private void HandleLogonEvent(EventLogEntry entry) { // get the activity LoggedOn activity = new LoggedOn(); { var parser = new ActivityParser(); { if (!parser.ParseLogon(entry, activity)) { return; } } } // local activities are not interesting if (activity.Local) { return; } // when there is a logon, we *always* do probing Address address = Prober.Probe(activity.Network_Address); if (address != null) { // we probed successfully, update the storage _storage.Insert(address); } // and trace it Trace.TraceInformation( "Updater - processed logon activity of {0}\\{1} on {2}", activity.Account_Domain, activity.Account_Name, activity.Network_Address ); }
public static List <Address> Probe(Workstation workstation) { // this is the result List <Address> result = new List <Address>(); try { log.DebugFormat("Resolving workstation {0}", workstation.DnsHostName); // get host entry (this clears DNS cache in .net too) var hostenry = Dns.GetHostEntry(workstation.DnsHostName); // get addresses var addresses = hostenry.AddressList; { log.DebugFormat("Workstation {0} was resolved into {1} IP addresses", workstation.DnsHostName, addresses.Length); foreach (IPAddress ip in addresses) { log.DebugFormat("Workstation {0} has address {1}", workstation.DnsHostName, ip.ToString()); } } // resolve the workstation name, get all addresses from it foreach (IPAddress ip in addresses) { Address address = Prober.Probe(ip); if (address.Users.Count == 0) { // log it log.DebugFormat("Probing of address {0} for workstation {1} indicated the number of logged in users are 0, skipping it.", ip.ToString(), workstation.DnsHostName); // there are no one logged on on that IP, skip it then continue;; } // debug check we have filled in the address itself Debug.Assert(address.IP == ip); Debug.Assert(address.Users.Count > 0); // assign some other fields for reference address.DistinguishedName = workstation.DistinguishedName; address.CommonName = workstation.CommonName; address.DnsHostName = workstation.DnsHostName; address.LastLogon = workstation.LastLogon; address.Name = workstation.Name; // log it log.DebugFormat("Address {0} was probed successfully, {1} users found. Adding it to the storage.", ip.ToString(), address.Users.Count); // and add this address result.Add(address); } } catch (Exception e) { log.WarnFormat("Probe failed for workstation {0}. Error: {1}", workstation.DnsHostName, e.Message); } // and return (possibly empty) list return(result); }