public static void EntryWritten(object source, EntryWrittenEventArgs e) { //判断是否是想要的事件ID,其他地区可以选择相应的ID if (e.Entry.InstanceId == 20221) { //保存到本地作为备用 String fileName = "log.txt"; StreamWriter sw = new StreamWriter(fileName); sw.WriteLine("已截获的信息:Id={0},Message={1}", e.Entry.InstanceId, e.Entry.Message); sw.WriteLine(DateTime.Now); sw.Close(); //只截取需要的账号部分 string str = e.Entry.Message; int start = str.IndexOf("User = "******"VpnStrategy"); card = str.Substring(start + 8, length - start - 9); } signal.Set(); }
private void OnEntryWritten(object sender, EntryWrittenEventArgs e) { if (!this.types.Contains(e.Entry.EntryType)) { return; } if (!string.IsNullOrEmpty(this.category) && !this.category.Equals(e.Entry.Category, StringComparison.OrdinalIgnoreCase)) { return; } if (this.eventId.HasValue && this.eventId.Value != e.Entry.InstanceId) { return; } string key = this.key .Replace("${type}", typeTranslation[e.Entry.EntryType]) .Replace("${eventId}", e.Entry.InstanceId.ToString()); this.channel.Report(key, this.value); }
public void GetNewEntry(Object source, EntryWrittenEventArgs e) { LogMessage newMessage = new LogMessage(e.Entry); MessagesBuffer.Enqueue(newMessage); //int randomNumber = rand.Next(2); //if (randomNumber == 1) //{ // MessagesBuffer.Enqueue(SuspiciousLogGenerator.GenerateSample(newMessage)); //} MessagesBuffer.Enqueue(SuspiciousLogGenerator.GenerateSample(newMessage)); if (MessagesBuffer.Count >= PACKETS_COUNT_CONSTRAINT && !Pause) { string[] data = GetLastPackets(); if (queueIsFull != null) { queueIsFull(data); } } }
private void OnEntryWritten1(object sender, EntryWrittenEventArgs e) { if (e.Entry.EntryType == EventLogEntryType.Error || e.Entry.EntryType == EventLogEntryType.Information) { if ((e.Entry.EventID == 4) || (e.Entry.EventID == 472) || (e.Entry.EventID == 477) || (e.Entry.EventID == 517) || (e.Entry.EventID == 624) || (e.Entry.EventID == 535) || (e.Entry.EventID == 533) || (e.Entry.EventID == 529) || (e.Entry.EventID == 632) || (e.Entry.EventID == 539) || (e.Entry.EventID == 534) || (e.Entry.EventID == 531) || (e.Entry.EventID == 636) || (e.Entry.EventID == 660) || (e.Entry.EventID == 6806) || (e.Entry.EventID == 4645) || (e.Entry.EventID == 642) || (e.Entry.EventID == 675) || (e.Entry.EventID == 681) || (e.Entry.EventID == 4728) || (e.Entry.EventID == 644) || (e.Entry.EventID == 676) || (e.Entry.EventID == 1102) || (e.Entry.EventID == 4732) || (e.Entry.EventID == 4740) || (e.Entry.EventID == 4756) || (e.Entry.EventID == 4768) || (e.Entry.EventID == 4776) || (e.Entry.EventID == 4738) || (e.Entry.EventID == 4733) || (e.Entry.EventID == 630) || (e.Entry.EventID == 200) || (e.Entry.EventID == 4124) || (e.Entry.EventID == 4226) || (e.Entry.EventID == 7901) || (e.Entry.EventID == 12294) || (e.Entry.EventID == 9095) || (e.Entry.EventID == 9097) || (e.Entry.EventID == 7023) || (e.Entry.EventID == 6183) || (e.Entry.EventID == 55) || (e.Entry.EventID == 1066) || (e.Entry.EventID == 6008) || (e.Entry.EventID == 861) || e.Entry.EventID == 7035) { //MessageBox.Show("Внимание! В системе произошло событие "+ e.Entry.EventID+ ". Просмотрите журнал событий для выяснения причин.", "Система активного аудита", MessageBoxButtons.OK, MessageBoxIcon.Warning); DialogResult result; result = MessageBox.Show("Внимание!" + "\r\n" + "В системе произошло событие " + e.Entry.EventID + "\r\n" + "Время " + e.Entry.TimeGenerated.ToString() + "\r\n" + "Сообщение: " + e.Entry.Message + "\r\n" + "\r\n" + " Просмотрите журнал событий для выяснения причин.", "Мониторинг событий ИБ", MessageBoxButtons.OK, MessageBoxIcon.Warning); } } }
private void EventLogOnEntryWritten(object sender, EntryWrittenEventArgs entryWrittenEventArgs) { var logMsg = new LogMessage(); logMsg.LoggerName = string.IsNullOrEmpty(entryWrittenEventArgs.Entry.Source) ? _baseLoggerName : string.Format("{0}.{1}", _baseLoggerName, entryWrittenEventArgs.Entry.Source); logMsg.Message = entryWrittenEventArgs.Entry.Message; logMsg.TimeStamp = entryWrittenEventArgs.Entry.TimeGenerated; logMsg.Level = LogUtils.GetLogLevelInfo(GetLogLevel(entryWrittenEventArgs.Entry.EntryType)); logMsg.ThreadName = entryWrittenEventArgs.Entry.InstanceId.ToString(); if (!string.IsNullOrEmpty(entryWrittenEventArgs.Entry.Category)) { logMsg.Properties.Add("Category", entryWrittenEventArgs.Entry.Category); } if (!string.IsNullOrEmpty(entryWrittenEventArgs.Entry.UserName)) { logMsg.Properties.Add("User Name", entryWrittenEventArgs.Entry.UserName); } Notifiable.Notify(logMsg); }
private void OnEntryWritten(object sender, EntryWrittenEventArgs e) { lock (_guard) { // no exception should leave the handler try { // we only process some events EventLogEntry entry = e.Entry; switch (entry.InstanceId) { case 4624: HandleLogonEvent(entry); break; /* * * case 4634: * HandleLogoffEvent(entry); * break; * * case 4647: * HandleUserInitiatedLogoffEvent(entry); * break; * */ default: break; } } catch (Exception e1) { Trace.TraceWarning(e1.Message); } } }
internal void HandleEventLogNotification(object sender, EntryWrittenEventArgs eventArgs) { var entry = eventArgs.Entry; bool allowed = EventLogAsyncReader.IsFirewallEventAllowed(entry.InstanceId); activityWindow.ShowActivity(allowed ? ActivityWindow.ActivityEnum.Allowed : ActivityWindow.ActivityEnum.Blocked); if (allowed || !LogEntryViewModel.TryCreateFromEventLogEntry(entry, 0, out CurrentConn view)) { return; } LogHelper.Info($"Handle {view.Direction}-going connection for '{view.FileName}', service: {view.ServiceName} ..."); if (!AddItem(view)) { //This connection is blocked by a specific rule. No action necessary. LogHelper.Info($"{view.Direction}-going connection for '{view.FileName}' is blocked by a rule - ignored."); return; } //if (notifierWindow.WindowState == WindowState.Minimized) //{ // notifierWindow.ShowActivityTrayIcon($"Notifier blocked connections - click tray icon to show"); // max 64 chars! //} }
private static void EventLogWritten(object sender, EntryWrittenEventArgs e) { string s = string.Empty; switch (e.Entry.EventID) { case LE_Error: s = "Error Event Written"; break; case LE_BadEntry: s = "Bad Entry Event Written"; break; case LE_Started: s = "Program Started Event Written"; break; case LE_Ended: s = "Program Ended Event Written"; break; case LE_Login: s = "Login Event Written"; break; case LE_Logout: s = "Logout Event Written"; break; default: s = "Event Written"; break; } System.Windows.Forms.MessageBox.Show(s); }
public void MyOnEntryWritten(object source, EntryWrittenEventArgs e) { Log.Information(e.Entry.Source); }
public static void MyOnEntryWritten(Object source, EntryWrittenEventArgs e) { Console.WriteLine("Written: " + e.Entry.Message); }
public void handleNetworkConnection(EntryWrittenEventArgs e) { // Disable WiFi if it is enabled. }
public void handleNetworkDisconnection(EntryWrittenEventArgs e) { // Check other interfaces for status and enable wifi if "all" devices are disconnected }
private void myLog_EntryWritten(object sender, EntryWrittenEventArgs e) { var message = e.Entry.Message; sbErrors.Append($"{message.Replace("\r\n", "<br>")}<br><br><br><br>"); }
public void OnEventLogEntryWritten(object source, EntryWrittenEventArgs e) { }
/** * Notify the User * * Do nothing if notifications are disabled * Grab most recent event * Parse Event Data * Decide whether to notify (Is this a recent repeat?) * * * //TODO Persist nofification enabled state * **/ private void notify(object sender, EntryWrittenEventArgs e) { if (!this.enableBlockNotifications && !this.enableAcceptNotifications) { return; } //============================ // GET WRITTEN EVENT //============================ EventLogEntry most_recent = null; foreach (EventLogEntry entry in myLog.Entries) { if (System.DateTime.Now.Ticks - entry.TimeWritten.Ticks < TimeSpan.TicksPerSecond * 8) { most_recent = entry; } } //============================ // GENERATE NOTIFICATION TEXT //============================ ToolTipIcon icon; TrustBaseEvent parsedEvent = parseEvent(most_recent); if (parsedEvent.connectionBlocked && !this.enableBlockNotifications) { return; } if (!parsedEvent.connectionBlocked && !this.enableAcceptNotifications) { return; } if (parsedEvent.type == EventLogEntryType.Error) { icon = ToolTipIcon.Error; } else if (parsedEvent.type == EventLogEntryType.Warning) { icon = ToolTipIcon.Warning; } else if (parsedEvent.type == EventLogEntryType.Information) { icon = ToolTipIcon.Info; } else { icon = ToolTipIcon.None; } //========================================================= //DO NOT NOTIFY FOR THE SAME PROGRAM BLOCKED SEVERAL TIMES //========================================================= if (!deduplicator.Keys.Contains <string>(parsedEvent.ProcessName)) { deduplicator.Add(parsedEvent.ProcessName, DateTime.Now); trayIcon.ShowBalloonTip(9000, "TrustBase", parsedEvent.Message + "\n" + parsedEvent.HostName + "\n" + parsedEvent.ProcessName, icon); } else { DateTime last_notification; deduplicator.TryGetValue(parsedEvent.ProcessName, out last_notification); if (DateTime.Now.Ticks - last_notification.Ticks > TimeSpan.TicksPerMinute) { deduplicator.Remove(parsedEvent.ProcessName); deduplicator.Add(parsedEvent.ProcessName, DateTime.Now); trayIcon.ShowBalloonTip(9000, "TrustBase", parsedEvent.Message + "\n" + parsedEvent.HostName + "\n" + parsedEvent.ProcessName, icon); } } }
public void log(EntryWrittenEventArgs e) { Console.WriteLine(e.Entry.GetType().GetProperty(_propertyName).GetValue(e.Entry, null).ToString()); }
private void EventLogger_EntryWritten(object sender, EntryWrittenEventArgs e) { }
private void HL7ListenerEvents_EntryWritten(object sender, EntryWrittenEventArgs e) { }
/// <summary> /// Extends BeginInvoke so that when a state object is not needed, null does not need to be passed. /// <example> /// entrywritteneventhandler.BeginInvoke(sender, e, callback); /// </example> /// </summary> public static IAsyncResult BeginInvoke(this EntryWrittenEventHandler entrywritteneventhandler, Object sender, EntryWrittenEventArgs e, AsyncCallback callback) { if (entrywritteneventhandler == null) { throw new ArgumentNullException("entrywritteneventhandler"); } return(entrywritteneventhandler.BeginInvoke(sender, e, callback, null)); }
private void Logs_EntryWritten(object sender, EntryWrittenEventArgs e) { }
public void log(EntryWrittenEventArgs e) { var rs = e.Entry.ReplacementStrings.Select((s, i) => String.Format(@"{0}: {1}", i, s)); Console.WriteLine(string.Join(@",", rs)); }
public void log_EntryWritten(Object sender, EntryWrittenEventArgs e) { newEntries.Add(e.Entry); }
public void log(EntryWrittenEventArgs e) { Console.WriteLine(e.Entry.Message); }
private void AddEvent(object sender, EntryWrittenEventArgs args) => Events.Add(args.Entry);
private void eventLog1_EntryWritten_1(object sender, EntryWrittenEventArgs e) { }
public EventWorker(object source, EntryWrittenEventArgs entry) { this.source = source; this.entry = entry; }
private void datahouseTestEventLog_EntryWritten(object sender, EntryWrittenEventArgs e) { }
void EventLog_EntryWritten (object sender, EntryWrittenEventArgs e) { _entriesWritten.Add (e.Entry); }
public void HandleEntryWritten(object source, EntryWrittenEventArgs e) { signal.Set(); _handleEntryWritten(source, e); }
private void i9eventLog_EntryWritten(object sender, EntryWrittenEventArgs e) { }
protected abstract void _handleEntryWritten(object source, EntryWrittenEventArgs e);