/// <summary>
/// Creates the syslog structured data containing system information.
/// </summary>
/// <returns></returns>
private SyslogSdElement CreateSystemInfoData()
{
var sdElement = new SyslogSdElement($"systemInfo@{_enterpriseId.ToString(CultureInfo.InvariantCulture)}");
sdElement.Parameters.Add(new SyslogSdParameter("installDirectory", _installFolder));
sdElement.Parameters.Add(new SyslogSdParameter("databaseName", _databaseName));
sdElement.Parameters.Add(new SyslogSdParameter("databaseServer", _databaseServer));
return(sdElement);
}
/// <summary>
/// Creates the syslog structured data containing parameters common to all audit log messages.
/// </summary>
/// <param name="entryData">The entry data.</param>
/// <returns></returns>
private SyslogSdElement CreateBaseMsgData(IAuditLogEntryData entryData)
{
var sdElement = new SyslogSdElement($"audit@{_enterpriseId.ToString(CultureInfo.InvariantCulture)}");
sdElement.Parameters.Add(new SyslogSdParameter("msgId", entryData.AuditLogEntryMetadata.MessageId));
sdElement.Parameters.Add(new SyslogSdParameter("success", entryData.Success.ToString()));
sdElement.Parameters.Add(new SyslogSdParameter("tenant", RequestContext.GetContext().Tenant.Name));
sdElement.Parameters.Add(new SyslogSdParameter("user", entryData.UserName));
return(sdElement);
}
/// <summary>
/// Creates the extra message data from the log entry.
/// </summary>
/// <param name="logEntry"></param>
/// <returns></returns>
private SyslogSdElement CreateExtraMsgData(EventLogEntry logEntry)
{
var sdElement = new SyslogSdElement($"{EventLogMsgId}@{EnterpriseId.ToString(CultureInfo.InvariantCulture)}");
sdElement.Parameters.Add(new SyslogSdParameter("msgId", EventLogMsgId));
sdElement.Parameters.Add(new SyslogSdParameter("tenant", logEntry.TenantName));
sdElement.Parameters.Add(new SyslogSdParameter("tenantId", logEntry.TenantId.ToString(CultureInfo.InvariantCulture)));
sdElement.Parameters.Add(new SyslogSdParameter("user", logEntry.UserName));
// Sd parameter is called logEntrySource for source as source appears be used by graylog for the name of the source machine
sdElement.Parameters.Add(new SyslogSdParameter("logEntrySource", logEntry.Source));
sdElement.Parameters.Add(new SyslogSdParameter("threadId", logEntry.ThreadId.ToString(CultureInfo.InvariantCulture)));
return(sdElement);
}
/// <summary>
/// Creates the syslog structured data containing origin parameters.
/// </summary>
/// <param name="ipHostEntry">The ip host entry.</param>
/// <returns></returns>
private SyslogSdElement CreateOriginData(IPHostEntry ipHostEntry)
{
var sdElement = new SyslogSdElement(SyslogOriginConstants.Origin);
sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.EnterpriseId, _enterpriseId.ToString(CultureInfo.InvariantCulture)));
sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.SwVersion, SystemInfo.PlatformVersion));
sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.Software, _applicationName));
if (ipHostEntry?.AddressList != null && ipHostEntry.AddressList.Length > 0)
{
foreach (IPAddress ipAddress in ipHostEntry.AddressList)
{
sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.Ip, ipAddress.ToString()));
}
}
return(sdElement);
}
/// <summary>
/// Creates the syslog structured data containing parameters specific to the audit log message.
/// </summary>
/// <param name="entryData">The entry data.</param>
/// <returns></returns>
private SyslogSdElement CreateSpecificMsgData(IAuditLogEntryData entryData)
{
var sdElement = new SyslogSdElement($"{entryData.AuditLogEntryMetadata.MessageId}@{_enterpriseId.ToString(CultureInfo.InvariantCulture)}");
// Set type specific fields
foreach (var kvp in entryData.Parameters)
{
if (kvp.Value == null)
{
continue;
}
string value = kvp.Value.ToString();
if (kvp.Value is DateTime?)
{
value = $"{kvp.Value:o}";
}
sdElement.Parameters.Add(new SyslogSdParameter(kvp.Key, value));
}
return(sdElement);
}
/// <summary>
/// Decodes the structured data.
/// </summary>
/// <param name="structuredData">The structured data.</param>
/// <returns></returns>
private IEnumerable <SyslogSdElement> DecodeStructuredData(string structuredData)
{
if (string.IsNullOrEmpty(structuredData))
{
return(null);
}
var sdElementsList = new List <SyslogSdElement>();
string[] sdElements = structuredData.Split(';');
foreach (string sdElement in sdElements)
{
string[] sdElementParts = sdElement.Split(',');
SyslogSdElement element = null;
for (int i = 0; i < sdElementParts.Length; i++)
{
if (i == 0)
{
element = new SyslogSdElement(sdElementParts[i]);
}
else
{
string[] paramParts = sdElementParts[i].Split(':');
element.Parameters.Add(new SyslogSdParameter(paramParts[0], paramParts[1]));
}
}
sdElementsList.Add(element);
}
return(sdElementsList);
}
