private void OnRuleChanged(object obj, EventRecordWrittenEventArgs arg)
{
if (arg.EventRecord == null)
{
return;
}
RuleChangedEvent args = ReadFirewallEvent(arg.EventRecord);
if (args != null)
{
ChangeEvent?.Invoke(this, args);
}
}
protected RuleChangedEvent ReadFirewallEvent(EventRecord record)
{
try
{
var PropertyValues = ((EventLogRecord)record).GetPropertyValues(eventPropertySelector);
RuleChangedEvent args = new RuleChangedEvent();
//args.ProcessId = int.Parse(PropertyValues[(int)EventProperties.ProcessID].ToString()); // useless always lsass.exe pid
args.EventID = (FirewallGuard.EventIDs)(UInt16) PropertyValues[(int)EventProperties.EventID];
args.ProfileChanged = PropertyValues[(int)EventProperties.ProfileChanged].ToString();
args.RuleId = PropertyValues[(int)EventProperties.RuleId].ToString();
args.RuleName = PropertyValues[(int)EventProperties.RuleName].ToString();
return(args);
}
catch (Exception err)
{
AppLog.Exception(err);
}
return(null);
}