コード例 #1
0
        public EventProducer(DbStatusObject dbStatusObj, string dbPath)
        {
            queueManager = new NotificationQueue();

            worker = new EventProcessor(queueManager, dbStatusObj, dbPath);
            eventWatcher = new EventWatcherAsync(queueManager, dbStatusObj);
        }
コード例 #2
0
 public DbSizeMonitor(string db, DbStatusObject dbStatusObj)
 {
     dbPath = db;
     MonitorDbSizeTimer = new System.Timers.Timer(1000 * 60 * MONITOR_INTERVAL); //Interval specified in milliseconds
     conn = new SQLiteConnection(dbPath);
     dbStatus = dbStatusObj;
     GetLoginInfo();
 }
コード例 #3
0
        public EventWatcherAsync(NotificationQueue q, DbStatusObject dbStatusObj)
        {
            scope = new ManagementScope(@"\\localhost\root\cimv2");

            string query1 = null;
            try
            {
                System.OperatingSystem osInfo = Environment.OSVersion;
                CLogger.WriteLog(ELogLevel.DEBUG, "OS version Major" + osInfo.Version.Major.ToString());
                if (osInfo.Version.Major == 5)//OS_VER_WIN_SERVER_2003)
                {
                    query1 = @"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA
                'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security' and TargetInstance.Category = 3
                and (TargetInstance.EventCode=560 OR TargetInstance.EventCode=564 OR TargetInstance.EventCode=567
                OR TargetInstance.EventCode=594)";
                }
                else if (osInfo.Version.Major == 6)//OS_VER_WIN_SERVER_2008)
                {
                    CLogger.WriteLog(ELogLevel.DEBUG, "OS version 2008");
                    query1 = @"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA
                'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security' and (TargetInstance.Category = 12800
                OR TargetInstance.Category = 12807) and (TargetInstance.EventCode=4656 OR TargetInstance.EventCode=4660 OR TargetInstance.EventCode=4663
                OR TargetInstance.EventCode=4690)";
                }
            }
            catch (Exception e)
            {
                CLogger.WriteLog(ELogLevel.DEBUG, "Caught exception while checking OS type" + e.Message);
            }

            // Category = 3 CategoryString = 'Object Access'
            eventLogChangesWatcher = new ManagementEventWatcher(new EventQuery(query1));
            string query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Win32_PrintJob'";
            printJobWatcher = new ManagementEventWatcher(new EventQuery(query2));

            #if CIM_CLASS
            query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'CIM_DataFile' AND
                    TargetInstance.Drive='C:' AND TargetInstance.Path = '\\testdocument\\' ";
            /*            query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE
                    Targetinstance ISA 'CIM_DirectoryContainsFile' AND
                    TargetInstance.GroupComponent='c:\\windows'";
            */
            fileCreationWatcher = new ManagementEventWatcher(new EventQuery(query2));
            #endif

            #if REMOTE_PRINT
            ConnectionOptions connOptions = new ConnectionOptions();
            connOptions.Username = "******";
            connOptions.Password = "******";
            remoteScope = new ManagementScope(@"\\192.168.0.1\root\cimv2", connOptions);
            CLogger.WriteLog(ELogLevel.DEBUG, "Remote Scope created");

            printJobWatcherRemote = new ManagementEventWatcher(new EventQuery(query2));
            CLogger.WriteLog(ELogLevel.DEBUG, "Remote Scope created2");
            #endif
            queue = q;
            dbStatus = dbStatusObj;
        }
コード例 #4
0
        public EventProcessor(NotificationQueue q, DbStatusObject dbStatusObj, string dbPath)
        {
            queue = q;
            conn = new SQLiteConnection(dbPath);
            //@"Data Source=" + System.Environment.GetEnvironmentVariable("windir") + "\\system\\AccessTrackerDB");

            TrimOpenAccessTimer = new System.Timers.Timer(1000 * 60 * TRIM_OPEN_ACCESS_INTERVAL); //Interval specified in milliseconds
            killedProcessList = new List<Win32ProcessInfo>();
            procDeleteWatcher = new ProcessDeleteWatcherAsync(killedProcessList);
            dbStatus = dbStatusObj;
        }
コード例 #5
0
        protected override void OnStart(string[] args)
        {
            string dbPath = @"Data Source=" + System.Environment.GetEnvironmentVariable("windir") + "\\system\\AccessTrackerDB.db";
            dbStatus = new DbStatusObject();
            dbUsageMonitor = new DbSizeMonitor(dbPath, dbStatus);
            if (dbUsageMonitor.isDBSizeOk() == true)
            {
                init = new EventProducer(dbStatus, dbPath);
                init.Start();
                dbUsageMonitor.Start();

                server = new Server();
            }
            else
            {
                this.Stop();
            }
        }