public static void ReportEventLog(SQLLib sql, string MachineID, EventLogReportFull EV, ReportingFlags Flags) { Flags &= ~(ReportingFlags.AdminReported | ReportingFlags.ClientReported | ReportingFlags.UrgentAdminReported | ReportingFlags.UrgentClientReported); sql.InsertMultiData("Reporting", new SQLData("MachineID", MachineID), new SQLData("Type", ReportingPolicyType.EventLog), new SQLData("Data", JsonConvert.SerializeObject(EV)), new SQLData("Flags", Flags)); }
private void lstData_SelectedIndexChanged(object sender, EventArgs e) { if (lstData.SelectedItems.Count == 0) { txtEventLogText.Text = ""; return; } ListViewItem i = lstData.SelectedItems[0]; EventLogReportFull ev = (EventLogReportFull)i.Tag; string Text = ""; switch (ev.EventLogType) { case 1: Text = "Error"; break; case 2: Text = "Warning"; break; case 4: Text = "Information"; break; case 8: Text = "Success Audit"; break; case 16: Text = "Failure Audit"; break; default: Text = ev.EventLogType.ToString(); break; } txtEventLogText.Text = ev.Message + "\r\n==============\r\n" + "Computer: " + GetComputerName(ev.MachineID) + "\r\n" + "Date: " + ev.TimeGenerated.ToLongDateString() + " " + ev.TimeGenerated.ToLongTimeString() + "\r\n" + "Book: " + ev.EventLog + "\r\n" + "Source: " + ev.Source + "\r\n" + "Event ID: " + ev.CategoryNumber + "\r\n" + "Type: " + Text + "\r\n" + "DBID: " + ev.LogID + "\r\n" + "Data: " + BitConverter.ToString(ev.Data).Replace("-", "") + "\r\n"; }
public string Explain(string JSON) { if (JSON == null) { return("Event Log Data: no data"); } try { EventLogReportFull rd = JsonConvert.DeserializeObject <EventLogReportFull>(JSON); string res = "S: " + rd.Source + " DT: " + rd.TimeGenerated.ToLongDateString() + " " + rd.TimeGenerated.ToLongTimeString() + "\r\n"; res += "E: " + rd.EventLog + " EV ID: " + (rd.InstanceID & 0x3FFFFFFF).ToString() + "\r\n"; res += rd.Message; return(res); } catch { return("Event Log Data faulty: " + JSON); } }
public RESTStatus ReportEventLog(SQLLib sql, ListEventLogReport EventLogList, NetworkConnectionInfo ni) { if (ni.HasAcl(ACLFlags.ComputerLogin) == false) { ni.Error = "Access denied"; ni.ErrorID = ErrorFlags.AccessDenied; return(RESTStatus.Denied); } EventLogList.MachineID = ni.Username; lock (ni.sqllock) { if (Convert.ToInt32(sql.ExecSQLScalar("SELECT COUNT(*) FROM ComputerAccounts WHERE MachineID=@m", new SQLParam("@m", EventLogList.MachineID))) == 0) { ni.Error = "Invalid MachineID"; ni.ErrorID = ErrorFlags.InvalidValue; return(RESTStatus.Denied); } } if (EventLogList.Items == null) { ni.Error = "Invalid Items"; ni.ErrorID = ErrorFlags.InvalidValue; return(RESTStatus.Fail); } if (EventLogList.Items.Count == 0) { return(RESTStatus.Created); } DateTime DT = DateTime.Now; foreach (EventLogReport ar in EventLogList.Items) { if (NullTest.Test(ar) == false) { ni.Error = "Invalid Items"; ni.ErrorID = ErrorFlags.InvalidValue; return(RESTStatus.Fail); } CommonUtilities.CalcEventLogID(ar); } List <SQLParam> sqlparams = new List <SQLParam>(); sqlparams.Add(new SQLParam("@id", EventLogList.MachineID)); int count = 1; string vars = ""; foreach (EventLogReport ar in EventLogList.Items) { sqlparams.Add(new SQLParam("@p" + count.ToString(), ar.LogID)); vars += "@p" + count.ToString() + ","; count++; } if (vars.EndsWith(",") == true) { vars = vars.Substring(0, vars.Length - 1); } List <string> LogIDinDB = new List <string>(); lock (ni.sqllock) { SqlDataReader dr = sql.ExecSQLReader("SELECT LogID FROM EventLog WHERE MachineID=@id and LogID in (" + vars + ")", sqlparams.ToArray()); while (dr.Read()) { LogIDinDB.Add(Convert.ToString(dr["LogID"])); } dr.Close(); } List <EventLogReport> RemoveEVL = new List <EventLogReport>(); foreach (EventLogReport ar in EventLogList.Items) { if (LogIDinDB.Contains(ar.LogID) == true) { RemoveEVL.Add(ar); continue; } if (SettingsManager.Settings.KeepEventLogDays > 0) { if (ar.TimeGenerated < DateTime.UtcNow.AddDays(0 - SettingsManager.Settings.KeepEventLogDays)) { RemoveEVL.Add(ar); continue; } } } foreach (EventLogReport ar in RemoveEVL) { EventLogList.Items.Remove(ar); } List <EventLogReportFull> car = new List <EventLogReportFull>(); lock (ni.sqllock) { try { sql.BeginTransaction(); sql.SEHError = true; foreach (EventLogReport ar in EventLogList.Items) { EventLogReportFull arr = new EventLogReportFull(); ClassCopy.CopyClassData(ar, arr); arr.Reported = DateTime.UtcNow; arr.MachineID = EventLogList.MachineID; List <SQLData> d = sql.InsertFromClassPrep(arr); foreach (SQLData dd in d) { if (dd.Column == "ID") { dd.Data = DBNull.Value; break; } } car.Add(arr); sql.InsertFromClass("EventLog", arr); } sql.CommitTransaction(); } catch (Exception ee) { sql.RollBackTransaction(); FoxEventLog.WriteEventLog("DB Error: Cannot insert data to EventLog: " + ee.ToString() + "\r\n\r\nJSON: " + JsonConvert.SerializeObject(car, Formatting.Indented), System.Diagnostics.EventLogEntryType.Error); return(RESTStatus.ServerError); } finally { sql.SEHError = false; } } Thread t = new Thread(new ParameterizedThreadStart(new DReportingThread(ReportingThread))); t.Start(car); return(RESTStatus.Created); }
public RESTStatus GetEventLogs(SQLLib sql, EventLogSearch eventlogsearch, NetworkConnectionInfo ni) { if (ni.HasAcl(ACLFlags.ChangeServerSettings) == false) { ni.Error = "Access denied"; ni.ErrorID = ErrorFlags.AccessDenied; return(RESTStatus.Denied); } EventLogs = new EventLogReportFullList(); EventLogs.Data = new List <EventLogReportFull>(); if (eventlogsearch == null) { return(RESTStatus.Success); } if (eventlogsearch.QTY < 1) { eventlogsearch.QTY = 500; } string SQLQuery = "SELECT TOP " + eventlogsearch.QTY + " * FROM EventLog WHERE "; List <SQLParam> SQLQueryArgs = new List <SQLParam>(); if (eventlogsearch.MachineID != null) { if (Computers.MachineExists(sql, eventlogsearch.MachineID) == false) { ni.Error = "Invalid Data"; ni.ErrorID = ErrorFlags.InvalidData; return(RESTStatus.NotFound); } SQLQuery += "MachineID=@m AND "; SQLQueryArgs.Add(new SQLParam("@m", eventlogsearch.MachineID)); } if (eventlogsearch.Source != null) { SQLQuery += "Source=@s AND "; SQLQueryArgs.Add(new SQLParam("@s", eventlogsearch.Source)); } if (eventlogsearch.EventLogType != null) { SQLQuery += "EventLogType=@t AND "; SQLQueryArgs.Add(new SQLParam("@t", eventlogsearch.EventLogType)); } if (eventlogsearch.FromDate != null) { SQLQuery += "TimeGenerated>=@tgf AND "; SQLQueryArgs.Add(new SQLParam("@tgf", eventlogsearch.FromDate)); } if (eventlogsearch.ToDate != null) { SQLQuery += "TimeGenerated<=@tgt AND "; SQLQueryArgs.Add(new SQLParam("@tgt", eventlogsearch.ToDate)); } if (eventlogsearch.EventLogBook != null) { SQLQuery += "EventLog=@evtb AND "; SQLQueryArgs.Add(new SQLParam("@evtb", eventlogsearch.EventLogBook)); } if (eventlogsearch.CategoryNumber != null) { SQLQuery += "CategoryNumber=@catnum AND "; SQLQueryArgs.Add(new SQLParam("@catnum", eventlogsearch.CategoryNumber)); } SQLQuery = SQLQuery.Trim(); SQLQuery += " 1=1 "; SQLQuery += " ORDER BY TimeGenerated DESC"; lock (ni.sqllock) { SqlDataReader dr = sql.ExecSQLReader(SQLQuery, SQLQueryArgs.ToArray()); while (dr.Read()) { EventLogReportFull ev = new EventLogReportFull(); ev.Category = Convert.ToString(dr["Category"]); ev.CategoryNumber = Convert.ToInt32(dr["CategoryNumber"]); ev.Data = (byte[])dr["Data"]; ev.EventLog = Convert.ToString(dr["EventLog"]); ev.EventLogType = Convert.ToInt32(dr["EventLogType"]); ev.InstanceID = Convert.ToInt64(dr["InstanceID"]); ev.JSONReplacementStrings = Convert.ToString(dr["JSONReplacementStrings"]); ev.LogID = Convert.ToString(dr["LogID"]); ev.MachineID = Convert.ToString(dr["MachineID"]); ev.Message = Convert.ToString(dr["Message"]); ev.Reported = SQLLib.GetDTUTC(dr["Reported"]); ev.Source = Convert.ToString(dr["Source"]); ev.TimeGenerated = SQLLib.GetDTUTC(dr["TimeGenerated"]); ev.TimeWritten = SQLLib.GetDTUTC(dr["TimeWritten"]); EventLogs.Data.Add(ev); } dr.Close(); } return(RESTStatus.Success); }