/** * Refresh the Log * * Clears the log and repopulates it * **/ private void refreshLog() { events.Rows.Clear(); foreach (EventLogEntry entry in myLog.Entries) { TrustBaseEvent parsedEvent = parseEvent(entry); DataRow TBevent = events.NewRow(); TBevent["Time"] = parsedEvent.TimeWritten.ToShortDateString() + " - " + parsedEvent.TimeWritten.ToLongTimeString(); TBevent["Process"] = parsedEvent.ProcessName; TBevent["Hostname"] = parsedEvent.HostName; TBevent["Message"] = parsedEvent.Message; events.Rows.Add(TBevent); } }
/** * Parse Event * * Parses a Trustbase event log to extract relevant data * * **/ private TrustBaseEvent parseEvent(EventLogEntry entry) { var result = new TrustBaseEvent(); result.Message = "Unspecified"; result.ProcessName = "Unspecified"; result.HostName = "Unspecified"; if (entry.Message.Contains(DELIMETER)) { int delimeterPosition = entry.Message.IndexOf(DELIMETER); result.ProcessName = entry.Message.Substring(0, delimeterPosition); string hostnameAndmessage = entry.Message.Substring(delimeterPosition + 1); if (hostnameAndmessage.Contains(DELIMETER)) { delimeterPosition = hostnameAndmessage.IndexOf(DELIMETER); result.HostName = hostnameAndmessage.Substring(0, delimeterPosition); result.Message = hostnameAndmessage.Substring(delimeterPosition + 1); } else { result.Message = hostnameAndmessage; } } else { result.Message = entry.Message; } result.connectionBlocked = entry.CategoryNumber == RESPONSE_INVALID; result.type = entry.EntryType; result.GUID = new Guid(); result.TimeWritten = entry.TimeWritten; return(result); }
/** * Notify the User * * Do nothing if notifications are disabled * Grab most recent event * Parse Event Data * Decide whether to notify (Is this a recent repeat?) * * * //TODO Persist nofification enabled state * **/ private void notify(object sender, EntryWrittenEventArgs e) { if (!this.enableBlockNotifications && !this.enableAcceptNotifications) { return; } //============================ // GET WRITTEN EVENT //============================ EventLogEntry most_recent = null; foreach (EventLogEntry entry in myLog.Entries) { if (System.DateTime.Now.Ticks - entry.TimeWritten.Ticks < TimeSpan.TicksPerSecond * 8) { most_recent = entry; } } //============================ // GENERATE NOTIFICATION TEXT //============================ ToolTipIcon icon; TrustBaseEvent parsedEvent = parseEvent(most_recent); if (parsedEvent.connectionBlocked && !this.enableBlockNotifications) { return; } if (!parsedEvent.connectionBlocked && !this.enableAcceptNotifications) { return; } if (parsedEvent.type == EventLogEntryType.Error) { icon = ToolTipIcon.Error; } else if (parsedEvent.type == EventLogEntryType.Warning) { icon = ToolTipIcon.Warning; } else if (parsedEvent.type == EventLogEntryType.Information) { icon = ToolTipIcon.Info; } else { icon = ToolTipIcon.None; } //========================================================= //DO NOT NOTIFY FOR THE SAME PROGRAM BLOCKED SEVERAL TIMES //========================================================= if (!deduplicator.Keys.Contains <string>(parsedEvent.ProcessName)) { deduplicator.Add(parsedEvent.ProcessName, DateTime.Now); trayIcon.ShowBalloonTip(9000, "TrustBase", parsedEvent.Message + "\n" + parsedEvent.HostName + "\n" + parsedEvent.ProcessName, icon); } else { DateTime last_notification; deduplicator.TryGetValue(parsedEvent.ProcessName, out last_notification); if (DateTime.Now.Ticks - last_notification.Ticks > TimeSpan.TicksPerMinute) { deduplicator.Remove(parsedEvent.ProcessName); deduplicator.Add(parsedEvent.ProcessName, DateTime.Now); trayIcon.ShowBalloonTip(9000, "TrustBase", parsedEvent.Message + "\n" + parsedEvent.HostName + "\n" + parsedEvent.ProcessName, icon); } } }