static void Main(string[] args)
{
try
{
var serviceToRun = new LogAnalyticsOdsApiHarness();
if (args.Length > 0 && args.Contains("standalone", StringComparer.OrdinalIgnoreCase))
{
void cancelAction(object o, ConsoleCancelEventArgs e)
{
serviceToRun.ManualStop();
Thread.Sleep(200);
}
Console.CancelKeyPress += cancelAction;
serviceToRun.ManualStart(args);
Thread.Sleep(Timeout.Infinite);
}
else
{
ServiceBase.Run(serviceToRun);
}
}
catch (Exception)
{
// Implement logging.
}
}
public void InitializeEtwListener()
{
payload = GetNewPayloadObject();
var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"];
EtwProviderSession(EtwListenerConfig.SessionName, EtwListenerConfig.ProviderId, true);
var _etw = EtwTdhObservable.FromSession(EtwListenerConfig.SessionName);
KqlNodeHub = KqlNodeHub.FromKqlQuery(_etw, DefaultOutput, EtwListenerConfig.ObservableName,
EtwListenerConfig.KqlQuery);
GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001);
var textOfJsonConfig =
File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}"));
SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig);
if (SentinelApiConfig.UseMmaCertificate)
{
logAnalyticsX509Certificate2 =
CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId);
}
else
{
logAnalyticsX509Certificate2 = CertificateManagement.FindCertificateByThumbprint("MY",
SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine);
}
GlobalLog.WriteToStringBuilderLog($"SampleData load [{configurationFile}].", 14001);
var sampleData =
File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"XMLFile1.xml"));
UploadBatchToLogAnalytics(sampleData, logAnalyticsX509Certificate2);
}
private void StartEtwListenerInstances()
{
// Get the current Sentinel config
string configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"];
bool useEventIngest = false;
GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001);
string textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}"));
SentinelApiConfig sentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig);
List <EtwListener> etwListeners = new List <EtwListener>();
// Add custom local functions to Rx.Kql
ScalarFunctionFactory.AddFunctions(typeof(LogAnalyticsOdsApiHarness));
string etwConfigurationFile = "EtwConfig-DNS-TCP.json";
GlobalLog.WriteToStringBuilderLog($"Loading ETW config [{etwConfigurationFile}].", 14001);
string textOfEtwConfigurationFile = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{etwConfigurationFile}"));
List <EtwListenerConfig> listEtwListenerConfigs = JsonConvert.DeserializeObject <List <EtwListenerConfig> >(textOfEtwConfigurationFile);
foreach (EtwListenerConfig config in listEtwListenerConfigs)
{
etwListeners.Add(new EtwListener(sentinelApiConfig, config, useEventIngest));
}
// Wait for the process to end
Thread.Sleep(Timeout.Infinite);
}
static EvtxLogSample()
{
var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"];
GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001);
var textOfJsonConfig =
File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}"));
SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig);
}
