public EventProducer(DbStatusObject dbStatusObj, string dbPath)
{
queueManager = new NotificationQueue();
worker = new EventProcessor(queueManager, dbStatusObj, dbPath);
eventWatcher = new EventWatcherAsync(queueManager, dbStatusObj);
}
public DbSizeMonitor(string db, DbStatusObject dbStatusObj)
{
dbPath = db;
MonitorDbSizeTimer = new System.Timers.Timer(1000 * 60 * MONITOR_INTERVAL); //Interval specified in milliseconds
conn = new SQLiteConnection(dbPath);
dbStatus = dbStatusObj;
GetLoginInfo();
}
public EventWatcherAsync(NotificationQueue q, DbStatusObject dbStatusObj)
{
scope = new ManagementScope(@"\\localhost\root\cimv2");
string query1 = null;
try
{
System.OperatingSystem osInfo = Environment.OSVersion;
CLogger.WriteLog(ELogLevel.DEBUG, "OS version Major" + osInfo.Version.Major.ToString());
if (osInfo.Version.Major == 5)//OS_VER_WIN_SERVER_2003)
{
query1 = @"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA
'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security' and TargetInstance.Category = 3
and (TargetInstance.EventCode=560 OR TargetInstance.EventCode=564 OR TargetInstance.EventCode=567
OR TargetInstance.EventCode=594)";
}
else if (osInfo.Version.Major == 6)//OS_VER_WIN_SERVER_2008)
{
CLogger.WriteLog(ELogLevel.DEBUG, "OS version 2008");
query1 = @"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA
'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security' and (TargetInstance.Category = 12800
OR TargetInstance.Category = 12807) and (TargetInstance.EventCode=4656 OR TargetInstance.EventCode=4660 OR TargetInstance.EventCode=4663
OR TargetInstance.EventCode=4690)";
}
}
catch (Exception e)
{
CLogger.WriteLog(ELogLevel.DEBUG, "Caught exception while checking OS type" + e.Message);
}
// Category = 3 CategoryString = 'Object Access'
eventLogChangesWatcher = new ManagementEventWatcher(new EventQuery(query1));
string query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Win32_PrintJob'";
printJobWatcher = new ManagementEventWatcher(new EventQuery(query2));
#if CIM_CLASS
query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'CIM_DataFile' AND
TargetInstance.Drive='C:' AND TargetInstance.Path = '\\testdocument\\' ";
/* query2 = @"SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE
Targetinstance ISA 'CIM_DirectoryContainsFile' AND
TargetInstance.GroupComponent='c:\\windows'";
*/
fileCreationWatcher = new ManagementEventWatcher(new EventQuery(query2));
#endif
#if REMOTE_PRINT
ConnectionOptions connOptions = new ConnectionOptions();
connOptions.Username = "******";
connOptions.Password = "******";
remoteScope = new ManagementScope(@"\\192.168.0.1\root\cimv2", connOptions);
CLogger.WriteLog(ELogLevel.DEBUG, "Remote Scope created");
printJobWatcherRemote = new ManagementEventWatcher(new EventQuery(query2));
CLogger.WriteLog(ELogLevel.DEBUG, "Remote Scope created2");
#endif
queue = q;
dbStatus = dbStatusObj;
}
public EventProcessor(NotificationQueue q, DbStatusObject dbStatusObj, string dbPath)
{
queue = q;
conn = new SQLiteConnection(dbPath);
//@"Data Source=" + System.Environment.GetEnvironmentVariable("windir") + "\\system\\AccessTrackerDB");
TrimOpenAccessTimer = new System.Timers.Timer(1000 * 60 * TRIM_OPEN_ACCESS_INTERVAL); //Interval specified in milliseconds
killedProcessList = new List<Win32ProcessInfo>();
procDeleteWatcher = new ProcessDeleteWatcherAsync(killedProcessList);
dbStatus = dbStatusObj;
}
protected override void OnStart(string[] args)
{
string dbPath = @"Data Source=" + System.Environment.GetEnvironmentVariable("windir") + "\\system\\AccessTrackerDB.db";
dbStatus = new DbStatusObject();
dbUsageMonitor = new DbSizeMonitor(dbPath, dbStatus);
if (dbUsageMonitor.isDBSizeOk() == true)
{
init = new EventProducer(dbStatus, dbPath);
init.Start();
dbUsageMonitor.Start();
server = new Server();
}
else
{
this.Stop();
}
}