public EventProducer(DbStatusObject dbStatusObj, string dbPath)
        {
            queueManager = new NotificationQueue();

            worker = new EventProcessor(queueManager, dbStatusObj, dbPath);
            eventWatcher = new EventWatcherAsync(queueManager, dbStatusObj);
        }
        public EventWatcherAsync(NotificationQueue q, DbStatusObject dbStatusObj)
        {
            scope = new ManagementScope(@"\\localhost\root\cimv2");

            string query1 = null;
            try
            {
                System.OperatingSystem osInfo = Environment.OSVersion;
                CLogger.WriteLog(ELogLevel.DEBUG, "OS version Major" + osInfo.Version.Major.ToString());
                if (osInfo.Version.Major == 5)//OS_VER_WIN_SERVER_2003)
                {
                    query1 = @"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA
                'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security' and TargetInstance.Category = 3
                and (TargetInstance.EventCode=560 OR TargetInstance.EventCode=564 OR TargetInstance.EventCode=567
                OR TargetInstance.EventCode=594)";
                }
                else if (osInfo.Version.Major == 6)//OS_VER_WIN_SERVER_2008)
                {
                    CLogger.WriteLog(ELogLevel.DEBUG, "OS version 2008");
                    query1 = @"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA
                'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security' and (TargetInstance.Category = 12800
                OR TargetInstance.Category = 12807) and (TargetInstance.EventCode=4656 OR TargetInstance.EventCode=4660 OR TargetInstance.EventCode=4663
                OR TargetInstance.EventCode=4690)";
                }
            }
            catch (Exception e)
            {
                CLogger.WriteLog(ELogLevel.DEBUG, "Caught exception while checking OS type" + e.Message);
            }

            // Category = 3 CategoryString = 'Object Access'
            eventLogChangesWatcher = new ManagementEventWatcher(new EventQuery(query1));
            string query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Win32_PrintJob'";
            printJobWatcher = new ManagementEventWatcher(new EventQuery(query2));

            #if CIM_CLASS
            query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'CIM_DataFile' AND
                    TargetInstance.Drive='C:' AND TargetInstance.Path = '\\testdocument\\' ";
            /*            query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE
                    Targetinstance ISA 'CIM_DirectoryContainsFile' AND
                    TargetInstance.GroupComponent='c:\\windows'";
            */
            fileCreationWatcher = new ManagementEventWatcher(new EventQuery(query2));
            #endif

            #if REMOTE_PRINT
            ConnectionOptions connOptions = new ConnectionOptions();
            connOptions.Username = "******";
            connOptions.Password = "******";
            remoteScope = new ManagementScope(@"\\192.168.0.1\root\cimv2", connOptions);
            CLogger.WriteLog(ELogLevel.DEBUG, "Remote Scope created");

            printJobWatcherRemote = new ManagementEventWatcher(new EventQuery(query2));
            CLogger.WriteLog(ELogLevel.DEBUG, "Remote Scope created2");
            #endif
            queue = q;
            dbStatus = dbStatusObj;
        }
Esempio n. 3
0
        public EventWatcherAsync(NotificationQueue q)
        {
            scope = new ManagementScope(@"\\localhost\root\cimv2");

            // Category = 3 CategoryString = 'Object Access'
            string query = @"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA
            'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security' and TargetInstance.Category = 3";
            eventLogChangesWatcher = new ManagementEventWatcher(new EventQuery(query));
            queue = q;
        }
        public EventProcessor(NotificationQueue q, DbStatusObject dbStatusObj, string dbPath)
        {
            queue = q;
            conn = new SQLiteConnection(dbPath);
            //@"Data Source=" + System.Environment.GetEnvironmentVariable("windir") + "\\system\\AccessTrackerDB");

            TrimOpenAccessTimer = new System.Timers.Timer(1000 * 60 * TRIM_OPEN_ACCESS_INTERVAL); //Interval specified in milliseconds
            killedProcessList = new List<Win32ProcessInfo>();
            procDeleteWatcher = new ProcessDeleteWatcherAsync(killedProcessList);
            dbStatus = dbStatusObj;
        }
Esempio n. 5
0
 public EventProducer()
 {
     queue = new NotificationQueue();
     worker = new EventProcessor(queue);
     eventWatcher = new EventWatcherAsync(queue);
 }
Esempio n. 6
0
 public EventProcessor(NotificationQueue q)
 {
     queue = q;
     conn = new SQLiteConnection(@"Data Source=" + System.Environment.GetEnvironmentVariable("windir") + "\\system\\dpfam.db");
 }