static public bool hasing(EvLogPara t_OldData, EvLogPara t_NewDate) { if (!(t_OldData.Equals(t_NewDate))) { return(true); } else { return(false); } }
private bool hasing(EvLogPara t_OldData, EvLogPara t_NewDate) { //if (t_OldData.GetHashCode() != t_NewDate.GetHashCode()) if (!(t_OldData.Equals(t_NewDate))) { return(true); } else { return(false); } }
static public void InsertEventLog() { if (Triger) { Console.WriteLine("Already On"); return; } else { Console.WriteLine("LogSearchStart"); Triger = true; } EvLogPara nevlp = new EvLogPara("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""); EvLogPara oevlp = new EvLogPara("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""); TC_2 = TC_1; StringBuilder sb = new StringBuilder(); const string queryString = @"<QueryList> <Query Id=""0"" Path=""Security""> <Select Path=""Security"">*</Select> </Query> </QueryList>"; EventLogQuery eventsQuery = new EventLogQuery("Security", PathType.LogName, queryString); eventsQuery.ReverseDirection = true; EventLogReader logReader = new EventLogReader(eventsQuery); //string g_ConnectionStr = @"Data Source=192.168.10.230,7100;Initial Catalog=arcon;Integrated Security=False;User ID=arconsa;Password=arconsa@pass0;Connect Timeout=5;Encrypt=False;TrustServerCertificate=False"; string g_ConnectionStr = @"Data Source=127.0.0.1,1433;Initial Catalog=Eventlog;Integrated Security=False;User ID=eventsa;Password=eventsa@pass0;Connect Timeout=5;Encrypt=False;TrustServerCertificate=False"; SqlCommand sqlCmd = new SqlCommand(); SqlConnection sqlCon = new SqlConnection(g_ConnectionStr); for (EventRecord eventInstance = logReader.ReadEvent(); null != eventInstance; eventInstance = logReader.ReadEvent()) { foreach (var VARIABLE in eventInstance.Properties) { if (!VARIABLE.Value.ToString().Contains(g_FoldertoSearch)) { continue; } if (!TF) { if (DateTime.Compare(TC_2, (DateTime)eventInstance.TimeCreated) != -1) { continue; } } try { if ((eventInstance.TaskDisplayName.ToString() == LanguageFilter[0] || eventInstance.TaskDisplayName.ToString() == LanguageFilter[1] || eventInstance.TaskDisplayName.ToString() == LanguageFilter[2])) { if (eventInstance.Id.ToString() == "4656")//본인 PC { if (eventInstance.Properties[6].Value.ToString().Replace(g_FoldertoSearch, "").Length != 0) { nevlp.LoadTime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.sss"); nevlp.EventID = eventInstance.Id.ToString(); nevlp.UserName = eventInstance.Properties[1].Value.ToString(); nevlp.DomainName = eventInstance.Properties[2].Value.ToString(); nevlp.LogonID = eventInstance.Properties[3].Value.ToString(); nevlp.Information = eventInstance.Properties[4].Value.ToString(); nevlp.Subject = eventInstance.Properties[5].Value.ToString(); nevlp.PC_IPAddress = ""; nevlp.PC_Port = ""; nevlp.ShareName = ""; nevlp.ShareLocalPath = eventInstance.Properties[6].Value.ToString(); nevlp.FileName = Path.GetFileName(eventInstance.Properties[6].Value.ToString()); nevlp.AccessMask = ""; nevlp.AccessList = DataReplace(eventInstance.Properties[9].Value.ToString()); nevlp.AccessReason = DataReplace(eventInstance.Properties[10].Value.ToString()); nevlp.EventTime = eventInstance.TimeCreated.Value.ToString("yyyy-MM-dd HH:mm:ss.sss"); Console.WriteLine("=============================================================="); Console.WriteLine("LoadTime " + nevlp.LoadTime); Console.WriteLine("EventID : " + nevlp.EventID); Console.WriteLine("UserName : "******"DomainName : " + nevlp.DomainName); Console.WriteLine("LogonID : " + nevlp.LogonID); Console.WriteLine("Information : " + nevlp.Information); Console.WriteLine("Subject : " + nevlp.Subject); Console.WriteLine("ShareLocalPath : " + nevlp.ShareLocalPath); Console.WriteLine("FileName : " + nevlp.FileName); Console.WriteLine("AccessList : \n" + nevlp.AccessList); Console.WriteLine("AccessReason : \n" + nevlp.AccessReason); Console.WriteLine("EventTime: " + nevlp.EventTime); } } if (eventInstance.Id.ToString() == "5145")//공유 폴더 { if (eventInstance.Properties[9].Value.ToString().Replace("\\", "").Length != 0 && eventInstance.TaskDisplayName.ToString() == LanguageFilter[1]) { nevlp.LoadTime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.sss"); nevlp.EventID = eventInstance.Id.ToString(); nevlp.UserName = eventInstance.Properties[1].Value.ToString(); nevlp.DomainName = eventInstance.Properties[2].Value.ToString(); nevlp.Subject = eventInstance.Properties[4].Value.ToString(); nevlp.LogonID = eventInstance.Properties[3].Value.ToString(); nevlp.PC_IPAddress = eventInstance.Properties[5].Value.ToString(); nevlp.PC_Port = eventInstance.Properties[6].Value.ToString(); nevlp.ShareName = eventInstance.Properties[7].Value.ToString(); nevlp.ShareLocalPath = eventInstance.Properties[8].Value.ToString(); nevlp.FileName = eventInstance.Properties[9].Value.ToString(); nevlp.AccessMask = eventInstance.Properties[10].Value.ToString(); nevlp.AccessList = DataReplace(eventInstance.Properties[11].Value.ToString()); nevlp.AccessReason = DataReplace(eventInstance.Properties[12].Value.ToString()); nevlp.EventTime = eventInstance.TimeCreated.Value.ToString("yyyy-MM-dd HH:mm:ss.sss"); nevlp.Information = ""; Console.WriteLine("=============================================================="); Console.WriteLine("LoadTime " + nevlp.LoadTime); Console.WriteLine("EventID : " + nevlp.EventID); Console.WriteLine("UserName : "******"DomainName : " + nevlp.DomainName); Console.WriteLine("Subject : " + nevlp.Subject); Console.WriteLine("LogonID : " + nevlp.LogonID); Console.WriteLine("PC_IPAddress : " + nevlp.PC_IPAddress); Console.WriteLine("PC_Port : " + nevlp.PC_Port); Console.WriteLine("ShareName: " + nevlp.ShareName); Console.WriteLine("ShareLocalPath : " + nevlp.ShareLocalPath); Console.WriteLine("FileName: " + nevlp.FileName); Console.WriteLine("AccessMask : " + nevlp.AccessMask); Console.WriteLine("AccessList : \n" + nevlp.AccessList); Console.WriteLine("AccessReason : \n" + nevlp.AccessReason); Console.WriteLine("CreateTime : " + nevlp.EventTime); } } } if (nevlp.EventID != "" && hasing(oevlp, nevlp)) { sqlCon.Open(); sqlCmd.Connection = sqlCon; sqlCmd.CommandText = $"INSERT INTO Eventlog.dbo.EventLogView(LoadTime, EventID, UserName, DomainName, Subject, PC_IPAddress, PC_Port, ShareName, ShareLocalPath, FileName, AccessMask, AccessList, AccessReason, EventTime, LogonID, Information)" + $" VALUES ('" + nevlp.LoadTime + "','" + nevlp.EventID + "','" + nevlp.UserName + "','" + nevlp.DomainName + "','" + nevlp.Subject + "','" + nevlp.PC_IPAddress + "','" + nevlp.PC_Port + "','" + nevlp.ShareName + "','" + nevlp.ShareLocalPath + "','" + nevlp.FileName + "','" + nevlp.AccessMask + "','" + nevlp.AccessList + "','" + nevlp.AccessReason + "','" + nevlp.EventTime + "','" + nevlp.LogonID + "','" + nevlp.Information + "')"; oevlp = nevlp; sqlCmd.ExecuteNonQuery(); sqlCon.Close(); if (DateTime.Compare(TC_1, (DateTime)eventInstance.TimeCreated) == -1) { TC_1 = (DateTime)eventInstance.TimeCreated; } TF = false; Console.WriteLine("insert Data"); } } catch (Exception e2) { sqlCon.Close(); Console.WriteLine(e2.Message); } } } Triger = false; }