private bool AddFailedLoginForEventViewerXml(IPAddressLogInfo info, XmlDocument doc) { if (string.IsNullOrWhiteSpace(info.IPAddress)) { return(false); } else if (string.IsNullOrWhiteSpace(info.Source)) { XmlNode sourceNode = doc.SelectSingleNode("//Source"); if (sourceNode != null) { info.Source = sourceNode.InnerText.Trim(); } } if (string.IsNullOrWhiteSpace(info.UserName)) { XmlNode userNameNode = doc.SelectSingleNode("//Data[@Name='TargetUserName']"); if (userNameNode == null) { userNameNode = doc.SelectSingleNode("//TargetUserName"); } if (userNameNode != null) { info.UserName = userNameNode.InnerText.Trim(); } } service.AddFailedLogin(info); return(true); }
private bool AddFailedLoginForEventViewerXml(string ipAddress, string source, string userName, XmlDocument doc) { if (string.IsNullOrWhiteSpace(ipAddress)) { return(false); } else if (string.IsNullOrWhiteSpace(source)) { XmlNode sourceNode = doc.SelectSingleNode("//Source"); if (sourceNode != null) { source = sourceNode.InnerText.Trim(); } } if (string.IsNullOrWhiteSpace(userName)) { XmlNode userNameNode = doc.SelectSingleNode("//Data[@Name='TargetUserName']"); if (userNameNode == null) { userNameNode = doc.SelectSingleNode("//TargetUserName"); } if (userNameNode != null) { userName = userNameNode.InnerText.Trim(); } } IPBanLog.Write(LogLevel.Information, "*LOGIN FAIL* IP: {0}, USER: {1}", ipAddress, userName); service.AddFailedLogin(ipAddress, source, userName); return(true); }
private bool PingFile(WatchedFile file, FileStream fs) { const int maxCountBeforeNewline = 1024; int b; long lastNewlinePos = -1; byte[] bytes; long end = Math.Min(file.LastLength, fs.Length); int countBeforeNewline = 0; fs.Position = file.LastPosition; IPBanLog.Write(LogLevel.Info, "Processing watched file {0}, len = {1}, pos = {2}", file.FileName, file.LastLength, file.LastPosition); while (fs.Position < end && countBeforeNewline++ != maxCountBeforeNewline) { // read until last \n is found b = fs.ReadByte(); if (b == '\n') { lastNewlinePos = fs.Position - 1; countBeforeNewline = 0; } } if (countBeforeNewline == maxCountBeforeNewline) { throw new InvalidOperationException("Log file " + this.fileMask + " may not be a plain text new line delimited file"); } if (lastNewlinePos > -1) { // set file position ready for the next read right after the newline fs.Position = file.LastPosition; bytes = new BinaryReader(fs).ReadBytes((int)(lastNewlinePos - fs.Position)); // set position for next ping file.LastPosition = lastNewlinePos + 1; // read text and run regex to find ip addresses to ban string subString = Encoding.UTF8.GetString(bytes); string[] lines = subString.Split('\n'); string ipAddress = null; string userName = null; bool foundOne = false; // find ip and user name from all lines foreach (string line in lines) { IPBanLog.Write(LogLevel.Debug, "Parsing log file line {0}...", line); bool foundMatch = IPBanService.GetIPAddressAndUserNameFromRegex(Regex, line.Trim(), ref ipAddress, ref userName); if (foundMatch) { IPBanLog.Write(LogLevel.Debug, "Found match, ip: {0}, user: {1}", ipAddress, userName); service.AddFailedLogin(ipAddress, Source, userName); foundOne = true; } else { IPBanLog.Write(LogLevel.Debug, "No match!"); } } if (foundOne) { // signal that we have found ip addresses ipEvent.Set(); } } return(maxFileSize > 0 && fs.Length > maxFileSize); }