Пример #1
0
        public bool IsEventExpected(EntryWrittenEventArgs eventArgs)
        {
            if (eventArgs == null)
            {
                throw new ArgumentNullException("eventArgs");
            }

            if (eventArgs.Entry.EntryType != this.settings.Level)
            {
                return false;
            }

            if (eventArgs.Entry.InstanceId != this.settings.EventId)
            {
                return false;
            }

            if (!eventArgs.Entry.Source.Contains(this.settings.Source))
            {
                return false;
            }

            if (!eventArgs.Entry.Message.Contains(this.settings.Description))
            {
                return false;
            }

            return true;
        }
Пример #2
0
        public void MyOnEntryWritten(object source, EntryWrittenEventArgs e)
        {
            string sSource;
            string sLog;
            string sEvent;

            sSource = "iSpyDetector Service";
            sLog = "Application";
            sEvent = e.Entry.EventID.ToString() + " " + e.Entry.Source + " " + e.Entry.Message;

            if (!EventLog.SourceExists(sSource))
                EventLog.CreateEventSource(sSource, sLog);

            if (e.Entry.EventID == 4648)
            {
                //ThreadStart starter = new ThreadStart(CaptureImage);
                //thread = new Thread(starter);
                //thread.Start();
                EventLog.WriteEntry(sSource, sEvent,
                    EventLogEntryType.Warning, 2000);
                CaptureImage();
            }
            else
                EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Information, 1000);
        }
Пример #3
0
 private void eventLog_EntryWritten(object sender, System.Diagnostics.EntryWrittenEventArgs e)
 {
     this.eventLogTextBox.Text = e.Entry.Message
                                 + System.Environment.NewLine
                                 + this.eventLogTextBox.Text
     ;
 }
 private void LogEntryWritten(string logDisplayName, EntryWrittenEventArgs e)
 {
     var data = new Dictionary<string, object>();
     data["LogName"] = logDisplayName;
     data["LogKind"] = "EventLog";
     _logger.Log(e.Entry.Message, e.Entry.EntryType.ToString(), data);
 }
Пример #5
0
 private void EventLogEntryWritten(object sender, EntryWrittenEventArgs e)
 {
     var handler = this.OnEntryWritten;
     if (handler != null)
     {
         handler(this, e);
     }
 }
Пример #6
0
        void sharpShellEventLog_EntryWritten(object sender, EntryWrittenEventArgs e)
        {
            if (e.Entry.Source != SharpShell.Diagnostics.Logging.EventLog_Source)
                return;

            //  Add the event.
            var task = new Task( () => listViewEvents.Items.Add(new ListViewItem(new string[] {e.Entry.TimeWritten.ToString(), e.Entry.EntryType.ToString(), e.Entry.Message}) { Tag = e}));
            task.Start(uiScheduler);
        }
Пример #7
0
        public void OnEntryWritten(object sender, EntryWrittenEventArgs e)
        {
            if (!this.eventValidator.IsEventExpected(e))
            {
                return;
            }

            this.poolManager.Reset();
        }
Пример #8
0
        /// <summary>
        /// WhenEntryWritten is summoned by the EntryWritten event.
        /// The method updates all the clients.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="args"></param>
        public void WhenEntryWritten(object sender,
                                     System.Diagnostics.EntryWrittenEventArgs args)
        {
            // update clients
            JObject response = new JObject();

            response["commandID"] = ((int)CommandEnum.LogUpdate).ToString();
            response["Log"]       = JsonConvert.SerializeObject(args.Entry);
            guis.Send(response.ToString());
        }
Пример #9
0
        private void eventLog1_EntryWritten(object sender, EntryWrittenEventArgs e)
        {
            if (e.Entry.InstanceId.Equals(4800))
            {

            }
            if (e.Entry.InstanceId.Equals(4801))
            {

            }
        }
        private void GivenKnownEvent()
        {
            var entry = MockRepository.GenerateStub<EventLogEntry>();
            var settings = new SettingsStub();

            entry.Stub(x => x.InstanceId).Repeat.Any().Return(settings.EventId);
            entry.Stub(x => x.Source).Repeat.Any().Return(settings.Source);
            entry.Stub(x => x.Message).Repeat.Any().Return(settings.Description);
            entry.Stub(x => x.EntryType).Repeat.Any().Return(EventLogEntryType.Error);

            this.entryWrittenEventArgs = new EntryWrittenEventArgs(entry);
        }
Пример #11
0
 private void eventLog1_EntryWritten(object sender, System.Diagnostics.EntryWrittenEventArgs e)
 {
     if (InvokeRequired)
     {
         BeginInvoke(new EntryWrittenEventHandler(eventLog1_EntryWritten), sender, e);
         return;
     }
     else
     {
         AddEventLogEntry(e.Entry);
     }
 }
Пример #12
0
        private void eventLog1_EntryWritten(object sender, System.Diagnostics.EntryWrittenEventArgs e)
        {
            this.eventLog1.EnableRaisingEvents = true;
            this.eventLog1.Log    = "System";
            this.eventLog1.Source = "USER32";
            this.eventLog1.SynchronizingObject = this;
            this.eventLog1.EntryWritten       += new System.Diagnostics.EntryWrittenEventHandler(this.eventLog1_EntryWritten);
            EventLogEntry entry = e.Entry;

            if (e.Entry.EventID == 1074)
            {
                File.AppendAllText(@"c:\message.txt", entry.Message);
            }
        }
Пример #13
0
 void eventLog_EntryWritten(object sender, EntryWrittenEventArgs e)
 {
     //<165>Aug 24 05:34:00 CST 1987 mymachine myproc[10]: %% It's
     //time to make the do-nuts.  %%  Ingredients: Mix=OK, Jelly=OK #
     //Devices: Mixer=OK, Jelly_Injector=OK, Frier=OK # Transport:
     //Conveyer1=OK, Conveyer2=OK # %%
     if (_config.LoggingEnabled(_eventLog, e.Entry.EntryType))
     {
         string logString = _config.LoggingFacilityPriority(_eventLog, e.Entry.EntryType).AsSyslogHead();
         logString += e.Entry.TimeGenerated.ToString("MMM dd HH:mm:ss ", _enUS);
         logString += e.Entry.MachineName.Trim().Replace(' ', '_');
         logString += " " + e.Entry.Source.Trim().Replace(' ', '_') + ": ";
         logString += e.Entry.Message.Trim();
         byte[] data = _encoding.GetBytes(logString);
         _udpClient.Send(data, data.Length);
     }
 }
Пример #14
0
// EVENTLOG ###################################################################

        // On Written Eventlog
        private void OnEventlogChange(object source, EntryWrittenEventArgs e)
        {
            sendEventlog(eventlogPos);
        }
Пример #15
0
		void log_EntryWritten(object sender, EntryWrittenEventArgs e)
		{
			/*
			lock (lockReadWrite)
			{
				EventLogEntry entry = e.Entry;

				if (!groupNames.Contains(entry.Source))
				{
					groupNames.Add(entry.Source);

					if (this.InvokeRequired)
					{
						this.Invoke(new MethodInvoker(FillSourceItems));
					}
					else
					{
						FillSourceItems(groupNames);
					}
				}

				AddTableRow(currentEntries.Tables[0], entry);

				if (this.InvokeRequired)
				{
					this.Invoke(new EventLogDelegate(UpdateCountersAndButtons), new object[] { entry });
				}
				else
				{
					UpdateCountersAndButtons(entry);
				}
			}
			 */
		}
Пример #16
0
 /// <summary>
 /// Event function - Check if entry added to log is of source Backup then run function to backup
 /// </summary>
 /// <param name="sender">Sender object</param>
 /// <param name="e">Entry Written Event Arguments</param>
 public void WindowsServerBackup_EntryWritten(object sender, EntryWrittenEventArgs e)
 {
     if (e.Entry.Source == "Microsoft-Windows-Backup")
     {
         LogToFile("Accessed Backup: " + DateTime.Now.ToString());
         FTPUpload();
     }
 }
 private void datahouseTestEventLog_EntryWritten(object sender, EntryWrittenEventArgs e)
 {
 }
Пример #18
0
        /// <summary>
        /// Handles the Entry Written event of the <see cref="EventLog"/> instance.
        /// </summary>
        private void EventLogEntryWritten(object sender, EntryWrittenEventArgs e)
        {
            if (mIsActive && (string.IsNullOrEmpty(mSourceName) || Equals(e.Entry.Source, mSourceName)))
              {
            LogMessage newLogMsg = new LogMessageEventlog(
            e.Entry
              , ++mLogNumber);

            if (mLogHandler != null)
            {
              mLogHandler.HandleMessage(newLogMsg);
            }
              }
        }
Пример #19
0
        //: db change
        void myEventLog_EntryWrittenDb(object sender, EntryWrittenEventArgs e)
        {
            int count = 0;
            EventEntry ee = null;
            if(e.Entry.Message.ToLower().Contains("registry"))
            {
                ee = new EventEntry(e.Entry);
            }
            else
            {
                // open or access attempt
                if ((e.Entry.InstanceId == 560) || (e.Entry.InstanceId == 567))
                {
                    int handle = GetHandle(e.Entry);
                    if (handle != 0)
                    {
                        EventLogEntry counterPart = CheckIfHandleExists(handle);
                        if (counterPart != null)
                        {
                            ee = CombineEvents(handle, e.Entry, counterPart);
                        }
                        else
                        {
                            if (e.Entry.InstanceId == 560 && !"".Equals(getFileName(e.Entry.Message)))
                            {
                                handleToEvent.Add(handle, e.Entry);
                                //make the action as blank as this is the place where handle was granted. no action has taken place.
                                handleToAction.Add(handle, "");
                                //increment count
                                handleToCount.TryGetValue(handle, out count);
                                count++;
                                handleToCount[handle] = count;

                                //TODO: removed for removing client user
                                //NEW addition for client side file access:
                                //since 567 is not logged we put 560 event caused by client in the tree
                                /*if (fromClient(e.Entry))
                                {
                                    ee = new EventEntry(e.Entry);
                                }*/
                            }
                        }
                    }
                }
            }

            //remove event from dictonary
            if (e.Entry.InstanceId == 562)
            {
                count = 0;
                int handle = GetHandle(e.Entry);
                if (handle != 0)
                {
                    try
                    {
                        if (handleToCount[handle] == 0)
                        {
                            handleToEvent.Remove(handle);
                            handleToCount.Remove(handle);
                            handleToAction.Remove(handle);
                        }
                        else
                        {
                            count--;
                            handleToCount[handle] = count;
                        }
                    }
                    catch (KeyNotFoundException)
                    {
                    }

                }
            }

            if (ee != null)
            {
                //also check if the db table is present first time the app is run. If not we need to create it.
                using (SQLiteConnection conn = new SQLiteConnection(@"Data Source=" + System.Environment.GetEnvironmentVariable("windir") + "\\system\\dpfam.db"))
                {
                    conn.Open();
                    using (SQLiteCommand comm = new SQLiteCommand())
                    {
                        comm.Connection = conn;
                        //comm.CommandText = "CREATE TABLE IF NOT EXISTS FAM (time DATETIME, machine TEXT, filename TEXT, user TEXT, clientUser TEXT, action TEXT, dataindex INTEGER, category TEXT, result TEXT, msg TEXT, msgSrc TEXT, instanceId INTEGER, handleId INTEGER);";
                        try
                        {
                            //create db if not present
                        //    comm.ExecuteNonQuery();

                            //Check if the event is to be inserted.

                            //insert the passed event in the db.
                            using (SQLiteTransaction tran = conn.BeginTransaction())
                            //TODO: using transactions dont help performance as only one entry is being inserted each time.
                            {

                                insertData(ee, comm);
                                tran.Commit();
                            }
                        }
                        catch (SQLiteException)
                        {
                            //MessageBox.Show("Insert Data Failed", "", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                        }
                    }
                    conn.Close();
                }

                //TODO: error when auto update is off
                //check if it fits in the filters --> if yes, add it to grid and actusedtree as well!
                if (this.FitsToFilters(ee))
                {
                    try
                    {
                        if (Changed != null)
                        Changed(ee, EventArgs.Empty);

                        System.Console.WriteLine("event written\n");
                    }
                    catch (NullReferenceException)
                    {
                        // This catches the null reference which is caused when we deregister the handler on making the auto update off.
                        // wont come here as null is being checked before calling.
                    }
                }

                //TODO: add to actual tree being used. As of now i plan to use only one tree throughout the appln to maintain the
                //grid display.

            }
        }
 //---------------------------------------------------------------------------------------------------------
 /// <summary>
 /// Handles the event event of the SecurityLogEntryWrittern control.
 /// </summary>
 /// <param name="args">The source of the event.</param>
 /// <param name="e">The <see cref="System.Diagnostics.EntryWrittenEventArgs"/> instance containing the event data.</param>
 public void SecurityLogEntryWrittern_event(object args, EntryWrittenEventArgs e)
 {
     EventLogEntry logEntry = e.Entry;
     AddEvent("Security", logEntry);
 }
Пример #21
0
 /// <summary>The on event log event handler.</summary>
 /// <param name="source">The source of the event log.</param>
 /// <param name="entryWrittenEventArgs">The entry written event argument.</param>
 public void OnEventLog(object source, EntryWrittenEventArgs entryWrittenEventArgs)
 {
     try
     {
         this.AddRow(this.grdLogs, entryWrittenEventArgs.Entry.Source, entryWrittenEventArgs.Entry.Message);
     }
     catch (Exception ex)
     {
         this.ShowErrorBox("Error occured when an event log occured:" + ex.Message);
     }
 }
Пример #22
0
        void _eventLog_EntryWritten(object sender, EntryWrittenEventArgs e)
        {
            if (InvokeRequired)
            {
                this.Invoke(new EntryWrittenEventHandler(_eventLog_EntryWritten), new object[] { sender, e });
                return;
            }

            bool listAtBottom = ListAtBottom();
            if (_filterActive)
            {
                // Collect all relevant events that arrived since last check
                List<ListViewItem> eventLogEvents = new List<ListViewItem>();

                int lastEntryIndex = _lastEventLogEntry;
                int prevEntryIndex = -1;
                int count = _eventLog.Entries.Count;
                for (int i = count - 1; i >= 0; --i)
                {
                    EventLogEntry entry = null;

                    try
                    {
                        entry = _eventLog.Entries[i];
                        if (prevEntryIndex != -1)
                        {
                            // Sanity check to ensure the EventLog have not been pruned by Windows
                            if (_eventLog.Entries[i + 1].Index != prevEntryIndex)
                            {
                                eventLogEvents.Clear();
                                i = _eventLog.Entries.Count;    // Retry
                                continue;
                            }
                        }
                    }
                    catch (Exception ex)
                    {
                        // Possible that the EventLog have been pruned by Windows
                        System.Diagnostics.Debug.WriteLine("EventLog Possible Pruned: " + ex.Message);
                        eventLogEvents.Clear();
                        i = _eventLog.Entries.Count;    // Retry
                        continue;
                    }

                    if (entry.Index == _lastEventLogEntry)
                        break;

                    if (lastEntryIndex == _lastEventLogEntry)
                        lastEntryIndex = entry.Index;

                    ListViewItem item = CreateListViewItem(entry);
                    if (AcceptFilterListViewItem(item))
                    {
                        _messageLookup.UpdateMesageCache(entry);
                        eventLogEvents.Add(item);
                    }

                    prevEntryIndex = entry.Index;
                }

                // Add any new entries to the list, in reported order
                for (int i = eventLogEvents.Count - 1; i >= 0; --i)
                    _eventListView.Items.Add(eventLogEvents[i]);

                _lastEventLogEntry = lastEntryIndex;

                if (listAtBottom && _eventListView.Items.Count > 0)
                {
                    _eventListView.Invalidate();
                    _eventListView.EnsureVisible(_eventListView.Items.Count - 1);
                    _eventListView.Update();
                }
            }
            else
            {
                // React only if actual change was detected
                int newVirtualListSize = _eventLog.Entries.Count;
                EventLogEntry entry = null;
                while (entry == null && _eventLog.Entries.Count > 0)
                {
                    try
                    {
                        newVirtualListSize = _eventLog.Entries.Count;
                        entry = _eventLog.Entries[newVirtualListSize-1];
                    }
                    catch (Exception ex)
                    {
                        System.Diagnostics.Debug.WriteLine("EventLog Possible Pruned: " + ex.Message);
                        System.Threading.Thread.Sleep(5);	// No need to kick a dying man...too hard
                    }
                }

                if (entry == null && _eventLog.Entries.Count==0)
                {
                    _eventListView.VirtualListSize = 0;
                    return;
                }

                if (_lastEventLogEntry == entry.Index && _eventListView.VirtualListSize == newVirtualListSize)
                    return; // No change detected

                // If returned EventLogEntry.Index == 0, then _eventLog-object is broken, and we should just refresh
                if (entry.Index == 0)
                {
                    _eventListView.Invalidate();
                    this.BeginInvoke(new EntryWrittenEventHandler(_eventLog_EntryWritten), new object[] { sender, null });
                    return;
                }

                // Just refresh if we are at the bottom
                if (listAtBottom || newVirtualListSize<=0)
                {
                    ListViewUtil.SetVirtualListSizeWithoutRefresh(_eventListView, _eventLog.Entries.Count);
                    if (_eventListView.VirtualListSize > 0)
                        _eventListView.EnsureVisible(_eventListView.VirtualListSize - 1);
                    _lastEventLogEntry = entry.Index;
                    return;
                }

                try
                {
                    // List count has changed, need to re-position TopItem
                    _eventListView.BeginUpdate();   // Avoid redraw until we have set TopItem.Index
                    int oldVirtualListSize = _eventListView.VirtualListSize;
                    int oldTopItemIndex = GetTopItemIndex();
                    int oldFocusedItemIndex = GetFocusedItemIndex();
                    int oldSelectedItemIndex = (_eventListView.SelectedIndices.Count == 1 && _eventListView.SelectedIndices[0] == oldFocusedItemIndex) ? oldFocusedItemIndex : -1;

                    ListViewUtil.SetVirtualListSizeWithoutRefresh(_eventListView, newVirtualListSize);

                    int newItemCount = 0;
                    if (_lastEventLogEntry != -1 && _lastEventLogEntry != entry.Index)
                    {
                        newItemCount = 1;   // Atleast 1 new element

                        ListViewItem lvItem = null;
                        int prevRecordId = entry.Index;
                        int startIndex = _eventListView.VirtualListSize - 2;
                        do
                        {
                            lvItem = GetNextEntry(prevRecordId, false, startIndex);
                            if (lvItem != null)
                            {
                                if (_lastEventLogEntry == (int)lvItem.Tag)
                                    break;

                                newItemCount++;
                                prevRecordId = (int)lvItem.Tag;
                                startIndex = lvItem.Index - 1;
                            }
                        } while (lvItem != null);
                    }
                    _lastEventLogEntry = entry.Index;

                    int newTopItemIndex = _eventListView.VirtualListSize - (oldVirtualListSize - oldTopItemIndex) - newItemCount;
                    if (newTopItemIndex < 0)
                        newTopItemIndex = 0;
                    _eventListView.TopItem = _eventListView.Items[newTopItemIndex];
                    if (GetTopItemIndex() != newTopItemIndex)
                    {
                        System.Threading.Thread.Sleep(5);  // Some times TopItem fails to set the first time (Little weird)
                        _eventListView.TopItem = _eventListView.Items[newTopItemIndex];
                    }
                    if (oldFocusedItemIndex != -1)
                    {
                        int newFocusedItemIndex = _eventListView.VirtualListSize - (oldVirtualListSize - oldFocusedItemIndex) - newItemCount;
                        if (newFocusedItemIndex < 0)
                            newFocusedItemIndex = 0;
                        if (newFocusedItemIndex != oldFocusedItemIndex)
                            _eventListView.FocusedItem = _eventListView.Items[newFocusedItemIndex];
                    }
                    if (oldSelectedItemIndex != -1)
                    {
                        int newSelectedItemIndex = _eventListView.VirtualListSize - (oldVirtualListSize - oldSelectedItemIndex) - newItemCount;
                        if (newSelectedItemIndex < 0)
                        {
                            if (oldFocusedItemIndex == oldSelectedItemIndex)
                                newSelectedItemIndex = 0;
                            else
                                newSelectedItemIndex = -1;
                        }
                        if (oldSelectedItemIndex != newSelectedItemIndex)
                        {
                            _eventListView.SelectedIndices.Clear();
                            if (newSelectedItemIndex != -1)
                                _eventListView.SelectedIndices.Add(newSelectedItemIndex);
                        }
                    }
                }
                finally
                {
                    _eventListView.EndUpdate();
                    _eventListView.Invalidate();
                    //_eventListView.Update();
                }
            }

            if (_displayTabIcon)
            {
                TabPage parentTab = this.Tag as TabPage;
                if (parentTab != null && parentTab.Parent != null && parentTab.Parent.Visible && !parentTab.Visible)
                    parentTab.ImageIndex = 0;
            }
        }
Пример #23
0
        void EntryHandeler(object sender, EntryWrittenEventArgs e)
        {
            // Transform EventLog Severity from Windows to Syslog and NLog Levels
            LogLevel level;
            SyslogLevels syslogLevel;
            switch (e.Entry.EntryType)
            {
                case (EventLogEntryType.Information):
                    { level = LogLevel.Info; syslogLevel = SyslogLevels.Information; break; }
                case (EventLogEntryType.Warning):
                    { level = LogLevel.Warn; syslogLevel = SyslogLevels.Warning; break; }
                case (EventLogEntryType.Error):
                    { level = LogLevel.Error; syslogLevel = SyslogLevels.Error; break; }
                case (EventLogEntryType.SuccessAudit):
                    { level = LogLevel.Debug; syslogLevel = SyslogLevels.Debug; break; }
                case (EventLogEntryType.FailureAudit):
                    { level = LogLevel.Warn; syslogLevel = SyslogLevels.Warning; break; }
                default:
                    { level = LogLevel.Debug; syslogLevel = SyslogLevels.Debug; break; }
            }

            

           
            //Clean the message up to remote new lines.
            string message = e.Entry.Message.Replace("\r", " ").Replace("\n", " ").Replace("\t", " ") ;

            //Transform the event to be sent.
            string username;
            if (System.String.IsNullOrEmpty(e.Entry.UserName)) { username = ""; } else { username = e.Entry.UserName; }

            WindowsEventStub stubEvent = new WindowsEventStub { Category = e.Entry.Category, 
                                                                CategoryNumber = e.Entry.CategoryNumber.ToString(),
                                                                EntryType = e.Entry.EntryType.ToString(),
                                                                EventID = e.Entry.InstanceId.ToString(),
                                                                MachineName = e.Entry.MachineName,
                                                                Message = message,
                                                                Source = e.Entry.Source,
                                                                TimeGenerated = e.Entry.TimeGenerated.ToUniversalTime().ToString(),
                                                                TimeWritten = e.Entry.TimeWritten.ToUniversalTime().ToString(),
                                                                UserName = username};


            //Create a syslog message string
            string sysLogMessage = System.String.Format("<{0}>{1} {2} {3}[{4}]: {5}",
                             17 * 8 + syslogLevel, 
                             e.Entry.TimeGenerated.ToUniversalTime().ToString("MMM dd HH:mm:ss"), 
                             e.Entry.MachineName,
                             e.Entry.Source.Replace(" ", "-"),
                             e.Entry.InstanceId.ToString(), 
                             message);


            //Generate an NLog Event Object
            Logger log = LogManager.GetCurrentClassLogger();
            LogEventInfo theEvent = new LogEventInfo(level, e.Entry.Source.Replace(" ", "-"), message);

            theEvent.Properties["EventID"] = e.Entry.InstanceId.ToString();

            //Add JSON properties to the event
            theEvent.Properties["JSON"] = JsonConvert.SerializeObject(stubEvent);

            //Add a formatted Syslog event to the string
            theEvent.Properties["SYSLOG"] = sysLogMessage;

            log.Log(theEvent);

        }
Пример #24
0
        private void eventLog1_EntryWritten(object sender, EntryWrittenEventArgs e)
        {

        }
Пример #25
0
 private void eventLog1_EntryWritten(object sender, System.Diagnostics.EntryWrittenEventArgs e)
 {
 }
 //---------------------------------------------------------------------------------------------------------
 /// <summary>
 /// Handles the event event of the SystemLogEntryWrittern control.
 /// </summary>
 /// <param name="args">The source of the event.</param>
 /// <param name="e">The <see cref="System.Diagnostics.EntryWrittenEventArgs"/> instance containing the event data.</param>
 public void SystemLogEntryWrittern_event(object args, EntryWrittenEventArgs e)
 {
     EventLogEntry logEntry = e.Entry;
     AddEvent("System", logEntry);
 }
Пример #27
0
 private void Logs_EntryWritten(object sender, EntryWrittenEventArgs e)
 {
 }
        /// <summary>
        /// Extends BeginInvoke so that when a state object is not needed, null does not need to be passed.
        /// <example>
        /// entrywritteneventhandler.BeginInvoke(sender, e, callback);
        /// </example>
        /// </summary>
        public static IAsyncResult BeginInvoke(this EntryWrittenEventHandler entrywritteneventhandler, Object sender, EntryWrittenEventArgs e, AsyncCallback callback)
        {
            if(entrywritteneventhandler == null) throw new ArgumentNullException("entrywritteneventhandler");

            return entrywritteneventhandler.BeginInvoke(sender, e, callback, null);
        }
Пример #29
0
 public void MyOnEntryWritten(object source, EntryWrittenEventArgs e)
 {
     serialFileReader.Enqueue(LogToTail);
     signal.Set();
 }
 //---------------------------------------------------------------------------------------------------------
 /// <summary>
 /// Handles the event event of the ApplicationLogEntryWrittern control.
 /// </summary>
 /// <param name="args">The source of the event.</param>
 /// <param name="e">The <see cref="System.Diagnostics.EntryWrittenEventArgs"/> instance containing the event data.</param>
 public void ApplicationLogEntryWrittern_event(object args, EntryWrittenEventArgs e)
 {
     EventLogEntry logEntry = e.Entry;
     AddEvent("Application", logEntry);
 }
Пример #31
0
        private void OnEntryWritten(object sender, EntryWrittenEventArgs e)
        {
            if (!this.types.Contains(e.Entry.EntryType))
                return;

            if (!string.IsNullOrEmpty(this.category) && !this.category.Equals(e.Entry.Category, StringComparison.OrdinalIgnoreCase))
                return;

            this.channel.Report(
                this.key.Replace("${type}", typeTranslation[e.Entry.EntryType]),
                this.value);
        }
        /// <summary>
        /// Called Every time a new Event Log entry is written
        /// </summary>
        /// <param name="source"></param>
        /// <param name="e"></param>
        public void entryWritten(object source, EntryWrittenEventArgs e)
        {
            EventLogEntry entry = e.Entry;

            string date = DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString();

            if (entry.EntryType.ToString() == "SuccessAudit")
            {
                //Successful Logon
                if (entry.InstanceId == 4624)
                {
                    Match logonType = Regex.Match(entry.Message, @"Logon Type:(.*)");

                    if (logonType.Success)
                    {
                        int type = Convert.ToInt32(logonType.Groups[1].Value);
                        if (type == 10)
                        {
                            Match m = Regex.Match(entry.Message, @"Source Network Address:(.*)");

                            if (m.Success)
                            {
                                string key = m.Groups[1].Value;
                                key = key.Replace(" ", string.Empty);
                                key = key.Replace("\t", string.Empty);
                                key = key.Replace("\r", string.Empty);
                                key = key.Replace("\n", string.Empty);
                                if (!key.Contains("-"))
                                {
                                    w.write(date, "RDP Logon from " + key, "Remote RDP Logon");
                                }
                            }
                        }
                    }
                }
                else if (entry.InstanceId == 4724)
                {
                    //Password Change
                    Match target = Regex.Match(entry.Message, @"Account Name:(.*)");

                    if (target.Success)
                    {
                        target = target.NextMatch();
                        string key = target.Groups[1].Value;
                        key = key.Replace(" ", string.Empty);
                        key = key.Replace("\t", string.Empty);
                        key = key.Replace("\n", string.Empty);

                        w.write(date, "Password was changed for " + key, "Password Change");
                    }
                }
                else if (entry.InstanceId == 4722)
                {
                    //User Created
                    string user;
                    string domain;
                    string creator;

                    user = Regex.Match(entry.Message, @"Account Name:(.*)").NextMatch().Groups[1].Value.Replace(" ",string.Empty).Replace("\t",string.Empty);
                    domain = Regex.Match(entry.Message, @"Account Domain:(.*)").Groups[1].Value.Replace(" ", string.Empty).Replace("\t", string.Empty);
                    creator = Regex.Match(entry.Message, @"Account Name:(.*)").Groups[1].Value.Replace(" ", string.Empty).Replace("\t", string.Empty);

                    builder.Clear();

                    builder.Append("User ");
                    builder.Append(user);
                    builder.Append(" in domain ");
                    builder.Append(domain);
                    builder.Append(" created by ");
                    builder.Append(creator);

                    w.write(date, builder.ToString(), "User Created");
                }
                else if (entry.InstanceId == 4726)
                {
                    //User Deleted
                    string user;
                    string domain;
                    string creator;

                    user = Regex.Match(entry.Message, @"Account Name:(.*)").NextMatch().Groups[1].Value.Replace(" ", string.Empty).Replace("\t", string.Empty);
                    domain = Regex.Match(entry.Message, @"Account Domain:(.*)").Groups[1].Value.Replace(" ", string.Empty).Replace("\t", string.Empty);
                    creator = Regex.Match(entry.Message, @"Account Name:(.*)").Groups[1].Value.Replace(" ", string.Empty).Replace("\t", string.Empty);

                    builder.Clear();

                    builder.Append("User ");
                    builder.Append(user);
                    builder.Append(" in domain ");
                    builder.Append(domain);
                    builder.Append(" deleted by ");
                    builder.Append(creator);

                    w.write(date, builder.ToString(), "User Deleted");
                }
                else if (entry.InstanceId == 7035)
                {
                    //Service Installed (Needs to be implemented)
                }
                else if (entry.InstanceId == 4634)
                {
                    //PSExec Logoff
                    Match logonType = Regex.Match(entry.Message, @"Logon Type:(.*)");

                    if (logonType.Success)
                    {
                        int type = Convert.ToInt32(logonType.Groups[1].Value);
                        if (type == 3)
                        {
                            Match m = Regex.Match(entry.Message, @"Source Network Address:(.*)");
                            Match user = Regex.Match(entry.Message, @"Account Name:(.*)");
                            if (!user.Groups[1].Value.Contains("ANONYMOUS LOGON"))
                            {
                                if (m.Success)
                                {
                                    string key = m.Groups[1].Value;
                                    key = key.Replace(" ", string.Empty);
                                    key = key.Replace("\t", string.Empty);
                                    key = key.Replace("\r", string.Empty);
                                    key = key.Replace("\n", string.Empty);
                                    if (!key.Contains("-"))
                                    {
                                        w.write(date, "PSExec Logon from " + key, "PSExec Logon");
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
Пример #33
0
        private void EventLogOnEntryWritten(object sender, EntryWrittenEventArgs entryWrittenEventArgs)
        {
            LogMessage logMsg = new LogMessage();

            logMsg.LoggerName = String.IsNullOrEmpty(entryWrittenEventArgs.Entry.Source)
                                    ? _baseLoggerName
                                    : String.Format("{0}.{1}", _baseLoggerName, entryWrittenEventArgs.Entry.Source);

            logMsg.Message = entryWrittenEventArgs.Entry.Message;
            logMsg.TimeStamp = entryWrittenEventArgs.Entry.TimeGenerated;
            logMsg.Level = LogUtils.GetLogLevelInfo(GetLogLevel(entryWrittenEventArgs.Entry.EntryType));
            logMsg.ThreadName = entryWrittenEventArgs.Entry.InstanceId.ToString();

            if (!String.IsNullOrEmpty(entryWrittenEventArgs.Entry.Category))
                logMsg.Properties.Add("Category", entryWrittenEventArgs.Entry.Category);
            if (!String.IsNullOrEmpty(entryWrittenEventArgs.Entry.UserName))
                logMsg.Properties.Add("User Name", entryWrittenEventArgs.Entry.UserName);

            Notifiable.Notify(logMsg);
        }
Пример #34
0
 private void LogWritten(object source, EntryWrittenEventArgs e)
 {
     Logs.Add(e.Entry.Message);
 }