public Dictionary <string, AzureServiceTag> ReportMatchForAzureIp(
string ipAddress,
string subnet,
Value serviceType,
FirewallLogEntry entry,
IPNetwork networkInfo,
Dictionary <string, AzureServiceTag> hitsPerIp)
{
AzureServiceTag azureService;
if (hitsPerIp.ContainsKey(subnet))
{
azureService = hitsPerIp[subnet];
}
else
{
azureService = new AzureServiceTag();
}
azureService.Tag = TakeTheMostRelevantValue(serviceType.name, azureService.Tag);
azureService.IpRange = TakeTheMostRelevantValue(subnet, azureService.IpRange);
azureService.CIDR = networkInfo.Cidr;
azureService.Region = TakeTheMostRelevantValue(serviceType.properties.region, azureService.Region);
azureService.AzureService = TakeTheMostRelevantValue(serviceType.properties.systemService, azureService.AzureService);
azureService.AddMatchedIp(ipAddress, entry.TimesBlocked, entry.DestinationIP);
hitsPerIp[subnet] = azureService;
return(hitsPerIp);
}
public void ReportNonAzureIP(string ipAddress, FirewallLogEntry entry)
{
_consolidatedNonAzureTraffic.AddMatchedIp(ipAddress, entry.TimesBlocked, entry.DestinationIP);
}
private static async Task ProcessFirewallLogEntry(AzureIpRange ipAddresses, LogParser _logParser, int _hitCounter, FirewallLogEntry firewallLogEntry)
{
Regex extractIpAddress = new Regex(@"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b");
MatchCollection ipAddressFromRegex = extractIpAddress.Matches(firewallLogEntry.DestinationIP);
if (ipAddressFromRegex.Count == 0)
{
Console.WriteLine($"Error: unable to parse log entry: '{firewallLogEntry.DestinationIP}'");
return;
}
var cleanIpAddress = ipAddressFromRegex[0].Value;
var hitsPerIp = new Dictionary <string, AzureServiceTag>();
bool isAzureIp = false;
await Task.Run(() =>
{
IPAddress ipAdress;
if (IPAddress.TryParse(cleanIpAddress, out ipAdress))
{
foreach (var serviceType in ipAddresses.values)
{
foreach (var subnet in serviceType.properties.addressPrefixes)
{
var subnetInfo = IPNetwork.Parse(subnet);
if (subnetInfo.Contains(ipAdress))
{
isAzureIp = true;
hitsPerIp = _logParser.ReportMatchForAzureIp(
cleanIpAddress,
subnet,
serviceType,
firewallLogEntry,
subnetInfo,
hitsPerIp);
}
}
}
}
if (isAzureIp)
{
_logParser.ConsolidateResultsForAzureIP(hitsPerIp);
}
if (!isAzureIp)
{
_logParser.ReportNonAzureIP(
cleanIpAddress,
firewallLogEntry);
}
if (_options.Verbose && _logParser.TotalHitCount != _hitCounter)
{
throw new Exception($"Inconsistency in stats generation while processing: {JsonConvert.SerializeObject(firewallLogEntry)}");
}
}).ConfigureAwait(false);
}