private static void Start_Send_File_Based_Logs() { bool Data_Sent = false; try { if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false) { for (int z = 0; z < Read_Local_Files.FileContents_From_FileReads.Count; ++z) { EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)); Data_Sent = Log_Network_Forwarder.SEND_Logs(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)); if (Data_Sent == true && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) && Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15])) { File.Delete(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)); File.Create(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)).Close(); } } } } catch (Exception e)//network resource unavailable. Dont send data and try again next run. No logs will be queued by app only re read { Settings.Log_Storage_Location_Unavailable(" Start_Send_File_Based_Logs() " + e.Message.ToString()); } }
internal static void Start_Output_Post_Run() { if (Settings.SWELF_Events_Of_Interest_Matching_EventLogs.Count > 0) { try { if (Settings.output_csv && Program_Start_Args.Count >= 3 && (Settings.Log_Forwarders_HostNames.Count < 1)) { File_Operation.Write_Ouput_CSV(Settings.CMDLine_Output_CSV, Settings.SWELF_Events_Of_Interest_Matching_EventLogs); } else { Log_Network_Forwarder.SEND_Logs(Settings.SWELF_Events_Of_Interest_Matching_EventLogs); } } catch (Exception e) { Error_Operation.Log_Error("Start_Output_Post_Run() Network_Forwarder.SEND_Logs() File_Operation.Write_Ouput_CSV()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } if (Settings.Logs_Sent_to_ALL_Collectors) { Start_Write_To_SWELF_EventLogs(); } Sec_Checks.Post_Run_Sec_Checks(); } Settings.UPDATE_EventLog_w_PlaceKeeper_File(); }
internal static string GET_HostName(string IP) { try { return(Dns.GetHostEntry(IPAddress.Parse(Log_Network_Forwarder.Get_IP_from_Socket_string(IP))).HostName.ToString()); } catch (Exception e) { return(Log_Network_Forwarder.Get_IP_from_Socket_string(IP)); } }
private static void Start_Run_Plugins() { try { Settings.Plugin_Search_Terms_Unparsed = Settings.Plugin_Search_Terms_Unparsed.Distinct().ToList(); for (int x = 0; x < Settings.Plugin_Search_Terms_Unparsed.Count; ++x) { EventLog_Entry PSLog = new EventLog_Entry(); PSLog.ComputerName = Settings.ComputerName; PSLog.EventID = Convert.ToInt32(Error_Operation.EventID.Powershell_Plugin); PSLog.LogName = "SWELF PowerShell Plugin Output"; PSLog.Severity = "Information"; PSLog.CreatedTime = DateTime.Now; PSLog.TaskDisplayName = "SWELF Powershell Plugin Output"; PSLog.SearchRule = "SWELF_Powershell_Plugin=" + Settings.Plugin_Search_Terms_Unparsed.ElementAt(x); PSLog.UserID = Environment.UserName; PSLog.EventData = Powershell_Plugin.Run_PS_Script(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(0), Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(2)); if (PSLog.EventData.ToLower().Contains(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(1).ToLower())) { Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.Enqueue(PSLog); try { EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.ElementAt(0)); Log_Network_Forwarder.SEND_Logs(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs); } catch (Exception e) { Error_Operation.Log_Error("Network_Forwarder.SEND_Logs(), EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(), or Start_Run_Plugins()", Settings.EventLog_w_PlaceKeeper_List.ElementAt(x) + " HostEventLogAgent_Eventlog.WRITE_EventLog " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } } } Settings.PS_PluginDone = true; GC.Collect(); } catch (Exception e) { Error_Operation.Log_Error("Powershell_Plugin.Run_PS_Script() ", e.StackTrace.ToString(), e.Message.ToString(), Error_Operation.LogSeverity.Warning); Error_Operation.SEND_Errors_To_Central_Location(); Settings.PS_PluginDone = true; } }
private static List <string> GET_LogCollector_Locations() { string CollectorName = SWELF_AppConfig_Args[0]; for (int x = 0; x < 6; x++) { try { if (x == 0) { CollectorName = SWELF_AppConfig_Args[0]; } else { CollectorName = SWELF_AppConfig_Args[0] + x; } if (AppConfig_File_Args.ContainsKey(CollectorName)) { Log_Forwarders_HostNames.Add(Web_Operation.GET_HostName(AppConfig_File_Args[CollectorName]).Replace("\r", String.Empty).ToLower()); Log_Forwarders_Port.Add(Log_Network_Forwarder.Get_Port_from_Socket(AppConfig_File_Args[CollectorName])); } } catch (Exception e) { Error_Operation.Log_Error("GET_LogCollector_Locations()", "Unable to get a log_collector[" + x + "] location setup done. " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Critical); } } if (Log_Forwarders_HostNames.Count <= 0) { Log_Forwarders_HostNames.Add("127.0.0.1"); } if (Log_Forwarders_Port.Count <= 0) { Log_Forwarders_Port.Add(Log_Forward_Location_Port); } //Log_Forwarders_Port = Log_Forwarders_Port.Distinct().ToList(); Log_Forwarders_HostNames = Log_Forwarders_HostNames.Distinct().ToList(); return(Log_Forwarders_HostNames); }
internal static void Log_Error(string MethodNameInCode, string Message, string StackDetails, LogSeverity LogSeverity, EventID eventID = 0) { if (Settings.Logging_Level_To_Report.ToLower() == "verbose") { Message = Message + " Stack_Info=" + StackDetails; } string msg = "DateTime=" + DateTime.Now.ToString(Settings.SWELF_Date_Time_Format) + " SourceComputer=" + Settings.ComputerName + " Severity=" + Severity_Levels[(int)LogSeverity] + " MethodInCode=" + MethodNameInCode + " Message=" + Message + "\n"; ErrorLogging_Level(); try { if (Logging_Level_To_Report <= (int)LogSeverity) { WRITE_Errors_To_Log(msg, LogSeverity, eventID); Log_Network_Forwarder.SEND_SINGLE_LOG(msg); } } catch (Exception e) { Data_Store.ErrorsLog.Add(msg); } }
internal static void SEND_Errors_To_Central_Location() { try { string[] Errors = File.ReadAllLines(Settings.GET_ErrorLog_Location); if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false) { for (int x = 0; x < Errors.Length; ++x) { Settings.Logs_Sent_to_ALL_Collectors = Log_Network_Forwarder.SEND_Logs(Errors[x], Settings.GET_ErrorLog_Location, true); } if (Settings.Logs_Sent_to_ALL_Collectors && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) || Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15])) { File_Operation.DELETE_File(Settings.GET_ErrorLog_Location); File.Create(Settings.GET_ErrorLog_Location).Close(); } } } catch (Exception e) { Settings.Log_Storage_Location_Unavailable("SEND_Errors_To_Central_Location() " + e.Message.ToString()); } }
internal static void Log_Error(string MethodNameInCode, string Message, string StackDetails, LogSeverity LogSeverity, EventID eventID = 0) { if (Settings.Logging_Level_To_Report.ToLower() == "verbose") { Message = Message + " Stack_Info=" + StackDetails; } string msg = "DateTime=" + DateTime.Now.ToString(Settings.SWELF_Date_Time_Format) + " SourceComputer=" + Settings.ComputerName + " Severity=" + Severity_Levels[(int)LogSeverity] + " Error_MethodInCode=" + MethodNameInCode + " Error_Message=" + Message + "\n"; try//write ALL to local error log 1st { File_Operation.CHECK_File_Size(Settings.GET_ErrorLog_Location); File_Operation.APPEND_AllTXT(Settings.GET_ErrorLog_Location, msg); } catch (Exception e) { try { File_Operation.APPEND_AllTXT(Settings.SWELF_Log_File_Location + "\\" + Path.GetRandomFileName() + "_" + Settings.ErrorFile_FileName, msg); } catch (Exception ex) { msg += "\nAdditional_ERROR: " + ex.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to a local file on this system at " + Settings.GET_ErrorLog_Location; } } if (Logging_Level_To_Report <= (int)LogSeverity) { try//write to eventlog { WRITE_Errors_To_EventLog(MethodNameInCode, Message, LogSeverity, eventID); } catch (Exception exc) { msg += "\nAdditional_ERROR: " + exc.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to the event log on this system"; try { File_Operation.APPEND_AllTXT(Settings.SWELF_Log_File_Location + "\\" + Path.GetRandomFileName() + "_" + Settings.ErrorFile_FileName, msg); } catch (Exception execp) { msg += "\nAdditional_ERROR: " + execp.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to a local file on this system at " + Settings.GET_ErrorLog_Location; } } try// send eventlog to collector { Log_Network_Forwarder.SEND_SINGLE_LOG(msg); } catch (Exception p) { msg += "\nAdditional_ERROR: " + p.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write error to Event Log"; try//write to eventlog { WRITE_Errors_To_EventLog(MethodNameInCode, Message, LogSeverity, eventID); } catch (Exception exc) { msg += "\nAdditional_ERROR: " + exc.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to the event log on this system"; try { File_Operation.APPEND_AllTXT(Settings.SWELF_Log_File_Location + "\\" + Path.GetRandomFileName() + "_" + Settings.ErrorFile_FileName, msg); } catch (Exception execp) { msg += "\nAdditional_ERROR: " + execp.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to a local file on this system at " + Settings.GET_ErrorLog_Location; } } } } Data_Store.ErrorsLog.Add(msg); }