private ArrayList GetData(string query)
{
var data = new ArrayList();
try
{
var oLogQuery = new LogQuery();
var oIISW3CInputFormat = new IISW3CInputFormat();
var oRecordSet = oLogQuery.Execute(query, oIISW3CInputFormat);
for (; !oRecordSet.atEnd(); oRecordSet.moveNext())
{
var oRecord = oRecordSet.getRecord();
var row = new Dictionary <string, object>();
for (int i = 0; i < oRecordSet.getColumnCount(); i++)
{
if (!oRecord.isNull(i))
{
row.Add(oRecordSet.getColumnName(i), oRecordSet.getColumnType(i) == oRecordSet.TIMESTAMP_TYPE ? oRecord.toNativeString(i) : oRecord.getValue(i));
}
}
data.Add(row);
}
oRecordSet.close();
}
catch (COMException ex)
{
Console.WriteLine("Unexpected error: " + ex.Message);
}
return(data);
}
public static List <MaxRequestModel> GetTop20MaxRequest(string logPath)
{
string fireName = ConfigurationManager.AppSettings["fireName"];
var listIps = FwHelper.GetList(fireName);
List <MaxRequestModel> listModel = new List <MaxRequestModel>();
LogRecordSet oRecordSet = null;
try
{
LogQuery oLogQuery = new LogQuery();
IISInputFormat oIISInputFormat = new IISInputFormat();
string query = string.Format(@"Select Top 100
c-ip as [CIP],
COUNT(*) AS Hits
FROM {0}
GROUP BY [CIP]
ORDER BY Hits DESC", logPath);
oRecordSet = oLogQuery.Execute(query, oIISInputFormat);
for (; !oRecordSet.atEnd(); oRecordSet.moveNext())
{
var cip = oRecordSet.getRecord().getValue("CIP") as string;
var hits = (int)oRecordSet.getRecord().getValue("Hits");
if (!listIps.Contains(cip))
{
listModel.Add(new MaxRequestModel()
{
IP = cip ?? string.Empty, Count = hits
});
}
}
oRecordSet.close();
oRecordSet = null;
}
catch (System.Runtime.InteropServices.COMException exc)
{
System.IO.File.WriteAllText("D:\\error.log", exc.ToString());
}
catch (Exception exc)
{
System.IO.File.WriteAllText("D:\\error.log", exc.ToString());
}
finally
{
if (oRecordSet != null)
{
oRecordSet.close();
oRecordSet = null;
}
}
return(listModel);
}
public static List <HightRequestPage> GetTop100RequestDetail(string logPath, string ip)
{
List <HightRequestPage> listModel = new List <HightRequestPage>();
LogRecordSet oRecordSet = null;
try
{
LogQuery oLogQuery = new LogQuery();
IISInputFormat oIISInputFormat = new IISInputFormat();
string query = string.Format(@"Select Top 100
cs-uri-stem as [Request URI],
cs-uri-query as [Request Param],
COUNT(*) AS Hits
FROM {0}
WHERE c-ip='{1}'
GROUP BY cs-uri-stem,cs-uri-query
ORDER BY Hits DESC", logPath, ip);
oRecordSet = oLogQuery.Execute(query, oIISInputFormat);
for (; !oRecordSet.atEnd(); oRecordSet.moveNext())
{
var uri = oRecordSet.getRecord().getValue("Request URI") as string;
var param = oRecordSet.getRecord().getValue("Request Param") as string;
var hits = (int)oRecordSet.getRecord().getValue("Hits");
listModel.Add(new HightRequestPage()
{
Url = uri ?? string.Empty, Param = param ?? string.Empty, Count = hits
});
}
oRecordSet.close();
oRecordSet = null;
}
catch (System.Runtime.InteropServices.COMException exc)
{
}
finally
{
if (oRecordSet != null)
{
oRecordSet.close();
oRecordSet = null;
}
}
return(listModel);
}
public static List <string> GetHackIps(string logPath, int rCount)
{
LogRecordSet oRecordSet = null;
List <string> listIps = new List <string>();
var nowDataTime = DateTime.Now.AddHours(-8);
try
{
LogQuery oLogQuery = new LogQuery();
IISInputFormat oIISInputFormat = new IISInputFormat();
string query = string.Format(@"Select
c-ip as [CIP],Count(*) AS Hits
FROM {0}
WHERE date='{1}' and time>'{2}'
GROUP BY [CIP]", logPath, nowDataTime.ToString("yyyy-MM-dd"), nowDataTime.AddMinutes(-10).ToString("HH:mm:ss"));
oRecordSet = oLogQuery.Execute(query, oIISInputFormat);
for (; !oRecordSet.atEnd(); oRecordSet.moveNext())
{
var hit = (int)oRecordSet.getRecord().getValue("Hits");
if (hit > rCount)
{
var ip = oRecordSet.getRecord().getValue("CIP") as string;
listIps.Add(ip);
}
}
oRecordSet.close();
oRecordSet = null;
}
catch (System.Runtime.InteropServices.COMException exc)
{
}
finally
{
if (oRecordSet != null)
{
oRecordSet.close();
oRecordSet = null;
}
}
return(listIps);
}
private void IISW3CWatcher(string location)
{
LogManager.GetCurrentClassLogger().Info("IISW3Listener Ready For {0}", location);
var oLogQuery = new LogQuery();
var iFmt = new IISW3CLogInputFormat()
{
codepage = _arguments.CodePage,
consolidateLogs = true,
dirTime = _arguments.DirTime,
dQuotes = _arguments.DoubleQuotes,
recurse = _arguments.Recurse,
useDoubleQuotes = _arguments.DoubleQuotes
};
if (_arguments.MinDateMod.HasValue)
{
iFmt.minDateMod = _arguments.MinDateMod.Value.ToString("yyyy-MM-dd hh:mm:ss");
}
Dictionary <string, Int64> logFileMaxRecords = new Dictionary <string, Int64>();
// Execute the query
while (!CancelToken.IsCancellationRequested)
{
try
{
oLogQuery = new LogQuery();
var qfiles = string.Format("SELECT Distinct [LogFilename] FROM {0}", location);
var rsfiles = oLogQuery.Execute(qfiles, iFmt);
for (; !rsfiles.atEnd(); rsfiles.moveNext())
{
var record = rsfiles.getRecord();
string fileName = record.getValue("LogFilename") as string;
if (!logFileMaxRecords.ContainsKey(fileName))
{
var qcount = string.Format("SELECT max(LogRow) as MaxRecordNumber FROM {0}", fileName);
var rcount = oLogQuery.Execute(qcount, iFmt);
var qr = rcount.getRecord();
var lrn = (Int64)qr.getValueEx("MaxRecordNumber");
logFileMaxRecords[fileName] = lrn;
}
}
foreach (string fileName in logFileMaxRecords.Keys.ToList())
{
var lastRecordNumber = logFileMaxRecords[fileName];
var query = string.Format("SELECT * FROM '{0}' Where LogRow > {1}", fileName, lastRecordNumber);
var rs = oLogQuery.Execute(query, iFmt);
rowReader.ReadColumnMap(rs);
// Browse the recordset
for (; !rs.atEnd(); rs.moveNext())
{
var record = rs.getRecord();
var json = rowReader.ReadToJson(record);
ProcessJson(json);
_receivedMessages++;
var lrn = (Int64)record.getValueEx("LogRow");
logFileMaxRecords[fileName] = lrn;
record = null;
json = null;
}
// Close the recordset
rs.close();
GC.Collect();
}
}
catch (Exception ex)
{
LogManager.GetCurrentClassLogger().Error(ex);
}
System.Threading.Thread.Sleep(_pollingIntervalInSeconds * 1000);
}
Finished();
}
private void EventWatcher(object ploc)
{
string location = ploc.ToString();
LogManager.GetCurrentClassLogger().Info("WindowsEvent Input Listener Ready");
// Instantiate the Event Log Input Format object
var iFmt = new EventLogInputFormat()
{
binaryFormat = _arguments.BinaryFormat.ToString(),
direction = _arguments.Direction.ToString(),
formatMsg = _arguments.FormatMsg,
fullEventCode = _arguments.FullEventCode,
fullText = _arguments.FullText,
msgErrorMode = _arguments.MsgErrorMode.ToString(),
stringsSep = _arguments.StringsSep,
resolveSIDs = _arguments.ResolveSIDS
};
var logFileMaxRecords = new Dictionary <string, Int64>();
using (var syncHandle = new ManualResetEventSlim())
{
// Execute the query
while (!Stop)
{
// Execute the query
if (!CancelToken.IsCancellationRequested)
{
try
{
var oLogQuery = new LogQuery();
var qfiles = string.Format("SELECT Distinct [EventLog] FROM {0}", location);
var rsfiles = oLogQuery.Execute(qfiles, iFmt);
for (; !rsfiles.atEnd(); rsfiles.moveNext())
{
var record = rsfiles.getRecord();
string logName = record.getValue("EventLog") as string;
if (!logFileMaxRecords.ContainsKey(logName))
{
var qcount = string.Format("SELECT max(RecordNumber) as MaxRecordNumber FROM {0}",
logName);
var rcount = oLogQuery.Execute(qcount, iFmt);
var qr = rcount.getRecord();
var lrn = (Int64)qr.getValueEx("MaxRecordNumber");
logFileMaxRecords[logName] = lrn;
}
}
foreach (string fileName in logFileMaxRecords.Keys.ToList())
{
var lastRecordNumber = logFileMaxRecords[fileName];
var query = string.Format("SELECT * FROM {0} where RecordNumber > {1}", location,
lastRecordNumber);
var rs = oLogQuery.Execute(query, iFmt);
// Browse the recordset
for (; !rs.atEnd(); rs.moveNext())
{
var record = rs.getRecord();
var json = new JObject();
foreach (var field in _arguments.Fields)
{
object v = record.getValue(field.Name);
if (field.Name == "Data")
{
v = ToPrintable(v.ToString());
}
if ((field.Name == "TimeGenerated" || field.Name == "TimeWritten") && field.DataType == typeof(DateTime))
{
v = ((DateTime)v).ToUniversalTime();
}
json.Add(new JProperty(field.Name, v));
}
var lrn = (Int64)record.getValueEx("RecordNumber");
logFileMaxRecords[fileName] = lrn;
ProcessJson(json);
_receivedMessages++;
}
// Close the recordset
rs.close();
GC.Collect();
}
if (!Stop)
{
syncHandle.Wait(TimeSpan.FromSeconds(_pollingIntervalInSeconds), CancelToken);
}
}
catch (OperationCanceledException)
{
break;
}
catch (Exception ex)
{
LogManager.GetCurrentClassLogger().Error(ex);
}
}
}
Finished();
}
}
private void EventWatcher(object ploc)
{
string location = ploc.ToString();
LogManager.GetCurrentClassLogger().Info("WindowsEvent Input Listener Ready");
// Instantiate the Event Log Input Format object
var iFmt = new EventLogInputFormat()
{
binaryFormat = _arguments.BinaryFormat.ToString(),
direction = _arguments.Direction.ToString(),
formatMsg = _arguments.FormatMsg,
fullEventCode = _arguments.FullEventCode,
fullText = _arguments.FullText,
msgErrorMode = _arguments.MsgErrorMode.ToString(),
stringsSep = _arguments.StringsSep,
resolveSIDs = _arguments.ResolveSIDS
};
var logFileMaxRecords = new Dictionary<string, Int64>();
using (var syncHandle = new ManualResetEventSlim())
{
// Execute the query
while (!Stop)
{
// Execute the query
if (!CancelToken.IsCancellationRequested)
{
try
{
var oLogQuery = new LogQuery();
var qfiles = string.Format("SELECT Distinct [EventLog] FROM {0}", location);
var rsfiles = oLogQuery.Execute(qfiles, iFmt);
for (; !rsfiles.atEnd(); rsfiles.moveNext())
{
var record = rsfiles.getRecord();
string logName = record.getValue("EventLog") as string;
if (!logFileMaxRecords.ContainsKey(logName))
{
var qcount = string.Format("SELECT max(RecordNumber) as MaxRecordNumber FROM {0}",
logName);
var rcount = oLogQuery.Execute(qcount, iFmt);
var qr = rcount.getRecord();
var lrn = (Int64)qr.getValueEx("MaxRecordNumber");
logFileMaxRecords[logName] = lrn;
}
}
foreach (string fileName in logFileMaxRecords.Keys.ToList())
{
var lastRecordNumber = logFileMaxRecords[fileName];
var query = string.Format("SELECT * FROM {0} where RecordNumber > {1}", location,
lastRecordNumber);
var rs = oLogQuery.Execute(query, iFmt);
// Browse the recordset
for (; !rs.atEnd(); rs.moveNext())
{
var record = rs.getRecord();
var json = new JObject();
foreach (var field in _arguments.Fields)
{
object v = record.getValue(field.Name);
if (field.Name == "Data")
v = ToPrintable(v.ToString());
if ((field.Name == "TimeGenerated" || field.Name == "TimeWritten") && field.DataType == typeof (DateTime))
v = ((DateTime) v).ToUniversalTime();
json.Add(new JProperty(field.Name, v));
}
var lrn = (Int64)record.getValueEx("RecordNumber");
logFileMaxRecords[fileName] = lrn;
ProcessJson(json);
_receivedMessages++;
}
// Close the recordset
rs.close();
GC.Collect();
}
if (!Stop)
syncHandle.Wait(TimeSpan.FromSeconds(_pollingIntervalInSeconds), CancelToken);
}
catch (OperationCanceledException)
{
break;
}
catch (Exception ex)
{
LogManager.GetCurrentClassLogger().Error(ex);
}
}
}
Finished();
}
}
private void IISW3CWatcher(string location)
{
LogManager.GetCurrentClassLogger().Info("IISW3Listener Ready For {0}", location);
var oLogQuery = new LogQuery();
var iFmt = new IISW3CLogInputFormat()
{
codepage = _arguments.CodePage,
consolidateLogs = true,
dirTime = _arguments.DirTime,
dQuotes = _arguments.DoubleQuotes,
recurse = _arguments.Recurse,
useDoubleQuotes = _arguments.DoubleQuotes
};
if (_arguments.MinDateMod.HasValue)
iFmt.minDateMod = _arguments.MinDateMod.Value.ToString("yyyy-MM-dd hh:mm:ss");
Dictionary<string, Int64> logFileMaxRecords = new Dictionary<string, Int64>();
using (var syncHandle = new ManualResetEventSlim())
{
// Execute the query
while (!Stop)
{
// Execute the query
if (!CancelToken.IsCancellationRequested)
{
try
{
oLogQuery = new LogQuery();
var qfiles = string.Format("SELECT Distinct [LogFilename] FROM {0}", location);
var rsfiles = oLogQuery.Execute(qfiles, iFmt);
for (; !rsfiles.atEnd(); rsfiles.moveNext())
{
var record = rsfiles.getRecord();
string fileName = record.getValue("LogFilename") as string;
if (!logFileMaxRecords.ContainsKey(fileName))
{
var qcount = string.Format("SELECT max(LogRow) as MaxRecordNumber FROM {0}",
fileName);
var rcount = oLogQuery.Execute(qcount, iFmt);
var qr = rcount.getRecord();
var lrn = (Int64) qr.getValueEx("MaxRecordNumber");
logFileMaxRecords[fileName] = lrn;
}
}
foreach (string fileName in logFileMaxRecords.Keys.ToList())
{
var lastRecordNumber = logFileMaxRecords[fileName];
var query = string.Format("SELECT * FROM '{0}' Where LogRow > {1}", fileName,
lastRecordNumber);
var rs = oLogQuery.Execute(query, iFmt);
rowReader.ReadColumnMap(rs);
// Browse the recordset
for (; !rs.atEnd(); rs.moveNext())
{
var record = rs.getRecord();
var json = rowReader.ReadToJson(record);
ProcessJson(json);
_receivedMessages++;
var lrn = (Int64) record.getValueEx("LogRow");
logFileMaxRecords[fileName] = lrn;
record = null;
json = null;
}
// Close the recordset
rs.close();
GC.Collect();
}
if (!Stop)
syncHandle.Wait(TimeSpan.FromSeconds(_pollingIntervalInSeconds), CancelToken);
}
catch (OperationCanceledException)
{
break;
}
catch (Exception ex)
{
LogManager.GetCurrentClassLogger().Error(ex);
}
}
}
}
Finished();
}
