public frmEventLog(string Element)
{
if (Element == null)
{
this.Element = null;
}
else
{
this.Element = JsonConvert.DeserializeObject <ReportingPolicyElementEventLog>(Element);
}
InitializeComponent();
}
void ReportingThread(object EventDataListO)
{
try
{
using (SQLLib sql = SQLTest.ConnectSQL("Fox SDC Server for EventLog Data"))
{
if (sql == null)
{
FoxEventLog.WriteEventLog("Cannot connect to SQL Server for Event Log Data Reporting!", System.Diagnostics.EventLogEntryType.Error);
return;
}
List <EventLogReportFull> EventDataList = (List <EventLogReportFull>)EventDataListO;
if (EventDataList.Count == 0)
{
return;
}
List <PolicyObject> Pol = Policies.GetPolicyForComputerInternal(sql, EventDataList[0].MachineID);
Dictionary <string, Int64> AlreadyReported = new Dictionary <string, long>();
foreach (PolicyObject PolO in Pol)
{
if (PolO.Type != PolicyIDs.ReportingPolicy)
{
continue;
}
ReportingPolicyElement RepElementRoot = JsonConvert.DeserializeObject <ReportingPolicyElement>(Policies.GetPolicy(sql, PolO.ID).Data);
if (RepElementRoot.Type != ReportingPolicyType.EventLog)
{
continue;
}
if (RepElementRoot.ReportToAdmin == null)
{
RepElementRoot.ReportToAdmin = false;
}
if (RepElementRoot.ReportToClient == null)
{
RepElementRoot.ReportToClient = false;
}
if (RepElementRoot.UrgentForAdmin == null)
{
RepElementRoot.UrgentForAdmin = false;
}
if (RepElementRoot.UrgentForClient == null)
{
RepElementRoot.UrgentForClient = false;
}
if (RepElementRoot.ReportToAdmin == false && RepElementRoot.ReportToClient == false && RepElementRoot.UrgentForAdmin == false && RepElementRoot.UrgentForClient == false)
{
continue;
}
foreach (string Element in RepElementRoot.ReportingElements)
{
ReportingPolicyElementEventLog evrep = JsonConvert.DeserializeObject <ReportingPolicyElementEventLog>(Element);
if (evrep.Book == null)
{
evrep.Book = new List <string>();
}
if (evrep.CategoryNumbers == null)
{
evrep.CategoryNumbers = new List <int>();
}
if (evrep.EventLogTypes == null)
{
evrep.EventLogTypes = new List <int>();
}
if (evrep.Sources == null)
{
evrep.Sources = new List <string>();
}
if (evrep.Book.Count == 0 && evrep.CategoryNumbers.Count == 0 && evrep.EventLogTypes.Count == 0 && evrep.Sources.Count == 0)
{
continue;
}
foreach (EventLogReportFull EV in EventDataList)
{
if (evrep.Book.Count != 0)
{
bool Match = false;
foreach (string Book in evrep.Book)
{
if (Book.ToLower() == EV.EventLog.ToLower())
{
Match = true;
break;
}
}
if (Match == false)
{
continue;
}
}
if (evrep.Sources.Count != 0)
{
bool Match = false;
foreach (string Source in evrep.Sources)
{
if (Source.ToLower() == EV.Source.ToLower())
{
Match = true;
break;
}
}
if (Match == false)
{
continue;
}
}
if (evrep.EventLogTypes.Count != 0)
{
bool Match = false;
foreach (int EVLType in evrep.EventLogTypes)
{
if (EVLType == EV.EventLogType)
{
Match = true;
break;
}
}
if (Match == false)
{
continue;
}
}
if (evrep.CategoryNumbers.Count != 0)
{
bool Match = false;
foreach (int Cat in evrep.CategoryNumbers)
{
if (Cat == (EV.InstanceID & 0x3FFFFFFF))
{
Match = true;
break;
}
}
if (Match == false)
{
continue;
}
}
if (evrep.IncludeExclude == 1) //include
{
if (evrep.IncludeExcludeTexts != null)
{
bool Match = false;
foreach (string s in evrep.IncludeExcludeTexts)
{
if (EV.Message.ToLower().Contains(s.ToLower()) == true)
{
Match = true;
break;
}
}
if (Match == false)
{
continue;
}
}
}
if (evrep.IncludeExclude == 2) //exclude
{
if (evrep.IncludeExcludeTexts != null)
{
bool Match = true;
foreach (string s in evrep.IncludeExcludeTexts)
{
if (EV.Message.ToLower().Contains(s.ToLower()) == true)
{
Match = false;
break;
}
}
if (Match == false)
{
continue;
}
}
}
bool ReportToAdmin = RepElementRoot.ReportToAdmin.Value;
bool ReportToClient = RepElementRoot.ReportToClient.Value;
bool UrgentForAdmin = RepElementRoot.UrgentForAdmin.Value;
bool UrgentForClient = RepElementRoot.UrgentForClient.Value;
if (AlreadyReported.ContainsKey(EV.LogID) == true)
{
if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.ReportToAdmin) != 0)
{
ReportToAdmin = false;
}
if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.ReportToClient) != 0)
{
ReportToClient = false;
}
if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.UrgentForAdmin) != 0)
{
UrgentForAdmin = false;
}
if ((AlreadyReported[EV.LogID] & (Int64)ReportingFlags.UrgentForClient) != 0)
{
UrgentForClient = false;
}
}
if (ReportToAdmin == false && ReportToClient == false && UrgentForAdmin == false && UrgentForClient == false)
{
continue;
}
ReportingFlags Flags = (ReportToAdmin == true ? ReportingFlags.ReportToAdmin : 0) |
(ReportToClient == true ? ReportingFlags.ReportToClient : 0) |
(UrgentForAdmin == true ? ReportingFlags.UrgentForAdmin : 0) |
(UrgentForClient == true ? ReportingFlags.UrgentForClient : 0);
switch ((EventLogEntryType)EV.EventLogType)
{
case 0:
case EventLogEntryType.Information:
Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Info << (int)ReportingFlags.IconFlagsShift));
break;
case EventLogEntryType.Warning:
Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Exclamation << (int)ReportingFlags.IconFlagsShift));
break;
case EventLogEntryType.Error:
Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Stop << (int)ReportingFlags.IconFlagsShift));
break;
case EventLogEntryType.SuccessAudit:
Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.Key << (int)ReportingFlags.IconFlagsShift));
break;
case EventLogEntryType.FailureAudit:
Flags = (ReportingFlags)((Int64)Flags | ((Int64)ReportingStatusPictureEnum.NoKey << (int)ReportingFlags.IconFlagsShift));
break;
}
ReportingProcessor.ReportEventLog(sql, EV.MachineID, EV, Flags);
if (AlreadyReported.ContainsKey(EV.LogID) == true)
{
AlreadyReported[EV.LogID] |= (Int64)Flags;
}
else
{
AlreadyReported.Add(EV.LogID, (Int64)Flags);
}
}
}
}
}
}
catch (Exception ee)
{
FoxEventLog.WriteEventLog("SEH in Event Data Reporting " + ee.ToString(), System.Diagnostics.EventLogEntryType.Error);
}
}
string Explain(string e)
{
string res = "Missing description: " + e;
switch (lstType.SelectedIndex)
{
case 1:
{
ReportingPolicyElementDisk d = JsonConvert.DeserializeObject <ReportingPolicyElementDisk>(e);
res = (d.DriveLetter == "$" ? "(SYSTEM DRIVE)" : d.DriveLetter + ":\\") + " - Size < " + d.MinimumSize.ToString() + " " + (d.Method == 1 ? "%" : "bytes");
break;
}
case 2:
{
ReportingPolicyElementEventLog d = JsonConvert.DeserializeObject <ReportingPolicyElementEventLog>(e);
res = "";
if (d.Book == null)
{
d.Book = new List <string>();
}
if (d.Sources == null)
{
d.Sources = new List <string>();
}
if (d.CategoryNumbers == null)
{
d.CategoryNumbers = new List <int>();
}
if (d.EventLogTypes == null)
{
d.EventLogTypes = new List <int>();
}
if (d.Book.Count == 0)
{
res += "Book: (all)";
}
else
{
res += "Book: ";
foreach (string s in d.Book)
{
res += s + ", ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
}
if (d.Sources.Count == 0)
{
res += " Sources: (any)";
}
else
{
res += " Sources: ";
foreach (string s in d.Sources)
{
res += s + ", ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
}
if (d.EventLogTypes.Count == 0)
{
res += " Types: (any)";
}
else
{
bool GotInfo = false;
res += " Types: ";
foreach (int s in d.EventLogTypes)
{
switch (s)
{
case 0:
case 4:
res += GotInfo == false ? " Information, " : ""; GotInfo = true; break;
case 1:
res += " Error, "; break;
case 2:
res += " Warning, "; break;
case 8:
res += " Success Audit, "; break;
case 16:
res += " Failure Audit, "; break;
default:
res += " ??? " + d.ToString() + ", "; break;
}
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
}
if (d.CategoryNumbers.Count == 0)
{
res += " Event IDs: (any)";
}
else
{
res += " Event IDs: ";
foreach (int s in d.CategoryNumbers)
{
res += s.ToString() + ", ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
}
break;
}
case 3:
{
ReportingPolicyElementAddRemovePrograms d = JsonConvert.DeserializeObject <ReportingPolicyElementAddRemovePrograms>(e);
if (d.Names == null)
{
d.Names = new List <string>();
}
res = "";
switch (d.SearchNameIn)
{
case 0: res += "Programs with their exact IDs: "; break;
case 1: res += "Programs containing: "; break;
case 2: res += "Programs starting with: "; break;
default: res += "????? " + d.SearchNameIn.ToString() + ": "; break;
}
if (d.Names.Count == 0)
{
res += "(any)";
}
else
{
foreach (string s in d.Names)
{
res += "\"" + s + "\", ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
}
res += " ";
switch (d.SearchBits)
{
case 0: break;
case 1: res += "(32 bit only)"; break;
case 2: res += "(64 bit only)"; break;
}
res += " Notify on: ";
if (d.NotifyOnAdd == true)
{
res += "Add, ";
}
if (d.NotifyOnRemove == true)
{
res += "Removal, ";
}
if (d.NotifyOnUpdate == true)
{
res += "Update, ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
break;
}
case 4:
{
ReportingPolicyElementStartup d = JsonConvert.DeserializeObject <ReportingPolicyElementStartup>(e);
if (d.Names == null)
{
d.Names = new List <string>();
}
res = "";
switch (d.SearchNameIn)
{
case 0: res += "Startup Item with their exact text: "; break;
case 1: res += "Startup Item containing: "; break;
case 2: res += "Startup Item starting with: "; break;
default: res += "????? " + d.SearchNameIn.ToString() + ": "; break;
}
if (d.Names.Count == 0)
{
res += "(any)";
}
else
{
foreach (string s in d.Names)
{
res += "\"" + s + "\", ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
}
res += " ";
if (string.IsNullOrWhiteSpace(d.SearchLocations) == false)
{
res += " Locations: " + d.SearchLocations;
}
res += " Notify on: ";
if (d.NotifyOnAdd == true)
{
res += "Add, ";
}
if (d.NotifyOnRemove == true)
{
res += "Removal, ";
}
if (d.NotifyOnUpdate == true)
{
res += "Update, ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
break;
}
case 5:
{
ReportingPolicyElementSMART d = JsonConvert.DeserializeObject <ReportingPolicyElementSMART>(e);
res = "";
res += " Notify on: ";
if (d.NotifyOnAdd == true)
{
res += "Add, ";
}
if (d.NotifyOnRemove == true)
{
res += "Removal, ";
}
if (d.NotifyOnUpdate == true)
{
res += "Update";
if (d.SkipAttribUpdateReport != null)
{
if (d.SkipAttribUpdateReport.Count > 0)
{
res += " (Skip Attributes: ";
foreach (int s in d.SkipAttribUpdateReport)
{
res += "0x" + s.ToString("X") + ", ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
res += "), ";
}
else
{
res += ", ";
}
}
else
{
res += ", ";
}
}
if (d.NotifyOnError == true)
{
res += "Error, ";
}
if (res.EndsWith(", ") == true)
{
res = res.Substring(0, res.Length - 2);
}
break;
}
case 6:
{
res = "Simple Task is completed";
break;
}
}
return(res);
}
private void cmdOK_Click(object sender, EventArgs e)
{
Element = new ReportingPolicyElementEventLog();
Element.Book = new List <string>();
Element.CategoryNumbers = new List <int>();
Element.EventLogTypes = new List <int>();
Element.Sources = new List <string>();
foreach (string s in lstBook.Text.Split(','))
{
if (s.Trim() == "")
{
continue;
}
Element.Book.Add(s.Trim());
}
foreach (string s in txtSources.Text.Split(','))
{
if (s.Trim() == "")
{
continue;
}
Element.Sources.Add(s.Trim());
}
foreach (string s in txtCategories.Text.Split(','))
{
if (s.Trim() == "")
{
continue;
}
int Cat;
if (int.TryParse(s, out Cat) == false)
{
MessageBox.Show(this, "Invalid category number.", Program.Title, MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
return;
}
Element.CategoryNumbers.Add(Cat);
}
if (lstTypes.GetItemChecked(0) == true)
{
Element.EventLogTypes.Add(0);
Element.EventLogTypes.Add(4);
}
if (lstTypes.GetItemChecked(1) == true)
{
Element.EventLogTypes.Add(2);
}
if (lstTypes.GetItemChecked(2) == true)
{
Element.EventLogTypes.Add(1);
}
if (lstTypes.GetItemChecked(3) == true)
{
Element.EventLogTypes.Add(8);
}
if (lstTypes.GetItemChecked(4) == true)
{
Element.EventLogTypes.Add(16);
}
Element.IncludeExclude = lstInclExcl.SelectedIndex;
Element.IncludeExcludeTexts = new List <string>();
foreach (string Item in lstTexts.Items)
{
Element.IncludeExcludeTexts.Add(Item);
}
if (Element.Book.Count == 0 && Element.CategoryNumbers.Count == 0 && Element.EventLogTypes.Count == 0 && Element.Sources.Count == 0)
{
MessageBox.Show(this, "Event Log Filter cannot be empty.", Program.Title, MessageBoxButtons.OK, MessageBoxIcon.Information);
return;
}
this.DialogResult = DialogResult.OK;
this.Close();
}
