/// <summary>
/// Down loads JSON log files between 2 dates from the blob storage
/// and exports them into one .CSV file.
/// </summary>
/// <param name="logStart">Begin date and time of the log.</param>
/// <param name="logEnd">End date and time of the log.</param>
private static void GetNetworkSecurityGroupRuleCounters(DateTime logStart, DateTime logEnd)
{
// Creates client.
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(BlobStorageConnectionString);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
Console.WriteLine($"Getting reference to container {CounterContainerName}");
CloudBlobContainer container = blobClient.GetContainerReference(CounterContainerName);
// Instantiate the URL generator.
StorageURL storageUrl = new StorageURL(container.Uri, SubscriptionID, ResrouceGroupsName, ProviderName, ResrouceTypeName, ResourceType.NETWORKSECURITYGROUPS);
List <Log> logs = new List <Log>();
int itemPosition = 0;
// Using the date and time as arguments download all logs from the storage blob.
for (DateTime logTimeStamp = logStart; logTimeStamp <= logEnd; logTimeStamp = logTimeStamp.AddHours(1))
{
Console.WriteLine(logTimeStamp);
Uri storageblobUrl = storageUrl.GetURL(logTimeStamp);
CloudBlockBlob blockBlob = new CloudBlockBlob(storageblobUrl, storageAccount.Credentials);
MemoryStream memstream = new MemoryStream();
try
{
blockBlob.DownloadToStream(memstream);
memstream.Position = 0;
JsonSerializer serializer = new JsonSerializer();
using (StreamReader sr = new StreamReader(memstream))
using (JsonTextReader jsonTextReader = new JsonTextReader(sr))
{
// Deserialize JSON.
LogRecords logRecords = serializer.Deserialize <LogRecords>(jsonTextReader);
itemPosition = 0;
foreach (Log logItem in logRecords.records)
{
// Add deserialized logs.
logs.Add(logItem);
itemPosition++;
}
}
}
catch (Exception ex)
{
Console.WriteLine($"{ex.Message} - {storageblobUrl}");
}
}
// Dump everything in the logs list into a file.
using (StreamWriter file = new StreamWriter(CounterCSVExportNamePath))
{
file.WriteLine("time,systemId,resourceId,operationName,properties.vnetResourceGuid,properties.subnetPrefix"
+ ",properties.macAddress,properties.ruleName,properties.direction,properties.type,properties.matchedConnections");
foreach (Log log in logs)
{
file.WriteLine($"{DateTime.Parse(log.time).ToUniversalTime()}, {log.systemId}, {log.resourceId}, {log.operationName}"
+ $", {log.properties.vnetResourceGuid}, {log.properties.subnetPrefix}, {log.properties.macAddress}"
+ $", {log.properties.ruleName}, {log.properties.direction}, {log.properties.type}, {log.properties.matchedConnections}");
}
}
}
private static void GetNetworkSecurityGroupEvents(DateTime logStart, DateTime logEnd)
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(BlobStorageConnectionString);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
Console.WriteLine($"Getting reference to container {EventContainerName}");
CloudBlobContainer container = blobClient.GetContainerReference(EventContainerName);
StorageURL storageUrl = new StorageURL(container.Uri, SubscriptionID, ResrouceGroupsName, ProviderName, ResrouceTypeName, ResourceType.NETWORKSECURITYGROUPS);
List <Log> logs = new List <Log>();
int itemPosition = 0;
for (DateTime logTimeStamp = logStart; logTimeStamp <= logEnd; logTimeStamp = logTimeStamp.AddHours(1))
{
Console.WriteLine(logTimeStamp);
Uri storageBlogUrl = storageUrl.GetURL(logTimeStamp);
CloudBlockBlob blockBlob = new CloudBlockBlob(storageBlogUrl, storageAccount.Credentials);
MemoryStream memstream = new MemoryStream();
try
{
blockBlob.DownloadToStream(memstream);
memstream.Position = 0;
JsonSerializer serializer = new JsonSerializer();
using (StreamReader sr = new StreamReader(memstream))
using (JsonTextReader jsonTextReader = new JsonTextReader(sr))
{
LogRecords logRecords = serializer.Deserialize <LogRecords>(jsonTextReader);
itemPosition = 0;
foreach (Log logItem in logRecords.records)
{
logs.Add(logItem);
itemPosition++;
}
}
}
catch (Exception ex)
{
Console.WriteLine($"{ex.Message} - {storageBlogUrl}");
}
}
using (System.IO.StreamWriter file = new System.IO.StreamWriter(EventCSVExportNamePath))
{
file.WriteLine("time,systemId,resourceId,operationName,properties.vnetResourceGuid,properties.subnetPrefix"
+ ",properties.macAddress,properties.ruleName,properties.direction,properties.priority"
+ ",properties.type,properties.conditions.destinationPortRange,properties.conditions.sourcePortRange"
+ ",properties.conditions.sourceIP,properties.conditions.destinationIP,properties.conditions.protocols");
foreach (Log log in logs)
{
file.WriteLine($"{DateTime.Parse(log.time).ToUniversalTime()}, {log.systemId}, {log.resourceId}, {log.operationName}"
+ $", {log.properties.vnetResourceGuid}, {log.properties.subnetPrefix}, {log.properties.macAddress}"
+ $", {log.properties.ruleName}, {log.properties.direction}, {log.properties.priority}, {log.properties.type}"
+ $", {log.properties.conditions.destinationPortRange}, {log.properties.conditions.sourcePortRange}"
+ $", {log.properties.conditions.sourceIP?.Replace(',', ';')}, {log.properties.conditions.destinationIP?.Replace(',', ';')}"
+ $", {(string.IsNullOrWhiteSpace(log.properties.conditions.protocols) ? "*" : log.properties.conditions.protocols?.Replace(',', ';'))}");
}
}
}
private static void GetLoadBalancerEvents(DateTime logStart, DateTime logEnd)
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(BlobStorageConnectionString);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
Console.WriteLine($"Getting reference to container {EventContainerName}");
CloudBlobContainer container = blobClient.GetContainerReference(EventContainerName);
StorageURL storageUrl = new StorageURL(container.Uri, SubscriptionID, ResrouceGroupsName, ProviderName, ResrouceTypeName, ResourceType.LOADBALANCERS);
List <Log> logs = new List <Log>();
int itemPosition = 0;
// Using the date and time as arguments download all logs from the storage blob.
for (DateTime logTimeStamp = logStart; logTimeStamp <= logEnd; logTimeStamp = logTimeStamp.AddHours(1))
{
Console.WriteLine(logTimeStamp);
Uri storageBlobUrl = storageUrl.GetURL(logTimeStamp);
CloudBlockBlob blockBlob = new CloudBlockBlob(storageBlobUrl, storageAccount.Credentials);
MemoryStream memstream = new MemoryStream();
try
{
blockBlob.DownloadToStream(memstream);
memstream.Position = 0;
JsonSerializer serializer = new JsonSerializer();
using (StreamReader sr = new StreamReader(memstream))
{
using (JsonTextReader jsonTextReader = new JsonTextReader(sr))
{
LogRecords logRecords = serializer.Deserialize <LogRecords>(jsonTextReader);
itemPosition = 0;
foreach (Log logItem in logRecords.records)
{
logs.Add(logItem);
itemPosition++;
}
}
}
}
catch (Exception ex)
{
Console.WriteLine($"{ex.Message} - {storageBlobUrl}");
}
}
using (System.IO.StreamWriter file = new System.IO.StreamWriter(EventCSVExportNamePath))
{
file.WriteLine("time,systemId,category,resourceId,operationName,properties.eventName"
+ ",properties.eventDescription,properties.eventProperties.publicIpAddress");
foreach (Log log in logs)
{
file.WriteLine($"{DateTime.Parse(log.time).ToUniversalTime()}, {log.systemId}, {log.category}, {log.resourceId}, {log.operationName}"
+ $", {log.properties.eventName }, {log.properties.eventDescription}, {log.properties.eventProperties.publicIpAddress}");
}
}
}