public Addrs Aggregate(DateTime _fromUtc)
{
var logprefix = "Scan: ";
Log(logprefix + "in");
var timer = DateTime.UtcNow;
try
{
var provider = "Security";
using (var db = new LiteDatabase("Filename=" + Utils.MyPath("RdpMon.db") + ";utc=true"))
{
var _lastDbModif = DbProps.Get(db, "LastAddrChange");
var lastDbModif = (_lastDbModif != null ? (DateTime)_lastDbModif : DateTime.MinValue);
var fromUtc = (_fromUtc == DateTime.MinValue ? lastDbModif : _fromUtc);
//var fromLocal = fromUtc.ToLocalTime();
var query = "*[" +
"(System/EventID=" + SuccessEvtId.ToString() + " or " + "System/EventID=" + FailureEvtId.ToString() + ")" +
" and " +
"System[TimeCreated[@SystemTime>'" + fromUtc.ToString("yyyy-MM-dd") + "T" + fromUtc.ToString("HH:mm:ss") + ".000000000Z" + "']]" +
"]";
// Skip if DB hasn't changed since fromUtc
if (lastDbModif != null && lastDbModif < fromUtc)
{
Log(logprefix + "out: DB unchanged, skipping");
iteration++;
return(addrs);
}
var addrTable = db.GetCollection <Addr>("Addr");
if (updateDb)
{
var eventsQuery = new EventLogQuery(provider, PathType.LogName, query);
if (dbg)
{
var rand = new Random(Environment.TickCount);
var dbgRand = true;
for (int i = 0; i < 200; i++)
{
var success = ((dbgRand ? rand.Next(200) : i) > 400);
var ip = string.Format("{0}.{1}.{2}.{3}", 132, 154, 255, (dbgRand ? rand.Next(50) : i) + 1);
var now = DateTime.UtcNow;
var utcTime = dbgRand ? now.Subtract(TimeSpan.FromMinutes(rand.Next(60)))
: new DateTime(now.Year, now.Month, now.Day, now.Hour, 0, 0);
var userName = "******" + (dbgRand ? rand.Next(9) : i) + 1;
if (utcTime > fromUtc)
{
addrs.Aggregate(addrTable, ip, utcTime, success, userName);
}
}
}
else
{
var logReader = new EventLogReader(eventsQuery);
for (var evt = logReader.ReadEvent(); evt != null; evt = logReader.ReadEvent())
{
addrs.Aggregate(addrTable, evt, dbg);
}
}
if (addrs.lastDbChange != null)
{
DbProps.Set(db, "LastAddrChange", DateTime.UtcNow);
}
}
}
}
catch (Exception ex)
{
Log(logprefix + "* exception: " + ex.ToString());
}
var perfDuration = DateTime.UtcNow.Subtract(timer);
Log(logprefix + "out: " + addrs.Items.Count.ToString() + " addrs found, took " + perfDuration.TotalSeconds + " seconds");
iteration++;
return(addrs);
}
void RefreshSessionsLV(bool initialLoad, List <WTS.SessionInfo> activeSessions)
{
//var logprefix = "RefreshSessionsLV: ";
var startedLvUpdate = false;
var lv = sessionsLv;
// Initial load or update?
if (initialLoad)
{
lastSessionsRefresh = DateTime.MinValue;
startedLvUpdate = true;
lv.BeginUpdate();
lv.ListViewItemSorter = null;
lv.Items.Clear();
}
var now = DateTime.UtcNow;
using (var db = new LiteDatabase("Filename=" + Utils.MyPath("RdpMon.db") + ";utc=true"))
{
var _lastDbModif = DbProps.Get(db, "LastSessionChange");
var lastDbModif = (_lastDbModif != null ? (DateTime)_lastDbModif : DateTime.MinValue);
var table = db.GetCollection <Session>("Session");
foreach (var dbSession in table.FindAll())
{
if (dbSession.Start < lastSessionsRefresh && dbSession.End != null)
{
if (DateTime.UtcNow.Subtract(dbSession.End.Value) < TimeSpan.FromSeconds(60) &&
FindSessionLvItem(dbSession.SessionUid, out var lvi))
{
// Update just-ended session
lvi.SubItems[ColSessionState.DisplayIndex].Text = "Ended";
lvi.SubItems[ColSessionEnded.DisplayIndex].Text = (dbSession.End != null ? dbSession.End.Value.ToLocalTime().ToString("MM/dd HH:mm:ss") : "");
lvi.ImageIndex = -1;
}
continue;
}
var equivalentActiveSession = GetEquivalentActiveSession(dbSession, activeSessions);
if (!startedLvUpdate)
{
startedLvUpdate = true;
lv.BeginUpdate();
lv.ListViewItemSorter = null;
}
var existingFound = false;
if (equivalentActiveSession != null)
{
if (FindSessionLvItem(dbSession.SessionUid, out var lvi))
{
lvi.SubItems[ColSessionStarted.DisplayIndex].Text = dbSession.Start.ToLocalTime().ToString("MM/dd HH:mm:ss");
lvi.SubItems[ColSessionState.DisplayIndex].Text = equivalentActiveSession.StateStr();
lvi.Tag = dbSession;
existingFound = true;
}
}
if (existingFound)
{
continue;
}
// Add / update in list
{
var adding = false;
if (!FindSessionLvItem(dbSession.SessionUid, out var lvi)) // Special case: sometimes LvItem may be found in list if the DB has missed its Ended time (i.e. if the service was down while the session ended)
{
// Usual case
lvi = new ListViewItem();
lvi.SubItems.AddRange(new[] { "", "", "", "", "", "", "" });
adding = true;
}
lvi.SubItems[ColWtsSessionId.DisplayIndex].Text = dbSession.WtsSessionId.ToString();
lvi.SubItems[ColSessionUser.DisplayIndex].Text = (dbSession.User ?? "").ToString();
lvi.SubItems[ColSessionStarted.DisplayIndex].Text = dbSession.Start.ToLocalTime().ToString("MM/dd HH:mm:ss");
if (dbSession.End != null)
{
lvi.SubItems[ColSessionState.DisplayIndex].Text = "Ended";
}
if (equivalentActiveSession != null)
{
lvi.ImageIndex = 1;
lvi.SubItems[ColSessionEnded.DisplayIndex].Text = "ongoing";
}
else
{
lvi.SubItems[ColSessionEnded.DisplayIndex].Text = (dbSession.End != null ? dbSession.End.Value.ToLocalTime().ToString("MM/dd HH:mm:ss") : "");
}
lvi.SubItems[ColSessionAddr.DisplayIndex].Text = (dbSession.Addr == "127.0.0.1" ? "localhost" : dbSession.Addr);
lvi.Tag = dbSession;
if (adding)
{
lv.Items.Add(lvi);
}
}
}
}
if (startedLvUpdate)
{
lv.ListViewItemSorter = sessionsSorter;
lv.Sort();
lv.EndUpdate();
lv.ListViewItemSorter = null;
}
lastSessionsRefresh = now;
}
