private static void Start_Send_File_Based_Logs() { bool Data_Sent = false; try { if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false) { for (int z = 0; z < Read_Local_Files.FileContents_From_FileReads.Count; ++z) { EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)); Data_Sent = Log_Network_Forwarder.SEND_Logs(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)); if (Data_Sent == true && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) && Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15])) { File.Delete(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)); File.Create(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)).Close(); } } } } catch (Exception e)//network resource unavailable. Dont send data and try again next run. No logs will be queued by app only re read { Settings.Log_Storage_Location_Unavailable(" Start_Send_File_Based_Logs() " + e.Message.ToString()); } }
internal static void Start_Output_Post_Run() { if (Settings.SWELF_Events_Of_Interest_Matching_EventLogs.Count > 0) { try { if (Settings.output_csv && Program_Start_Args.Count >= 3 && (Settings.Log_Forwarders_HostNames.Count < 1)) { File_Operation.Write_Ouput_CSV(Settings.CMDLine_Output_CSV, Settings.SWELF_Events_Of_Interest_Matching_EventLogs); } else { Log_Network_Forwarder.SEND_Logs(Settings.SWELF_Events_Of_Interest_Matching_EventLogs); } } catch (Exception e) { Error_Operation.Log_Error("Start_Output_Post_Run() Network_Forwarder.SEND_Logs() File_Operation.Write_Ouput_CSV()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } if (Settings.Logs_Sent_to_ALL_Collectors) { Start_Write_To_SWELF_EventLogs(); } Sec_Checks.Post_Run_Sec_Checks(); } Settings.UPDATE_EventLog_w_PlaceKeeper_File(); }
private static void Start_Run_Plugins() { try { Settings.Plugin_Search_Terms_Unparsed = Settings.Plugin_Search_Terms_Unparsed.Distinct().ToList(); for (int x = 0; x < Settings.Plugin_Search_Terms_Unparsed.Count; ++x) { EventLog_Entry PSLog = new EventLog_Entry(); PSLog.ComputerName = Settings.ComputerName; PSLog.EventID = Convert.ToInt32(Error_Operation.EventID.Powershell_Plugin); PSLog.LogName = "SWELF PowerShell Plugin Output"; PSLog.Severity = "Information"; PSLog.CreatedTime = DateTime.Now; PSLog.TaskDisplayName = "SWELF Powershell Plugin Output"; PSLog.SearchRule = "SWELF_Powershell_Plugin=" + Settings.Plugin_Search_Terms_Unparsed.ElementAt(x); PSLog.UserID = Environment.UserName; PSLog.EventData = Powershell_Plugin.Run_PS_Script(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(0), Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(2)); if (PSLog.EventData.ToLower().Contains(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(1).ToLower())) { Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.Enqueue(PSLog); try { EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.ElementAt(0)); Log_Network_Forwarder.SEND_Logs(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs); } catch (Exception e) { Error_Operation.Log_Error("Network_Forwarder.SEND_Logs(), EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(), or Start_Run_Plugins()", Settings.EventLog_w_PlaceKeeper_List.ElementAt(x) + " HostEventLogAgent_Eventlog.WRITE_EventLog " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } } } Settings.PS_PluginDone = true; GC.Collect(); } catch (Exception e) { Error_Operation.Log_Error("Powershell_Plugin.Run_PS_Script() ", e.StackTrace.ToString(), e.Message.ToString(), Error_Operation.LogSeverity.Warning); Error_Operation.SEND_Errors_To_Central_Location(); Settings.PS_PluginDone = true; } }
internal static void SEND_Errors_To_Central_Location() { try { string[] Errors = File.ReadAllLines(Settings.GET_ErrorLog_Location); if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false) { for (int x = 0; x < Errors.Length; ++x) { Settings.Logs_Sent_to_ALL_Collectors = Log_Network_Forwarder.SEND_Logs(Errors[x], Settings.GET_ErrorLog_Location, true); } if (Settings.Logs_Sent_to_ALL_Collectors && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) || Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15])) { File_Operation.DELETE_File(Settings.GET_ErrorLog_Location); File.Create(Settings.GET_ErrorLog_Location).Close(); } } } catch (Exception e) { Settings.Log_Storage_Location_Unavailable("SEND_Errors_To_Central_Location() " + e.Message.ToString()); } }