/// <summary> /// handles and analyzes the received log message. /// </summary> /// <param name="logMessage"></param> public void HandleLog(LogMessage logMessage) { if (LogMatchHelper.DoesMatch(_logMessage, logMessage)) { var originalMessage = _monitoredLogMessages.FirstOrDefault(lm => LogMatchHelper.IsTheSameMessage(lm, logMessage)); if (originalMessage != null) { AnalyzerResultEventArgs eventArgs = new AnalyzerResultEventArgs { RuleID = RuleID, AnalysisParameters = new Dictionary <string, string> { { "Original Date Time:", originalMessage.DateTime.ToString() } }, Messages = new LogMessage[] { logMessage } }; OnAnalyzerResult.Invoke(this, eventArgs); } else { if (_monitoredLogMessages.Count < _duplicateDetectionRule.MaximumNumberOfMonitoredMessages) { _monitoredLogMessages.Add(logMessage); } } } }
public void HandleLog(LogMessage logMessage) { if (LogMatchHelper.DoesMatch(_logMessageConfig, logMessage)) { _monitoringTimer.Stop(); _monitoringTimer.Start(); } }
/// <summary> /// handles and analyzes the received log message. /// </summary> /// <param name="logMessage"></param> public void HandleLog(LogMessage logMessage) { bool doesMatchLogsMessages = _logMessages.Any(lm => LogMatchHelper.DoesMatch(lm, logMessage)); if (doesMatchLogsMessages) { AnalyzerResultEventArgs analyzerResultEventArgs = new AnalyzerResultEventArgs { Messages = new LogMessage[] { logMessage } }; analyzerResultEventArgs.RuleID = RuleID; OnAnalyzerResult.Invoke(this, analyzerResultEventArgs); } }
/// <summary> /// handles and analyzes the received log message. /// </summary> /// <param name="logMessage"></param> public void HandleLog(LogMessage logMessage) { if (LogMatchHelper.DoesMatch(_logMessage, logMessage)) { _messageCountWithinLastInterval++; _totalMessagesCount++; AnalyzerResultEventArgs eventArgs = new AnalyzerResultEventArgs { RuleID = RuleID, Messages = new LogMessage[] { logMessage } }; OnAnalyzerResult?.Invoke(this, eventArgs); } }
/// <summary> /// handles and analyzes the received log message. /// </summary> /// <param name="logMessage"></param> public void HandleLog(LogMessage logMessage) { bool match = false; // check if the log message matches the next message configuration in the sequence if (LogMatchHelper.DoesMatch(sortedLogsMessages[_nextExpectedLogIndex], logMessage)) { match = true; } // check if the message matches the first one, if yes check the sequence again from the start else if (LogMatchHelper.DoesMatch(sortedLogsMessages[0], logMessage)) { _nextExpectedLogIndex = 0; match = true; } if (match) { _sequenceMessages.Add(logMessage); if (_nextExpectedLogIndex < sortedLogsMessages.Length - 1) { _nextExpectedLogIndex++; } else // if the last message in the sequence is received. { _nextExpectedLogIndex = 0; AnalyzerResultEventArgs eventArgs = new AnalyzerResultEventArgs { RuleID = RuleID, Messages = _sequenceMessages.Select(lm => lm.Copy()).ToArray() }; OnAnalyzerResult.Invoke(this, eventArgs); _sequenceMessages.Clear(); } } }
/// <summary> /// handles and analyzes the received log message. /// </summary> /// <param name="logMessage"></param> public void HandleLog(LogMessage logMessage) { if (LogMatchHelper.DoesMatch(sortedLogsMessages[_nextExpectedLogIndex], logMessage)) { if (_nextExpectedLogIndex < sortedLogsMessages.Length - 1) { _nextExpectedLogIndex++; } else { _nextExpectedLogIndex = 0; } } else if (_nextExpectedLogIndex > 0 && DoesMatchPreviousLog(logMessage)) { AnalyzerResultEventArgs eventArgs = new AnalyzerResultEventArgs { RuleID = RuleID }; OnAnalyzerResult?.Invoke(this, eventArgs); } }
/// <summary> /// handles and analyzes the received log message. /// </summary> /// <param name="logMessage"></param> public void HandleLog(LogMessage logMessage) { if (!_isFirstMessageReceived) { if (LogMatchHelper.DoesMatch(_firstMessageConfig, logMessage)) { _firstMessageDateTime = DateTime.Now; _isFirstMessageReceived = true; _firstMessage = logMessage; } } else { bool doesMathSecondMessage = LogMatchHelper.DoesMatch(_secondMessageConfig, logMessage); if (doesMathSecondMessage) { AnalyzerResultEventArgs eventArgs = new AnalyzerResultEventArgs { RuleID = RuleID, AnalysisParameters = new Dictionary <string, string> { { "Time Difference", DateTime.Now.Subtract(_firstMessageDateTime).TotalMilliseconds.ToString() } }, Messages = new LogMessage[] { _firstMessage, logMessage } }; OnAnalyzerResult.Invoke(this, eventArgs); _isFirstMessageReceived = false; } } }
private bool DoesMatchPreviousLog(LogMessage logMessage) { return(sortedLogsMessages.Take(_nextExpectedLogIndex).Any(lm => LogMatchHelper.DoesMatch(lm, logMessage))); }
/// <summary> /// handles and analyzes the received log message. /// </summary> /// <param name="logMessage"></param> public void HandleLog(LogMessage logMessage) { if ((logMessage.Parameters?.Any(par => par.Key == _aggregateFunctionRule.ParamName) ?? false || _aggregateFunctionRule.AggregateFunction == AggregateFunctions.Count) && LogMatchHelper.DoesMatch(_logMessage, logMessage)) { _messagesCount++; SetAggregatedValue(logMessage.Parameters.FirstOrDefault(par => par.Key == _aggregateFunctionRule.ParamName).Value); AnalyzerResultEventArgs eventArgs = new AnalyzerResultEventArgs { RuleID = RuleID, AnalysisParameters = new Dictionary <string, string> { { "Value", _aggregatedValue.ToString() } }, Messages = new LogMessage[] { logMessage } }; if (DoessPassConditions(_aggregatedValue, "Value")) { OnAnalyzerResult.Invoke(this, eventArgs); } } }