private static void Start_Send_File_Based_Logs()
{
bool Data_Sent = false;
try
{
if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false)
{
for (int z = 0; z < Read_Local_Files.FileContents_From_FileReads.Count; ++z)
{
EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(Read_Local_Files.FileContents_From_FileReads.ElementAt(z));
Data_Sent = Log_Network_Forwarder.SEND_Logs(Read_Local_Files.FileContents_From_FileReads.ElementAt(z));
if (Data_Sent == true && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) && Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15]))
{
File.Delete(Read_Local_Files.FileContents_From_FileReads.ElementAt(z));
File.Create(Read_Local_Files.FileContents_From_FileReads.ElementAt(z)).Close();
}
}
}
}
catch (Exception e)//network resource unavailable. Dont send data and try again next run. No logs will be queued by app only re read
{
Settings.Log_Storage_Location_Unavailable(" Start_Send_File_Based_Logs() " + e.Message.ToString());
}
}
internal static void Start_Output_Post_Run()
{
if (Settings.SWELF_Events_Of_Interest_Matching_EventLogs.Count > 0)
{
try
{
if (Settings.output_csv && Program_Start_Args.Count >= 3 && (Settings.Log_Forwarders_HostNames.Count < 1))
{
File_Operation.Write_Ouput_CSV(Settings.CMDLine_Output_CSV, Settings.SWELF_Events_Of_Interest_Matching_EventLogs);
}
else
{
Log_Network_Forwarder.SEND_Logs(Settings.SWELF_Events_Of_Interest_Matching_EventLogs);
}
}
catch (Exception e)
{
Error_Operation.Log_Error("Start_Output_Post_Run() Network_Forwarder.SEND_Logs() File_Operation.Write_Ouput_CSV()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning);
}
if (Settings.Logs_Sent_to_ALL_Collectors)
{
Start_Write_To_SWELF_EventLogs();
}
Sec_Checks.Post_Run_Sec_Checks();
}
Settings.UPDATE_EventLog_w_PlaceKeeper_File();
}
internal static string GET_HostName(string IP)
{
try
{
return(Dns.GetHostEntry(IPAddress.Parse(Log_Network_Forwarder.Get_IP_from_Socket_string(IP))).HostName.ToString());
}
catch (Exception e)
{
return(Log_Network_Forwarder.Get_IP_from_Socket_string(IP));
}
}
private static void Start_Run_Plugins()
{
try
{
Settings.Plugin_Search_Terms_Unparsed = Settings.Plugin_Search_Terms_Unparsed.Distinct().ToList();
for (int x = 0; x < Settings.Plugin_Search_Terms_Unparsed.Count; ++x)
{
EventLog_Entry PSLog = new EventLog_Entry();
PSLog.ComputerName = Settings.ComputerName;
PSLog.EventID = Convert.ToInt32(Error_Operation.EventID.Powershell_Plugin);
PSLog.LogName = "SWELF PowerShell Plugin Output";
PSLog.Severity = "Information";
PSLog.CreatedTime = DateTime.Now;
PSLog.TaskDisplayName = "SWELF Powershell Plugin Output";
PSLog.SearchRule = "SWELF_Powershell_Plugin=" + Settings.Plugin_Search_Terms_Unparsed.ElementAt(x);
PSLog.UserID = Environment.UserName;
PSLog.EventData = Powershell_Plugin.Run_PS_Script(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(0), Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(2));
if (PSLog.EventData.ToLower().Contains(Settings.Plugin_Search_Terms_Unparsed.ElementAt(x).Split(Settings.SplitChar_SearchCommandSplit[0]).ElementAt(1).ToLower()))
{
Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.Enqueue(PSLog);
try
{
EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs.ElementAt(0));
Log_Network_Forwarder.SEND_Logs(Settings.PS_Plugin_SWELF_Events_Of_Interest_Matching_EventLogs);
}
catch (Exception e)
{
Error_Operation.Log_Error("Network_Forwarder.SEND_Logs(), EventLog_SWELF.WRITE_EventLog_From_SWELF_Search(), or Start_Run_Plugins()", Settings.EventLog_w_PlaceKeeper_List.ElementAt(x) + " HostEventLogAgent_Eventlog.WRITE_EventLog " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning);
}
}
}
Settings.PS_PluginDone = true;
GC.Collect();
}
catch (Exception e)
{
Error_Operation.Log_Error("Powershell_Plugin.Run_PS_Script() ", e.StackTrace.ToString(), e.Message.ToString(), Error_Operation.LogSeverity.Warning);
Error_Operation.SEND_Errors_To_Central_Location();
Settings.PS_PluginDone = true;
}
}
private static List <string> GET_LogCollector_Locations()
{
string CollectorName = SWELF_AppConfig_Args[0];
for (int x = 0; x < 6; x++)
{
try
{
if (x == 0)
{
CollectorName = SWELF_AppConfig_Args[0];
}
else
{
CollectorName = SWELF_AppConfig_Args[0] + x;
}
if (AppConfig_File_Args.ContainsKey(CollectorName))
{
Log_Forwarders_HostNames.Add(Web_Operation.GET_HostName(AppConfig_File_Args[CollectorName]).Replace("\r", String.Empty).ToLower());
Log_Forwarders_Port.Add(Log_Network_Forwarder.Get_Port_from_Socket(AppConfig_File_Args[CollectorName]));
}
}
catch (Exception e)
{
Error_Operation.Log_Error("GET_LogCollector_Locations()", "Unable to get a log_collector[" + x + "] location setup done. " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Critical);
}
}
if (Log_Forwarders_HostNames.Count <= 0)
{
Log_Forwarders_HostNames.Add("127.0.0.1");
}
if (Log_Forwarders_Port.Count <= 0)
{
Log_Forwarders_Port.Add(Log_Forward_Location_Port);
}
//Log_Forwarders_Port = Log_Forwarders_Port.Distinct().ToList();
Log_Forwarders_HostNames = Log_Forwarders_HostNames.Distinct().ToList();
return(Log_Forwarders_HostNames);
}
internal static void Log_Error(string MethodNameInCode, string Message, string StackDetails, LogSeverity LogSeverity, EventID eventID = 0)
{
if (Settings.Logging_Level_To_Report.ToLower() == "verbose")
{
Message = Message + " Stack_Info=" + StackDetails;
}
string msg = "DateTime=" + DateTime.Now.ToString(Settings.SWELF_Date_Time_Format) + " SourceComputer=" + Settings.ComputerName + " Severity=" + Severity_Levels[(int)LogSeverity] + " MethodInCode=" + MethodNameInCode + " Message=" + Message + "\n";
ErrorLogging_Level();
try
{
if (Logging_Level_To_Report <= (int)LogSeverity)
{
WRITE_Errors_To_Log(msg, LogSeverity, eventID);
Log_Network_Forwarder.SEND_SINGLE_LOG(msg);
}
}
catch (Exception e)
{
Data_Store.ErrorsLog.Add(msg);
}
}
internal static void SEND_Errors_To_Central_Location()
{
try
{
string[] Errors = File.ReadAllLines(Settings.GET_ErrorLog_Location);
if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false)
{
for (int x = 0; x < Errors.Length; ++x)
{
Settings.Logs_Sent_to_ALL_Collectors = Log_Network_Forwarder.SEND_Logs(Errors[x], Settings.GET_ErrorLog_Location, true);
}
if (Settings.Logs_Sent_to_ALL_Collectors && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) || Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15]))
{
File_Operation.DELETE_File(Settings.GET_ErrorLog_Location);
File.Create(Settings.GET_ErrorLog_Location).Close();
}
}
}
catch (Exception e)
{
Settings.Log_Storage_Location_Unavailable("SEND_Errors_To_Central_Location() " + e.Message.ToString());
}
}
internal static void Log_Error(string MethodNameInCode, string Message, string StackDetails, LogSeverity LogSeverity, EventID eventID = 0)
{
if (Settings.Logging_Level_To_Report.ToLower() == "verbose")
{
Message = Message + " Stack_Info=" + StackDetails;
}
string msg = "DateTime=" + DateTime.Now.ToString(Settings.SWELF_Date_Time_Format) + " SourceComputer=" + Settings.ComputerName + " Severity=" + Severity_Levels[(int)LogSeverity] + " Error_MethodInCode=" + MethodNameInCode + " Error_Message=" + Message + "\n";
try//write ALL to local error log 1st
{
File_Operation.CHECK_File_Size(Settings.GET_ErrorLog_Location);
File_Operation.APPEND_AllTXT(Settings.GET_ErrorLog_Location, msg);
}
catch (Exception e)
{
try
{
File_Operation.APPEND_AllTXT(Settings.SWELF_Log_File_Location + "\\" + Path.GetRandomFileName() + "_" + Settings.ErrorFile_FileName, msg);
}
catch (Exception ex)
{
msg += "\nAdditional_ERROR: " + ex.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to a local file on this system at " + Settings.GET_ErrorLog_Location;
}
}
if (Logging_Level_To_Report <= (int)LogSeverity)
{
try//write to eventlog
{
WRITE_Errors_To_EventLog(MethodNameInCode, Message, LogSeverity, eventID);
}
catch (Exception exc)
{
msg += "\nAdditional_ERROR: " + exc.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to the event log on this system";
try
{
File_Operation.APPEND_AllTXT(Settings.SWELF_Log_File_Location + "\\" + Path.GetRandomFileName() + "_" + Settings.ErrorFile_FileName, msg);
}
catch (Exception execp)
{
msg += "\nAdditional_ERROR: " + execp.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to a local file on this system at " + Settings.GET_ErrorLog_Location;
}
}
try// send eventlog to collector
{
Log_Network_Forwarder.SEND_SINGLE_LOG(msg);
}
catch (Exception p)
{
msg += "\nAdditional_ERROR: " + p.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write error to Event Log";
try//write to eventlog
{
WRITE_Errors_To_EventLog(MethodNameInCode, Message, LogSeverity, eventID);
}
catch (Exception exc)
{
msg += "\nAdditional_ERROR: " + exc.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to the event log on this system";
try
{
File_Operation.APPEND_AllTXT(Settings.SWELF_Log_File_Location + "\\" + Path.GetRandomFileName() + "_" + Settings.ErrorFile_FileName, msg);
}
catch (Exception execp)
{
msg += "\nAdditional_ERROR: " + execp.Message.ToString() + " " + Settings.SWELF_PROC_Name + " was unable to write this error to a local file on this system at " + Settings.GET_ErrorLog_Location;
}
}
}
}
Data_Store.ErrorsLog.Add(msg);
}
