}
try
{
r.CustomStr6 = arr[dictHash["status"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr6 : " + r.CustomStr6);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr6 : " + ex.Message);
}
try
{
r.CustomStr7 = arr[dictHash["rule"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr7 : " + r.CustomStr7);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr7 : " + ex.Message);
}
try
{
r.CustomStr8 = arr[dictHash["application protocol"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr8 : " + r.CustomStr8);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr8 : " + ex.Message);
}
try
{
r.CustomStr9 = arr[dictHash["agent"]];
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr9 : " + r.CustomStr9);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomStr9 : " + ex.Message);
}
try
{
r.CustomInt3 = Convert.ToInt32(arr[dictHash["source"]].Split(':')[1]);
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3 : " + r.CustomInt3);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomInt3 : " + ex.Message);
}
try
{
r.CustomInt4 = Convert.ToInt32(arr[dictHash["destination"]].Split(':')[1]);
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt4 : " + r.CustomInt4);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomInt4 : " + ex.Message);
}
try
{
r.CustomInt6 = Convert.ToInt32(arr[dictHash["bytes sent intermediate"]]);
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt6 : " + r.CustomInt6);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomInt6 : " + ex.Message);
}
try
{
r.CustomInt7 = Convert.ToInt32(arr[dictHash["bytes received"]]);
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt7 : " + r.CustomInt7);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomInt7 : " + ex.Message);
}
try
{
r.CustomInt8 = Convert.ToInt32(arr[dictHash["bytes sent"]]);
Log.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt8 : " + r.CustomInt8);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "CustomInt8 : " + ex.Message);
}
try
{
r.Description = line;
Log.Log(LogType.FILE, LogLevel.DEBUG, "Description : " + line);
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Description : " + ex.Message);
}
try
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Start sending data.");
SetRecordData(r);
Log.Log(LogType.FILE, LogLevel.DEBUG, "Finished sending data.");
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "SetRecordData : " + ex.Message);
}
}
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "StartsWith(#) | " + e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, "StartsWith(#) | " + e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "StartsWith(#) | Line : " + line);
return false;
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
Log.Log(LogType.FILE, LogLevel.DEBUG, "Line Is " + line);
if (string.IsNullOrEmpty(line))
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Line is Null Or Empty");
return true;
}
if (!dontSend)
{
Rec r = new Rec();
if (line.Length > 899)
{
r.Description = line.Substring(0, 899);
}
else
{
r.Description = line;
}
string[] spaceItems = line.Split(' ');
#region Date
int year = DateTime.Now.Year;
string myDateString = spaceItems[1] + " " + spaceItems[0] + " " + year + " " + spaceItems[2];
DateTime dt = Convert.ToDateTime(myDateString);
r.Datetime = dt.ToString("yyyy-MM-dd HH:mm:ss");
r.LogName = LogName;
#endregion
for (int i = 0; i < spaceItems.Length; i++)
{
//Tip1
if (spaceItems[i].ToUpper().ToString() == "DNS")
{
try
{
r.SourceName = spaceItems[3];
r.CustomStr1 = spaceItems[11];
if (spaceItems.Length > 14)
{
if (spaceItems[14].Contains("#"))
{
try
{
r.CustomStr4 = spaceItems[14].Split('#')[0].Trim();
r.CustomInt4 = Convert.ToInt32(spaceItems[14].Split('#')[1].Replace(':', ' ').Trim());
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 1 Line format is invalid." + line);
}
}
}
r.CustomStr3 = spaceItems[9].Split('#')[0];
r.CustomInt3 = Convert.ToInt32(spaceItems[9].Split('#')[1]);
r.EventCategory = spaceItems[5] + " " + spaceItems[6] + " " + spaceItems[7];
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 1: " + exception.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 1 line : " + line);
}
}
}
for (int i = 0; i < spaceItems.Length; i++)
{
//Tip2
if (spaceItems[i].ToUpper().ToString() == "(FORMERR)")
{
try
{
r.SourceName = spaceItems[3];
r.EventCategory = Between(line, "]:", "(");
r.EventType = Between(line, "(", ")");
r.CustomStr1 = Between(line, "\'", "\'");
r.CustomStr4 = (After(line, "\':")).Split('#')[0].Trim();
r.CustomInt4 = Convert.ToInt32((After(line, "\':")).Split('#')[1]);
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 2: " + exception.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 2 line : " + line);
}
}
}
for (int i = 0; i < spaceItems.Length; i++)
{
//Tip3
if (spaceItems[i].ToLower().ToString() == "lame")
{
try
{
r.SourceName = spaceItems[3];
r.EventCategory = spaceItems[5] + " " + spaceItems[6] + " " + spaceItems[7];
r.CustomStr1 = Between(line, "\'", "\' ");
r.CustomStr4 = After(line, "):").Split('#')[0].Trim();
r.CustomInt4 = Convert.ToInt32(After(line, "):").Split('#')[1]);
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 3: " + exception.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 3 line : " + line);
}
}
}
for (int i = 0; i < spaceItems.Length; i++)
{
//Tip4
if (spaceItems[i].ToLower().ToString() == "success")
{
try
{
r.SourceName = spaceItems[3];
r.EventCategory = spaceItems[5] + " " + spaceItems[6];
r.CustomStr1 = spaceItems[7];
}
catch (Exception exception)
{
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 4: " + exception.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, "Tip 4 line : " + line);
}
}
}
Log.Log(LogType.FILE, LogLevel.DEBUG, "Position: " + Position);
Log.Log(LogType.FILE, LogLevel.DEBUG, "tempPosition: " + RecordFields.tempPosition);
long tempPosition = GetLinuxFileSizeControl(RecordFields.fileName);
Log.Log(LogType.FILE, LogLevel.DEBUG, "tempPosition: " + RecordFields.tempPosition);
if (Position > tempPosition)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Position büyük dosya dan büyük pozisyon sıfırlanacak." );
Position = 0;
Log.Log(LogType.FILE, LogLevel.DEBUG, "Position = 0 ");
}
Log.Log(LogType.FILE, LogLevel.DEBUG, "Data sending.");
SetRecordData(r);
Log.Log(LogType.FILE, LogLevel.DEBUG, "Send Data");
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false);
try
{
Rec r = new Rec();
DateTime dt = DateTime.Now;
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
r.SourceName = arr[0];
if (arr[1] == "tcpserver:")
{
r.EventCategory = arr[1];
r.EventType = arr[2];
switch (arr[2])
{
case "end":
{
try
{
r.CustomInt1 = Convert.ToInt32(arr[3]);
}
catch
{
r.CustomStr1 = arr[3];
}
try
{
r.CustomInt2 = Convert.ToInt32(arr[5]);
}
catch
{
r.CustomStr2 = arr[5];
}
} break;
case "status:":
{
String [] arrIn = arr[3].Split('/');
try
{
r.CustomInt1 = Convert.ToInt32(arrIn[0]);
}
catch
{
r.CustomStr1 = arrIn[0];
}
try
{
r.CustomInt2 = Convert.ToInt32(arrIn[1]);
}
catch
{
r.CustomStr2 = arrIn[1];
}
} break;
case "pid":
{
try
{
r.CustomInt1 = Convert.ToInt32(arr[3]);
}
catch
{
r.CustomStr1 = arr[3];
}
r.CustomStr2 = arr[5];
} break;
case "ok":
{
try
{
r.CustomInt1 = Convert.ToInt32(arr[3]);
}
catch
{
r.CustomInt1 = 0;
}
String[] arrIn = arr[4].Split(':');
r.CustomStr1 = arrIn[0];
r.CustomStr2 = arrIn[1];
try
{
r.CustomInt2 = Convert.ToInt32(arrIn[2]);
}
catch
{
r.CustomInt2 = 0;
}
String[] arrIn2 = arr[5].Split(':');
r.CustomStr3 = arrIn2[1];
try
{
r.CustomInt3 = Convert.ToInt32(arrIn2[3]);
}
catch
{
r.CustomInt3 = 0;
}
} break;
};
}
else if (arr[1] == "CHKUSER")
{
r.EventCategory = arr[1];
r.EventType = arr[2];
String[] arrIn = arr[5].Split(':');
r.CustomStr1 = arrIn[0].TrimStart('<');
r.CustomStr2 = arrIn[1];
r.CustomStr3 = arrIn[2].TrimEnd('>');
String[] arrIn2 = arr[7].Split(':');
r.CustomStr4 = arrIn2[0].TrimStart('<');
r.CustomStr5 = arrIn2[1];
r.CustomStr6 = arrIn2[2].TrimEnd('>');
r.CustomStr7 = arr[9].TrimStart('<').TrimEnd('>');
for (Int32 i = 11; i < arr.Length; i++)
{
r.Description += arr[i] + " ";
}
r.Description = r.Description.Trim();
}
else if (arr[1] == "rblsmtpd:")
{
r.EventCategory = arr[1];
r.EventType = arr[6];
r.CustomStr1 = arr[2];
try
{
r.CustomInt1 = Convert.ToInt32(arr[4].TrimEnd(':'));
}
catch
{
r.CustomInt1 = 0;
}
try
{
r.CustomInt2 = Convert.ToInt32(arr[5]);
}
catch
{
r.CustomInt2 = 0;
}
r.Description = arr[9];
}
else
{
for (Int32 i = 1; i < arr.Length; i++)
{
r.Description += arr[i] + " ";
}
r.Description = r.Description.Trim();
}
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
// fdsf
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific -->> Line : " + line);
Log.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific -->> position getReg : " + reg.GetValue("LastPosition"));
if (line == "")
return true;
String[] arr = SpaceSplit(line, true);
//if (arr.Length < 10)
//{
// Log.Log(LogType.FILE, LogLevel.WARN, " ParseSpecific -->> Wrong format on parse, expected parse count 10, found " + arr.Length + ", line: " + line + "!");
// Log.Log(LogType.FILE, LogLevel.WARN, " ParseSpecific -->> Please fix your Squid Logger before messing with developer! Parsing will continue...");
// return true;
//}
Rec r = new Rec();
try
{
//r.Datetime = arr[0] + " " + arr[1] + " " + arr[2];
//r.Datetime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
DateTime df = DateTime.Now;
DateTime dt;
string myDateTimeString = arr[0] + arr[1] + "," + df.Year + "," + arr[2];
dt = Convert.ToDateTime(myDateTimeString);
string lastDate = dt.ToString("yyyy-MM-dd HH:mm:ss");
r.Datetime = lastDate;
r.SourceName = arr[3];
r.EventCategory = arr[5];
r.CustomStr1 = arr[6];
r.CustomStr2 = arr[7];
Log.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific -->> Datetime" + r.Datetime);
for (int i = 0; i < arr.Length; i++)
{
if (arr[i].Contains("PROTO"))
{
r.EventType = arr[i].Split('=')[1];
}
if (arr[i].Contains("MAC"))
{
r.ComputerName = arr[i].Split('=')[1];
}
if (arr[i].Contains("SRC"))
{
r.CustomStr3 = arr[i].Split('=')[1];
}
if (arr[i].Contains("DST"))
{
r.CustomStr4 = arr[i].Split('=')[1];
}
if (arr[i].Contains("SPT"))
{
r.CustomInt3 = Convert.ToInt32(arr[i].Split('=')[1]);
}
if (arr[i].Contains("DPT"))
{
r.CustomInt4 = Convert.ToInt32(arr[i].Split('=')[1]);
}
}
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific -->> Line is not proper format. Line could not got.");
Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific -->> " + ex.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific -->> " + ex.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific -->> Line : " + line);
r.Description = line;
r.LogName = LogName;
Log.Log(LogType.FILE, LogLevel.ERROR,
" ParseSpecific -->> Line description'a yazıldı. " + r.Description);
}
r.Description = line;
r.LogName = LogName;
try
{
Log.Log(LogType.FILE, LogLevel.DEBUG,
" ParseSpecific -->> SetRecordData öncesi");
Log.Log(LogType.FILE, LogLevel.DEBUG,
" ParseSpecific -->> SetRecordData öncesi 3 :" + reg.GetValue("ControlStr3").ToString());
Log.Log(LogType.FILE, LogLevel.DEBUG,
" ParseSpecific -->> SetRecordData öncesi 4 : " + reg.GetValue("ControlStr4").ToString());
if (reg.GetValue("ControlStr3").ToString() == r.CustomStr3 || reg.GetValue("ControlStr4").ToString() == r.CustomStr4)
{
Log.Log(LogType.FILE, LogLevel.WARN,
" ParseSpecific -->> Log satırı atlandı. " + line);
}
else
{
SetRecordData(r);
}
Log.Log(LogType.FILE, LogLevel.DEBUG,
" ParseSpecific -->> SetRecordData Sonrası");
}
catch (Exception ex)
{
Log.Log(LogType.FILE, LogLevel.ERROR,
" ParseSpecific -->> SetRecordData catch" + ex.Message);
}
return true;
}
public override bool ParseSpecific(String line, bool dontSend)
{
Log.Log(LogType.FILE, LogLevel.DEBUG, "Parsing Specific line");
if (line == "")
return true;
if (!dontSend)
{
String[] arr = SpaceSplit(line, false);
try
{
Rec r = new Rec();
if (arr.Length < 4)
{
Log.Log(LogType.FILE, LogLevel.WARN, "Different message on parse, moving to description: " + line);
DateTime dt = DateTime.Now;
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
r.Description = line;
}
else
{
if (line.StartsWith("SU"))
{
String [] dateArr = arr[1].Split('/');
DateTime dt = DateTime.Parse(DateTime.Now.Year + " " + dateArr[0] + " " + dateArr[1] + " " + arr[2]);
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
if (arr[3] == "+")
{
r.EventType = "Su";
r.EventCategory = "Success";
}
else if (arr[3] == "-")
{
r.EventType = "Su";
r.EventCategory = "Fail";
}
r.CustomStr1 = arr[4];
r.UserName = arr[5];
for (Int32 i = 0; i < arr.Length; i++)
r.Description += arr[i] + " ";
}
else
{
DateTime dt = DateTime.Parse(DateTime.Now.Year + " " + arr[0] + " " + arr[1] + " " + arr[2]);
r.Datetime = dt.Year + "/" + dt.Month + "/" + dt.Day + " " + dt.Hour + ":" + dt.Minute + ":" + dt.Second;
r.ComputerName = arr[3];
r.SourceName = arr[4].TrimEnd('"');
r.CustomStr1 = arr[5] + " " + arr[6];
r.UserName = arr[8];
r.CustomStr3 = arr[10];
if (r.CustomStr1 == "Accepted password")
{
r.EventType = "Login";
r.EventCategory = "Success";
}
else if (r.CustomStr1 == "Failed password")
{
r.EventType = "Login";
r.EventCategory = "Fail";
}
for (Int32 i = 5; i < arr.Length; i++)
r.Description += arr[i] + " ";
}
}
r.LogName = LogName;
SetRecordData(r);
}
catch (Exception e)
{
Log.Log(LogType.FILE, LogLevel.ERROR, e.Message);
Log.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace);
Log.Log(LogType.FILE, LogLevel.ERROR, "Line : " + line);
return true;
}
}
return true;
}
private void Socks5DataReceived(object Sender, P2P.SOCKS5.DataReceivedEventArgs e)
{
Socks5Receiver Rx = (Socks5Receiver)e.State;
if (HttpxChunks.chunkedStreams.TryGetValue(Rx.Key, out ChunkRecord Rec))
{
//this.client.Information(e.Data.Length.ToString() + " bytes received over SOCKS5 stream " + Rx.Key + ".");
byte[] Data = e.Data;
int i = 0;
int c = e.Data.Length;
int d;
while (i < c)
{
switch (Rx.State)
{
case 0:
Rx.BlockSize = Data[i++];
Rx.State++;
break;
case 1:
Rx.BlockSize <<= 8;
Rx.BlockSize |= Data[i++];
if (Rx.BlockSize == 0)
{
Rec.ChunkReceived(Rx.Nr++, true, new byte[0]);
e.Stream.Dispose();
return;
}
Rx.BlockPos = 0;
if (Rx.Block == null || Rx.Block.Length != Rx.BlockSize)
{
Rx.Block = new byte[Rx.BlockSize];
}
Rx.State++;
break;
case 2:
d = c - i;
if (d > Rx.BlockSize - Rx.BlockPos)
{
d = Rx.BlockSize - Rx.BlockPos;
}
Array.Copy(Data, i, Rx.Block, Rx.BlockPos, d);
i += d;
Rx.BlockPos += d;
if (Rx.BlockPos >= Rx.BlockSize)
{
if (Rx.E2e)
{
Rx.Block = this.e2e.Decrypt(Rx.Jid, Rx.Block);
if (Rx.Block == null)
{
e.Stream.Dispose();
return;
}
}
//this.client.Information("Chunk " + Rx.Nr.ToString() + " received and forwarded.");
Rec.ChunkReceived(Rx.Nr++, false, Rx.Block);
Rx.State = 0;
}
break;
}
}
}
else
{
//this.client.Warning(e.Data.Length.ToString() + " bytes received over SOCKS5 stream " + Rx.Key + " and discarded.");
e.Stream.Dispose();
}
}
