static bool CollectEVT(string Book) { EventLog eventLog; eventLog = new EventLog(Book); try { foreach (EventLogEntry log in eventLog.Entries) { EventLogReport ev = new EventLogReport(); ev.Category = log.Category; ev.CategoryNumber = log.CategoryNumber; ev.Data = log.Data; ev.EventLog = Book; ev.EventLogType = (int)log.EntryType; ev.InstanceID = log.InstanceId; ev.LogID = ""; ev.MachineID = SystemInfos.SysInfo.MachineID; ev.Message = log.Message; ev.Source = log.Source; ev.TimeGenerated = log.TimeGenerated; ev.TimeWritten = log.TimeWritten; ev.JSONReplacementStrings = JsonConvert.SerializeObject(log.ReplacementStrings); CommonUtilities.CalcEventLogID(ev); HasEVTLogs.Add(ev.LogID); lst.Add(ev); } } catch { FoxEventLog.WriteEventLog("Cannot collect EventLog " + Book, EventLogEntryType.Error); } return(true); }
public RESTStatus ReportEventLog(SQLLib sql, ListEventLogReport EventLogList, NetworkConnectionInfo ni) { if (ni.HasAcl(ACLFlags.ComputerLogin) == false) { ni.Error = "Access denied"; ni.ErrorID = ErrorFlags.AccessDenied; return(RESTStatus.Denied); } EventLogList.MachineID = ni.Username; lock (ni.sqllock) { if (Convert.ToInt32(sql.ExecSQLScalar("SELECT COUNT(*) FROM ComputerAccounts WHERE MachineID=@m", new SQLParam("@m", EventLogList.MachineID))) == 0) { ni.Error = "Invalid MachineID"; ni.ErrorID = ErrorFlags.InvalidValue; return(RESTStatus.Denied); } } if (EventLogList.Items == null) { ni.Error = "Invalid Items"; ni.ErrorID = ErrorFlags.InvalidValue; return(RESTStatus.Fail); } if (EventLogList.Items.Count == 0) { return(RESTStatus.Created); } DateTime DT = DateTime.Now; foreach (EventLogReport ar in EventLogList.Items) { if (NullTest.Test(ar) == false) { ni.Error = "Invalid Items"; ni.ErrorID = ErrorFlags.InvalidValue; return(RESTStatus.Fail); } CommonUtilities.CalcEventLogID(ar); } List <SQLParam> sqlparams = new List <SQLParam>(); sqlparams.Add(new SQLParam("@id", EventLogList.MachineID)); int count = 1; string vars = ""; foreach (EventLogReport ar in EventLogList.Items) { sqlparams.Add(new SQLParam("@p" + count.ToString(), ar.LogID)); vars += "@p" + count.ToString() + ","; count++; } if (vars.EndsWith(",") == true) { vars = vars.Substring(0, vars.Length - 1); } List <string> LogIDinDB = new List <string>(); lock (ni.sqllock) { SqlDataReader dr = sql.ExecSQLReader("SELECT LogID FROM EventLog WHERE MachineID=@id and LogID in (" + vars + ")", sqlparams.ToArray()); while (dr.Read()) { LogIDinDB.Add(Convert.ToString(dr["LogID"])); } dr.Close(); } List <EventLogReport> RemoveEVL = new List <EventLogReport>(); foreach (EventLogReport ar in EventLogList.Items) { if (LogIDinDB.Contains(ar.LogID) == true) { RemoveEVL.Add(ar); continue; } if (SettingsManager.Settings.KeepEventLogDays > 0) { if (ar.TimeGenerated < DateTime.UtcNow.AddDays(0 - SettingsManager.Settings.KeepEventLogDays)) { RemoveEVL.Add(ar); continue; } } } foreach (EventLogReport ar in RemoveEVL) { EventLogList.Items.Remove(ar); } List <EventLogReportFull> car = new List <EventLogReportFull>(); lock (ni.sqllock) { try { sql.BeginTransaction(); sql.SEHError = true; foreach (EventLogReport ar in EventLogList.Items) { EventLogReportFull arr = new EventLogReportFull(); ClassCopy.CopyClassData(ar, arr); arr.Reported = DateTime.UtcNow; arr.MachineID = EventLogList.MachineID; List <SQLData> d = sql.InsertFromClassPrep(arr); foreach (SQLData dd in d) { if (dd.Column == "ID") { dd.Data = DBNull.Value; break; } } car.Add(arr); sql.InsertFromClass("EventLog", arr); } sql.CommitTransaction(); } catch (Exception ee) { sql.RollBackTransaction(); FoxEventLog.WriteEventLog("DB Error: Cannot insert data to EventLog: " + ee.ToString() + "\r\n\r\nJSON: " + JsonConvert.SerializeObject(car, Formatting.Indented), System.Diagnostics.EventLogEntryType.Error); return(RESTStatus.ServerError); } finally { sql.SEHError = false; } } Thread t = new Thread(new ParameterizedThreadStart(new DReportingThread(ReportingThread))); t.Start(car); return(RESTStatus.Created); }
static bool CollectEVT2(string Book) { try { EventLogSession session = new EventLogSession(); bool Found = false; foreach (string logName in session.GetLogNames()) { if (Book == logName) { Found = true; break; } } if (Found == false) { return(true); } EventLogReader evt = new EventLogReader(Book); EventRecord log; while ((log = evt.ReadEvent()) != null) { EventLogReport ev = new EventLogReport(); ev.Category = "(" + log.Id + ")"; ev.CategoryNumber = log.Id; ev.Data = new byte[0]; ev.EventLog = Book; switch (log.LevelDisplayName.ToLower()) { case "information": ev.EventLogType = (int)EventLogEntryType.Information; break; case "warning": ev.EventLogType = (int)EventLogEntryType.Warning; break; case "error": ev.EventLogType = (int)EventLogEntryType.Error; break; default: ev.EventLogType = (int)EventLogEntryType.Information; break; } ev.InstanceID = log.Id; ev.LogID = ""; ev.MachineID = SystemInfos.SysInfo.MachineID; ev.Message = MakeNiceXML(log.ToXml()); ev.Source = log.ProviderName; ev.TimeGenerated = log.TimeCreated == null?DateTime.Now: log.TimeCreated.Value; ev.TimeWritten = log.TimeCreated == null ? DateTime.Now : log.TimeCreated.Value; ev.JSONReplacementStrings = "[]"; CommonUtilities.CalcEventLogID(ev); HasEVTLogs.Add(ev.LogID); lst.Add(ev); } } catch { FoxEventLog.WriteEventLog("Cannot collect EventLog " + Book, EventLogEntryType.Error); } return(true); }