// check the origin countries of all IPs and creates events
// ran on a separate thread
private void CheckCountries()
{
int api_count = 0;
while (true)
{
// if empty, wait
if (ips_to_be_checked.Count == 0)
{
Thread.Sleep(5000);
continue;
}
string ip = ips_to_be_checked.Take();
if (!checked_ips.ContainsKey(ip))
{
string country = GetCountry(ip);
api_count++;
checked_ips.Add(ip, country);
// create event
Event e = new SEvent(42, DateTime.Now, "communication with country X", "network", EventType.SINGLE, new string[] { "IP", "Country" }, new string[] { ip, country });
ParseData(e);
// timeout to not get banned
if (api_count == 100)
{
Thread.Sleep(60000);
api_count = 0;
}
}
}
}
// used to convert a FSD object to a Event object
private SEvent FSDToEvent(FullSocketData fsd)
{
SEvent se = new SEvent(40, DateTime.Now, "local Network usage", fsd.pname, EventType.SINGLE,
new string[] { "pname", "pid", "local_port", "server", "server_port", "transport_protocol", "protocol", "sent", "received", "packets_counter" },
new string[] { fsd.pname, fsd.pid.ToString(), fsd.localPort.ToString(), fsd.server, fsd.serverPort.ToString(), fsd.tprotocol, fsd.protocol.ToString(), fsd.sent.ToString(), fsd.received.ToString(), fsd.packetCount.ToString() });
return(se);
}
private void alertsDataGrid_CellDoubleClick(object sender, DataGridViewCellEventArgs e)
{
Event ev = alerts[e.RowIndex].e;
if (ev.et == EventType.SINGLE)
{
SEvent se = (SEvent)ev;
MessageBox.Show(se.ToString());
}
else
{
MEvent me = (MEvent)ev;
MessageBox.Show(me.ToString());
}
}
// fetches a counter - used as a callback
// if the counter is a big multi-instance counter it doesn't sleep the sampleTime
// because it take a lot of time and it won't be able to send data faster than once per second anyway
void FetchCounter(object o)
{
List <PerformanceCounter> entry = (List <PerformanceCounter>)o;
while (true)
{
DateTime time = DateTime.Now;
PerformanceCounter pc0 = entry[0];
// obtain event.id and event.Description
var query = from CounterData cd in counters where cd.CategoryName == pc0.CategoryName && cd.CounterName == pc0.CounterName select cd;
CounterData qcd = query.FirstOrDefault();
int id = qcd.id;
string description = qcd.description;
if (entry.Count == 1)
{
// single-instance
int val = (int)Math.Round(pc0.NextValue());
if (val < 0)
{
val = 0;
}
ParseData(new SEvent(id, time, description, "global", EventType.SINGLE, new string[] { "value" }, new string[] { val.ToString() }));
Thread.Sleep(samplingTime);
}
if (entry.Count > 1)
{
// multi-instance
SEvent[] events = new SEvent[entry.Count];
int i = 0;
foreach (PerformanceCounter pc in entry)
{
string instance = pc.InstanceName;
int val;
try
{
val = (int)Math.Round(pc.NextValue());
if (val < 0)
{
val = 0;
}
}
catch
{
val = -1;
}
events[i++] = new SEvent(id, time, description, instance, EventType.SINGLE, new string[] { "value" }, new string[] { val.ToString() });
}
ParseData(new MEvent(id, time, description, EventType.MULTIPLE, events.Length, events));
// if it's a big multi-instance counter skip the sleeping part
if (entry.Count < 10)
{
Thread.Sleep(samplingTime);
}
}
}
}
