internal static async Task RunAuditEventsReport(this IEnterpriseContext context, AuditReportOptions options)
{
if (context.AuditEvents == null)
{
var auditEvents = await context.Enterprise.Auth.GetAvailableEvents();
lock (context)
{
context.AuditEvents = new ConcurrentDictionary <string, AuditEventType>();
foreach (var evt in auditEvents)
{
context.AuditEvents[evt.Name] = evt;
}
}
}
var filter = new ReportFilter();
if (!string.IsNullOrEmpty(options.Created))
{
filter.Created = ParseDateCreatedFilter(options.Created);
}
if (options.EventType != null && options.EventType.Any())
{
filter.EventTypes = options.EventType.ToArray();
}
if (!string.IsNullOrEmpty(options.Username))
{
filter.Username = options.Username;
}
if (!string.IsNullOrEmpty(options.RecordUid))
{
filter.RecordUid = options.RecordUid;
}
if (!string.IsNullOrEmpty(options.SharedFolderUid))
{
filter.SharedFolderUid = options.SharedFolderUid;
}
var rq = new GetAuditEventReportsCommand
{
Filter = filter,
Limit = options.Limit,
};
var rs = await context.Enterprise.Auth.ExecuteAuthCommand <GetAuditEventReportsCommand, GetAuditEventReportsResponse>(rq);
var tab = new Tabulate(4)
{
DumpRowNo = true
};
tab.AddHeader("Created", "Username", "Event", "Message");
tab.MaxColumnWidth = 100;
foreach (var evt in rs.Events)
{
if (!evt.TryGetValue("audit_event_type", out var v))
{
continue;
}
var eventName = v.ToString();
if (!context.AuditEvents.TryGetValue(eventName, out var eventType))
{
continue;
}
var message = eventType.SyslogMessage;
do
{
var match = Regex.Match(message, ParameterPattern);
if (!match.Success)
{
break;
}
if (match.Groups.Count != 2)
{
break;
}
var parameter = match.Groups[1].Value;
var value = "";
if (evt.TryGetValue(parameter, out v))
{
value = v.ToString();
}
message = message.Remove(match.Groups[0].Index, match.Groups[0].Length);
message = message.Insert(match.Groups[0].Index, value);
} while (true);
var created = "";
if (evt.TryGetValue("created", out v))
{
created = v.ToString();
if (long.TryParse(created, out var epoch))
{
created = DateTimeOffset.FromUnixTimeSeconds(epoch).ToString("G");
}
}
var username = "";
if (evt.TryGetValue("username", out v))
{
username = v.ToString();
}
tab.AddRow(created, username, eventName, message);
}
tab.Dump();
}
public static async Task <Tuple <GetAuditEventReportsResponse, long> > GetUserEvents(this IAuthentication auth, string forUser, long recentUnixTime, long latestUnixTime = 0)
{
if (recentUnixTime < 0 || latestUnixTime < 0 || string.IsNullOrEmpty(forUser))
{
return(null);
}
if (recentUnixTime == 0)
{
recentUnixTime = DateTimeOffset.Now.ToUnixTimeMilliseconds() / 1000;
}
var rq = new GetAuditEventReportsCommand
{
Filter = new ReportFilter
{
Username = forUser,
Created = new CreatedFilter
{
Max = recentUnixTime == 0 ? (long?)null : recentUnixTime,
Min = latestUnixTime == 0 ? (long?)null : latestUnixTime
}
},
Limit = 1000,
ReportType = "raw",
Order = "descending"
};
var rs = await auth.ExecuteAuthCommand <GetAuditEventReportsCommand, GetAuditEventReportsResponse>(rq);
var response = Tuple.Create <GetAuditEventReportsResponse, long>(rs, -1);
if (rs.Events == null || rs.Events.Count == 0)
{
return(response);
}
if (rq.Limit > 0 && rs.Events?.Count < 0.95 * rq.Limit)
{
return(response);
}
var pos = rs.Events.Count - 1;
if (!rs.Events[pos].TryGetValue("created", out var lastCreated))
{
return(response);
}
while (pos > 0)
{
pos--;
if (rs.Events[pos].TryGetValue("created", out var created))
{
if (!Equals(created, lastCreated))
{
break;
}
}
}
if (pos <= 0 || pos >= rs.Events.Count - 1)
{
return(response);
}
if (!(lastCreated is IConvertible conv))
{
return(response);
}
rs.Events.RemoveRange(pos + 1, rs.Events.Count - pos - 1);
return(Tuple.Create(rs, conv.ToInt64(CultureInfo.InvariantCulture) + 1));
}
