Пример #1
0
        public void InitializeEtwListener()
        {
            payload = GetNewPayloadObject();

            var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"];

            EtwProviderSession(EtwListenerConfig.SessionName, EtwListenerConfig.ProviderId, true);
            var _etw = EtwTdhObservable.FromSession(EtwListenerConfig.SessionName);

            KqlNodeHub = KqlNodeHub.FromKqlQuery(_etw, DefaultOutput, EtwListenerConfig.ObservableName,
                                                 EtwListenerConfig.KqlQuery);

            GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001);
            var textOfJsonConfig =
                File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}"));

            SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig);

            if (SentinelApiConfig.UseMmaCertificate)
            {
                logAnalyticsX509Certificate2 =
                    CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId);
            }
            else
            {
                logAnalyticsX509Certificate2 = CertificateManagement.FindCertificateByThumbprint("MY",
                                                                                                 SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine);
            }

            GlobalLog.WriteToStringBuilderLog($"SampleData load [{configurationFile}].", 14001);
            var sampleData =
                File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"XMLFile1.xml"));

            UploadBatchToLogAnalytics(sampleData, logAnalyticsX509Certificate2);
        }
Пример #2
0
        static void UploadRealTime()
        {
            var etw         = EtwTdhObservable.FromSession(_sessionName);
            var transformed = etw
                              .Select(e => new EtwEvent(e));

            var ku = new BlockingKustoUploader <EtwEvent>(
                _demoMode ? kscbAdmin : kscbIngest, _tableName, 10000, TimeSpan.FromSeconds(10));

            using (transformed.Subscribe(ku))
            {
                Console.WriteLine();
                Console.WriteLine("Listening to real-time session '{0}'. Press Enter to termintate", _sessionName);
                Console.ReadLine();
            }
        }