public frmEventLog(string Element) { if (Element == null) { this.Element = null; } else { this.Element = JsonConvert.DeserializeObject <ReportingPolicyElementEventLog>(Element); } InitializeComponent(); }
void ReportingThread(object EventDataListO) { try { using (SQLLib sql = SQLTest.ConnectSQL("Fox SDC Server for EventLog Data")) { if (sql == null) { FoxEventLog.WriteEventLog("Cannot connect to SQL Server for Event Log Data Reporting!", System.Diagnostics.EventLogEntryType.Error); return; } List <EventLogReportFull> EventDataList = (List <EventLogReportFull>)EventDataListO; if (EventDataList.Count == 0) { return; } List <PolicyObject> Pol = Policies.GetPolicyForComputerInternal(sql, EventDataList[0].MachineID); Dictionary <string, Int64> AlreadyReported = new Dictionary <string, long>(); foreach (PolicyObject PolO in Pol) { if (PolO.Type != PolicyIDs.ReportingPolicy) { continue; } ReportingPolicyElement RepElementRoot = JsonConvert.DeserializeObject <ReportingPolicyElement>(Policies.GetPolicy(sql, PolO.ID).Data); if (RepElementRoot.Type != ReportingPolicyType.EventLog) { continue; } if (RepElementRoot.ReportToAdmin == null) { RepElementRoot.ReportToAdmin = false; } if (RepElementRoot.ReportToClient == null) { RepElementRoot.ReportToClient = false; } if (RepElementRoot.UrgentForAdmin == null) { RepElementRoot.UrgentForAdmin = false; } if (RepElementRoot.UrgentForClient == null) { RepElementRoot.UrgentForClient = false; } if (RepElementRoot.ReportToAdmin == false && RepElementRoot.ReportToClient == false && RepElementRoot.UrgentForAdmin == false && RepElementRoot.UrgentForClient == false) { continue; } foreach (string Element in RepElementRoot.ReportingElements) { ReportingPolicyElementEventLog evrep = JsonConvert.DeserializeObject <ReportingPolicyElementEventLog>(Element); if (evrep.Book == null) { evrep.Book = new List <string>(); } if (evrep.CategoryNumbers == null) { evrep.CategoryNumbers = new List <int>(); } if (evrep.EventLogTypes == null) { evrep.EventLogTypes = new List <int>(); } if (evrep.Sources == null) { evrep.Sources = new List <string>(); } if (evrep.Book.Count == 0 && evrep.CategoryNumbers.Count == 0 && evrep.EventLogTypes.Count == 0 && evrep.Sources.Count == 0) { continue; } foreach (EventLogReportFull EV in EventDataList) { if (evrep.Book.Count != 0) { bool Match = false; foreach (string Book in evrep.Book) { if (Book.ToLower() == EV.EventLog.ToLower()) { Match = true; break; } } if (Match == false) { continue; } } if (evrep.Sources.Count != 0) { bool Match = false; foreach (string Source in evrep.Sources) { if (Source.ToLower() == EV.Source.ToLower()) { Match = true; break; } } if (Match == false) { continue; } } if (evrep.EventLogTypes.Count != 0) { bool Match = false; foreach (int EVLType in evrep.EventLogTypes) { if (EVLType == EV.EventLogType) { Match = true; break; } } if (Match == false) { continue; } } if (evrep.CategoryNumbers.Count != 0) { bool Match = false; foreach (int Cat in evrep.CategoryNumbers) { if (Cat == (EV.InstanceID & 0x3FFFFFFF)) { Match = true; break; } } if (Match == false) { continue; } } if (evrep.IncludeExclude == 1) //include { if (evrep.IncludeExcludeTexts != null) { bool Match = false; foreach (string s in evrep.IncludeExcludeTexts) { if (EV.Message.ToLower().Contains(s.ToLower()) == true) { Match = true; break; } } if (Match == false) { continue; } } } if (evrep.IncludeExclude == 2) //exclude { if (evrep.IncludeExcludeTexts != null) { bool Match = true; foreach (string s in evrep.IncludeExcludeTexts) { if (EV.Message.ToLower().Contains(s.ToLower()) == true) { Match = false; break; } } if (Match == false) { continue; } } } bool ReportToAdmin = RepElementRoot.ReportToAdmin.Value; bool ReportToClient = RepElementRoot.ReportToClient.Value; bool UrgentForAdmin = RepElementRoot.UrgentForAdmin.Value; bool UrgentForClient = RepElementRoot.UrgentForClient.Value; if (AlreadyReported.ContainsKey(EV.LogID) == true) { if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.ReportToAdmin) != 0) { ReportToAdmin = false; } if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.ReportToClient) != 0) { ReportToClient = false; } if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.UrgentForAdmin) != 0) { UrgentForAdmin = false; } if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.UrgentForClient) != 0) { UrgentForClient = false; } } if (ReportToAdmin == false && ReportToClient == false && UrgentForAdmin == false && UrgentForClient == false) { continue; } ReportingFlags Flags = (ReportToAdmin == true ? ReportingFlags.ReportToAdmin : 0) | (ReportToClient == true ? ReportingFlags.ReportToClient : 0) | (UrgentForAdmin == true ? ReportingFlags.UrgentForAdmin : 0) | (UrgentForClient == true ? ReportingFlags.UrgentForClient : 0); switch ((EventLogEntryType)EV.EventLogType) { case 0: case EventLogEntryType.Information: Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Info << (int)ReportingFlags.IconFlagsShift)); break; case EventLogEntryType.Warning: Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Exclamation << (int)ReportingFlags.IconFlagsShift)); break; case EventLogEntryType.Error: Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Stop << (int)ReportingFlags.IconFlagsShift)); break; case EventLogEntryType.SuccessAudit: Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Key << (int)ReportingFlags.IconFlagsShift)); break; case EventLogEntryType.FailureAudit: Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.NoKey << (int)ReportingFlags.IconFlagsShift)); break; } ReportingProcessor.ReportEventLog(sql, EV.MachineID, EV, Flags); if (AlreadyReported.ContainsKey(EV.LogID) == true) { AlreadyReported[EV.LogID] |= (Int64)Flags; } else { AlreadyReported.Add(EV.LogID, (Int64)Flags); } } } } } } catch (Exception ee) { FoxEventLog.WriteEventLog("SEH in Event Data Reporting " + ee.ToString(), System.Diagnostics.EventLogEntryType.Error); } }
string Explain(string e) { string res = "Missing description: " + e; switch (lstType.SelectedIndex) { case 1: { ReportingPolicyElementDisk d = JsonConvert.DeserializeObject <ReportingPolicyElementDisk>(e); res = (d.DriveLetter == "$" ? "(SYSTEM DRIVE)" : d.DriveLetter + ":\\") + " - Size < " + d.MinimumSize.ToString() + " " + (d.Method == 1 ? "%" : "bytes"); break; } case 2: { ReportingPolicyElementEventLog d = JsonConvert.DeserializeObject <ReportingPolicyElementEventLog>(e); res = ""; if (d.Book == null) { d.Book = new List <string>(); } if (d.Sources == null) { d.Sources = new List <string>(); } if (d.CategoryNumbers == null) { d.CategoryNumbers = new List <int>(); } if (d.EventLogTypes == null) { d.EventLogTypes = new List <int>(); } if (d.Book.Count == 0) { res += "Book: (all)"; } else { res += "Book: "; foreach (string s in d.Book) { res += s + ", "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } } if (d.Sources.Count == 0) { res += " Sources: (any)"; } else { res += " Sources: "; foreach (string s in d.Sources) { res += s + ", "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } } if (d.EventLogTypes.Count == 0) { res += " Types: (any)"; } else { bool GotInfo = false; res += " Types: "; foreach (int s in d.EventLogTypes) { switch (s) { case 0: case 4: res += GotInfo == false ? " Information, " : ""; GotInfo = true; break; case 1: res += " Error, "; break; case 2: res += " Warning, "; break; case 8: res += " Success Audit, "; break; case 16: res += " Failure Audit, "; break; default: res += " ??? " + d.ToString() + ", "; break; } } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } } if (d.CategoryNumbers.Count == 0) { res += " Event IDs: (any)"; } else { res += " Event IDs: "; foreach (int s in d.CategoryNumbers) { res += s.ToString() + ", "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } } break; } case 3: { ReportingPolicyElementAddRemovePrograms d = JsonConvert.DeserializeObject <ReportingPolicyElementAddRemovePrograms>(e); if (d.Names == null) { d.Names = new List <string>(); } res = ""; switch (d.SearchNameIn) { case 0: res += "Programs with their exact IDs: "; break; case 1: res += "Programs containing: "; break; case 2: res += "Programs starting with: "; break; default: res += "????? " + d.SearchNameIn.ToString() + ": "; break; } if (d.Names.Count == 0) { res += "(any)"; } else { foreach (string s in d.Names) { res += "\"" + s + "\", "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } } res += " "; switch (d.SearchBits) { case 0: break; case 1: res += "(32 bit only)"; break; case 2: res += "(64 bit only)"; break; } res += " Notify on: "; if (d.NotifyOnAdd == true) { res += "Add, "; } if (d.NotifyOnRemove == true) { res += "Removal, "; } if (d.NotifyOnUpdate == true) { res += "Update, "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } break; } case 4: { ReportingPolicyElementStartup d = JsonConvert.DeserializeObject <ReportingPolicyElementStartup>(e); if (d.Names == null) { d.Names = new List <string>(); } res = ""; switch (d.SearchNameIn) { case 0: res += "Startup Item with their exact text: "; break; case 1: res += "Startup Item containing: "; break; case 2: res += "Startup Item starting with: "; break; default: res += "????? " + d.SearchNameIn.ToString() + ": "; break; } if (d.Names.Count == 0) { res += "(any)"; } else { foreach (string s in d.Names) { res += "\"" + s + "\", "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } } res += " "; if (string.IsNullOrWhiteSpace(d.SearchLocations) == false) { res += " Locations: " + d.SearchLocations; } res += " Notify on: "; if (d.NotifyOnAdd == true) { res += "Add, "; } if (d.NotifyOnRemove == true) { res += "Removal, "; } if (d.NotifyOnUpdate == true) { res += "Update, "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } break; } case 5: { ReportingPolicyElementSMART d = JsonConvert.DeserializeObject <ReportingPolicyElementSMART>(e); res = ""; res += " Notify on: "; if (d.NotifyOnAdd == true) { res += "Add, "; } if (d.NotifyOnRemove == true) { res += "Removal, "; } if (d.NotifyOnUpdate == true) { res += "Update"; if (d.SkipAttribUpdateReport != null) { if (d.SkipAttribUpdateReport.Count > 0) { res += " (Skip Attributes: "; foreach (int s in d.SkipAttribUpdateReport) { res += "0x" + s.ToString("X") + ", "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } res += "), "; } else { res += ", "; } } else { res += ", "; } } if (d.NotifyOnError == true) { res += "Error, "; } if (res.EndsWith(", ") == true) { res = res.Substring(0, res.Length - 2); } break; } case 6: { res = "Simple Task is completed"; break; } } return(res); }
private void cmdOK_Click(object sender, EventArgs e) { Element = new ReportingPolicyElementEventLog(); Element.Book = new List <string>(); Element.CategoryNumbers = new List <int>(); Element.EventLogTypes = new List <int>(); Element.Sources = new List <string>(); foreach (string s in lstBook.Text.Split(',')) { if (s.Trim() == "") { continue; } Element.Book.Add(s.Trim()); } foreach (string s in txtSources.Text.Split(',')) { if (s.Trim() == "") { continue; } Element.Sources.Add(s.Trim()); } foreach (string s in txtCategories.Text.Split(',')) { if (s.Trim() == "") { continue; } int Cat; if (int.TryParse(s, out Cat) == false) { MessageBox.Show(this, "Invalid category number.", Program.Title, MessageBoxButtons.OK, MessageBoxIcon.Exclamation); return; } Element.CategoryNumbers.Add(Cat); } if (lstTypes.GetItemChecked(0) == true) { Element.EventLogTypes.Add(0); Element.EventLogTypes.Add(4); } if (lstTypes.GetItemChecked(1) == true) { Element.EventLogTypes.Add(2); } if (lstTypes.GetItemChecked(2) == true) { Element.EventLogTypes.Add(1); } if (lstTypes.GetItemChecked(3) == true) { Element.EventLogTypes.Add(8); } if (lstTypes.GetItemChecked(4) == true) { Element.EventLogTypes.Add(16); } Element.IncludeExclude = lstInclExcl.SelectedIndex; Element.IncludeExcludeTexts = new List <string>(); foreach (string Item in lstTexts.Items) { Element.IncludeExcludeTexts.Add(Item); } if (Element.Book.Count == 0 && Element.CategoryNumbers.Count == 0 && Element.EventLogTypes.Count == 0 && Element.Sources.Count == 0) { MessageBox.Show(this, "Event Log Filter cannot be empty.", Program.Title, MessageBoxButtons.OK, MessageBoxIcon.Information); return; } this.DialogResult = DialogResult.OK; this.Close(); }