private bool AddFailedLoginForEventViewerXml(IPAddressLogInfo info, XmlDocument doc)
{
if (string.IsNullOrWhiteSpace(info.IPAddress))
{
return(false);
}
else if (string.IsNullOrWhiteSpace(info.Source))
{
XmlNode sourceNode = doc.SelectSingleNode("//Source");
if (sourceNode != null)
{
info.Source = sourceNode.InnerText.Trim();
}
}
if (string.IsNullOrWhiteSpace(info.UserName))
{
XmlNode userNameNode = doc.SelectSingleNode("//Data[@Name='TargetUserName']");
if (userNameNode == null)
{
userNameNode = doc.SelectSingleNode("//TargetUserName");
}
if (userNameNode != null)
{
info.UserName = userNameNode.InnerText.Trim();
}
}
service.AddFailedLogin(info);
return(true);
}
private bool AddFailedLoginForEventViewerXml(string ipAddress, string source, string userName, XmlDocument doc)
{
if (string.IsNullOrWhiteSpace(ipAddress))
{
return(false);
}
else if (string.IsNullOrWhiteSpace(source))
{
XmlNode sourceNode = doc.SelectSingleNode("//Source");
if (sourceNode != null)
{
source = sourceNode.InnerText.Trim();
}
}
if (string.IsNullOrWhiteSpace(userName))
{
XmlNode userNameNode = doc.SelectSingleNode("//Data[@Name='TargetUserName']");
if (userNameNode == null)
{
userNameNode = doc.SelectSingleNode("//TargetUserName");
}
if (userNameNode != null)
{
userName = userNameNode.InnerText.Trim();
}
}
IPBanLog.Write(LogLevel.Information, "*LOGIN FAIL* IP: {0}, USER: {1}", ipAddress, userName);
service.AddFailedLogin(ipAddress, source, userName);
return(true);
}
private bool PingFile(WatchedFile file, FileStream fs)
{
const int maxCountBeforeNewline = 1024;
int b;
long lastNewlinePos = -1;
byte[] bytes;
long end = Math.Min(file.LastLength, fs.Length);
int countBeforeNewline = 0;
fs.Position = file.LastPosition;
IPBanLog.Write(LogLevel.Info, "Processing watched file {0}, len = {1}, pos = {2}", file.FileName, file.LastLength, file.LastPosition);
while (fs.Position < end && countBeforeNewline++ != maxCountBeforeNewline)
{
// read until last \n is found
b = fs.ReadByte();
if (b == '\n')
{
lastNewlinePos = fs.Position - 1;
countBeforeNewline = 0;
}
}
if (countBeforeNewline == maxCountBeforeNewline)
{
throw new InvalidOperationException("Log file " + this.fileMask + " may not be a plain text new line delimited file");
}
if (lastNewlinePos > -1)
{
// set file position ready for the next read right after the newline
fs.Position = file.LastPosition;
bytes = new BinaryReader(fs).ReadBytes((int)(lastNewlinePos - fs.Position));
// set position for next ping
file.LastPosition = lastNewlinePos + 1;
// read text and run regex to find ip addresses to ban
string subString = Encoding.UTF8.GetString(bytes);
string[] lines = subString.Split('\n');
string ipAddress = null;
string userName = null;
bool foundOne = false;
// find ip and user name from all lines
foreach (string line in lines)
{
IPBanLog.Write(LogLevel.Debug, "Parsing log file line {0}...", line);
bool foundMatch = IPBanService.GetIPAddressAndUserNameFromRegex(Regex, line.Trim(), ref ipAddress, ref userName);
if (foundMatch)
{
IPBanLog.Write(LogLevel.Debug, "Found match, ip: {0}, user: {1}", ipAddress, userName);
service.AddFailedLogin(ipAddress, Source, userName);
foundOne = true;
}
else
{
IPBanLog.Write(LogLevel.Debug, "No match!");
}
}
if (foundOne)
{
// signal that we have found ip addresses
ipEvent.Set();
}
}
return(maxFileSize > 0 && fs.Length > maxFileSize);
}
