public void TestPurge() { AuditLogEntityModelSettings entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings; bool isEnabled = entityModelSettings.IsEnabled; const int createdLogEntries = 10; const int maximumLogEntries = 5; try { var auditLogEntries = new List <LogonAuditLogEntry>(); // Create 10 audit log entries for (int i = 0; i < createdLogEntries; i++) { auditLogEntries.Add(new LogonAuditLogEntry()); } Entity.Save(auditLogEntries); Assert.GreaterOrEqual(GetCountEntityModelAuditLogEntries(), createdLogEntries, "The number of log entries is invalid"); var auditLogSettings = Entity.Get <AuditLogSettings>("tenantAuditLogSettingsInstance", true); auditLogSettings.MaxAuditLogEntries = maximumLogEntries; auditLogSettings.Save(); entityModelSettings.IsEnabled = true; var deleter = new AuditLogEntityModelDeleter(); Assert.Greater(deleter.Purge(), 0, "The number of log entries purged is invalid"); Assert.AreEqual(maximumLogEntries, GetCountEntityModelAuditLogEntries(), "The number of remaining log entries is invalid"); } finally { entityModelSettings.IsEnabled = isEnabled; } }
/// <summary> /// Initializes the <see cref="AuditLogInstance" /> class. /// </summary> static AuditLogInstance() { IList <IAuditLogWriter> auditLogWriters = new List <IAuditLogWriter>(); try { AuditLogConfiguration auditLogConfiguration = ConfigurationSettings.GetAuditLogConfigurationSection(); if (auditLogConfiguration?.EventLogSettings != null && auditLogConfiguration.EventLogSettings.IsEnabled) { auditLogWriters.Add(new AuditLogEventLogWriter(EventLog.Application)); } if (auditLogConfiguration?.EntityModelSettings != null && auditLogConfiguration.EntityModelSettings.IsEnabled) { auditLogWriters.Add(new AuditLogEntityModelWriter(new AuditLogEntityModelDeleter())); } if (auditLogConfiguration?.SyslogSettings != null && auditLogConfiguration.SyslogSettings.IsEnabled && !string.IsNullOrEmpty(auditLogConfiguration.SyslogSettings.HostName) && auditLogConfiguration.SyslogSettings.Port > 0) { IStreamProvider tcpStreamProvider = new TcpStreamProvider(auditLogConfiguration.SyslogSettings.HostName, auditLogConfiguration.SyslogSettings.Port, true, auditLogConfiguration.SyslogSettings.IsSecure, auditLogConfiguration.SyslogSettings.IgnoreSslErrors); ISyslogMessageSerializer syslogMsgSerializer = new SyslogMessageSerializer(); ISyslogMessageWriter streamWriter = new SyslogStreamWriter(tcpStreamProvider, syslogMsgSerializer); ISyslogMessageWriter queueingMessageWriter = new SyslogQueueingMessageWriter(streamWriter); auditLogWriters.Add(new AuditLogSyslogWriter(queueingMessageWriter)); } } catch (Exception ex) { EventLog.Application.WriteError("AuditLogInstance failed to initialize. Error: {0}.", ex.ToString()); } AuditLogInstanceInternal = new AuditLog(auditLogWriters); }
public void TestWriteAuditLogEntryToSyslog() { AuditLogSyslogSettings sysLogSettings = ConfigurationSettings.GetAuditLogConfigurationSection().SyslogSettings; bool isEnabled = sysLogSettings.IsEnabled; try { var mockSyslogMessageWriter = new Mock <ISyslogMessageWriter>(MockBehavior.Strict); // Ensure event log is enabled sysLogSettings.IsEnabled = true; var syslogWriter = new AuditLogSyslogWriter(mockSyslogMessageWriter.Object); IAuditLogEntryData auditLogEventData = new AuditLogEntryData(false, "logonAuditLogEntryMetadata", new Dictionary <string, object> { { "p1", "p1Value" }, { "p2", "p2Value" } }); mockSyslogMessageWriter.Setup(w => w.Write(It.Is <SyslogMessage>(m => ValidateMessage(m, auditLogEventData)))); syslogWriter.Write(auditLogEventData); mockSyslogMessageWriter.VerifyAll(); } finally { sysLogSettings.IsEnabled = isEnabled; } }
public void TestWriteAuditLogEntryToEventLog(AuditLogSeverityEnum_Enumeration severity) { var eventLogSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EventLogSettings; bool isEnabled = eventLogSettings.IsEnabled; try { var mockEventLog = new Mock <IEventLog>(MockBehavior.Strict); switch (severity) { case AuditLogSeverityEnum_Enumeration.AuditLogError: mockEventLog.Setup(l => l.WriteError(It.Is <string>(s => s.StartsWith("Audit log entry.") && s.Contains("p1Value") && s.Contains("p2Value")))); break; case AuditLogSeverityEnum_Enumeration.AuditLogInformation: mockEventLog.Setup(l => l.WriteInformation(It.Is <string>(s => s.StartsWith("Audit log entry.") && s.Contains("p1Value") && s.Contains("p2Value")))); break; case AuditLogSeverityEnum_Enumeration.AuditLogWarning: mockEventLog.Setup(l => l.WriteWarning(It.Is <string>(s => s.StartsWith("Audit log entry.") && s.Contains("p1Value") && s.Contains("p2Value")))); break; } // Ensure event log is enabled eventLogSettings.IsEnabled = true; var eventLogWriter = new AuditLogEventLogWriter(mockEventLog.Object); // Override severity AuditLogEntryMetadata metaData = Entity.Get <AuditLogEntryMetadata>("logonAuditLogEntryMetadata", true); metaData.SeverityFailure_Enum = severity; metaData.Save(); IAuditLogEntryData auditLogEventData = new AuditLogEntryData(false, "logonAuditLogEntryMetadata", new Dictionary <string, object> { { "p1", "p1Value" }, { "p2", "p2Value" } }); eventLogWriter.Write(auditLogEventData); mockEventLog.VerifyAll(); } finally { eventLogSettings.IsEnabled = isEnabled; } }
public void TestWriteNullEvent() { var entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings; bool isEnabled = entityModelSettings.IsEnabled; try { var mockDeleter = new Mock <IAuditLogDeleter>(MockBehavior.Loose); // Ensure event log is enabled entityModelSettings.IsEnabled = true; var entityModelWriter = new AuditLogEntityModelWriter(mockDeleter.Object); Assert.Throws <ArgumentNullException>(() => entityModelWriter.Write(null)); } finally { entityModelSettings.IsEnabled = isEnabled; } }
public void TestWriteNullEvent() { var eventLogSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EventLogSettings; bool isEnabled = eventLogSettings.IsEnabled; try { var mockEventLog = new Mock <IEventLog>(MockBehavior.Strict); // Ensure event log is enabled eventLogSettings.IsEnabled = true; var eventLogWriter = new AuditLogEventLogWriter(mockEventLog.Object); Assert.Throws <ArgumentNullException>(() => eventLogWriter.Write(null)); } finally { eventLogSettings.IsEnabled = isEnabled; } }
public void TestFilterEventByMinimumSeveritySetting() { // Set minimum log level to error var auditLogSettings = Entity.Get <AuditLogSettings>("tenantAuditLogSettingsInstance", true); auditLogSettings.MinAuditLogSeverity_Enum = AuditLogSeverityEnum_Enumeration.AuditLogError; auditLogSettings.Save(); var entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings; bool isEnabled = entityModelSettings.IsEnabled; try { var mockDeleter = new Mock <IAuditLogDeleter>(MockBehavior.Loose); // Ensure event log is enabled entityModelSettings.IsEnabled = true; var entityModelWriter = new AuditLogEntityModelWriter(mockDeleter.Object); Guid userName = Guid.NewGuid(); IAuditLogEntryData auditLogEventData = new AuditLogEntryData(true, "logonAuditLogEntryMetadata", new Dictionary <string, object> { { "loggedOnUserName", userName.ToString() } }); entityModelWriter.Write(auditLogEventData); // Verify that logon event was not created IEnumerable <LogonAuditLogEntry> logonEvents = Entity.GetInstancesOfType <LogonAuditLogEntry>(); LogonAuditLogEntry logonEvent = logonEvents.FirstOrDefault(l => l.LoggedOnUserName == userName.ToString()); Assert.IsNull(logonEvent, "The logon event was found"); } finally { entityModelSettings.IsEnabled = isEnabled; } }
public void TestWriteAuditLogEntryToEntityModel() { var entityModelSettings = ConfigurationSettings.GetAuditLogConfigurationSection().EntityModelSettings; bool isEnabled = entityModelSettings.IsEnabled; try { var mockDeleter = new Mock <IAuditLogDeleter>(MockBehavior.Loose); // Ensure event log is enabled entityModelSettings.IsEnabled = true; var entityModelWriter = new AuditLogEntityModelWriter(mockDeleter.Object); string userName = "******" + Guid.NewGuid(); IAuditLogEntryData auditLogEventData = new AuditLogEntryData(false, "logonAuditLogEntryMetadata", new Dictionary <string, object> { { "loggedOnUserName", userName } }); entityModelWriter.Write(auditLogEventData); // Verify that logon event was created IEnumerable <LogonAuditLogEntry> logonEvents = Entity.GetInstancesOfType <LogonAuditLogEntry>(); LogonAuditLogEntry logonEvent = logonEvents.FirstOrDefault(l => l.LoggedOnUserName == userName); Assert.IsNotNull(logonEvent, "The logon event was not found"); Assert.AreEqual(auditLogEventData.Success, logonEvent.AuditLogEntrySuccess, "Success is invalid"); Assert.AreEqual(auditLogEventData.UserName, logonEvent.AuditLogEntryUser, "Name is invalid"); Assert.AreEqual(auditLogEventData.Message, logonEvent.AuditLogEntryMessage, "Message is invalid"); Assert.AreEqual(auditLogEventData.CreatedDate, logonEvent.AuditLogEntryCreatedDate, "Created Date is invalid"); Assert.AreEqual(auditLogEventData.SeverityEnum, logonEvent.AuditLogEntrySeverity_Enum, "Severity is invalid"); } finally { entityModelSettings.IsEnabled = isEnabled; } }