public static void ReportEventLog(SQLLib sql, string MachineID, EventLogReportFull EV, ReportingFlags Flags)
{
Flags &= ~(ReportingFlags.AdminReported | ReportingFlags.ClientReported | ReportingFlags.UrgentAdminReported | ReportingFlags.UrgentClientReported);
sql.InsertMultiData("Reporting",
new SQLData("MachineID", MachineID),
new SQLData("Type", ReportingPolicyType.EventLog),
new SQLData("Data", JsonConvert.SerializeObject(EV)),
new SQLData("Flags", Flags));
}
private void lstData_SelectedIndexChanged(object sender, EventArgs e)
{
if (lstData.SelectedItems.Count == 0)
{
txtEventLogText.Text = "";
return;
}
ListViewItem i = lstData.SelectedItems[0];
EventLogReportFull ev = (EventLogReportFull)i.Tag;
string Text = "";
switch (ev.EventLogType)
{
case 1:
Text = "Error";
break;
case 2:
Text = "Warning";
break;
case 4:
Text = "Information";
break;
case 8:
Text = "Success Audit";
break;
case 16:
Text = "Failure Audit";
break;
default:
Text = ev.EventLogType.ToString();
break;
}
txtEventLogText.Text = ev.Message + "\r\n==============\r\n" +
"Computer: " + GetComputerName(ev.MachineID) + "\r\n" +
"Date: " + ev.TimeGenerated.ToLongDateString() + " " + ev.TimeGenerated.ToLongTimeString() + "\r\n" +
"Book: " + ev.EventLog + "\r\n" +
"Source: " + ev.Source + "\r\n" +
"Event ID: " + ev.CategoryNumber + "\r\n" +
"Type: " + Text + "\r\n" +
"DBID: " + ev.LogID + "\r\n" +
"Data: " + BitConverter.ToString(ev.Data).Replace("-", "") + "\r\n";
}
public string Explain(string JSON)
{
if (JSON == null)
{
return("Event Log Data: no data");
}
try
{
EventLogReportFull rd = JsonConvert.DeserializeObject <EventLogReportFull>(JSON);
string res = "S: " + rd.Source + " DT: " + rd.TimeGenerated.ToLongDateString() + " " + rd.TimeGenerated.ToLongTimeString() + "\r\n";
res += "E: " + rd.EventLog + " EV ID: " + (rd.InstanceID & 0x3FFFFFFF).ToString() + "\r\n";
res += rd.Message;
return(res);
}
catch
{
return("Event Log Data faulty: " + JSON);
}
}
public RESTStatus ReportEventLog(SQLLib sql, ListEventLogReport EventLogList, NetworkConnectionInfo ni)
{
if (ni.HasAcl(ACLFlags.ComputerLogin) == false)
{
ni.Error = "Access denied";
ni.ErrorID = ErrorFlags.AccessDenied;
return(RESTStatus.Denied);
}
EventLogList.MachineID = ni.Username;
lock (ni.sqllock)
{
if (Convert.ToInt32(sql.ExecSQLScalar("SELECT COUNT(*) FROM ComputerAccounts WHERE MachineID=@m",
new SQLParam("@m", EventLogList.MachineID))) == 0)
{
ni.Error = "Invalid MachineID";
ni.ErrorID = ErrorFlags.InvalidValue;
return(RESTStatus.Denied);
}
}
if (EventLogList.Items == null)
{
ni.Error = "Invalid Items";
ni.ErrorID = ErrorFlags.InvalidValue;
return(RESTStatus.Fail);
}
if (EventLogList.Items.Count == 0)
{
return(RESTStatus.Created);
}
DateTime DT = DateTime.Now;
foreach (EventLogReport ar in EventLogList.Items)
{
if (NullTest.Test(ar) == false)
{
ni.Error = "Invalid Items";
ni.ErrorID = ErrorFlags.InvalidValue;
return(RESTStatus.Fail);
}
CommonUtilities.CalcEventLogID(ar);
}
List <SQLParam> sqlparams = new List <SQLParam>();
sqlparams.Add(new SQLParam("@id", EventLogList.MachineID));
int count = 1;
string vars = "";
foreach (EventLogReport ar in EventLogList.Items)
{
sqlparams.Add(new SQLParam("@p" + count.ToString(), ar.LogID));
vars += "@p" + count.ToString() + ",";
count++;
}
if (vars.EndsWith(",") == true)
{
vars = vars.Substring(0, vars.Length - 1);
}
List <string> LogIDinDB = new List <string>();
lock (ni.sqllock)
{
SqlDataReader dr = sql.ExecSQLReader("SELECT LogID FROM EventLog WHERE MachineID=@id and LogID in (" + vars + ")", sqlparams.ToArray());
while (dr.Read())
{
LogIDinDB.Add(Convert.ToString(dr["LogID"]));
}
dr.Close();
}
List <EventLogReport> RemoveEVL = new List <EventLogReport>();
foreach (EventLogReport ar in EventLogList.Items)
{
if (LogIDinDB.Contains(ar.LogID) == true)
{
RemoveEVL.Add(ar);
continue;
}
if (SettingsManager.Settings.KeepEventLogDays > 0)
{
if (ar.TimeGenerated < DateTime.UtcNow.AddDays(0 - SettingsManager.Settings.KeepEventLogDays))
{
RemoveEVL.Add(ar);
continue;
}
}
}
foreach (EventLogReport ar in RemoveEVL)
{
EventLogList.Items.Remove(ar);
}
List <EventLogReportFull> car = new List <EventLogReportFull>();
lock (ni.sqllock)
{
try
{
sql.BeginTransaction();
sql.SEHError = true;
foreach (EventLogReport ar in EventLogList.Items)
{
EventLogReportFull arr = new EventLogReportFull();
ClassCopy.CopyClassData(ar, arr);
arr.Reported = DateTime.UtcNow;
arr.MachineID = EventLogList.MachineID;
List <SQLData> d = sql.InsertFromClassPrep(arr);
foreach (SQLData dd in d)
{
if (dd.Column == "ID")
{
dd.Data = DBNull.Value;
break;
}
}
car.Add(arr);
sql.InsertFromClass("EventLog", arr);
}
sql.CommitTransaction();
}
catch (Exception ee)
{
sql.RollBackTransaction();
FoxEventLog.WriteEventLog("DB Error: Cannot insert data to EventLog: " + ee.ToString() + "\r\n\r\nJSON: " +
JsonConvert.SerializeObject(car, Formatting.Indented), System.Diagnostics.EventLogEntryType.Error);
return(RESTStatus.ServerError);
}
finally
{
sql.SEHError = false;
}
}
Thread t = new Thread(new ParameterizedThreadStart(new DReportingThread(ReportingThread)));
t.Start(car);
return(RESTStatus.Created);
}
public RESTStatus GetEventLogs(SQLLib sql, EventLogSearch eventlogsearch, NetworkConnectionInfo ni)
{
if (ni.HasAcl(ACLFlags.ChangeServerSettings) == false)
{
ni.Error = "Access denied";
ni.ErrorID = ErrorFlags.AccessDenied;
return(RESTStatus.Denied);
}
EventLogs = new EventLogReportFullList();
EventLogs.Data = new List <EventLogReportFull>();
if (eventlogsearch == null)
{
return(RESTStatus.Success);
}
if (eventlogsearch.QTY < 1)
{
eventlogsearch.QTY = 500;
}
string SQLQuery = "SELECT TOP " + eventlogsearch.QTY + " * FROM EventLog WHERE ";
List <SQLParam> SQLQueryArgs = new List <SQLParam>();
if (eventlogsearch.MachineID != null)
{
if (Computers.MachineExists(sql, eventlogsearch.MachineID) == false)
{
ni.Error = "Invalid Data";
ni.ErrorID = ErrorFlags.InvalidData;
return(RESTStatus.NotFound);
}
SQLQuery += "MachineID=@m AND ";
SQLQueryArgs.Add(new SQLParam("@m", eventlogsearch.MachineID));
}
if (eventlogsearch.Source != null)
{
SQLQuery += "Source=@s AND ";
SQLQueryArgs.Add(new SQLParam("@s", eventlogsearch.Source));
}
if (eventlogsearch.EventLogType != null)
{
SQLQuery += "EventLogType=@t AND ";
SQLQueryArgs.Add(new SQLParam("@t", eventlogsearch.EventLogType));
}
if (eventlogsearch.FromDate != null)
{
SQLQuery += "TimeGenerated>=@tgf AND ";
SQLQueryArgs.Add(new SQLParam("@tgf", eventlogsearch.FromDate));
}
if (eventlogsearch.ToDate != null)
{
SQLQuery += "TimeGenerated<=@tgt AND ";
SQLQueryArgs.Add(new SQLParam("@tgt", eventlogsearch.ToDate));
}
if (eventlogsearch.EventLogBook != null)
{
SQLQuery += "EventLog=@evtb AND ";
SQLQueryArgs.Add(new SQLParam("@evtb", eventlogsearch.EventLogBook));
}
if (eventlogsearch.CategoryNumber != null)
{
SQLQuery += "CategoryNumber=@catnum AND ";
SQLQueryArgs.Add(new SQLParam("@catnum", eventlogsearch.CategoryNumber));
}
SQLQuery = SQLQuery.Trim();
SQLQuery += " 1=1 ";
SQLQuery += " ORDER BY TimeGenerated DESC";
lock (ni.sqllock)
{
SqlDataReader dr = sql.ExecSQLReader(SQLQuery, SQLQueryArgs.ToArray());
while (dr.Read())
{
EventLogReportFull ev = new EventLogReportFull();
ev.Category = Convert.ToString(dr["Category"]);
ev.CategoryNumber = Convert.ToInt32(dr["CategoryNumber"]);
ev.Data = (byte[])dr["Data"];
ev.EventLog = Convert.ToString(dr["EventLog"]);
ev.EventLogType = Convert.ToInt32(dr["EventLogType"]);
ev.InstanceID = Convert.ToInt64(dr["InstanceID"]);
ev.JSONReplacementStrings = Convert.ToString(dr["JSONReplacementStrings"]);
ev.LogID = Convert.ToString(dr["LogID"]);
ev.MachineID = Convert.ToString(dr["MachineID"]);
ev.Message = Convert.ToString(dr["Message"]);
ev.Reported = SQLLib.GetDTUTC(dr["Reported"]);
ev.Source = Convert.ToString(dr["Source"]);
ev.TimeGenerated = SQLLib.GetDTUTC(dr["TimeGenerated"]);
ev.TimeWritten = SQLLib.GetDTUTC(dr["TimeWritten"]);
EventLogs.Data.Add(ev);
}
dr.Close();
}
return(RESTStatus.Success);
}
