protected void SendToSyslog(SyslogMessage message, ISyslogMessageSerializer serializer)
{
int priority = CalculatePriorityValue(message.Facility, message.Severity);
serializer = EnsureValidSerializer(serializer);
byte[] data = serializer.Serialize(message);
syslog(priority, "%s", data);
}
public void Send(IEnumerable <SyslogMessage> messages, ISyslogMessageSerializer serializer)
{
// Slightly tricky, since we need to get the appName out of the first message before
// looping, so we can't just use foreach(). Using an explicit iterator works, though.
IntPtr ident = IntPtr.Zero;
using (IEnumerator <SyslogMessage> iterator = messages.GetEnumerator())
{
try
{
if (iterator.MoveNext())
{
SyslogMessage message = iterator.Current;
ident = MarshalIdent(message.AppName);
openlog(ident, (int)SyslogOptions.LogPid, CalculatePriorityValue(message.Facility, 0));
SendToSyslog(message, serializer);
}
while (iterator.MoveNext())
{
SendToSyslog(iterator.Current, serializer);
}
}
finally
{
closelog();
DisposeOfIdent(ident);
}
}
}
public static void Main(string[] args)
{
try
{
var options = new Options();
if (new CommandLineParser().ParseArguments(args, options))
{
// string exceptionMessage = CreateExceptionMessageLevel1();
ISyslogMessageSerializer serializer = options.SyslogVersion == "5424"
? (ISyslogMessageSerializer) new SyslogRfc5424MessageSerializer()
: new SyslogRfc3164MessageSerializer();
ISyslogMessageSender sender = options.NetworkProtocol == "tcp"
? (ISyslogMessageSender) new SyslogEncryptedTcpSender(options.SyslogServerHostname, options.SyslogServerPort)
: new SyslogUdpSender(options.SyslogServerHostname, options.SyslogServerPort);
SyslogMessage msg1 = CreateSyslogMessage(options);
sender.Send(msg1, serializer);
Console.WriteLine("Sent message 1");
Thread.Sleep(5000);
SyslogMessage msg2 = CreateSyslogMessage(options);
sender.Send(msg2, serializer);
Console.WriteLine("Sent message 2");
}
}
catch (Exception ex)
{
Console.WriteLine("ERROR: " + ex);
}
}
private static void Server_MessageReceived(object sender, MessageReceivedArgs e)
{
var receivedData = Encoding.ASCII.GetString(e.Data, 0, e.Data.Length);
var msg = SyslogMessage.Parse(e.IPEndPoint, receivedData);
Console.WriteLine(msg.ToString());
}
public void TestWritingToQueuingWriter()
{
var msg = new SyslogMessage
{
Facility = SyslogFacility.ClockDaemon1,
Severity = SyslogSeverity.Alert
};
var mockRepo = new MockRepository(MockBehavior.Strict);
Mock <ISyslogMessageWriter> syslogMessageWriterMock = mockRepo.Create <ISyslogMessageWriter>();
using (AutoResetEvent evt = new AutoResetEvent(false))
{
syslogMessageWriterMock.Setup(w => w.Write(msg)).Callback(() =>
{
// ReSharper disable once AccessToDisposedClosure
evt.Set( );
});
var queuingWriter = new SyslogQueueingMessageWriter(syslogMessageWriterMock.Object, 2);
queuingWriter.Write(msg);
evt.WaitOne(3000);
}
mockRepo.VerifyAll();
}
/// <summary>
/// Parses the <see cref="SyslogMessage"/> into its individual data fields.
/// </summary>
/// <param name="message">The <see cref="SyslogMessage"/> to process.</param>
/// <returns>Returns a string array of the parsed fields. Returns <see cref="null"/> if there is an error processing the messages.</returns>
string[] IParser.Parse(SyslogMessage message)
{
if (message == null || message.Message == null)
{
return(null);
}
string[] msgParts = message.Message.Split(' ');
string[] msg = null;
if (msgParts.Length >= 26)
{
msg = new string[18];
msg[0] = message.Timestamp.ToString(); //MsgDateTime
msg[1] = msgParts[3]; //SourceIP
msg[2] = msgParts[4]; //DestIP
msg[3] = msgParts[5]; //ContentType
msg[4] = msgParts[7]; //URL
msg[5] = msgParts[10]; //Action
msg[6] = msgParts[11]; //Reason
msg[7] = msgParts[13]; //FormatVersion
msg[8] = msgParts[14]; //MatchFlag
msg[9] = msgParts[15]; //TQFlag
msg[10] = msgParts[16]; //ActionType
msg[11] = msgParts[17]; //SrcType
//SrcDetail
int srcDetailPartsCount;
if (msgParts[18].Contains("(") && msgParts[18].Contains(")"))
{
srcDetailPartsCount = 0;
msg[12] = msgParts[18].Replace("(", string.Empty).Replace(")", string.Empty);
}
else
{
srcDetailPartsCount = -1;
do
{
srcDetailPartsCount++;
msg[12] += msgParts[18 + srcDetailPartsCount] + " ";
} while (!msgParts[18 + srcDetailPartsCount].Contains(")"));
msg[12] = msg[12].TrimEnd(' ');
msg[12] = msg[12].Replace("(", string.Empty).Replace(")", string.Empty);
msg[12] = msg[12].Substring(msg[12].IndexOf(':') + 1,
msg[12].Length - 1 - msg[12].IndexOf(':'));
}
msg[13] = msgParts[19 + srcDetailPartsCount]; //DestType
msg[14] = msgParts[21 + srcDetailPartsCount]; //SpyType
msg[15] = msgParts[24 + srcDetailPartsCount]; //MatchedPart
msg[16] = msgParts[25 + srcDetailPartsCount]; //MatchedCategory
//UserInfo
msg[17] = msgParts[26 + srcDetailPartsCount].Substring(msgParts[26 + srcDetailPartsCount].IndexOf(':') + 1,
msgParts[26 + srcDetailPartsCount].Length - 1 - msgParts[26 + srcDetailPartsCount].IndexOf(':') - 1);
}
return(msg);
}
static void SendMessage(EventRecordWrittenEventArgs e)
{
lock (monitor)
{
try {
String message = e.EventRecord.ToXml();
ISyslogMessageSerializer serializer = (ISyslogMessageSerializer) new SyslogRfc5424MessageSerializer();
//: options.SyslogVersion == "3164"
// ? (ISyslogMessageSerializer)new SyslogRfc3164MessageSerializer()
// : (ISyslogMessageSerializer)new SyslogLocalMessageSerializer();
SyslogMessage msg1 = CreateSyslogMessage(e);
// System.Diagnostics.Trace.WriteLine(e.EventRecord.ToXml());
Console.WriteLine("New Event " + e.EventRecord.Id + "\n");
//msg1=
if (client == null)
{
client = (ISyslogMessageSender) new SyslogTcpSender(syslogServerHostname, port);
}
client.Send(msg1, serializer);
}
catch (Exception ex)
{
// monitor = "0";
Console.WriteLine("Eroare 10 " + ex.Message);
}
}
}
bool IFilter.IsMatch(SyslogMessage message)
{
SyslogAttributes attrs = message.GetAdvancedAttributes();
if (Host != null)
{
if (Host != (message.Host ?? string.Empty))
{
return(false);
}
}
if (Process != null)
{
if (Process != (message.ProcessID ?? string.Empty))
{
return(false);
}
}
if (Logger != null)
{
if (Logger != (attrs.LogName ?? string.Empty))
{
return(false);
}
}
if (Module != null)
{
if (Module != (attrs.ModuleName ?? string.Empty))
{
return(false);
}
}
if (Class != null)
{
if (Class != (attrs.ClassName ?? string.Empty))
{
return(false);
}
}
if (Method != null)
{
if (Method != (attrs.MethodName ?? string.Empty))
{
return(false);
}
}
if (FfdaOnly)
{
return((message.MessageId == "FFDA" && message.Severity == SyslogSeverity.Info) ||
(message.MessageId == "HEARTBEAT" && message.Severity == SyslogSeverity.Debug));
}
return(true);
}
// syslog 형식에 맞춰서 메시지를 만든 후 udp로 asyncronous 하게 전송
public static async void portableSyslogUdpSend(String host, int port, String msg)
{
var process = Process.GetCurrentProcess();
SyslogRfc5424MessageSerializer syslogRfc5424MessageSerializerUtf8 = new SyslogRfc5424MessageSerializer(Encoding.UTF8);
// making syslog(rfc5424, rfc3164) message format
var message = new SyslogMessage(DateTime.Now,
facility: Facility.UserLevelMessages,
severity: Severity.Debug,
hostName: process.MachineName,
procId: process.Id.ToString(),
appName: process.ProcessName,
msgId: "hyundai motors security log",
message: msg);
try
{
// asynchronous communication because of performance
using (var sender = new AsyncSyslogUdpSender(host, port))
{
await sender.ConnectAsync();
await sender.SendAsync(message, syslogRfc5424MessageSerializerUtf8);
await sender.DisconnectAsync();
}
}
catch (Exception e)
{
_localLog.WriteEntry("upd send error : " + e.ToString(), EventLogEntryType.Error);
}
}
protected void Send(SyslogMessage message, ISyslogMessageSerializer serializer, bool flush = true)
{
if (transportStream == null)
{
throw new System.IO.IOException("No transport stream exists");
}
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream())
{
byte[] datagramBytes = serializer.Serialize(message);
if (messageTransfer.Equals(MessageTransfer.OctetCounting))
{
byte[] messageLength = System.Text.Encoding.ASCII.GetBytes(datagramBytes.Length.ToString(System.Globalization.CultureInfo.InvariantCulture));
memoryStream.Write(messageLength, 0, messageLength.Length);
memoryStream.WriteByte(32); // Space
}
memoryStream.Write(datagramBytes, 0, datagramBytes.Length);
if (messageTransfer.Equals(MessageTransfer.NonTransparentFraming))
{
memoryStream.WriteByte(trailer); // LF
}
transportStream.Write(memoryStream.GetBuffer(), 0, (int)memoryStream.Length);
}
if (flush && !(transportStream is System.Net.Sockets.NetworkStream))
{
transportStream.Flush();
}
}
protected override void OnMessageReceived(SyslogMessage message)
{
if (OnServerMessageReceived != null)
{
OnServerMessageReceived(message);
}
}
protected void Send(SyslogMessage message, ISyslogMessageSerializer serializer, bool flush = true)
{
if (transportStream == null)
{
throw new IOException("No transport stream exists");
}
var datagramBytes = serializer.Serialize(message);
if (messageTransfer.Equals(MessageTransfer.OctetCounting))
{
byte[] messageLength = Encoding.ASCII.GetBytes(datagramBytes.Length.ToString());
transportStream.Write(messageLength, 0, messageLength.Length);
transportStream.WriteByte(32); // Space
}
transportStream.Write(datagramBytes, 0, datagramBytes.Length);
if (messageTransfer.Equals(MessageTransfer.NonTransparentFraming))
{
transportStream.WriteByte(trailer); // LF
}
if (flush && !(transportStream is NetworkStream))
{
transportStream.Flush();
}
}
public string[] Parse(SyslogMessage message)
{
Trace.WriteLine("Parsing message");
lock (typeRegex)
{
if (message == null || String.IsNullOrWhiteSpace(message.Message))
{
Trace.WriteLine("Empty message");
return(null);
}
// Is this an interesting message?
if (!typeRegex.IsMatch(message.Message) || !subtypeRegex.IsMatch(message.Message))
{
Trace.WriteLine("Message rejected - no regex match");
return(null);
}
// Get the bits we want
string[] result = new string[5];
result[0] = message.Timestamp.ToString("yyyy-MM-dd HH:mm:ss");
result[1] = srcRegex.Match(message.Message).Groups[1].Value;
result[2] = dstRegex.Match(message.Message).Groups[1].Value;
result[3] = sentRegex.Match(message.Message).Groups[1].Value;
result[4] = rcvdRegex.Match(message.Message).Groups[1].Value;
Trace.WriteLine("Message parsed");
return(result);
}
}
public void SubmitMessageTest()
{
using (SyslogTlsReceiver receiver = new SyslogTlsReceiver {
Port = 7614, Log = new SimpleLogImpl(new NullCollector())
})
{
receiver.MessageReceived += (sender, e) => _messageReceived.Set();
receiver.Start();
using (SyslogTlsCollector target = new SyslogTlsCollector
{
Configuration =
new Dictionary <string, string> {
{ "host", "localhost" }, { "port", "7614" }
}
})
{
SyslogMessage message = new SyslogMessage("localhost", SyslogFacility.Local0, SyslogSeverity.Critical,
"Hello log!");
((ILogCollector)target).SubmitMessage(message);
if (!_messageReceived.WaitOne(5000))
{
Assert.Fail("Waiting too much...");
}
}
}
}
public SyslogMessage Parse(string text)
{
if (text == null)
{
return(null);
}
SyslogMessage result = new SyslogMessage();
Regex rfc3164 = new Regex("^" + RFC3164Format + "$", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.IgnorePatternWhitespace);
Regex rfc5424 = new Regex("^" + RFC5424Format + "$", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.IgnorePatternWhitespace);
text = text.Trim();
Match m = rfc3164.Match(text);
if (m.Success)
{
GetRFC3164Results(result, m);
return(result);
}
else
{
m = rfc5424.Match(text);
if (m.Success)
{
GetRFC5424Results(result, m);
return(result);
}
}
return(null);
}
private void t2_thread_Client(object Logbus)
{
try
{
ILogBus ctrl = Logbus as ILogBus;
ctrl.CreateChannel("simple", "Simple", new TrueFilter(), "Very simple channel", 0);
Dictionary <string, string> input;
input = new Dictionary <string, string>();
IEnumerable <KeyValuePair <string, string> > output;
input.Add("ip", "127.0.0.1");
input.Add("port", t2_client_port.ToString());
string clientid = ctrl.SubscribeClient("simple", "udp", input, out output);
TestContext.WriteLine("Client ID obtained by logbus: {0}", clientid);
//Go ahead and send
t2_step1.Set();
//Only 6 messages expected
IPEndPoint remote_ep = new IPEndPoint(IPAddress.Any, 0);
using (UdpClient client = new UdpClient(t2_client_port))
{
byte[] payload = client.Receive(ref remote_ep);
TestContext.WriteLine("Time occurred for a message to traverse the bus: {0} milliseconds", (DateTime.Now - t2_start).TotalMilliseconds.ToString(CultureInfo.CurrentUICulture));
SyslogMessage msg = SyslogMessage.Parse(payload);
}
ctrl.UnsubscribeClient(clientid);
t2_finish.Set();
}
catch (Exception ex) { Assert.Fail("Test failed: {0}", ex); }
}
private void t1_thread_Client(object Logbus)
{
try
{
ILogBus ctrl = Logbus as ILogBus;
ctrl.CreateChannel("simple", "Simple", new TrueFilter(), "Very simple channel", 0);
Dictionary <string, string> input;
input = new Dictionary <string, string>();
IEnumerable <KeyValuePair <string, string> > output;
input.Add("ip", "127.0.0.1");
input.Add("port", t1_client_port.ToString());
string clientid = ctrl.SubscribeClient("simple", "udp", input, out output);
TestContext.WriteLine("Client ID obtained by logbus: {0}", clientid);
//Go ahead and send
t1_step1.Set();
//Only 6 messages expected
IPEndPoint remote_ep = new IPEndPoint(IPAddress.Any, 0);
using (UdpClient client = new UdpClient(t1_client_port))
for (int i = 0; i < 5; i++)
{
byte[] payload = client.Receive(ref remote_ep);
SyslogMessage msg = SyslogMessage.Parse(payload);
Assert.AreEqual(SyslogFacility.Audit, msg.Facility);
}
ctrl.UnsubscribeClient(clientid);
t1_finish.Set();
}
catch (Exception ex) { Assert.Fail("Test failed: {0}", ex); }
}
/// <summary>
/// Implements ILogCollector.SubmitMessage
/// </summary>
public void SubmitMessage(SyslogMessage message)
{
if (MessageReceived != null)
{
MessageReceived(this, new SyslogMessageEventArgs(message));
}
}
[Test] public void MessageLength()
{
string host = "localhost";
string message = new string('x', 2048);
SyslogMessage m = new SyslogMessage(host, message);
Assert.AreEqual(1024, m.ToString().Length, "Max message Length");
}
private void thread_Client(object Logbus)
{
try
{
ILogBus ctrl = Logbus as ILogBus;
ctrl.CreateChannel("simple", "Simple", new TrueFilter(), "Very simple channel", 0);
Dictionary <string, string> input;
input = new Dictionary <string, string>();
IEnumerable <KeyValuePair <string, string> > output;
input.Add("ip", "127.0.0.1");
input.Add("port", MONITOR_PORT.ToString());
string clientid = ctrl.SubscribeClient("simple", "udp", input, out output);
TestContext.WriteLine("Client ID obtained by logbus: {0}", clientid);
//Go ahead and send
step1.Set();
IPEndPoint remote_ep = new IPEndPoint(IPAddress.Any, 0);
using (UdpClient client = new UdpClient(MONITOR_PORT))
{
byte[] payload = client.Receive(ref remote_ep);
SyslogMessage msg = SyslogMessage.Parse(payload);
TestContext.WriteLine("Message1: {0}", msg);
payload = client.Receive(ref remote_ep);
msg = SyslogMessage.Parse(payload);
TestContext.WriteLine("Message2: {0}", msg);
}
ctrl.UnsubscribeClient(clientid);
finish.Set();
}
catch (Exception ex) { Assert.Fail("Test failed: {0}", ex); }
}
public string[] Parse(SyslogMessage message)
{
lock (colMatchers)
{
if (message == null || String.IsNullOrWhiteSpace(message.Message))
{
return(null);
}
// Is this an interesting message?
if (acceptRegex != null && !acceptRegex.IsMatch(message.Message))
{
return(null);
}
// Date is always column 0
string[] result = new string[] { message.Timestamp.ToUniversalTime().ToString("yyyy-MM-DD hh:mm:ss") };
// Get the bits we want
result = result.Concat(
colMatchers.Select(regex =>
{
Match match = regex.Match(message.Message);
return(match != null ? match.Value : null);
}
)).ToArray();
return(result);
}
}
private static void UsingSyslog()
{
var payload = new LogEntity
{
IntField = 7,
LongField = 1200400,
StringField = "Connection error with endpoint",
};
ISyslogMessageSender sender = new SyslogUdpSender(syslogAddress, syslogPort);
ISyslogMessageSerializer serializer = new SyslogRfc5424MessageSerializer();
var msg = new SyslogMessage(
DateTimeOffset.Now, //DatetimeOffset
Facility.UserLevelMessages, //Facility
Severity.Debug, //Severity
Environment.MachineName, //HostName
"Open", //Appname
"0", //ProcId
"0", //MsgId
JsonConvert.SerializeObject(payload) //Message
);
for (int counter = 0; counter < 1; counter++)
{
sender.Send(msg, new SyslogRfc5424MessageSerializer());
}
}
void ILogCollector.SubmitMessage(SyslogMessage message)
{
if (_disposed)
{
throw new ObjectDisposedException(GetType().FullName);
}
_queue.Enqueue(message);
if (!_configured)
{
if (string.IsNullOrEmpty(_host))
{
throw new InvalidOperationException("Unable to use SyslogTlsCollector without host name");
}
else
{
lock (this)
if (!_configured)
{
_deliveryThread.Start();
_configured = true;
}
}
}
}
void ILogCollector.SubmitMessage(SyslogMessage message)
{
using (StreamWriter sw = new StreamWriter(File.Open(_absoluteFilePath, FileMode.Append, FileAccess.Write, FileShare.Write)))
{
sw.WriteLine(message.ToRfc5424String());
}
}
/// <summary>
/// Heartbeat callback
/// </summary>
/// <param name="state"></param>
private void HeartbeatCallback(object state)
{
try
{
if (Collector != null)
{
String host = Environment.MachineName;
String procid = Process.GetCurrentProcess().Id.ToString(CultureInfo.InvariantCulture);
String appname = Process.GetCurrentProcess().ProcessName;
SyslogMessage msg = new SyslogMessage(host, Facility, SyslogSeverity.Debug, null)
{
ProcessID = procid,
ApplicationName = appname,
MessageId = "HEARTBEAT"
};
PreProcessMessage(msg);
msg.Data.Remove("origin");
msg.Data.Remove("timeQuality");
if (msg.Data["meta"].ContainsKey("syUpTime"))
{
msg.Data["meta"].Remove("sysUpTime");
}
Collector.SubmitMessage(msg);
}
}
catch
{
}
}
protected void Send(SyslogMessage message, ISyslogMessageSerializer serializer, bool flush = true)
{
if(transportStream == null)
{
throw new IOException("No transport stream exists");
}
var datagramBytes = serializer.Serialize(message);
if (messageTransfer.Equals(MessageTransfer.OctetCounting))
{
byte[] messageLength = Encoding.ASCII.GetBytes(datagramBytes.Length.ToString());
transportStream.Write(messageLength, 0, messageLength.Length);
transportStream.WriteByte(32); // Space
}
transportStream.Write(datagramBytes, 0, datagramBytes.Length);
if (messageTransfer.Equals(MessageTransfer.NonTransparentFraming))
{
transportStream.WriteByte(trailer); // LF
}
if (flush && !(transportStream is NetworkStream))
transportStream.Flush();
}
public void Serialize(SyslogMessage message, System.IO.Stream stream)
{
int priorityValue = CalculatePriorityValue(message.Facility, message.Severity);
string timestamp = null;
if (message.DateTimeOffset.HasValue)
{
System.DateTimeOffset dt = message.DateTimeOffset.Value;
string day = dt.Day < 10 ? " " + dt.Day.ToString(System.Globalization.CultureInfo.InvariantCulture) : dt.Day.ToString(System.Globalization.CultureInfo.InvariantCulture); // Yes, this is stupid but it's in the spec
timestamp = string.Concat(dt.ToString("MMM' '", System.Globalization.CultureInfo.InvariantCulture), day, dt.ToString("' 'HH':'mm':'ss", System.Globalization.CultureInfo.InvariantCulture));
}
System.Text.StringBuilder headerBuilder = new System.Text.StringBuilder();
headerBuilder.Append("<").Append(priorityValue).Append(">");
headerBuilder.Append(timestamp).Append(" ");
headerBuilder.Append(message.HostName).Append(" ");
headerBuilder.Append(message.AppName.IfNotNullOrWhitespace(x => x.EnsureMaxLength(32) + ":"));
if (!this.m_useUtf8)
{
headerBuilder.Append(message.Message ?? "");
}
byte[] asciiBytes = System.Text.Encoding.ASCII.GetBytes(headerBuilder.ToString());
stream.Write(asciiBytes, 0, asciiBytes.Length);
if (this.m_useUtf8)
{
stream.Write(System.Text.Encoding.UTF8.GetPreamble(), 0, System.Text.Encoding.UTF8.GetPreamble().Length);
asciiBytes = System.Text.Encoding.UTF8.GetBytes(message.Message ?? "");
stream.Write(asciiBytes, 0, asciiBytes.Length);
}
}
/// <summary>
/// Send event to Syslog
/// </summary>
/// <returns></returns>
public bool SendLog(string _server, string _port, string msg)
{
Options options = new Options();
options.SyslogServerHostname = _server;
options.SyslogServerPort = Convert.ToInt32(_port);
options.Message = msg;
options.NetworkProtocol = "tcp";
try
{
ISyslogMessageSerializer serializer = (ISyslogMessageSerializer) new SyslogRfc5424MessageSerializer();
ISyslogMessageSender sender = (ISyslogMessageSender) new SyslogTcpSender(options.SyslogServerHostname, options.SyslogServerPort, true);
SyslogMessage msg1 = CreateSyslogMessage(options);
File.AppendAllText("C:\\Jakkl_log.txt", msg1.Facility.ToString() + msg1.Severity.ToString());
sender.Send(msg1, serializer);
return(true);
}
catch (Exception e)
{
Debug.WriteLine("ArgumentNullException: {0}", e);
File.AppendAllText("C:\\Jakkl_log.txt", e.Message);
return(false);
}
}
public void IsMatchTest()
{
PropertyFilter target = new PropertyFilter();
SyslogMessage message = new SyslogMessage
{
Facility = SyslogFacility.Internally,
Severity = SyslogSeverity.Error,
Text = "FFDA WOW!"
};
target.value = "Internally";
target.propertyName = Property.Facility;
target.comparison = ComparisonOperator.eq;
bool expected = true;
bool actual;
actual = target.IsMatch(message);
Assert.AreEqual(expected, actual);
target.value = "Alert";
target.propertyName = Property.Severity;
target.comparison = ComparisonOperator.neq;
expected = true;
actual = target.IsMatch(message);
Assert.AreEqual(expected, actual);
}
private void Log(SyslogMessage message)
{
foreach (var device in Devices.Where(device => device.IsOpened))
{
device.Broadcast(message);
}
}
public void Serialize(SyslogMessage message, Stream stream)
{
var priorityValue = CalculatePriorityValue(message.Facility, message.Severity);
string timestamp = null;
if (message.DateTimeOffset.HasValue)
{
var dt = message.DateTimeOffset.Value;
var day = dt.Day < 10
? " " + dt.Day
: dt.Day.ToString(); // Yes, this is stupid but it's in the spec
timestamp = string.Concat(dt.ToString("MMM ", CultureInfo.InvariantCulture), day, dt.ToString(" HH:mm:ss"));
}
var headerBuilder = new StringBuilder();
headerBuilder.Append("<")
.Append(priorityValue)
.Append(">");
headerBuilder.Append(timestamp)
.Append(" ");
headerBuilder.Append(message.HostName)
.Append(" ");
headerBuilder.Append(message.AppName.IfNotNullOrWhitespace(x => x.EnsureMaxLength(32) + ":"));
headerBuilder.Append(message.Message ?? "");
var asciiBytes = Encoding.UTF8.GetBytes(headerBuilder.ToString());
stream.Write(asciiBytes, 0, asciiBytes.Length);
}
private void RunnerLoop()
{
IPEndPoint remoteEndpoint = new IPEndPoint(IPAddress.Any, 0);
while (true)
{
try
{
byte[] payload = _client.Receive(ref remoteEndpoint);
try
{
SyslogMessage newMessage = SyslogMessage.Parse(payload);
OnMessageReceived(new SyslogMessageEventArgs(newMessage));
}
catch (FormatException)
{
//Skip
}
}
catch (SocketException)
{
//We are closing, or an I/O error occurred
//if (Stopped) //Yes, we are closing
return;
}
catch (Exception)
{
} //Really do nothing? Shouldn't we stop the service?
}
}
/// <summary>
/// Writes the specified audit log entry.
/// </summary>
/// <param name="entryData">The entry data.</param>
/// <exception cref="System.ArgumentNullException">entryData</exception>
public void Write(IAuditLogEntryData entryData)
{
if (entryData == null)
{
throw new ArgumentNullException(nameof(entryData));
}
using (new SecurityBypassContext())
{
var syslogMessage = new SyslogMessage
{
Facility = SyslogFacility.LogAudit,
Severity = ConvertToSyslogSeverity(entryData.SeverityEnum),
Timestamp = new DateTimeOffset(entryData.CreatedDate),
HostName = _hostName,
AppName = _applicationName,
ProcId = _processName,
MsgId = entryData.AuditLogEntryMetadata.MessageId
};
syslogMessage.StructuredDataElements.Add(CreateBaseMsgData(entryData));
syslogMessage.StructuredDataElements.Add(CreateSpecificMsgData(entryData));
syslogMessage.StructuredDataElements.Add(CreateSystemInfoData());
syslogMessage.StructuredDataElements.Add(CreateOriginData(_ipHostEntry));
_syslogMessageWriter.Write(syslogMessage);
}
}
[Test] public void SendMessage()
{
SyslogMessage msg = new SyslogMessage("localhost", "testing");
SyslogUdpClient cl = new SyslogUdpClient();
cl.Connect(IPAddress.Loopback);
cl.Send(msg);
cl.Close();
}
public void Serialize(SyslogMessage message, Stream stream)
{
// Local syslog serialization only cares about the Message string
if (!String.IsNullOrWhiteSpace(message.Message))
{
byte[] streamBytes = Encoding.GetBytes(message.Message);
stream.Write(streamBytes, 0, streamBytes.Length);
}
}
public void SendMessageUsing()
{
SyslogMessage msg = new SyslogMessage("localhost", "testing");
using (SyslogUdpClient cl = new SyslogUdpClient())
{
cl.Connect(IPAddress.Loopback);
cl.Send(msg);
}
}
/// <summary>
/// Raise the OnMessageReceived method.
/// </summary>
/// <param name="message">The <see cref="SyslogMessage"/> used with the event.</param>
public void FireMessageReceived(SyslogMessage message)
{
try
{
OnMessageReceived(message);
}
catch (Exception ex)
{
EventLogger.LogEvent("Could not fire OnMessageReceived because: " + ex.Message,
System.Diagnostics.EventLogEntryType.Warning);
}
}
public static string Serialize(this SyslogRfc5424MessageSerializer serializer, SyslogMessage message)
{
using (var stream = new MemoryStream())
{
serializer.Serialize(message, stream);
stream.Flush();
stream.Position = 0;
using (var reader = new StreamReader(stream, Encoding.UTF8))
return reader.ReadLine();
}
}
[Test] public void Construction()
{
string host = "localhost";
string message = "test message!";
SyslogMessage m = new SyslogMessage(host, message);
Assert.AreEqual(m.LocalHost, host, "Hostnames differ");
Assert.AreEqual(m.Message, message, "Messages differ");
Assert.AreEqual(SyslogMessage.SeverityCode.Notice, m.Severity,
"Default severity incorrect");
Assert.AreEqual(SyslogMessage.FacilityCode.UserLevel, m.Facility,
"Default facility incorrect");
}
public static byte[] Serialize(this ISyslogMessageSerializer serializer, SyslogMessage message)
{
byte[] datagramBytes;
using (var stream = new MemoryStream())
{
serializer.Serialize(message, stream);
stream.Position = 0;
datagramBytes = new byte[stream.Length];
stream.Read(datagramBytes, 0, (int)stream.Length);
}
return datagramBytes;
}
public void Send(SyslogMessage message, ISyslogMessageSerializer serializer)
{
IntPtr ident = IntPtr.Zero;
try
{
ident = MarshalIdent(message.AppName);
openlog(ident, (int)SyslogOptions.LogPid, CalculatePriorityValue(message.Facility, 0));
SendToSyslog(message, serializer);
}
finally
{
closelog();
DisposeOfIdent(ident);
}
}
[Test] public void StringConversion()
{
string host = "localhost";
string message = "test message!";
DateTime time1 = new DateTime(2000,12,1,16,12,15,0);
SyslogMessage m1 = new SyslogMessage(host, message, SyslogMessage.FacilityCode.UserLevel,
SyslogMessage.SeverityCode.Notice, time1);
Assert.AreEqual("<13>Dec 1 16:12:15 localhost test message!", m1.ToString(),
"String conversion");
DateTime time2 = new DateTime(2000,12,25,16,12,15,0);
SyslogMessage m2 = new SyslogMessage(host, message, SyslogMessage.FacilityCode.UserLevel,
SyslogMessage.SeverityCode.Notice, time2);
Assert.AreEqual("<13>Dec 25 16:12:15 localhost test message!", m2.ToString(),
"String conversion");
}
/// <summary>
/// Raises the <see cref="MessageReceivedCallback"/> event for all subscribers
/// </summary>
/// <param name="message">The syslog message to use when raising the event.</param>
public static void FireNewMessageReceived(SyslogMessage message)
{
if (_eventSubscribers != null)
{
try
{
_eventSubscribers(message);
}
catch (System.Runtime.Remoting.RemotingException)
{
//Traps an exception when the client IPC channel has been closed
//and pending events were still being written to the channel
}
catch (Exception ex)
{
EventLogger.LogEvent("Could not send new messages to IPC subscribers because: " + ex.Message,
System.Diagnostics.EventLogEntryType.Warning);
}
}
}
public void Serialize(SyslogMessage message, Stream stream)
{
var priorityValue = CalculatePriorityValue(message.Facility, message.Severity);
string timestamp = null;
if (message.DateTimeOffset.HasValue)
{
var dt = message.DateTimeOffset.Value;
var day = dt.Day < 10 ? " " + dt.Day : dt.Day.ToString(); // Yes, this is stupid but it's in the spec
timestamp = String.Concat(dt.ToString("MMM "), day, dt.ToString(" HH:mm:ss"));
}
var headerBuilder = new StringBuilder();
headerBuilder.Append("<").Append(priorityValue).Append(">");
headerBuilder.Append(timestamp).Append(" ");
headerBuilder.Append(message.HostName).Append(" ");
headerBuilder.Append(message.AppName.IfNotNullOrWhitespace(x => x.EnsureMaxLength(32) + ":"));
headerBuilder.Append(message.Message ?? "");
byte[] asciiBytes = Encoding.ASCII.GetBytes(headerBuilder.ToString());
stream.Write(asciiBytes, 0, asciiBytes.Length);
}
public void Send(SyslogMessage message, ISyslogMessageSerializer serializer)
{
Send(message, serializer, true);
}
public void Send(SyslogMessage message, ISyslogMessageSerializer serializer)
{
byte[] datagramBytes = serializer.Serialize(message);
udpClient.Send(datagramBytes, datagramBytes.Length);
}
public void Serialize(SyslogMessage message, Stream stream)
{
var priorityValue = CalculatePriorityValue(message.Facility, message.Severity);
// Note: The .Net ISO 8601 "o" format string uses 7 decimal places for fractional second. Syslog spec only allows 6, hence the custom format string
var timestamp = message.DateTimeOffset.HasValue
? message.DateTimeOffset.Value.ToString("yyyy-MM-ddTHH:mm:ss.ffffffK")
: null;
var messageBuilder = new StringBuilder();
messageBuilder.Append("<").Append(priorityValue).Append(">");
messageBuilder.Append(message.Version);
messageBuilder.Append(" ").Append(timestamp.FormatSyslogField(NilValue));
messageBuilder.Append(" ").Append(message.HostName.FormatSyslogAsciiField(NilValue, 255, asciiCharsBuffer));
messageBuilder.Append(" ").Append(message.AppName.FormatSyslogAsciiField(NilValue, 48, asciiCharsBuffer));
messageBuilder.Append(" ").Append(message.ProcId.FormatSyslogAsciiField(NilValue, 128, asciiCharsBuffer));
messageBuilder.Append(" ").Append(message.MsgId.FormatSyslogAsciiField(NilValue, 32, asciiCharsBuffer));
writeStream(stream, Encoding.ASCII, messageBuilder.ToString());
// Structured data
foreach(StructuredDataElement sdElement in message.StructuredDataElements)
{
messageBuilder.Clear()
.Append(" ")
.Append("[")
.Append(sdElement.SdId.FormatSyslogSdnameField(asciiCharsBuffer));
writeStream(stream, Encoding.ASCII, messageBuilder.ToString());
foreach(System.Collections.Generic.KeyValuePair<string, string> sdParam in sdElement.Parameters)
{
messageBuilder.Clear()
.Append(" ")
.Append(sdParam.Key.FormatSyslogSdnameField(asciiCharsBuffer))
.Append("=")
.Append("\"")
.Append(
sdParam.Value != null ?
sdParam.Value
.Replace("\\", "\\\\")
.Replace("\"", "\\\"")
.Replace("]", "\\]")
:
String.Empty
)
.Append("\"");
writeStream(stream, Encoding.UTF8, messageBuilder.ToString());
}
// ]
stream.WriteByte(93);
}
if (!String.IsNullOrWhiteSpace(message.Message))
{
// Space
stream.WriteByte(32);
stream.Write(Encoding.UTF8.GetPreamble(), 0, Encoding.UTF8.GetPreamble().Length);
writeStream(stream, Encoding.UTF8, message.Message);
}
}
[Test] public void TransferTest()
{
using (SyslogServer srv = new SyslogServer())
{
srv.SyslogMessageReceived += new SyslogServer.SyslogMessageDelegate
(OnSyslogMessageReceived);
srv.Connect();
_messageCount = 0;
SyslogMessage msg = new SyslogMessage("localhost", MessageText);
using (SyslogUdpClient cl = new SyslogUdpClient())
{
cl.Connect(IPAddress.Loopback);
for (int i=0; i<MessagesToSend; i++)
{
cl.Send(msg);
// Allow a small delay so not to overload
Thread.Sleep(10);
}
}
// Sleep until message counts are settled
int prevCount = -1;
int newCount = 0;
while (prevCount != newCount)
{
Thread.Sleep(100);
lock (this)
{
prevCount = newCount;
newCount = _messageCount;
}
}
Assert.AreEqual(MessagesToSend, _messageCount, "Messages received");
}
}
// Convenience overloads since there's only one possible serializer for local syslog messages
public void Send(SyslogMessage message)
{
Send(message, defaultSerializer);
}
/// <summary> /// Method called after a message received event. /// </summary> /// <param name="message">The <see cref="SyslogMessage"/> used with the event.</param> /// <remarks>This method must be overridden.</remarks> protected abstract void OnMessageReceived(SyslogMessage message);
