private void OnConnection(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord == null) { return; } try { int processId = MiscFunc.parseInt(arg.EventRecord.Properties[0].Value.ToString()); string path = arg.EventRecord.Properties[1].Value.ToString(); Actions action = Actions.Undefined; if (arg.EventRecord.Id == (int)EventIDs.Blocked) { action = Actions.Block; } else if (arg.EventRecord.Id == (int)EventIDs.Allowed) { action = Actions.Allow; } string direction_str = arg.EventRecord.Properties[2].Value.ToString(); Directions direction = Directions.Unknown; if (direction_str == "%%14592") { direction = Directions.Inbound; } else if (direction_str == "%%14593") { direction = Directions.Outboun; } string src_ip = arg.EventRecord.Properties[3].Value.ToString(); int src_port = MiscFunc.parseInt(arg.EventRecord.Properties[4].Value.ToString()); string dest_ip = arg.EventRecord.Properties[5].Value.ToString(); int dest_port = MiscFunc.parseInt(arg.EventRecord.Properties[6].Value.ToString()); int protocol = MiscFunc.parseInt(arg.EventRecord.Properties[7].Value.ToString()); ProgramList.ID id = GetIDforEntry(path, processId); if (id == null) { return; } Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, DateTime.Now); entry.Profile = GetCurrentProfiles(); App.engine.LogActivity(entry); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } }
public void NotifyActivity(Guid guid, Program.LogEntry entry, ProgramID progID, List <String> services = null, bool update = false) { List <byte[]> args = new List <byte[]>(); args.Add(PutGuid(guid)); args.Add(PutLogEntry(entry)); args.Add(PutProgID(progID)); args.Add(PutStrList(services)); args.Add(PutBool(update)); SendPushNotification("ActivityNotification", args); }
public void NotifyActivity(Guid guid, Program.LogEntry entry, ProgramID progID, List <String> services = null, bool update = false) { Priv10Engine.FwEventArgs args = new Priv10Engine.FwEventArgs() { guid = guid, entry = entry, progID = progID, services = services, update = update }; SendPushNotification("ActivityNotification", args); }
/*public bool ApplyTweak(Tweak tweak) * { * return Tweaks.ApplyTweak(tweak); * } * * public bool TestTweak(Tweak tweak) * { * return Tweaks.TestTweak(tweak); * } * * public bool UndoTweak(Tweak tweak) * { * return Tweaks.UndoTweak(tweak); * }*/ public void LogActivity(Program.LogEntry entry, bool fromLog = false) { // Threading note: this function is called from other a service thread watching the security log mDispatcher.BeginInvoke(new Action(() => { // Threading note: here we are in the engine thread Program prog = App.engine.programs.GetProgram(entry.mID, true); prog.LogActivity(entry, fromLog); if (App.host != null && !fromLog) // dont norify activitis form the log { App.host.NotifyActivity(prog.guid, entry); } })); }
public void LoadLog() { EventLog eventLog = new EventLog("Security"); try { //for (int i = eventLog.Entries.Count-1; i > 0; i--) foreach (EventLogEntry logEntry in eventLog.Entries) { //EventLogEntry entry = eventLog.Entries[i]; if (logEntry.InstanceId != (long)EventIDs.Allowed && logEntry.InstanceId != (long)EventIDs.Blocked) { continue; } string[] ReplacementStrings = logEntry.ReplacementStrings; string direction_str = ReplacementStrings[2]; Directions direction = Directions.Unknown; if (direction_str == "%%14592") { direction = Directions.Inbound; } else if (direction_str == "%%14593") { direction = Directions.Outboun; } int processId = MiscFunc.parseInt(ReplacementStrings[0]); string path = ReplacementStrings[1]; ProgramList.ID id = GetIDforEntry(path, processId); if (id == null) { return; } Actions action = Actions.Undefined; if (logEntry.InstanceId == (int)EventIDs.Blocked) { action = Actions.Block; } else if (logEntry.InstanceId == (int)EventIDs.Allowed) { action = Actions.Allow; } string src_ip = ReplacementStrings[3]; int src_port = MiscFunc.parseInt(ReplacementStrings[4]); string dest_ip = ReplacementStrings[5]; int dest_port = MiscFunc.parseInt(ReplacementStrings[6]); int protocol = MiscFunc.parseInt(ReplacementStrings[7]); Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, logEntry.TimeGenerated); App.engine.LogActivity(entry, true); } } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } eventLog.Dispose(); }
protected byte[] PutLogEntry(Program.LogEntry entry) { return(PutXmlObj(entry)); }