public override string Execute(EventEntry evtlog)
{
if (path == null)
{
return(goto_next);
}
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
// run process without creating window
System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
startInfo.FileName = tpl.Apply(path);
startInfo.Arguments = tpl.Apply(args);
startInfo.UseShellExecute = false;
Log.Info("CmdProcessor: executing command: " + startInfo.FileName + " " + startInfo.Arguments);
System.Diagnostics.Process process = System.Diagnostics.Process.Start(startInfo);
if (process != null && waitForExit)
{
process.WaitForExit();
evtlog.SetProcData(Name + ".ExitCode", process.ExitCode);
}
return(goto_next);
}
public override string Execute(EventEntry evtlog)
{
if (string.IsNullOrEmpty(this.interval))
{
return(goto_next);
}
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string value = tpl.Apply(this.interval);
int intvl;
if (!int.TryParse(value, out intvl))
{
Log.Info("unable to parse \"" + value + "\" as integer");
return(goto_next);
}
switch (mode)
{
case SleepMode.Normal:
Thread.Sleep(1000 * intvl);
break;
case SleepMode.Random:
Thread.Sleep(rnd.Next(1000 * intvl));
break;
default:
Log.Warn("unsupported sleep mode " + mode);
break;
}
return(goto_next);
}
public override string Execute(EventEntry evtlog)
{
if (string.IsNullOrEmpty(this.interval))
return goto_next;
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string value = tpl.Apply(this.interval);
int intvl;
if (!int.TryParse(value, out intvl))
{
Log.Info("unable to parse \"" + value + "\" as integer");
return goto_next;
}
switch (mode)
{
case SleepMode.Normal:
Thread.Sleep(1000 * intvl);
break;
case SleepMode.Random:
Thread.Sleep(rnd.Next(1000 * intvl));
break;
default:
Log.Warn("unsupported sleep mode " + mode);
break;
}
return goto_next;
}
public override string Execute(EventEntry evtlog)
{
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
IList <Tuple <string, string> > colvals = new List <Tuple <string, string> >(columns.Count);
foreach (var item in columns)
{
colvals.Add(Tuple.Create(item.Item1, tpl.Apply(item.Item2)));
}
if (!async)
{
lock (syncLock)
{
Save(colvals, 1);
}
}
else
{
if (!asyncQueue.TryAdd(colvals))
{
Log.Warn("unable to add new data to full queue (queue size: " + asyncQueue.Count + ")");
// we could store data into a SQL file that could be later inserted in DB
}
}
return(goto_next);
}
public override string Execute(EventEntry evtlog)
{
F2BSection config = F2B.Config.Instance;
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string senderEx = tpl.Apply(sender);
string recipientEx = Regex.Replace(tpl.Apply(recipient), @"^[ ,]*(.*?)[ ,]*$", "$1");
string subjectEx = tpl.Apply(subject);
Log.Info("Sending mail notification (from=" + senderEx + ",to=" + recipientEx + ",subject=" + subjectEx + ")");
MailMessage mail = new MailMessage(senderEx, recipientEx);
mail.Subject = subjectEx;
mail.Body = tpl.Apply(body);
SmtpClient client = new SmtpClient();
client.Port = config.Smtp.Port.Value;
client.DeliveryMethod = SmtpDeliveryMethod.Network;
client.UseDefaultCredentials = false;
client.Host = config.Smtp.Host.Value;
client.EnableSsl = config.Smtp.Ssl.Value;
client.Credentials = smtpAuth;
client.Send(mail);
#if DEBUG
Interlocked.Increment(ref nmsgs);
#endif
return(goto_next);
}
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration)
{
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
// run process without creating window
System.Diagnostics.Process process = new System.Diagnostics.Process();
System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
startInfo.FileName = path;
startInfo.Arguments = tpl.Apply(args);
startInfo.UseShellExecute = false;
//startInfo.EnvironmentVariables.Add("F2B_ADDRESS", address);
//startInfo.EnvironmentVariables.Add("F2B_EXPIRATION", expiration.ToString());
process.StartInfo = startInfo;
Log.Info("Fail2banCmdProcessor: executing command: " + startInfo.FileName + " " + startInfo.Arguments);
process.Start();
}
protected override void ExecuteFail2banAction(EventEntry evtlog, IPAddress addr, int prefix, long expiration)
{
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
// run process without creating window
System.Diagnostics.Process process = new System.Diagnostics.Process();
System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
startInfo.FileName = path;
startInfo.Arguments = tpl.Apply(args);
startInfo.UseShellExecute = false;
//startInfo.EnvironmentVariables.Add("F2B_ADDRESS", address);
//startInfo.EnvironmentVariables.Add("F2B_EXPIRATION", expiration.ToString());
process.StartInfo = startInfo;
Log.Info("Fail2banCmdProcessor: executing command: " + startInfo.FileName + " " + startInfo.Arguments);
process.Start();
}
public override string Execute(EventEntry evtlog)
{
if (value == null)
{
return(goto_next);
}
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string data = tpl.Apply(value);
if (!regex.IsMatch(data))
{
return(goto_failure);
}
return(goto_success);
}
public override string Execute(EventEntry evtlog)
{
if (template == null)
{
return goto_next;
}
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string label = tpl.Apply(template);
if (service.HasProcessor(label))
{
return label;
}
else
{
Log.Info("processor " + label + " not defined, using goto error");
return goto_error;
}
}
public override string Execute(EventEntry evtlog)
{
if (template == null)
{
return(goto_next);
}
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string label = tpl.Apply(template);
if (Service.HasProcessor(label))
{
return(label);
}
else
{
Log.Info("processor " + label + " not defined, using goto error");
return(goto_failure);
}
}
public override string Execute(EventEntry evtlog)
{
lock (this)
{
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
powershell.Commands.Clear();
powershell.AddCommand(tpl.Apply(funct));
foreach (Tuple <string, string> item in pars)
{
powershell.AddParameter(item.Item1, tpl.Apply(item.Item2));
}
// we keep just last result from invoke call
foreach (PSObject result in powershell.Invoke())
{
evtlog.SetProcData(Name + ".Result", result.BaseObject);
}
}
return(goto_next);
}
public override string Execute(EventEntry evtlog)
{
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string data = tpl.Apply(template);
try
{
if (size > 0)
{
// get current log file size
if (size_curr < 0)
{
if (File.Exists(filename))
{
FileInfo f = new FileInfo(filename);
size_curr = f.Length;
}
else
{
size_curr = 0;
}
}
if (size_curr > size)
{
if (sw != null)
{
sw.Close();
sw = null;
}
if (rotate > 0)
{
if (File.Exists(filename + "." + rotate))
{
File.Delete(filename + "." + rotate);
}
for (int i = rotate; i > 1; i--)
{
if (File.Exists(filename + "." + (i - 1)))
{
File.Move(filename + "." + (i - 1), filename + "." + i);
}
}
if (File.Exists(filename))
{
File.Move(filename, filename + ".1");
}
}
else
{
if (File.Exists(filename))
{
File.Move(filename, filename + ".bak");
}
}
}
}
if (sw == null)
{
sw = File.AppendText(filename);
size_curr = 0;
nexceptions = 0;
}
sw.Write(data);
if (synchronized)
{
sw.Flush();
}
size_curr += data.Length;
}
catch (Exception ex)
{
if (nexceptions == 0)
{
Log.Error("LoggerProcessor::Execute exception: " + ex.ToString());
}
nexceptions++;
}
return(goto_next);
}
public override string Execute(EventEntry evtlog)
{
try
{
if (size > 0)
{
// get current log file size
if (size_curr < 0)
{
if (File.Exists(filename))
{
FileInfo f = new FileInfo(filename);
size_curr = f.Length;
}
else
{
size_curr = 0;
}
}
if (size_curr > size)
{
if (sw != null)
{
sw.Close();
sw = null;
}
if (rotate > 0)
{
if (File.Exists(filename + "." + rotate))
{
File.Delete(filename + "." + rotate);
}
for (int i = rotate; i > 1; i--)
{
if (File.Exists(filename + "." + (i - 1)))
{
File.Move(filename + "." + (i - 1), filename + "." + i);
}
}
if (File.Exists(filename))
{
File.Move(filename, filename + ".1");
}
}
else
{
if (File.Exists(filename))
{
File.Move(filename, filename + ".bak");
}
}
}
}
if (sw == null)
{
sw = File.AppendText(filename);
size_curr = 0;
nexceptions = 0;
}
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string data = tpl.Apply(template);
sw.Write(data);
if (synchronized)
{
sw.Flush();
}
size_curr += data.Length;
}
catch (Exception ex)
{
if (nexceptions == 0)
{
Log.Error("LoggerProcessor::Execute exception: " + ex.ToString());
}
nexceptions++;
}
return goto_next;
}
public override string Execute(EventEntry evtlog)
{
F2BSection config = F2B.Config.Instance;
ProcessorEventStringTemplate tpl = new ProcessorEventStringTemplate(evtlog);
string senderEx = tpl.Apply(sender);
string recipientEx = Regex.Replace(tpl.Apply(recipient), @"^[ ,]*(.*?)[ ,]*$", "$1");
string subjectEx = tpl.Apply(subject);
Log.Info("Sending mail notification (from=" + senderEx + ",to=" + recipientEx + ",subject=" + subjectEx + ")");
MailMessage mail = new MailMessage(senderEx, recipientEx);
mail.Subject = subjectEx;
mail.Body = tpl.Apply(body);
SmtpClient client = new SmtpClient();
client.Port = config.Smtp.Port.Value;
client.DeliveryMethod = SmtpDeliveryMethod.Network;
client.UseDefaultCredentials = false;
client.Host = config.Smtp.Host.Value;
client.EnableSsl = config.Smtp.Ssl.Value;
client.Credentials = smtpAuth;
client.Send(mail);
#if DEBUG
Interlocked.Increment(ref nmsgs);
#endif
return goto_next;
}
