/// <summary> /// Creates the syslog structured data containing system information. /// </summary> /// <returns></returns> private SyslogSdElement CreateSystemInfoData() { var sdElement = new SyslogSdElement($"systemInfo@{_enterpriseId.ToString(CultureInfo.InvariantCulture)}"); sdElement.Parameters.Add(new SyslogSdParameter("installDirectory", _installFolder)); sdElement.Parameters.Add(new SyslogSdParameter("databaseName", _databaseName)); sdElement.Parameters.Add(new SyslogSdParameter("databaseServer", _databaseServer)); return(sdElement); }
/// <summary> /// Creates the syslog structured data containing parameters common to all audit log messages. /// </summary> /// <param name="entryData">The entry data.</param> /// <returns></returns> private SyslogSdElement CreateBaseMsgData(IAuditLogEntryData entryData) { var sdElement = new SyslogSdElement($"audit@{_enterpriseId.ToString(CultureInfo.InvariantCulture)}"); sdElement.Parameters.Add(new SyslogSdParameter("msgId", entryData.AuditLogEntryMetadata.MessageId)); sdElement.Parameters.Add(new SyslogSdParameter("success", entryData.Success.ToString())); sdElement.Parameters.Add(new SyslogSdParameter("tenant", RequestContext.GetContext().Tenant.Name)); sdElement.Parameters.Add(new SyslogSdParameter("user", entryData.UserName)); return(sdElement); }
/// <summary> /// Creates the extra message data from the log entry. /// </summary> /// <param name="logEntry"></param> /// <returns></returns> private SyslogSdElement CreateExtraMsgData(EventLogEntry logEntry) { var sdElement = new SyslogSdElement($"{EventLogMsgId}@{EnterpriseId.ToString(CultureInfo.InvariantCulture)}"); sdElement.Parameters.Add(new SyslogSdParameter("msgId", EventLogMsgId)); sdElement.Parameters.Add(new SyslogSdParameter("tenant", logEntry.TenantName)); sdElement.Parameters.Add(new SyslogSdParameter("tenantId", logEntry.TenantId.ToString(CultureInfo.InvariantCulture))); sdElement.Parameters.Add(new SyslogSdParameter("user", logEntry.UserName)); // Sd parameter is called logEntrySource for source as source appears be used by graylog for the name of the source machine sdElement.Parameters.Add(new SyslogSdParameter("logEntrySource", logEntry.Source)); sdElement.Parameters.Add(new SyslogSdParameter("threadId", logEntry.ThreadId.ToString(CultureInfo.InvariantCulture))); return(sdElement); }
/// <summary> /// Creates the syslog structured data containing origin parameters. /// </summary> /// <param name="ipHostEntry">The ip host entry.</param> /// <returns></returns> private SyslogSdElement CreateOriginData(IPHostEntry ipHostEntry) { var sdElement = new SyslogSdElement(SyslogOriginConstants.Origin); sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.EnterpriseId, _enterpriseId.ToString(CultureInfo.InvariantCulture))); sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.SwVersion, SystemInfo.PlatformVersion)); sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.Software, _applicationName)); if (ipHostEntry?.AddressList != null && ipHostEntry.AddressList.Length > 0) { foreach (IPAddress ipAddress in ipHostEntry.AddressList) { sdElement.Parameters.Add(new SyslogSdParameter(SyslogOriginConstants.Ip, ipAddress.ToString())); } } return(sdElement); }
/// <summary> /// Creates the syslog structured data containing parameters specific to the audit log message. /// </summary> /// <param name="entryData">The entry data.</param> /// <returns></returns> private SyslogSdElement CreateSpecificMsgData(IAuditLogEntryData entryData) { var sdElement = new SyslogSdElement($"{entryData.AuditLogEntryMetadata.MessageId}@{_enterpriseId.ToString(CultureInfo.InvariantCulture)}"); // Set type specific fields foreach (var kvp in entryData.Parameters) { if (kvp.Value == null) { continue; } string value = kvp.Value.ToString(); if (kvp.Value is DateTime?) { value = $"{kvp.Value:o}"; } sdElement.Parameters.Add(new SyslogSdParameter(kvp.Key, value)); } return(sdElement); }
/// <summary> /// Decodes the structured data. /// </summary> /// <param name="structuredData">The structured data.</param> /// <returns></returns> private IEnumerable <SyslogSdElement> DecodeStructuredData(string structuredData) { if (string.IsNullOrEmpty(structuredData)) { return(null); } var sdElementsList = new List <SyslogSdElement>(); string[] sdElements = structuredData.Split(';'); foreach (string sdElement in sdElements) { string[] sdElementParts = sdElement.Split(','); SyslogSdElement element = null; for (int i = 0; i < sdElementParts.Length; i++) { if (i == 0) { element = new SyslogSdElement(sdElementParts[i]); } else { string[] paramParts = sdElementParts[i].Split(':'); element.Parameters.Add(new SyslogSdParameter(paramParts[0], paramParts[1])); } } sdElementsList.Add(element); } return(sdElementsList); }