public CefEvent Convert(AzureEventBase evt)
{
var cef = new CefEvent()
{
Timestamp = evt.time,
Host = evt.resourceName,
// Device Vendor - need to check difference between Microsoft and 3rd party events
DeviceVendor = "Microsoft",
DeviceProduct = evt.providerName,
DeviceVersion = "1",
DeviceEventClassID = evt.eventType,
Name = evt.shortDescription,
Severity = MapSeverity(evt.level)
};
// TODO - set custom properties
cef.CustomProperties.act = evt.operationName;
cef.CustomProperties.destinationServiceName = evt.providerName;
//cef.CustomProperties.destinationDnsDomain =
cef.CustomProperties.deviceExternalId = evt.resourceId;
cef.CustomProperties.duser = "******";
// TODO - put the real time on here
//cef.CustomProperties.end = "TODO";
cef.CustomProperties.src = evt.callerIpAddress;
//cef.CustomProperties.act
return(cef);
}
public string CefEventToCefRecord(CefEvent evt)
{
var sb = new System.Text.StringBuilder();
sb.AppendFormat("{0} {1} {2}|{3}|{4}|{5}|{6}|{7}|{8}|",
evt.Timestamp.ToString(_formatString),
evt.Host,
evt.CefVersion,
EscapeValue(evt.DeviceVendor),
EscapeValue(evt.DeviceProduct),
EscapeValue(evt.DeviceVersion),
EscapeValue(evt.DeviceEventClassID),
EscapeValue(evt.Name),
EscapeValue(evt.Severity)
);
CefTransformerCustom.FillCustomProperties(evt.CustomProperties, sb);
return(sb.ToString());
}