/// Event Handler for the watcher /// Double check Event ID and see if the access is related /// to the passwords.txt file we have setup private void logWatcher_EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { if (e.EventRecord.Id == 4656) { //Is this is for the file of interest if (e.EventRecord.FormatDescription().Contains("passwords.txt")) { try { log.WriteLine("Honeypot file accessed"); log.WriteLine(e.EventRecord.FormatDescription()); log.WriteLine("****************************************"); //Send Mail string email = ((NetworkCredential)this.smtpClient.Credentials).UserName; MailMessage mail = new MailMessage(email, email); mail.Subject = "[Sentinel Notification] Honeypot file accessed."; mail.Body = e.EventRecord.FormatDescription(); mail.Priority = MailPriority.High; mail.IsBodyHtml = false; smtpClient.Send(mail); } catch (Exception ex) { log.WriteLine( "Unexpected Error OnEventWritten: " + ex.ToString()); } } } }
public void EventLogEventRead(object obj, EventRecordWrittenEventArgs arg) { RestartDetected = false; PowerOffDetected = false; try { Logger.Debug("Logging event: " + arg); // Make sure there was no error reading the event. if (arg.EventRecord != null) { foreach (EventProperty x in ((EventLogRecord)arg.EventRecord).Properties) { var strValue = x.Value.ToString(); Logger.Debug("Event value: " + strValue); if (RestartNames.Any(n => n.Equals(strValue, StringComparison.OrdinalIgnoreCase))) { RestartDetected = true; break; } if (PowerOffNames.Any(n => n.Equals(strValue, StringComparison.OrdinalIgnoreCase))) { PowerOffDetected = true; break; } } } } catch (Exception) { } }
private void watcher_EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { // (new System.Collections.Generic.Mscorlib_CollectionDebugView<System.Diagnostics.Eventing.Reader.EventProperty>(e.EventRecord.Properties)).Items[0] foreach (System.Diagnostics.Eventing.Reader.EventProperty prop in e.EventRecord.Properties) { if (Regex.IsMatch(prop.Value.ToString(), "(?:[0-9]{1,3}.){3}[0-9]{1,3}")) { Match ipAddress = Regex.Match(prop.Value.ToString(), "(?:[0-9]{1,3}.){3}[0-9]{1,3}"); NotificationEventArgs args = new NotificationEventArgs(); args.CreateDate = e.EventRecord.TimeCreated.Value; args.EventId = e.EventRecord.Id; args.IpAddress = ipAddress.Value; System.Net.IPAddress ip; System.Net.IPAddress.TryParse(args.IpAddress, out ip); if (ip != null && ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork) { OnAttackDetected(this, args); } } //if (prop.Value.ToString().Contains("CLIENT:")) { // string client = prop.Value.ToString(); // int start = client.IndexOf("CLIENT:") + 7; // string ipAddress = client.Substring(start, client.LastIndexOf(']') - start).Trim(); // NotificationEventArgs args = new NotificationEventArgs(); // args.CreateDate = e.EventRecord.TimeCreated.Value; // args.EventId = e.EventRecord.Id; // args.IpAddress = ipAddress; // OnAttackDetected(this, args); //} } } catch (Exception ex) { EventLog.WriteEntry("Cyberarms.Agents.FileMaker.FileMakerSecurityAgent", ex.Message); } }
// Callback method that gets executed when an event is // reported to the subscription. public static void EventLogEventRead(object obj, EventRecordWrittenEventArgs arg) { // Make sure there was no error reading the event. if (arg.EventRecord != null) { ////// // This section creates a list of XPath reference strings to select // the properties that we want to display // In this example, we will extract the User, TimeCreated, EventID and EventRecordID ////// // Array of strings containing XPath references String[] xPathRefs = new String[4]; xPathRefs[0] = "Event/System/TimeCreated/@SystemTime"; xPathRefs[1] = "Event/System/Computer"; xPathRefs[2] = "Event/EventData/Data[@Name=\"TargetUserName\"]"; xPathRefs[3] = "Event/EventData/Data[@Name=\"TargetDomainName\"]"; // Place those strings in an IEnumberable object IEnumerable <String> xPathEnum = xPathRefs; // Create the property selection context using the XPath reference EventLogPropertySelector logPropertyContext = new EventLogPropertySelector(xPathEnum); IList <object> logEventProps = ((EventLogRecord)arg.EventRecord).GetPropertyValues(logPropertyContext); // Read the event description var description = arg.EventRecord.FormatDescription(); } else { // Log the event } }
public override string Execute(EventEntry evtlog) { if (!(evtlog.LogData.GetType() == typeof(EventRecordWrittenEventArgs) || evtlog.LogData.GetType().IsSubclassOf(typeof(EventRecordWrittenEventArgs)))) { return(goto_next); } EventRecordWrittenEventArgs evtarg = evtlog.LogData as EventRecordWrittenEventArgs; EventRecord evtrec = evtarg.EventRecord; string xmlString = evtrec.ToXml(); evtlog.SetProcData("EventData.XML", xmlString); evtlog.SetProcData("EventData.Description", evtrec.FormatDescription()); // process event XML data var doc = XDocument.Parse(xmlString); var namespaces = new XmlNamespaceManager(new NameTable()); var ns = doc.Root.GetDefaultNamespace(); namespaces.AddNamespace("ns", ns.NamespaceName); foreach (var element in doc.XPathSelectElements("/ns:Event/ns:System/*", namespaces)) { if (!string.IsNullOrWhiteSpace(element.Value)) { evtlog.SetProcData("EventSystem." + element.Name.LocalName, element.Value); } if (element.HasAttributes) { foreach (var attribute in element.Attributes()) { evtlog.SetProcData("EventSystem." + element.Name.LocalName + "." + attribute.Name, attribute.Value); } } } int dataCnt = 0; foreach (var element in doc.XPathSelectElements("/ns:Event/ns:EventData/ns:Data", namespaces)) { var name = element.Attribute("Name"); if (name != null) { evtlog.SetProcData("EventData." + name.Value, element.Value); } else { evtlog.SetProcData("EventData[" + dataCnt + "]", element.Value); dataCnt++; } } if (dataCnt > 0) { evtlog.SetProcData("EventData", dataCnt); } return(goto_next); }
void WatcherEventRecordWritten(object sender, EventRecordWrittenEventArgs e) { // This method is being invoked every time that a entry was written to the event log. try { using (var stream = new MemoryStream()) { // Serialize EventLog's entry as Xml var writer = new StreamWriter(stream, Encoding.ASCII); var xml = e.EventRecord.ToXml(); writer.Write(xml); stream.Seek(0, SeekOrigin.Begin); // Publish a new message var urlToMessage = topic.PostMessage(stream, "application/xml"); // Prints new message's url Utils.WriteOnScrollableFrame(urlToMessage); } } catch (Exception ex) { // Prints any exception Console.WriteLine(ex.ToString()); } }
private void EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { if (e != null && e.EventRecord != null) { EventRecord rec = e.EventRecord; string xml = null; try { xml = rec.ToXml(); } catch { } if (xml != null) { ProcessXml(xml); } } } catch (Exception ex) { Log.Write(LogLevel.Error, ex.ToString()); } }
private void EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { if (e != null && e.EventRecord != null) { EventRecord rec = e.EventRecord; string xml = null; try { xml = rec.ToXml(); } catch { } if (xml != null) { ProcessEventViewerXml(xml); } } } catch (Exception ex) { IPBanLog.Error(ex); } }
/// <summary> /// Event Handler for the watcher /// Double check Event ID and see if the access is related /// to the passwords.txt file we have setup /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void logWatcher_EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { if (e.EventRecord.Id == 4656) { //Check if the audit Evvent is for a file we setup (avoiding false positves) if (e.EventRecord.FormatDescription().Contains("passwords.txt")) { try { lock (SentinelConfiguration.Logfile) { //Write to logfile log.WriteLine("Honeypot file accesssed"); log.WriteLine(e.EventRecord.FormatDescription()); log.WriteLine("*******************************************"); } //Send Mail string email = ((NetworkCredential)this.smtpClient.Credentials).UserName; MailMessage mail = new MailMessage(email, email); mail.Subject = "[Sentinel Notification] Honeypot file accessed."; mail.Body = e.EventRecord.FormatDescription(); mail.Priority = MailPriority.High; mail.IsBodyHtml = false; smtpClient.Send(mail); } catch (Exception ex) { log.WriteLine("Unexpected Error during OnEventWritten: " + ex.ToString()); } } } }
private void watcher_EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { // (new System.Collections.Generic.Mscorlib_CollectionDebugView<System.Diagnostics.Eventing.Reader.EventProperty>(e.EventRecord.Properties)).Items[0] foreach (System.Diagnostics.Eventing.Reader.EventProperty prop in e.EventRecord.Properties) { // extract ip address from event log entry // format: <clientname> [IP = 'x.x.x.x'] if (prop.Value.ToString().Contains(SEARCH_PATTERN_BEGIN)) { string orig = prop.Value.ToString(); int start = orig.IndexOf(SEARCH_PATTERN_BEGIN) + SEARCH_PATTERN_BEGIN.Length; int length = orig.IndexOf(SEARCH_PATTERN_END) - start; string ipAddress = orig.Substring(start, length); NotificationEventArgs args = new NotificationEventArgs(); args.CreateDate = e.EventRecord.TimeCreated.Value; args.EventId = e.EventRecord.Id; args.IpAddress = ipAddress; System.Net.IPAddress probe; if (System.Net.IPAddress.TryParse(ipAddress, out probe)) { if (probe.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork || probe.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6) { OnAttackDetected(this, args); } } } } } catch (Exception ex) { EventLog.WriteEntry("Cyberarms.Agents.WebSecurity.WebSecurityAgent", ex.Message); } }
private void watcher_EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { // (new System.Collections.Generic.Mscorlib_CollectionDebugView<System.Diagnostics.Eventing.Reader.EventProperty>(e.EventRecord.Properties)).Items[0] foreach (System.Diagnostics.Eventing.Reader.EventProperty prop in e.EventRecord.Properties) { if (Regex.IsMatch(prop.Value.ToString(), "(?:[0-9]{1,3}.){3}[0-9]{1,3}")) { Match ipAddress = Regex.Match(prop.Value.ToString(), "(?:[0-9]{1,3}.){3}[0-9]{1,3}"); NotificationEventArgs args = new NotificationEventArgs(); args.CreateDate = e.EventRecord.TimeCreated.Value; args.EventId = e.EventRecord.Id; args.IpAddress = ipAddress.Value; System.Net.IPAddress probe; if (System.Net.IPAddress.TryParse(ipAddress.Value, out probe)) { if (probe.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork || probe.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6) { OnAttackDetected(this, args); } } } } } catch (Exception ex) { EventLog.WriteEntry("Cyberarms.Agents.SqlServer.SqlFailedLoginWatcher", ex.Message); } }
private void OnLogEntry(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord == null || arg.EventRecord.Properties.Count == 0) { return; } try { LogEntry Entry = new LogEntry(); Entry.eventID = arg.EventRecord.Id; Entry.categoryID = (short)arg.EventRecord.Task; switch (arg.EventRecord.Level.Value) { case 2: Entry.entryType = EventLogEntryType.Error; break; case 3: Entry.entryType = EventLogEntryType.Warning; break; case 4: default: Entry.entryType = EventLogEntryType.Information; break; } Entry.timeGenerated = arg.EventRecord.TimeCreated.Value; string[] dataStr = new string[arg.EventRecord.Properties.Count]; for (int i = 0; i < arg.EventRecord.Properties.Count; i++) { dataStr[i] = arg.EventRecord.Properties[i].Value.ToString(); } Entry.SetData(dataStr); //Entry.binData = AddToLog(Entry); } catch { } }
private void OnEventRecordWritten(object sender, EventRecordWrittenEventArgs args) { try { if (args.EventException != null) { _recordSubject.OnError(args.EventException); } else { EventRecord eventRecord = args.EventRecord; if (eventRecord != null) { _latency = DateTime.Now.Subtract(eventRecord.TimeCreated ?? DateTime.Now); ProcessRecord(eventRecord); } } } catch (Exception recordEx) { _logger?.LogError($"EventLogSource id {this.Id} logging {_logName} EventLog with query {_query} has record error {recordEx}."); _metrics?.PublishCounter(this.Id, MetricsConstants.CATEGORY_SOURCE, CounterTypeEnum.Increment, MetricsConstants.EVENTLOG_SOURCE_EVENTS_ERROR, 1, MetricUnit.Count); } }
static void SendMessage(EventRecordWrittenEventArgs e) { lock (monitor) { try { String message = e.EventRecord.ToXml(); ISyslogMessageSerializer serializer = (ISyslogMessageSerializer) new SyslogRfc5424MessageSerializer(); //: options.SyslogVersion == "3164" // ? (ISyslogMessageSerializer)new SyslogRfc3164MessageSerializer() // : (ISyslogMessageSerializer)new SyslogLocalMessageSerializer(); SyslogMessage msg1 = CreateSyslogMessage(e); // System.Diagnostics.Trace.WriteLine(e.EventRecord.ToXml()); Console.WriteLine("New Event " + e.EventRecord.Id + "\n"); //msg1= if (client == null) { client = (ISyslogMessageSender) new SyslogTcpSender(syslogServerHostname, port); } client.Send(msg1, serializer); } catch (Exception ex) { // monitor = "0"; Console.WriteLine("Eroare 10 " + ex.Message); } } }
private void OnEventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { string[] propertyQueries = new string[] { "Event/EventData/Data[@Name=\"IpAddress\"]" }; EventLogPropertySelector propertySelector = new EventLogPropertySelector(propertyQueries); string str = ((EventLogRecord)e.EventRecord).GetPropertyValues(propertySelector)[0].ToString(); NegotiationdEventArgs data = new NegotiationdEventArgs { IpAddress = str, EventId = e.EventRecord.Id, EventName = e.EventRecord.LogName, EventMessageXml = e.EventRecord.ToXml(), CreateDate = e.EventRecord.TimeCreated.Value }; if (Negotiated != null) { Negotiated(this, data); } } catch (Exception exception) { WriteEntry(exception.Message); } }
// This function get triggered every time an event get writen to a hooked log. private void OnEntryWritten(object sender, EventRecordWrittenEventArgs e) { EventRecord entry = e.EventRecord; Events.Add(entry); DataGridViewRow row = (DataGridViewRow)table.Rows[0].Clone(); row.Cells[0].Value = entry.TimeCreated; row.Cells[1].Value = entry.LogName; row.Cells[2].Value = entry.ProviderName; row.Cells[3].Value = entry.Id; // The following code beautify the XML. XmlDocument xmlDoc = new XmlDocument(); xmlDoc.LoadXml(entry.ToXml()); StringWriter sw = new StringWriter(); xmlDoc.Save(sw); row.Cells[4].Value = sw.ToString(); row.Cells[4].ToolTipText = sw.ToString(); // Add the new row with the event entry data to the table. table.Invoke((MethodInvoker) delegate { table.Rows.Add(row); }); }
private async void OnEventDetectedAsync(object sender, EventRecordWrittenEventArgs e) { var message = e.EventRecord.FormatDescription(); log.LogInformation("SENDING: {message}", e.EventRecord.FormatDescription()); await remote.Warn(message); }
/// <summary> /// AppLocker event /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void OnApplockEventWritten(object sender, EventRecordWrittenEventArgs e) { if (e.EventRecord != null && idAppLock.Contains(e.EventRecord.Id)) { OnAppLockMatchEvent?.Invoke(); ShowBlockPopup(e.EventRecord.FormatDescription()); } }
public void EventLogEventRead(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord != null) { EventRecord eventInstance = arg.EventRecord; String eventMessage = eventInstance.FormatDescription(); // You can get event information from FormatDescription API itself. String eventMessageXMLFmt = eventInstance.ToXml(); // Getting event information in xml format } }
public static void EventLogEventRead(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord != null) { ////// // This section creates a list of XPath reference strings to select // the properties that we want to display // In this example, we will extract the User, TimeCreated, EventID and EventRecordID ////// // Array of strings containing XPath references String[] xPathRefs = new String[8]; xPathRefs[0] = "Event/System/TimeCreated/@SystemTime"; xPathRefs[1] = "Event/System/Computer"; xPathRefs[2] = "Event/System/EventRecordID"; xPathRefs[3] = "Event/EventData/Data[@Name=\"TargetUserName\"]"; xPathRefs[4] = "Event/EventData/Data[@Name=\"TargetDomainName\"]"; xPathRefs[5] = "Event/UserData/EventXML/User"; xPathRefs[6] = "Event/UserData/EventXML/Address"; xPathRefs[7] = "Event/System/EventID"; IEnumerable <String> xPathEnum = xPathRefs; // Create the property selection context using the XPath reference EventLogPropertySelector logPropertyContext = new EventLogPropertySelector(xPathEnum); IList <object> logEventProps = ((EventLogRecord)arg.EventRecord).GetPropertyValues(logPropertyContext); StreamWriterExtention.WriteToFile(logEventProps); DbOperationExtentions.WriteToDb(logEventProps); #if (DEBUG) { Console.WriteLine("U1 Time: {0}", logEventProps[0]); Console.WriteLine("Computer: {0}", logEventProps[1]); Console.WriteLine("EventRecordId: {0}", logEventProps[2]); Console.WriteLine("TargetUserName: {0}", logEventProps[3]); Console.WriteLine("TargetDomainName: {0}", logEventProps[4]); Console.WriteLine("User: {0}", logEventProps[5]); Console.WriteLine("IP: {0}", logEventProps[6]); Console.WriteLine("EventType: {0}", logEventProps[7]); Console.WriteLine("---------------------------------------"); Console.WriteLine("Description: {0}", arg.EventRecord.FormatDescription()); } #endif } else { #if (DEBUG) { Console.WriteLine("The event instance was null."); } #endif } }
public void EventLogEventRead(object obj, EventRecordWrittenEventArgs arg) { try { if (arg.EventRecord != null) { // check on keywords in the General Description and send message to the Nagios server if (supressedIDs != null && supressedIDs.Contains(arg.EventRecord.Id)) { return; } if (EventRaised != null) { Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US"); // need to fix MS bug EventLogRecord r = (EventLogRecord)arg.EventRecord; string msg = r.FormatDescription(); string mPath = ""; if (string.IsNullOrWhiteSpace(msg)) { using (var eln = new System.Diagnostics.EventLog(r.LogName, r.MachineName)) { System.Diagnostics.EventLogEntryCollection eCollection = eln.Entries; int cnt = eCollection.Count; for (int i = cnt - 1; i >= Math.Max(0, cnt - 200); i--) { var xe = eCollection[i]; if (xe.Index == r.RecordId) { msg = xe.Message; mPath = " s"; break; } } } } if (_rxFilter != null && string.IsNullOrWhiteSpace(msg) == false && !_rxFilter.IsMatch(msg)) { return; } string fMsg = string.Format("{0}, EventID = {1}{2}{3}", arg.EventRecord.TimeCreated.HasValue ? arg.EventRecord.TimeCreated : DateTime.Now, r.Id & 0xFFFF, System.Environment.NewLine, msg); EventRaised.Invoke(this, new EventWatcherArgs(this.EventDescription.NagiosServiceName, this.EventDescription.MessageLevel, fMsg)); } } } catch (Exception ex) { Nagios.Net.Client.Log.WriteLog(ex.Message + "\n" + ex.StackTrace, true); } }
private void OnConnection(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord == null) { return; } try { int processId = MiscFunc.parseInt(arg.EventRecord.Properties[0].Value.ToString()); string path = arg.EventRecord.Properties[1].Value.ToString(); Actions action = Actions.Undefined; if (arg.EventRecord.Id == (int)EventIDs.Blocked) { action = Actions.Block; } else if (arg.EventRecord.Id == (int)EventIDs.Allowed) { action = Actions.Allow; } string direction_str = arg.EventRecord.Properties[2].Value.ToString(); Directions direction = Directions.Unknown; if (direction_str == "%%14592") { direction = Directions.Inbound; } else if (direction_str == "%%14593") { direction = Directions.Outboun; } string src_ip = arg.EventRecord.Properties[3].Value.ToString(); int src_port = MiscFunc.parseInt(arg.EventRecord.Properties[4].Value.ToString()); string dest_ip = arg.EventRecord.Properties[5].Value.ToString(); int dest_port = MiscFunc.parseInt(arg.EventRecord.Properties[6].Value.ToString()); int protocol = MiscFunc.parseInt(arg.EventRecord.Properties[7].Value.ToString()); ProgramList.ID id = GetIDforEntry(path, processId); if (id == null) { return; } Program.LogEntry entry = new Program.LogEntry(id, action, direction, src_ip, src_port, dest_ip, dest_port, protocol, processId, DateTime.Now); entry.Profile = GetCurrentProfiles(); App.engine.LogActivity(entry); } catch (Exception err) { AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message); } }
private void Watcher_EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { if (e.EventRecord == null) { InvalidState = true; return; } outputAction(e.EventRecord); //eventLog.OnNext(e.EventRecord as EventLogRecord); }
void OnEntryWritten(object source, EventRecordWrittenEventArgs evt) { EventLogRecord e = (EventLogRecord)evt.EventRecord; using (var loginEventPropertySelector = new EventLogPropertySelector(new[] { // (The XPath expression evaluates to null if no Data element exists with the specified name.) "Event/EventData/Data[@Name='TargetUserSid']", "Event/EventData/Data[@Name='TargetLogonId']", "Event/EventData/Data[@Name='LogonType']", "Event/EventData/Data[@Name='ElevatedToken']", "Event/EventData/Data[@Name='WorkstationName']", "Event/EventData/Data[@Name='ProcessName']", "Event/EventData/Data[@Name='IpAddress']", "Event/EventData/Data[@Name='IpPort']", "Event/EventData/Data[@Name='TargetUserName']" })) using (var logoffEventPropertySelector = new EventLogPropertySelector(new[] { "Event/EventData/Data[@Name='TargetUserSid']", "Event/EventData/Data[@Name='TargetLogonId']" })) switch (e.Id) { case 4624: var loginPropertyValues = ((EventLogRecord)e).GetPropertyValues(loginEventPropertySelector); var sid = loginPropertyValues[0]; var logonId = loginPropertyValues[1]; var logonType = loginPropertyValues[2]; var elevatedToken = loginPropertyValues[3]; var workstationName = loginPropertyValues[4]; var processName = loginPropertyValues[5]; var ipAddress = loginPropertyValues[6]; var ipPort = loginPropertyValues[7]; var userName = loginPropertyValues[8]; Console.WriteLine("got eventId={0} sid={1} logonId={2} logonType={3} token={4} workstation={5} process={6} ip={7} port={8} user={9}", e.Id, sid, logonId, logonType, elevatedToken, workstationName, processName, ipAddress, ipPort, userName); break; case 4634: var logoffPropertyValues = ((EventLogRecord)e).GetPropertyValues(logoffEventPropertySelector); var sid1 = logoffPropertyValues[0]; var logoffId = logoffPropertyValues[1]; Console.WriteLine("got eventId={0} sid={1} logonId={2}", e.Id, sid1, logoffId); break; } }
private void EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { EventRecord rec = e.EventRecord; string xml = rec.ToXml(); ProcessXml(xml); } catch (Exception ex) { Log.Write(LogLevel.Error, ex.ToString()); } }
private void PnPEventWritten(Object obj, EventRecordWrittenEventArgs arg) { string Description = arg.EventRecord.FormatDescription(); if (Description.IndexOf("VID_045E&PID_9006", 0, StringComparison.OrdinalIgnoreCase) >= 0) { LogFile.Log("Event " + arg.EventRecord.Id.ToString() + ": " + Description, LogType.FileOnly); LogFile.Log("Phone switched to Mass Storage mode, but the driver on the PC did not start correctly", LogType.FileAndConsole); CurrentInterface = PhoneInterfaces.Lumia_BadMassStorage; CurrentModel = null; NewDeviceArrived(new ArrivalEventArgs((PhoneInterfaces)CurrentInterface, CurrentModel)); } }
private void OnRuleChanged(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord == null) { return; } RuleChangedEvent args = ReadFirewallEvent(arg.EventRecord); if (args != null) { ChangeEvent?.Invoke(this, args); } }
private void OnConnection(object obj, EventRecordWrittenEventArgs arg) { if (arg.EventRecord == null) { return; } FirewallEvent args = ReadFirewallEvent(arg.EventRecord); if (args != null) { FirewallEvent?.Invoke(this, args); } }
private void SystemErrorHandler(object sender, EventRecordWrittenEventArgs e) { if (!e.EventRecord.Properties.Any()) { throw new ArgumentException(nameof(e.EventRecord.Properties)); } var eventLevel = e.EventRecord.Level; if (eventLevel <= EventLevel.Error) { Notifier.ShowNotification(e.EventRecord.ProviderName, e.EventRecord.FormatDescription(), e.EventRecord.LogName); } }
private void EventArrivedHandler(object sender, EventRecordWrittenEventArgs arg) { this.TraceEntryExit("Entering EventArrived handler", new object[0]); EventRecord eventRecord = arg.EventRecord; bool flag = false; do { if (!this.m_isEventProcessingEnabled) { if (!ExTraceGlobals.FailureItemTracer.IsTraceEnabled(TraceType.DebugTrace)) { break; } try { this.Trace("Ignoring Record# {0} since event processing not enabled!!", new object[] { (eventRecord != null) ? eventRecord.RecordId.ToString() : "<null>" }); break; } catch (EventLogException) { break; } } try { flag = Monitor.TryEnter(this.m_locker, 1000); if (flag) { this.ProcessEvent(eventRecord, arg.EventException); } } finally { if (flag) { Monitor.Exit(this.m_locker); } else { this.Trace("Unable to acquire lock in EventArrivedHandler - retrying", new object[0]); } } }while (!flag); this.TraceEntryExit("Exiting EventArrived handler", new object[0]); }