public override bool ParseSpecific(String line, bool dontSend) { Log.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | Parsing Specific line. Line : " + line); if (string.IsNullOrEmpty(line)) { Log.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | Line is Null Or Empty. "); return true; } CustomBase.Rec rec = new CustomBase.Rec(); rec.Description = line; rec.LogName = LogName; if (!string.IsNullOrEmpty(remoteHost)) rec.ComputerName = remoteHost; if (!dontSend) { string[] parts = line.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries); //2011-03-03 15:46:36.01 spid7s SQL Trace ID 1 was started by login "sa". //2011-03-03 15:46:36.15 spid7s Starting up database 'mssqlsystemresource'. //2011-03-03 15:46:36.19 spid7s The resource database build version is 10.00.1600. This is an try { if (parts.Length > 3) { try { string tarih = parts[0]; string saat = parts[1].Split('.')[0]; rec.Datetime = Convert.ToDateTime(tarih + " "+ saat).ToString("yyyy-MM-dd HH:mm:ss"); } catch (Exception ex) { Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | Date formatting error : " + ex.ToString()); rec.Datetime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); } rec.EventCategory = parts[2]; rec.CustomStr10 = ""; for (int i = 3; i < parts.Length; i++) { rec.CustomStr10 += parts[i] + " "; } rec.CustomStr10 = rec.CustomStr10.Trim(); } } catch (Exception ex) { Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | " + ex.Message); Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | " + ex.StackTrace); Log.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | Line : " + line); return true; } SetRecordData(rec); } return true; }
public Rec CreateRec() { CustomBase.Rec rec = new CustomBase.Rec(); rec.SourceName = sourceName; rec.Datetime = dateTime; rec.LogName = logName; rec.EventType = eventType; rec.CustomInt1 = sequenceNo; rec.CustomInt2 = severity; rec.CustomInt9 = Convert.ToInt64(sourceportNumber); rec.CustomStr1 = facility; rec.CustomStr2 = mnemonic; rec.Description = messageText; return rec; }
public RecWrapper() { rec = new CustomBase.Rec(); }
public bool Send_Record(ManagementObject mo) { CustomBase.Rec rec = new CustomBase.Rec(); try { #region "Parse Log:" rec.LogName = "NT-" + location; rec.CustomStr8 = remote_host; if (mo["ComputerName"] != null) { rec.ComputerName = mo["ComputerName"].ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "Computername:" + rec.ComputerName); } if (mo["CategoryString"] != null) { rec.EventCategory = mo["CategoryString"].ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory:" + rec.EventCategory); } if (mo["EventIdentifier"] != null) { rec.EventId = Convert.ToInt64(mo["EventIdentifier"]); L.Log(LogType.FILE, LogLevel.DEBUG, "EventIdentifier:" + rec.EventId); } if (mo["Type"] != null) { //Audit Failure => FailureAudit //Audit Success => SuccessAudit string evt = mo["Type"].ToString(); if (evt == "Audit Failure") evt = "FailureAudit"; if (evt == "Denetim Baþarýsýz") evt = "FailureAudit"; if (evt == "Audit Success") evt = "SuccessAudit"; if (evt == "Denetim Baþarýlý") evt = "SuccessAudit"; rec.EventType = evt; L.Log(LogType.FILE, LogLevel.DEBUG, "EventType:" + rec.EventType); } if (mo["RecordNumber"] != null) { rec.CustomInt10 = Convert.ToInt64(mo["RecordNumber"]); L.Log(LogType.FILE, LogLevel.DEBUG, "RecordNumber:" + rec.Recordnum); } if (mo["SourceName"] != null) { rec.SourceName = mo["SourceName"].ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "SourceName:" + rec.SourceName); } if (mo["User"] != null) { rec.UserName = mo["User"].ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "User:"******"mo[Message] :" + mo["Message"].ToString()); } catch (Exception) { L.Log(LogType.FILE, LogLevel.DEBUG, "mo[Message] :" + ""); } if (mo["Message"] != null) { rec.Description = mo["Message"].ToString(); //L.Log(LogType.FILE, LogLevel.DEBUG, "Message:" + rec.Description); string[] DescArr = rec.Description.Split("\n".ToCharArray(), StringSplitOptions.RemoveEmptyEntries); bool subjectMode = false; bool objectMode = false; bool targetMode = false; bool accessMode = false; bool processMode = false; bool applMode = false; bool networkMode = false; bool authenMode = false; bool dummyAccessControl = false; bool newAccountMode = false; for (int i = 0; i < DescArr.Length; i++) { if (!DescArr[i].Contains(":")) { if (accessMode) { rec.CustomStr7 += " " + DescArr[i].Trim(); if (rec.CustomStr7.Length > 900) { rec.CustomStr7 = rec.CustomStr7.Substring(0, 900); } } } else { string[] lineArr = DescArr[i].Split(":".ToCharArray(), StringSplitOptions.RemoveEmptyEntries); L.Log(LogType.FILE, LogLevel.DEBUG, "DescArr[" + i + "]:" + DescArr[i]); if (DescArr[i].Contains("Logon Type")) { L.Log(LogType.FILE, LogLevel.DEBUG, "Logon Type Bulundu:" + DescArr[i]); string logontypestr = DescArr[i].Split(':')[1].Trim(); L.Log(LogType.FILE, LogLevel.DEBUG, "Logon Type Deðeri:" + logontypestr); if (logontypestr != "") { rec.CustomInt3 = Convert.ToInt32(logontypestr); } } if (lineArr[lineArr.Length - 1].Trim() == "") { #region Mode if (lineArr[0].Trim() == "Application Information") { subjectMode = false; objectMode = false; targetMode = false; accessMode = false; processMode = false; applMode = true; networkMode = false; authenMode = false; newAccountMode = false; } else if (lineArr[0].Trim() == "Network Information") { subjectMode = false; objectMode = false; targetMode = false; accessMode = false; processMode = false; applMode = false; networkMode = true; authenMode = false; newAccountMode = false; } else if (lineArr[0].Trim() == "Subject" || lineArr[0].Trim() == "New Logon" || lineArr[0].Trim() == "Account Whose Credentials Were Used" || lineArr[0].Trim() == "Credentials Which Were Replayed" || lineArr[0].Trim() == "Account That Was Locked Out" || lineArr[0].Trim() == "New Computer Account" || lineArr[0].Trim() == "Computer Account That Was Changed" || lineArr[0].Trim() == "Source Account") { subjectMode = true; objectMode = false; targetMode = false; accessMode = false; processMode = false; applMode = false; networkMode = false; authenMode = false; newAccountMode = false; } else if (lineArr[0].Trim() == "Target" || lineArr[0].Trim() == "Target Account" || lineArr[0].Trim() == "Target Computer" || lineArr[0].Trim() == "Target Server") { subjectMode = true; objectMode = false; targetMode = false; accessMode = false; processMode = false; applMode = false; networkMode = false; authenMode = false; newAccountMode = false; } else if (lineArr[0].Trim() == "Object") { subjectMode = false; objectMode = true; targetMode = false; accessMode = false; processMode = false; applMode = false; networkMode = false; authenMode = false; newAccountMode = false; } else if (lineArr[0].Trim() == "Process Information" || lineArr[0].Trim() == "Process") { subjectMode = false; objectMode = false; targetMode = false; accessMode = false; processMode = true; applMode = false; networkMode = false; authenMode = false; newAccountMode = false; } else if (lineArr[0].Trim() == "Access Request Information") { subjectMode = false; objectMode = false; targetMode = false; accessMode = true; processMode = false; applMode = false; networkMode = false; authenMode = false; newAccountMode = false; } else if (lineArr[0].Trim() == "Detailed Authentication Information") { subjectMode = false; objectMode = false; targetMode = false; accessMode = false; processMode = false; applMode = false; networkMode = false; authenMode = true; newAccountMode = false; } else if (lineArr[0].Trim() == "New Account") { subjectMode = false; objectMode = false; targetMode = false; accessMode = false; processMode = false; applMode = false; networkMode = false; authenMode = false; newAccountMode = true; } else { subjectMode = false; objectMode = false; targetMode = false; accessMode = false; processMode = false; applMode = false; networkMode = false; authenMode = false; newAccountMode = false; } #endregion } else { if (subjectMode) { #region SubjectMode==True switch (lineArr[0].Trim()) { case "User Name": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Account Name": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Client Name": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Group Name": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Group Domain": rec.CustomStr5 = appendArrayElements(lineArr); break; //case "Security ID": // if (rec.CustomStr2 == null) // { // rec.CustomStr2 = appendArrayElements(lineArr); // } // break; case "Logon ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt6 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt6 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt6 = 0; } break; case "Client Context ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt6 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt6 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt6 = 0; } break; case "Account Domain": rec.CustomStr5 = appendArrayElements(lineArr); break; case "Client Domain": rec.CustomStr5 = appendArrayElements(lineArr); break; default: break; } #endregion } else if (targetMode) { #region TargetMode==true switch (lineArr[0].Trim()) { case "User Name": rec.CustomStr2 = appendArrayElements(lineArr); break; //case "Target Server Name": // rec.CustomStr2 = appendArrayElements(lineArr); // break; case "Account Name": rec.CustomStr2 = appendArrayElements(lineArr); break; case "Old Account Name": rec.CustomStr1 = appendArrayElements(lineArr); break; case "New Account Name": rec.CustomStr2 = appendArrayElements(lineArr); break; case "Account Domain": rec.CustomStr7 = appendArrayElements(lineArr); break; case "Group Name": rec.CustomStr2 = appendArrayElements(lineArr); break; case "Group Domain": rec.CustomStr7 = appendArrayElements(lineArr); break; default: break; } #endregion } else if (objectMode) { #region ObjectMode=True switch (lineArr[0].Trim()) { case "Object Name": rec.CustomStr8 = appendArrayElements(lineArr); break; case "Object Type": rec.CustomStr9 = appendArrayElements(lineArr); break; case "Operation Type": rec.CustomStr9 = appendArrayElements(lineArr); break; case "Handle ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt7 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt7 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt7 = 0; } break; case "Primary User Name": if (rec.CustomStr1 == null) { rec.CustomStr1 = appendArrayElements(lineArr); } break; case "Client User Name": if (rec.CustomStr2 == null) { rec.CustomStr2 = appendArrayElements(lineArr); } break; default: break; } #endregion } else if (accessMode) { #region AccessMode==True switch (lineArr[0].Trim()) { case "Accesses": if (rec.CustomStr7 == null) { rec.CustomStr7 = appendArrayElements(lineArr); if (rec.CustomStr7.Length > 900) { rec.CustomStr7 = rec.CustomStr7.Substring(0, 900); } dummyAccessControl = true; } break; case "Access Mask": if (dummyAccessControl) { rec.CustomStr7 += " " + appendArrayElements(lineArr); if (rec.CustomStr7.Length > 900) { rec.CustomStr7 = rec.CustomStr7.Substring(0, 900); } } break; case "Operation Name": rec.CustomStr6 = appendArrayElements(lineArr); break; default: break; } #endregion } else if (processMode) { #region ProcessMode==True switch (lineArr[0].Trim()) { case "Duration": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt2 = int.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt2 = int.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt2 = 0; } break; case "Process ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt8 = 0; } break; case "PID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt8 = 0; } break; case "Process Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Image File Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Logon Process Name": rec.CustomStr6 = appendArrayElements(lineArr); break; default: break; } #endregion } else if (applMode) { #region ApplMode==True switch (lineArr[0].Trim()) { case "Logon Process Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Duration": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt2 = int.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt2 = int.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt2 = 0; } break; case "Process ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt8 = 0; } break; case "Application Instance ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt8 = 0; } break; case "Process Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Application Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Image File Name": rec.CustomStr6 = appendArrayElements(lineArr); break; default: break; } #endregion } else if (networkMode) { //L.Log(LogType.FILE, LogLevel.DEBUG, "lineArr[0]:" + lineArr[0]); #region NetworkMode==True switch (lineArr[0].Trim()) { case "Client Address": rec.CustomStr3 = lineArr[lineArr.Length - 1]; break; case "Source Network Address": rec.CustomStr3 = appendArrayElements(lineArr); break; case "Network Address": rec.CustomStr3 = appendArrayElements(lineArr); break; case "Source Address": rec.CustomStr3 = appendArrayElements(lineArr); break; case "Source Port": try { rec.CustomInt4 = int.Parse(appendArrayElements(lineArr)); } catch (Exception) { rec.CustomInt4 = 0; } break; case "Port": try { rec.CustomInt4 = int.Parse(appendArrayElements(lineArr)); } catch (Exception) { rec.CustomInt4 = 0; } break; case "Workstation Name": rec.CustomStr4 = appendArrayElements(lineArr); break; //case "ffff": // rec.CustomStr3 = appendArrayElements(lineArr); // break; default: break; } #endregion } else if (authenMode) { #region AuthenMode==True switch (lineArr[0].Trim()) { case "Authentication Package": string authenPack = appendArrayElements(lineArr); if (authenPack.Contains("Negotiate")) { rec.CustomInt5 = 0; } else if (authenPack.Contains("NTLM")) { rec.CustomInt5 = 1; } else if (authenPack.Contains("Kerberos")) { rec.CustomInt5 = 2; } else { rec.CustomInt5 = 3; } break; case "Pre-Authentication Type": string authenPack3 = appendArrayElements(lineArr); if (authenPack3.Contains("Negotiate")) { rec.CustomInt5 = 0; } else if (authenPack3.Contains("NTLM")) { rec.CustomInt5 = 1; } else if (authenPack3.Contains("Kerberos")) { rec.CustomInt5 = 2; } else { rec.CustomInt5 = 3; } break; case "Logon Process": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Logon Account": rec.CustomStr1 = appendArrayElements(lineArr); break; default: break; } #endregion } else if (newAccountMode) { #region NewAccountMode==True switch (lineArr[0].Trim()) { case "Account Name": if (rec.CustomStr1 != null) { rec.CustomStr2 = rec.CustomStr1; rec.CustomStr1 = appendArrayElements(lineArr); } else { rec.CustomStr1 = appendArrayElements(lineArr); } break; default: break; } #endregion } else { #region Other switch (lineArr[0].Trim()) { case "Logon Type": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt3 = int.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt3 = int.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt3 = 0; } break; case "Error Code": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt1 = int.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt1 = int.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt1 = 0; } break; case "Status Code": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt1 = int.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt1 = int.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt1 = 0; } break; case "Failure Code": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt1 = int.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt1 = int.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt1 = 0; } break; case "Caller Workstation": rec.CustomStr4 = appendArrayElements(lineArr); break; case "Workstation Name": rec.CustomStr4 = appendArrayElements(lineArr); break; case "Source Workstation": rec.CustomStr4 = appendArrayElements(lineArr); break; case "User Name": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Account Name": if (rec.CustomStr1 != null) { rec.CustomStr2 = rec.CustomStr1; rec.CustomStr1 = appendArrayElements(lineArr); } else { rec.CustomStr1 = appendArrayElements(lineArr); } break; case "Client Name": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Logon Account": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Caller User Name": rec.CustomStr2 = appendArrayElements(lineArr); break; case "Domain": rec.CustomStr5 = appendArrayElements(lineArr); break; case "Account Domain": rec.CustomStr5 = appendArrayElements(lineArr); break; case "Client Domain": rec.CustomStr5 = appendArrayElements(lineArr); break; case "Group Name": rec.CustomStr9 = appendArrayElements(lineArr); break; case "Group Domain": rec.CustomStr5 = appendArrayElements(lineArr); break; case "Caller Domain": rec.CustomStr7 = appendArrayElements(lineArr); break; case "Target Domain": rec.CustomStr7 = appendArrayElements(lineArr); break; case "Target User Name": rec.CustomStr2 = appendArrayElements(lineArr); break; case "Source Network Address": rec.CustomStr3 = appendArrayElements(lineArr); break; case "Client Address": rec.CustomStr3 = lineArr[lineArr.Length - 1]; //rec.CustomStr3 = appendArrayElements(lineArr);dali break; case "Source Port": try { rec.CustomInt4 = int.Parse(appendArrayElements(lineArr)); } catch (Exception) { rec.CustomInt4 = 0; } break; case "Authentication Package": string authenPack = appendArrayElements(lineArr); if (authenPack.Contains("Negotiate")) { rec.CustomInt5 = 0; } else if (authenPack.Contains("NTLM")) { rec.CustomInt5 = 1; } else if (authenPack.Contains("Kerberos") || authenPack.Contains("KDS")) { rec.CustomInt5 = 2; } else { rec.CustomInt5 = 3; } break; case "Pre-Authentication Type": string authenPack2 = appendArrayElements(lineArr); if (authenPack2.Contains("Negotiate")) { rec.CustomInt5 = 0; } else if (authenPack2.Contains("NTLM")) { rec.CustomInt5 = 1; } else if (authenPack2.Contains("Kerberos")) { rec.CustomInt5 = 2; } else { rec.CustomInt5 = 3; } break; case "Caller Process ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt8 = 0; } break; case "PID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt8 = 0; } break; case "Logon Process Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Logon Process": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Process Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Image File Name": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Duration": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt2 = int.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt2 = int.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt2 = 0; } break; case "Object Name": rec.CustomStr8 = appendArrayElements(lineArr); break; case "Object Type": rec.CustomStr9 = appendArrayElements(lineArr); break; case "Operation Type": rec.CustomStr9 = appendArrayElements(lineArr); break; case "Handle ID": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt7 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt7 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt7 = 0; } break; case "Primary User Name": if (rec.CustomStr1 == null) { rec.CustomStr1 = appendArrayElements(lineArr); } break; case "Client User Name": if (rec.CustomStr2 == null) { rec.CustomStr2 = appendArrayElements(lineArr); } break; //case "ffff": // rec.CustomStr3 = appendArrayElements(lineArr); // break; //D.Ali Türkce Gelen Loglar Ýçin case "Kullanýcý Adý": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Ýþ Ýstasyonu Adý": rec.CustomStr4 = appendArrayElements(lineArr); break; case "Oturum Açma iþlemi": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Oturum Açma Türü": if (string.IsNullOrEmpty(appendArrayElements(lineArr)) == false) rec.CustomInt5 = int.Parse(appendArrayElements(lineArr)); else rec.CustomInt5 = -1; break; case "Etki Alaný": rec.CustomStr5 = appendArrayElements(lineArr); break; case "Kaynak Að Adresi": rec.CustomStr3 = appendArrayElements(lineArr); break; case "Oturum Hesabý": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Kaynak Ýþ Ýstasyonu": rec.CustomStr4 = appendArrayElements(lineArr); break; case "Share Name": rec.CustomStr8 = appendArrayElements(lineArr); break; case "Hesap Adý": if (string.IsNullOrEmpty(rec.CustomStr1)) rec.CustomStr1 = appendArrayElements(lineArr); else rec.CustomStr2 = appendArrayElements(lineArr); break; ///////// case "Güvenlik Kimliði": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Hesap Etki Alaný": rec.CustomStr5 = appendArrayElements(lineArr); break; case "Oturum Açma Kimliði": rec.CustomStr1 = appendArrayElements(lineArr); break; case "Oturum Türü": if (string.IsNullOrEmpty(appendArrayElements(lineArr)) == false) rec.CustomInt5 = int.Parse(appendArrayElements(lineArr)); else rec.CustomInt5 = -1; break; case "Ýþlem Kimliði": if (!lineArr[1].Contains("-")) { if (lineArr[1].Contains("0x")) { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr).TrimStart("0".ToCharArray()).TrimStart("x".ToCharArray()), System.Globalization.NumberStyles.HexNumber); } else { rec.CustomInt8 = long.Parse(appendArrayElements(lineArr)); } } else { rec.CustomInt8 = 0; } break; case "Ýþlem Adý": rec.CustomStr6 = appendArrayElements(lineArr); break; case "Kaynak Baðlantý Noktasý": try { rec.CustomInt4 = int.Parse(appendArrayElements(lineArr)); } catch (Exception) { rec.CustomInt4 = 0; } break; case "Kimlik Doðrulama Paketi": string authenPack4 = appendArrayElements(lineArr); if (authenPack4.Contains("Negotiate")) { rec.CustomInt5 = 0; } else if (authenPack4.Contains("NTLM")) { rec.CustomInt5 = 1; } else if (authenPack4.Contains("Kerberos")) { rec.CustomInt5 = 2; } else { rec.CustomInt5 = 3; } break; case "Paket Adý (yalnýzca NTLM)": string authenPack3 = appendArrayElements(lineArr); if (authenPack3.Contains("Negotiate")) { rec.CustomInt5 = 0; } else if (authenPack3.Contains("NTLM")) { rec.CustomInt5 = 1; } else if (authenPack3.Contains("Kerberos") || authenPack3.Contains("KDS")) { rec.CustomInt5 = 2; } else { rec.CustomInt5 = 3; } break; default: break; } #endregion } } } } if (rec.Description.Length > 900) { if (rec.Description.Length > 1800) { rec.CustomStr10 = rec.Description.Substring(900, 900); } else { rec.CustomStr10 = rec.Description.Substring(900, rec.Description.Length - 900 - 2); } rec.Description = rec.Description.Substring(0, 900); L.Log(LogType.FILE, LogLevel.DEBUG, "Description text splitted to CustomStr10"); } } #endregion if ((mo["TimeGenerated"] != null)) { string dat = mo["TimeGenerated"].ToString().Split('.')[0]; L.Log(LogType.FILE, LogLevel.DEBUG, "TimeGenerated1:" + dat); rec.Datetime = dat.Substring(0, 4) + "/" + dat.Substring(4, 2) + "/" + dat.Substring(6, 2) + " " + dat.Substring(8, 2) + ":" + dat.Substring(10, 2) + ":" + dat.Substring(12, 2); //+ "." + dat.Substring(14, 2); rec.Datetime = Convert.ToDateTime(rec.Datetime).AddMinutes(zone).ToString("yyyy/MM/dd HH:mm:ss"); last_recdate = rec.Datetime; L.Log(LogType.FILE, LogLevel.DEBUG, "TimeGenerated:" + rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "rec.customstr3:" + rec.CustomStr3); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); sendData(rec); L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); return true; } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); return false; } finally { } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, "Service Started"); string readQuery = null; IDataReader readReader = null; DbCommand cmd = null; try { if (!reg_flag) { if (!Read_Registry()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Reading the Registry "); return; } else if (!Initialize_Logger()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Intialize Logger on VCenterV5_1_0Recorder Recorder functions may not be running"); return; } reg_flag = true; } if (fromend) { L.Log(LogType.FILE, LogLevel.INFORM, "Timer Tick Go To Set_LastPosition"); if (!Set_LastPosition()) L.Log(LogType.FILE, LogLevel.INFORM, "Error on setting last position see eventlog for more details"); fromend = false; } int i = 0; L.Log(LogType.FILE, LogLevel.DEBUG, " Position is: " + Position); readQuery = "SELECT TOP " + max_record_send + " EVENT_ID, EVENT_TYPE, CREATE_TIME, USERNAME, CATEGORY, VM_ID, VM_NAME, " + " HOST_ID , HOST_NAME , COMPUTERESOURCE_ID , COMPUTERESOURCE_NAME , DATACENTER_ID , DATACENTER_NAME , DATASTORE_ID , " + " DATASTORE_NAME FROM dbo.VPX_EVENT where EVENT_ID > " + last_recordnum + " order by EVENT_ID Asc"; L.Log(LogType.FILE, LogLevel.INFORM, "TimerTick Position is 0 "); L.Log(LogType.FILE, LogLevel.INFORM, "TimerTick Position: " + Position); L.Log(LogType.FILE, LogLevel.INFORM, "TimerTick RecordFields.currentPosition is: " + RecordFields.currentPosition); L.Log(LogType.FILE, LogLevel.INFORM, " Query is " + readQuery); try { L.Log(LogType.FILE, LogLevel.DEBUG, " db_name " + db_name); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); L.Log(LogType.FILE, LogLevel.DEBUG, " db_name _ 1"); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " db_name " + exception.Message); } cmd.CommandTimeout = 1200; L.Log(LogType.FILE, LogLevel.DEBUG, "Finish executing the query"); while (readReader.Read()) { rec.LogName = "VCenterV5_1_0Recorder"; L.Log(LogType.FILE, LogLevel.DEBUG, " db_name _ 2"); DateTime dtNow; L.Log(LogType.FILE, LogLevel.DEBUG, "tarih: " + readReader["CREATE_TIME"].ToString()); dtNow = Convert.ToDateTime(Convert_To_String(Convert_To_String(readReader["CREATE_TIME"])));// L.Log(LogType.FILE, LogLevel.DEBUG, "Date Time : " + dtNow); rec.Datetime = dtNow.ToString("yyyy-MM-dd HH:mm:ss"); L.Log(LogType.FILE, LogLevel.DEBUG, "Date Time : " + rec.Datetime); try { rec.EventId = Convert.ToInt64(readReader["EVENT_ID"].ToString());// L.Log(LogType.FILE, LogLevel.DEBUG, "EventId: " + rec.EventId); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "EventId: Error: " + exception.Message); } if (!string.IsNullOrEmpty(readReader["CATEGORY"].ToString())) { rec.EventCategory = readReader["CATEGORY"].ToString();// L.Log(LogType.FILE, LogLevel.DEBUG, "EventId: " + rec.EventId); } if (!string.IsNullOrEmpty(readReader["EVENT_TYPE"].ToString())) { rec.EventType = readReader["EVENT_TYPE"].ToString();// L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType); } if (!string.IsNullOrEmpty(Convert_To_String(readReader["USERNAME"]))) { rec.UserName = readReader["USERNAME"].ToString();// L.Log(LogType.FILE, LogLevel.DEBUG, "UserName: "******"SourceName: " + rec.SourceName); if (!string.IsNullOrEmpty(readReader["VM_NAME"].ToString())) { rec.CustomStr1 = readReader["VM_NAME"].ToString();// L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr1: " + rec.CustomStr1); } if (!string.IsNullOrEmpty(readReader["HOST_NAME"].ToString())) { rec.CustomStr2 = readReader["HOST_NAME"].ToString();// L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2); } //if (!string.IsNullOrEmpty(readReader["COMPUTERESOURCE_NAME"].ToString())) //{ // rec.CustomStr3 = readReader["COMPUTERESOURCE_NAME"].ToString();// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3); //} //if (!string.IsNullOrEmpty(readReader["DATACENTER_NAME"].ToString())) //{ // rec.CustomStr4 = readReader["DATACENTER_NAME"].ToString();// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4); //} //if (!string.IsNullOrEmpty(readReader["DATASTORE_NAME"].ToString())) //{ // rec.CustomStr5 = readReader["DATASTORE_NAME"].ToString();// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5); //} //try //{ // if (!string.IsNullOrEmpty(readReader["VM_ID"].ToString())) // { // rec.CustomInt1 = Convert.ToInt32(readReader["VM_ID"].ToString());// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1: " + rec.CustomInt1); // } //} //catch (Exception exception) //{ // L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt1: Error: " + exception.Message); //} //try //{ // if (!string.IsNullOrEmpty(readReader["HOST_ID"].ToString())) // rec.CustomInt2 = Convert.ToInt32(readReader["HOST_ID"].ToString());// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt2: " + rec.CustomInt2); //} //catch (Exception exception) //{ // L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt2: Error: " + exception.Message); //} //try //{ // if (!string.IsNullOrEmpty(readReader["COMPUTERESOURCE_ID"].ToString())) // { // rec.CustomInt3 = Convert.ToInt32(readReader["COMPUTERESOURCE_ID"].ToString());// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3: " + rec.CustomInt3); // } //} //catch (Exception exception) //{ // L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt3: Error: " + exception.Message); //} //try //{ // if (!string.IsNullOrEmpty(readReader["DATACENTER_ID"].ToString())) // { // rec.CustomInt4 = Convert.ToInt32(readReader["DATACENTER_ID"].ToString());// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt4: " + rec.CustomInt4); // } //} //catch (Exception exception) //{ // L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt4: Error: " + exception.Message); //} //try //{ // if (!string.IsNullOrEmpty(readReader["DATASTORE_ID"].ToString())) // { // rec.CustomInt5 = Convert.ToInt32(readReader["DATASTORE_ID"].ToString());// // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5); // } //} //catch (Exception exception) //{ // L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt5: Error: " + exception.Message); //} //RecordFields.ID = Convert_To_Int32(Convert_To_String(readReader["ID"]));// //L.Log(LogType.FILE, LogLevel.DEBUG, "EventId: " + rec.EventId); //L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory); //L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType); //L.Log(LogType.FILE, LogLevel.DEBUG, "UserName: "******"CustomStr1: " + rec.CustomStr1); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1: " + rec.CustomInt1.ToString(CultureInfo.InvariantCulture)); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt2: " + rec.CustomInt2.ToString(CultureInfo.InvariantCulture)); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3: " + rec.CustomInt3.ToString(CultureInfo.InvariantCulture)); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt4: " + rec.CustomInt4.ToString(CultureInfo.InvariantCulture)); //L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); } //RecordFields.Counter++; //L.Log(LogType.FILE, LogLevel.INFORM, "Counter: " + RecordFields.Counter); L.Log(LogType.FILE, LogLevel.INFORM, "Finish Sending Data"); last_recordnum = rec.Recordnum; last_recdate = rec.Datetime; L.Log(LogType.FILE, LogLevel.INFORM, "Record Number is " + RecordFields.currentPosition); i++; if (i > max_record_send) { cmd.Cancel(); return; } if (usingRegistry) Set_Registry(last_recordnum); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, RecordFields.ID.ToString(CultureInfo.InvariantCulture), "", "", "", last_recdate); L.Log(LogType.FILE, LogLevel.INFORM, "Update Table TimerTick."); } } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish getting the data"); } catch (Exception er) { L.LogTimed(LogType.FILE, LogLevel.ERROR, er.ToString()); } finally { timer1.Enabled = true; L.Log(LogType.FILE, LogLevel.INFORM, "Service Stopped"); Database.Drop(ref cmd); } }
void SlogSyslogEvent(LogMgrEventArgs args) { try { _log.Log(LogType.FILE, LogLevel.DEBUG, " SlogSyslogEvent() --> is STARTED"); _log.Log(LogType.FILE, LogLevel.DEBUG, " SlogSyslogEvent() --> will parse data : " + args.Message); CustomBase.Rec rec = new CustomBase.Rec(); rec.LogName = "MCAffeeUTMSyslogRecorder"; rec.Datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss"); rec.SourceName = args.Source; if (args.Message.Length > 895) { rec.Description = args.Message.Substring(0, 894); } else { rec.Description = args.Message; } CoderParse(args.Message, ref rec); CustomServiceBase customServiceBase = base.GetInstanceService("Security Manager Remote Recorder"); customServiceBase.SetData(_dal, _virtualHost, rec); customServiceBase.SetReg(_id, rec.Datetime, "", "", "", rec.Datetime); _log.Log(LogType.FILE, LogLevel.DEBUG, " SlogSyslogEvent() --> is succesfully FINISHED."); } catch (Exception ex) { _log.Log(LogType.FILE, LogLevel.ERROR, " SlogSyslogEvent() --> An error occurred : " + ex.ToString()); } }
void slog_SyslogEvent(LogMgrEventArgs args) { CustomBase.Rec rec = new CustomBase.Rec(); try { L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); try { string[] logproperties = {"id","sn","time","fw","pri","c","m","msg","n","dst","proto","src", "sent","rcvd","vpnpolicy","op","result","dstname","code","Category","arg"}; this.log_Name = "SonicWallSyslog Recorder"; this.event_Type = args.EventLogEntType.ToString(); L.Log(LogType.FILE, LogLevel.INFORM, "args.Message" + args.Message); string[] tempfields = args.Message.Split(' '); info = tempfields[2]; description = args.Message; for (int k = 3; k < tempfields.Length; k++) { if (!tempfields[k].Contains("=")) { for (int j = k; j < tempfields.Length; j++) { if (tempfields[j].Contains("=")) { k = j; break; } tempfields[k - 1] += " " + tempfields[j]; tempfields[j] = ""; } tempfields[k - 1] = tempfields[k - 1].Trim(); } } int controlindex = 0; for (int h = 0; h < tempfields.Length; h++) { if (tempfields[h] == "") { controlindex++; } } string[] fields = new string[tempfields.Length - controlindex]; int xyz = 0; for (int i = 0; i < tempfields.Length; i++) { if (tempfields[i] != "") { fields[xyz] = tempfields[i]; xyz++; } } for (int i = 3; i < fields.Length; i++) { int index = -1; string property = ""; property = fields[i].Split('=')[0]; index = Array.IndexOf(logproperties, property); if (index != -1) { assignpropertyvalue(index, fields[i].Split('=')[1]); } else { assignundefinedvalue(fields[i].Split('=')[0], fields[i].Split('=')[1]); } } string controltype = ""; for (int i = 0; i < fields.Length; i++) { if(fields[i].Contains("dstname")) { controltype ="web"; } if(fields[i].Contains("msg")) { controltype ="fw"; } } if (controltype == "web") { rec = createRec("web"); } else { rec = createRec("fw"); } } catch (Exception e) { clearProperties(); L.Log(LogType.FILE, LogLevel.DEBUG, "ERROR------------"); L.Log(LogType.FILE, LogLevel.DEBUG, e.Message); L.Log(LogType.FILE, LogLevel.DEBUG, e.StackTrace); } L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); L.Log(LogType.FILE, LogLevel.DEBUG, Dal + " " + virtualhost + " " + rec.Description); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "","","",rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); clearProperties(); } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message); } }
private void SaveData(SqlDataReader readReader) { string errorMsg = ""; // A.SiteId, customstr5 //A.ItemId customstr4 //,a.MachineName,computername //A.MachineIp,customstr3 //a.DocLocation,customstr10 //a.Occurred,datetime //a.LocationType, customint1 //b.tp_Login, customstr1 //b.tp_Title, usersID //b.tp_Email, customstr2 //Event eventType CustomBase.Rec rec = new CustomBase.Rec(); rec.LogName = "SharePoint Recorder"; rec.CustomStr5 = readReader.GetGuid(0).ToString(); rec.CustomStr4 = readReader.GetGuid(1).ToString(); try { rec.ComputerName = readReader.GetString(2); } catch (Exception ex) { errorMsg += " | readReader.GetString(2) = " + readReader[2].ToString(); rec.ComputerName = ""; L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> : " + ex.ToString() + " " + rec.ComputerName); } try { rec.CustomStr3 = readReader.GetString(3); } catch (Exception ex) { errorMsg += " | readReader.GetString(3) = " + readReader[3].ToString(); rec.CustomStr3 = ""; L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> : " + ex.ToString() + " " + rec.CustomStr3); } try { rec.CustomStr10 = readReader.GetString(4); } catch (Exception ex) { errorMsg += " | readReader.GetString(4) = " + readReader[4].ToString(); rec.CustomStr10 = ""; } try { rec.Datetime = readReader.GetDateTime(5).ToString("yyyy/MM/dd HH:mm:ss"); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> DateTime : " + rec.Datetime.ToString()); } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> There is a dateTime Error : " + ex.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> readReader[5] : " + readReader[5].ToString()); goto End; } try { rec.CustomInt1 = readReader.GetInt32(6); } catch (Exception ex) { errorMsg += " | readReader.GetString(6) = " + readReader[6].ToString(); rec.CustomInt1 = 0; L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> : " + ex.ToString() + " " + rec.CustomInt1.ToString()); } try { rec.CustomStr1 = readReader.GetString(7); } catch (Exception ex) { errorMsg += " | readReader.GetString(7) = " + readReader[7].ToString(); rec.CustomStr1 = ""; } try { rec.UserName = readReader.GetString(8); } catch (Exception ex) { errorMsg += " | readReader.GetString(8) = " + readReader[8].ToString(); rec.UserName = ""; } try { rec.CustomStr2 = readReader.GetString(9); } catch (Exception ex) { errorMsg += " | readReader.GetString(9) = " + readReader[9].ToString(); rec.CustomStr2 = ""; } try { rec.EventType = readReader.GetString(10); } catch (Exception ex) { errorMsg += " | readReader.GetString(10) = " + readReader[10].ToString(); rec.EventType = ""; } if (!string.IsNullOrEmpty(errorMsg)) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Karşılaşılan Kolon Hataları : " + errorMsg); } errorMsg = ""; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); } L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Finish Sending Data"); LastRecordDate = rec.Datetime; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Last Position is setted. Last rec date : " + LastRecordDate.ToString()); //SetConfigData(Id, location, "", LastRecordDate, "", "", false, max_record_send, user, password, remote_host, sleeptime, trc_level, LastRecordDate, 0, virtualhost, Dal, zone); if (usingRegistry) Set_Registry(last_recordnum); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, LastRecordDate, "", "", "", LastRecordDate); } End: ; }
void slog_SyslogEvent(LogMgrEventArgs args) { L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); L.Log(LogType.FILE, LogLevel.INFORM, " Log : " + args.Message); CustomBase.Rec rec = new CustomBase.Rec(); try { try { rec.LogName = "WebSenseMailSecuritySyslogV_1_0_0Recorder"; rec.Datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss"); rec.EventType = args.EventLogEntType.ToString(); #region Description if (args.Message.Length > 899) { rec.Description = args.Message.Substring(0, 899); } else { rec.Description = args.Message; } rec.Description = args.Message.Replace("'", "|"); #endregion string line = args.Message; string[] lineArr = SpaceSplit(line, true); try { if (lineArr.Length > 7) { rec.SourceName = lineArr[7]; L.Log(LogType.FILE, LogLevel.DEBUG, "SourceName: " + rec.SourceName); } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "SourceName Error: " + exception.Message); } try { if (lineArr.Length > 8 && lineArr[8].Contains("|")) { rec.CustomStr5 = lineArr[8]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5); } else { rec.CustomStr5 = GetStringValue(lineArr, "CustomStr5", "src="); } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr5 Error: " + exception.Message); } rec.ComputerName = GetStringValue(lineArr, "ComputerName", "dvc="); rec.CustomStr1 = GetStringValue(lineArr, "CustomStr1", "üşer="); if (string.IsNullOrEmpty(rec.CustomStr1)) { rec.CustomStr1 = GetStringValue(lineArr, "CustomStr1", "duser="******"|")) { rec.EventCategory = lineArr[i].Split('|')[4]; } } rec.EventType = GetStringValue(lineArr, "EventType", "act="); rec.CustomStr2 = Between(line, "msg=", "in="); rec.CustomStr3 = GetStringValue(lineArr, "CustomStr3", "suser="******"CustomStr4", "dst="); rec.CustomStr6 = GetStringValue(lineArr, "CustomStr6", "deviceDirection="); rec.CustomStr7 = GetStringValue(lineArr, "CustomStr7", "deviceFacility="); rec.CustomInt6 = GetIntValue(lineArr, "CustomInt6", "externalId="); rec.CustomInt7 = GetIntValue(lineArr, "CustomInt7", "messageId="); rec.CustomInt8 = GetIntValue(lineArr, "CustomInt8", "rt="); } catch (Exception e) { L.Log(LogType.FILE, LogLevel.ERROR, "ERROR------------"); L.Log(LogType.FILE, LogLevel.ERROR, e.Message); L.Log(LogType.FILE, LogLevel.ERROR, e.StackTrace); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message); } }
void checkpoint_DHCP(LogMgrEventArgs args) { CustomBase.Rec r = new CustomBase.Rec(); CustomServiceBase s; if (usingRegistry) { L.Log(LogType.FILE, LogLevel.INFORM, "Security Manager Sender"); s = base.GetInstanceService("Security Manager Sender"); } else { L.Log(LogType.FILE, LogLevel.INFORM, "Security Manager Remote Recorder"); s = base.GetInstanceService("Security Manager Remote Recorder"); } try { String line = args.Message.Replace('\0', ' '); r.LogName = "Checkpoint DHCP Recorder"; string tarih; line = line.Replace('\0', ' ').TrimEnd(' '); String[] arr = SpaceSplit(args.Message.Replace('\0', ' '), true); String[] arr2 = line.Split('>'); String[] cat = arr[2].Split('.'); tarih = arr[3] + "/" + ay(arr[4]).ToString() + "/" + arr[5] + " " + arr[6]; L.Log(LogType.FILE, LogLevel.DEBUG, "set datetime"); r.Datetime = Convert.ToDateTime(tarih).AddMinutes(zone).ToString("yyyy/MM/dd HH:mm:ss"); //An IP conflict was detected if (arr[8] == "<10020>") { L.Log(LogType.FILE, LogLevel.DEBUG, "set event category"); r.EventCategory = arr[7]; String[] arr3 = arr2[1].Split(':'); L.Log(LogType.FILE, LogLevel.DEBUG, "set username"); r.UserName = arr[16]; //ip L.Log(LogType.FILE, LogLevel.DEBUG, "set description"); r.Description = arr2[1]; //The IP 10.33.0.1 is in use by a device with MAC address 00:09:f3:07:26:ab L.Log(LogType.FILE, LogLevel.DEBUG, "set eventtype"); r.EventType = arr[10] + " " + arr[11]; //iip conflict L.Log(LogType.FILE, LogLevel.DEBUG, "set event customstr1"); r.CustomStr1 = arr3[0]; //An IP conflict was detected } else if (arr[8] == "<10016>") //spotted { L.Log(LogType.FILE, LogLevel.DEBUG, "set event category"); r.EventCategory = arr[7]; L.Log(LogType.FILE, LogLevel.DEBUG, "set username"); r.UserName = arr[arr.Length - 1]; //ip L.Log(LogType.FILE, LogLevel.DEBUG, "set description"); r.Description = arr2[1]; //Spotted 00:16:17:4d:37:9d (TMO) using IP address 10.25.0.109 L.Log(LogType.FILE, LogLevel.DEBUG, "set event type"); r.EventType = "ADDRESS DETECTION"; //sabit L.Log(LogType.FILE, LogLevel.DEBUG, "set customstr1"); r.CustomStr1 = arr[9]; // } else if (arr[8] == "<10015>") //assigned { L.Log(LogType.FILE, LogLevel.DEBUG, "set event category"); r.EventCategory = arr[7]; L.Log(LogType.FILE, LogLevel.DEBUG, "set username"); r.UserName = arr[10]; //ip L.Log(LogType.FILE, LogLevel.DEBUG, "set description"); r.Description = arr2[1]; // L.Log(LogType.FILE, LogLevel.DEBUG, "set eventtype"); r.EventType = "DHCP"; //sabit L.Log(LogType.FILE, LogLevel.DEBUG, "set customstr1"); r.CustomStr1 = arr[9]; //assigned } else { L.Log(LogType.FILE, LogLevel.DEBUG, "set descriiption "); r.Description = line; } r.SourceName = args.Source; L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (!usingRegistry) { s.SetData(Dal,virtualHost, r); s.SetReg(identity, r.Datetime, "", "",r.Datetime); } else { s.SetData(r); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); }//end of try catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Wrong data: " + args.Message.Replace('\0', ' ')); r.SourceName = args.Source; r.LogName = "CheckpointDHCPRecorder"; r.Description = args.Message.Replace('\0', ' '); L.Log(LogType.FILE, LogLevel.DEBUG, "(err) Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "(err) Start sending Data"); if (!usingRegistry) { s.SetData(Dal,virtualHost, r); s.SetReg(identity, r.Datetime,"","", "",r.Datetime); } else { s.SetData(r); } L.Log(LogType.FILE, LogLevel.DEBUG, "(err)Finish Sending Data"); L.LogTimed(LogType.FILE, LogLevel.ERROR, "Error at parsing" + ex.ToString()); } finally { s.Dispose(); } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { string readQuery = ""; long datacount = 0; int actionType = 0; timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is Started"); IDataReader readReader = null; DbCommand cmd = null; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Dal: " + Dal); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> virtualhost: " + virtualhost); try { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start executing the query"); //readQuery = "select MAX(REC_ID) as REC_ID from natek.enbs_audit"; //readQuery = "select MAX(REC_ID) as REC_ID from sys.aud$"; readQuery = "select COUNT(*) from tkb.ONAY_TDH_LOG_VW"; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> db_name : " + db_name); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readReader sonrası."); cmd.CommandTimeout = 2000; readReader.Read(); datacount = Convert_To_Int64(readReader[0].ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> datacount" + datacount); readReader.Close(); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Total data count in sys.enbs_audit table : " + datacount.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Last data number read from sys.enbs_audit table is : " + last_recordnum.ToString(CultureInfo.InvariantCulture)); if (datacount < last_recordnum) { last_recordnum = 0; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> sys.enbs_audit table is truncated. Started to read at the beginning."); } long currentPosition = Convert.ToInt64(last_recordnum) + Convert.ToInt64(max_record_send); //Tablo sıfırlanmış ise yeni dataları okumak için başa dönmek gerekmektedir. // if (last_recordnum == 0) { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision == 0 "); //readQuery = "SELECT REC_ID, SESSIONID,ENTRYID,STATEMENT,USERID,USERHOST,TERMINAL,ACTION#,RETURNCODE,OBJ$CREATOR,OBJ$NAME,CLIENTID,PRIV$USED,INSTANCE#,PROCESS#,AUDITID,SCN,SQLBIND,SQLTEXT,TO_CHAR(NTIMESTAMP#,'DD/MM/YYYY HH:MI:SS') as NTIMESTAMP# from sys.aud$ WHERE REC_ID >0 and REC_ID <= " + currentPosition + " ORDER BY REC_ID ASC"; readQuery = "SELECT ID, ILKONAYLAYAN, IONAYTARIH, SONONAYLAYAN, SONAYTARIH, ACIKLAMA, VTKODU, KOD, DETAY from tkb.ONAY_TDH_LOG_VW WHERE ID >0 AND ID <= " + currentPosition + " ORDER BY ID ASC"; } else { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision != 0 "); //readQuery = "SELECT REC_ID, SESSIONID,ENTRYID,STATEMENT,USERID,USERHOST,TERMINAL,ACTION#,RETURNCODE,OBJ$CREATOR,OBJ$NAME,CLIENTID,PRIV$USED,INSTANCE#,PROCESS#,AUDITID,SCN,SQLBIND,SQLTEXT,TO_CHAR(NTIMESTAMP#,'DD/MM/YYYY HH:MI:SS') as NTIMESTAMP# from sys.aud$ WHERE REC_ID > " + last_recordnum + " and REC_ID <= " + currentPosition + " ORDER BY REC_ID ASC"; readQuery = "SELECT ID, ILKONAYLAYAN, IONAYTARIH, SONONAYLAYAN, SONAYTARIH, ACIKLAMA, VTKODU, KOD, DETAY from tkb.ONAY_TDH_LOG_VW WHERE ID >0 and ID <= " + currentPosition + " ORDER BY ID ASC"; } //readQuery = "select * from(Select SESSIONID,ENTRYID,STATEMENT,USERID,USERHOST,TERMINAL,ACTION#,RETURNCODE,OBJ$CREATOR,OBJ$NAME,CLIENTID,PRIV$USED,INSTANCE#,PROCESS#,AUDITID,SCN,SQLBIND,SQLTEXT,TO_CHAR(NTIMESTAMP#,'DD/MM/YYYY HH:MI:SS') as NTIMESTAMP#, ROWNUM as DATANUM from sys.enbs_audit) where DATANUM >=" + last_recordnum + " and DATANUM <" + (last_recordnum + Convert_To_Int64(max_record_send.ToString())) + " ";//" ORDER BY NTIMESTAMP# ASC"; cmd = null; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); cmd.CommandTimeout = 2000; L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Finish executing the query. Query : " + readQuery); while (readReader.Read()) { rec.LogName = "OracleOnayTDHLogVW2V_1_0_0Recorder"; // Date Format: 19/04/2011 07:07:58 string date = Convert_To_String(readReader["SONAYTARIH"]); DateTime dt = Convert.ToDateTime(date); rec.Datetime = dt.ToString("yyyy-MM-dd HH:mm:ss"); rec.Recordnum = Convert_To_Int32(readReader["ID"].ToString()); rec.UserName = Convert_To_String(readReader["SONONAYLAYAN"]); rec.CustomStr1 = Convert_To_String(readReader["ILKONAYLAYAN"]); rec.CustomStr2 = Convert_To_String(readReader["IONAYTARIH"]); rec.CustomStr3 = Convert_To_String(readReader["VTKODU"]); rec.CustomStr4 = Convert_To_String(readReader["KOD"]); rec.CustomStr5 = Convert_To_String(readReader["DETAY"]); rec.Description = Convert_To_String(readReader["ACIKLAMA"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Datetime : " + rec.Datetime); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr1 : " + rec.CustomStr1); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr2 : " + rec.CustomStr2); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr3 : " + rec.CustomStr3); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr4 : " + rec.CustomStr4); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr5 : " + rec.CustomStr5); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Recordnum : " + rec.Recordnum); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> UserName : "******" timer1_Tick -->> Description : " + rec.Description); last_recordnum = Convert_To_Int64(readReader["ID"].ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start sending Data. Last Record Number : " + last_recordnum); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Sender -->> : "); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder -->> : "); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder DAL : -->> : " + Dal); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder virtualhost : -->> : " + virtualhost); } L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Finish Sending Data"); LastRecordDate = rec.Datetime; if (usingRegistry) Set_Registry(last_recordnum); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_recordnum.ToString(), "", "", "", LastRecordDate); } } } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Error : " + er.ToString()); } finally { readReader.Close(); timer1.Enabled = true; Database.Drop(ref cmd); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is finished."); } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { string readQuery = ""; long datacount = 0; int actionType = 0; timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is Started"); IDataReader readReader = null; DbCommand cmd = null; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Dal: " + Dal); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> virtualhost: " + virtualhost); try { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start executing the query"); //readQuery = "select MAX(REC_ID) as REC_ID from natek.enbs_audit"; //readQuery = "select MAX(REC_ID) as REC_ID from sys.aud$"; readQuery = "select COUNT(*) from tkb.ONAY_HESAP_ACMA_KAPAMA_LOG"; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> db_name : " + db_name); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readReader sonrası."); cmd.CommandTimeout = 2000; readReader.Read(); datacount = Convert_To_Int64(readReader[0].ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> datacount" + datacount); readReader.Close(); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Total data count in sys.enbs_audit table : " + datacount.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Last data number read from sys.enbs_audit table is : " + last_recordnum.ToString(CultureInfo.InvariantCulture)); if (datacount < last_recordnum) { last_recordnum = 0; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> sys.enbs_audit table is truncated. Started to read at the beginning."); } long currentPosition = Convert.ToInt64(last_recordnum) + Convert.ToInt64(max_record_send); //Tablo sıfırlanmış ise yeni dataları okumak için başa dönmek gerekmektedir. // if (last_recordnum == 0) { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision == 0 "); readQuery = "SELECT ID, ILK_ONAY, EKLEME_ZAMAN, SON_ONAY, DEGISME_ZAMAN, ACIKLAMA, AD from tkb.ONAY_HESAP_ACMA_KAPAMA_LOG WHERE ID >0 and ID <= " + currentPosition + " ORDER BY ID ASC"; } else { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision != 0 "); readQuery = "SELECT ID, ILK_ONAY, EKLEME_ZAMAN, SON_ONAY, DEGISME_ZAMAN, ACIKLAMA, AD from tkb.ONAY_HESAP_ACMA_KAPAMA_LOG WHERE ID >0 and ID <= " + currentPosition + " ORDER BY ID ASC"; } cmd = null; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); cmd.CommandTimeout = 2000; L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Finish executing the query. Query : " + readQuery); while (readReader.Read()) { rec.LogName = "OracleHesapAcmaKapamaLogRecorder"; string date = Convert_To_String(readReader["EKLEME_ZAMAN"]); DateTime dt = Convert.ToDateTime(date); rec.Datetime = dt.ToString("yyyy-MM-dd HH:mm:ss"); rec.Recordnum = Convert_To_Int32(readReader["ID"].ToString()); rec.UserName = Convert_To_String(readReader["AD"]); rec.CustomStr1 = Convert_To_String(readReader["ILK_ONAY"]); rec.CustomStr2 = Convert_To_String(readReader["SON_ONAY"]); rec.CustomStr3 = Convert_To_String(readReader["DEGISME_ZAMAN"]); rec.Description = Convert_To_String(readReader["ACIKLAMA"]); //rec.CustomStr1 = Convert_To_String(readReader["ID"]); //rec.CustomStr2 = Convert_To_String(readReader["ILK_ONAY"]); //rec.CustomStr3 = Convert_To_String(readReader["EKLENME_ZAMAN"]); //rec.CustomStr4 = Convert_To_String(readReader["SON_ONAY"]); //rec.CustomStr5 = Convert_To_String(readReader["DEGISME_ZAMAN"]); //rec.CustomStr6 = Convert_To_String(readReader["ACIKLAMA"]); //rec.CustomStr7 = Convert_To_String(readReader["AD"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Datetime : " + rec.Datetime); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr1 : " + rec.CustomStr1); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr2 : " + rec.CustomStr2); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr3 : " + rec.CustomStr3); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Recordnum : " + rec.Recordnum.ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> UserName : "******" timer1_Tick -->> CustomStr6 : " + rec.CustomStr6); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Description : " + rec.Description); last_recordnum = Convert_To_Int64(readReader["ID"].ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start sending Data. Last Record Number : " + last_recordnum); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Sender -->> : "); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder -->> : "); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder DAL : -->> : " + Dal); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder virtualhost : -->> : " + virtualhost); } L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Finish Sending Data"); LastRecordDate = rec.Datetime; if (usingRegistry) Set_Registry(last_recordnum); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_recordnum.ToString(), "", "", "", LastRecordDate); } } } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Error : " + er.ToString()); } finally { readReader.Close(); timer1.Enabled = true; Database.Drop(ref cmd); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is finished."); } }
void slog_SyslogEvent(LogMgrEventArgs args) { CustomBase.Rec rec = new CustomBase.Rec(); try { L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); L.Log(LogType.FILE, LogLevel.INFORM, " Log : " + args.Message); try { rec.Datetime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); rec.EventType = args.EventLogEntType.ToString(); rec.LogName = "SonicWallV_TZ120_0_0UTMRecorder"; if (args.Message.Length > 899) { rec.Description = args.Message.Substring(0, 899); } else { rec.Description = args.Message; } string[] lineArr = SpaceSplit(args.Message, false); rec.SourceName = lineArr[2]; L.Log(LogType.FILE, LogLevel.DEBUG, "SourceName: " + rec.SourceName); rec.EventType = lineArr[2].Split('.')[1]; L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType); rec.ComputerName = lineArr[0]; L.Log(LogType.FILE, LogLevel.DEBUG, "ComputerName: " + rec.ComputerName); //if (lineArr[2] == "local0.info") { try { if (lineArr.Length > 16) { if (lineArr[16].Trim().StartsWith("op=")) { rec.EventCategory = SplitedLine(lineArr[16]); L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("op=")) { rec.EventCategory = SplitedLine(lineArr[i]); L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "EventCategory: " + exception.Message); } //192.168.3.1:514 : local0.error id=firewall sn=0017C56122AA time="2013-01-28 13:14:13 UTC" fw=none pri=3 c=4 m=14 msg="Web site access denied" n=223847 src=192.168.3.142:49562:X0:MEHMETSsTCs-PC dst=31.13.64.7:80:X1:star-01-01-ams2.facebook.com dstname=www.facebook.com arg=/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fgazetea24com%2F168179866539250&send=false&layout code=58 Category="Social Networking" try { string userName = ""; if (lineArr.Length > 13) { if (lineArr[13].Trim().StartsWith("src=")) { if (SplitedLine(lineArr[13]).Split(':').Length > 2) { userName = After(SplitedLine(lineArr[13]), "X0:"); L.Log(LogType.FILE, LogLevel.DEBUG, "UserName: "******"src=")) { if (SplitedLine(lineArr[i]).Split(':').Length > 2) { userName = After(SplitedLine(lineArr[i]), "X0:"); L.Log(LogType.FILE, LogLevel.DEBUG, "UserName: "******":")) { rec.UserName = userName.Split(':')[0]; } else { rec.UserName = userName; } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "UserName: "******"Category=")) { rec.CustomStr1 = Between(args.Message, "Category=", " "); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr1: " + rec.CustomStr1); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("Category=")) { rec.CustomStr1 = Between(args.Message, "Category=", " "); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr1: " + rec.CustomStr1); } } } } rec.CustomStr1 = rec.CustomStr1.Replace('"', ' ').Trim(); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr1: " + exception.Message); } try { if (lineArr.Length > 15) { if (lineArr[15].Trim().StartsWith("proto=")) { rec.CustomStr2 = SplitedLine(lineArr[15]); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("proto=")) { rec.CustomStr2 = SplitedLine(lineArr[i]); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr2: " + exception.Message); } try { if (lineArr.Length > 13) { if (lineArr[13].Trim().StartsWith("src")) { rec.CustomStr3 = SplitedLine(lineArr[13]).Split(':')[0]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("src")) { rec.CustomStr3 = SplitedLine(lineArr[i]).Split(':')[SplitedLine(lineArr[i]).Split(':').Length - 1]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr3: " + exception.Message); } try { if (lineArr.Length > 14) { if (lineArr[14].Trim().StartsWith("dst")) { rec.CustomStr4 = SplitedLine(lineArr[14]).Split(':')[0]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("dst")) { rec.CustomStr4 = SplitedLine(lineArr[i]).Split(':')[SplitedLine(lineArr[i]).Split(':').Length - 1]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr4: " + exception.Message); } rec.CustomStr5 = Between(args.Message, "msg=", "n="); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5); try { if (lineArr.Length > 20) { if (lineArr[20].Trim().StartsWith("arg")) { rec.CustomStr7 = SplitedLine(lineArr[20]); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr7: " + rec.CustomStr7); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("arg")) { rec.CustomStr7 = SplitedLine(lineArr[i]); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr7: " + rec.CustomStr3); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr7: " + exception.Message); } try { if (lineArr.Length > 19) { if (lineArr[19].Trim().StartsWith("dstname")) { rec.CustomStr8 = SplitedLine(lineArr[19]); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr8: " + rec.CustomStr7); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("dstname")) { rec.CustomStr8 = SplitedLine(lineArr[i]); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr8: " + rec.CustomStr8); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr8: " + exception.Message); } try { if (lineArr.Length > 14) { if (lineArr[14].Trim().StartsWith("dst")) { rec.CustomStr10 = SplitedLine(lineArr[14]).Split(':')[SplitedLine(lineArr[14]).Split(':').Length - 1]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr10: " + rec.CustomStr10); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("dst")) { rec.CustomStr10 = SplitedLine(lineArr[i]).Split(':')[SplitedLine(lineArr[i]).Split(':').Length - 1]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr10: " + rec.CustomStr10); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr10: " + exception.Message); } try { if (lineArr.Length > 18) { if (lineArr[18].Trim().StartsWith("result")) { rec.CustomInt1 = Convert.ToInt32(SplitedLine(lineArr[18])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1: " + rec.CustomStr10); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("result")) { rec.CustomInt1 = Convert.ToInt32(SplitedLine(lineArr[18])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1: " + rec.CustomInt1); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt1: " + exception.Message); rec.CustomInt1 = 0; } try { if (lineArr.Length > 17) { if (lineArr[17].Trim().StartsWith("rcvd")) { rec.CustomInt2 = Convert.ToInt32(SplitedLine(lineArr[17])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt2: " + rec.CustomInt2); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("rcvd")) { rec.CustomInt2 = Convert.ToInt32(SplitedLine(lineArr[17])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt2: " + rec.CustomInt2); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt2: " + exception.Message); rec.CustomInt2 = 0; } try { if (lineArr.Length > 13) { if (lineArr[13].Trim().StartsWith("src")) { rec.CustomInt3 = Convert.ToInt32(SplitedLine(lineArr[13].Split(':')[1])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3: " + rec.CustomInt3); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("src")) { rec.CustomInt3 = Convert.ToInt32(SplitedLine(lineArr[i].Split(':')[1])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3: " + rec.CustomInt3); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt3: " + exception.Message); rec.CustomInt3 = 0; } try { if (lineArr.Length > 14) { if (lineArr[14].Trim().StartsWith("dst")) { rec.CustomInt4 = Convert.ToInt32(SplitedLine(lineArr[14].Split(':')[1])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt4: " + rec.CustomInt4); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("src")) { rec.CustomInt4 = Convert.ToInt32(SplitedLine(lineArr[i].Split(':')[1])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt4: " + rec.CustomInt4); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt4: " + exception.Message); rec.CustomInt4 = 0; } try { if (lineArr.Length > 9) { if (lineArr[9].Trim().StartsWith("pri")) { rec.CustomInt5 = Convert.ToInt32(SplitedLine(lineArr[9])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("pri")) { rec.CustomInt5 = Convert.ToInt32(SplitedLine(lineArr[i])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt5: " + exception.Message); rec.CustomInt5 = 0; } try { if (lineArr.Length > 10) { if (lineArr[10].Trim().StartsWith("c=")) { rec.CustomInt6 = Convert.ToInt32(SplitedLine(lineArr[10])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt6: " + rec.CustomInt6); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("c=")) { rec.CustomInt6 = Convert.ToInt32(SplitedLine(lineArr[i])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt6: " + rec.CustomInt6); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt6: " + exception.Message); rec.CustomInt6 = 0; } try { if (lineArr.Length > 11) { if (lineArr[11].Trim().StartsWith("m=")) { rec.CustomInt7 = Convert.ToInt32(SplitedLine(lineArr[11])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt7: " + rec.CustomInt7); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("m=")) { rec.CustomInt7 = Convert.ToInt32(SplitedLine(lineArr[i])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt7: " + rec.CustomInt7); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt7: " + exception.Message); rec.CustomInt7 = 0; } try { if (lineArr.Length > 12) { if (lineArr[12].Trim().StartsWith("n=")) { rec.CustomInt8 = Convert.ToInt32(SplitedLine(lineArr[12])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt8: " + rec.CustomInt8); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("n=")) { rec.CustomInt8 = Convert.ToInt32(SplitedLine(lineArr[i])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt8: " + rec.CustomInt8); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt8: " + exception.Message); rec.CustomInt8 = 0; } try { if (lineArr.Length > 21) { if (lineArr[21].Trim().StartsWith("code")) { rec.CustomInt9 = Convert.ToInt32(SplitedLine(lineArr[21])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt9: " + rec.CustomInt9); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("n=")) { rec.CustomInt9 = Convert.ToInt32(SplitedLine(lineArr[i])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt9: " + rec.CustomInt9); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt9: " + exception.Message); rec.CustomInt9 = 0; } try { if (lineArr.Length > 21) { if (lineArr[21].Trim().StartsWith("code")) { rec.CustomInt9 = Convert.ToInt32(SplitedLine(lineArr[21])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt9: " + rec.CustomInt9); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("n=")) { rec.CustomInt9 = Convert.ToInt32(SplitedLine(lineArr[i])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt9: " + rec.CustomInt9); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt9: " + exception.Message); rec.CustomInt9 = 0; } } } catch (Exception e) { L.Log(LogType.FILE, LogLevel.DEBUG, "ERROR------------"); L.Log(LogType.FILE, LogLevel.DEBUG, e.Message); L.Log(LogType.FILE, LogLevel.DEBUG, e.StackTrace); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message); } }
protected bool ReadLocal(string fileName) { L.Log(LogType.FILE, LogLevel.INFORM, "EventLogFileAuditRecorder In ReadLocal -- Started."); if (!callable.WaitOne(0)) { L.Log(LogType.FILE, LogLevel.INFORM, "EventLogFileAuditRecorder In ReadLocal -- CALLED MULTIPLE TIMES STILL IN USE"); callable.WaitOne(); try { throw new Exception("Parse already been processed by another thread while this call has made"); } finally { callable.ReleaseMutex(); } } try { L.Log(LogType.FILE, LogLevel.INFORM, "EventLogFileAuditRecorder In ReadLocal -- Started with lastfile: " + lastFile); var eventLogLocation = fileName; var query = last_recordnum > 0 ? "*[System/EventRecordID > " + last_recordnum + "]" : null; var handle = IntPtr.Zero; var events = new IntPtr[] { IntPtr.Zero }; var hRenderContext = IntPtr.Zero; var pRenderedValues = IntPtr.Zero; var hRenderContextEvtData = IntPtr.Zero; var metaDict = new Dictionary<string, IntPtr>(); var dwBufferUsed = 0; var dwPropertyCount = 0; var dwBufferSize = 0; var status = UnsafeNativeMethods.ERROR_SUCCESS; var session = IntPtr.Zero; try { var info = user == null ? null : user.Split('\\'); if (info != null && info.Length >= 2) { domain = string.IsNullOrEmpty(info[0]) ? null : info[0]; ip = info.Length == 2 ? remoteHost : (string.IsNullOrEmpty(info[1]) ? null : info[1]); domainUser = string.IsNullOrEmpty(info[info.Length - 1]) ? null : info[info.Length - 1]; if (!string.IsNullOrEmpty(domain) && !string.IsNullOrEmpty(domainUser)) { L.Log(LogType.FILE, LogLevel.DEBUG, "EventLogFileAuditRecorder In ReadLocal -- Remote Logger: " + user); var login = new UnsafeNativeMethods.EvtRpcLogin() { Domain = domain, User = domainUser, Password = CoTaskMemUnicodeSafeHandle.Zero, Server = ip }; var secureString = new SecureString(); if (!string.IsNullOrEmpty(password)) { foreach (var ch in password) { secureString.AppendChar(ch); } } login.Password.SetMemory(Marshal.SecureStringToCoTaskMemUnicode(secureString)); session = UnsafeNativeMethods.EvtOpenSession(UnsafeNativeMethods.EvtLoginClass.EvtRpcLogin, ref login, 0, 0); L.Log(LogType.FILE, LogLevel.DEBUG, "EventLogFileAuditRecorder In ReadLocal -- UnsafeNativeMethods.EvtQueryFlags.EvtQueryChannelPath: " + UnsafeNativeMethods.EvtQueryFlags.EvtQueryChannelPath); } } /* flags = (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath; L.Log(LogType.FILE, LogLevel.DEBUG, "EventLogFileAuditRecorder In ReadLocal -- UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath: " + UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath); } else { */ int flags; if (location.Contains("\\")) { flags = (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath; L.Log(LogType.FILE, LogLevel.DEBUG, "EventLogFileAuditRecorder In ReadLocal --EvtQueryFilePath"); } else { flags = (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryChannelPath; L.Log(LogType.FILE, LogLevel.DEBUG, "EventLogFileAuditRecorder In ReadLocal --EvtQueryChannelPath"); } L.Log(LogType.FILE, LogLevel.DEBUG, "EventLogFileAuditRecorder In ReadLocal -- " + session + " - " + eventLogLocation + " - " + query + " - " + flags); handle = UnsafeNativeMethods.EvtQuery(session, eventLogLocation, query, flags); if (handle == IntPtr.Zero) { L.Log(LogType.FILE, LogLevel.ERROR, "EventLogFileAuditRecorder In ReadLocal -- Error Opening Event File: " + Marshal.GetLastWin32Error()); return false; } hRenderContext = UnsafeNativeMethods.EvtCreateRenderContext(0, null, UnsafeNativeMethods .EvtRenderContextFlags .EvtRenderContextSystem); if (hRenderContext == IntPtr.Zero) { L.Log(LogType.FILE, LogLevel.ERROR, "EventLogFileAuditRecorder In ReadLocal -- Error Creating Render Context Failed: " + Marshal.GetLastWin32Error() + ")"); return false; } var buffer = new StringBuilder(); var lineBuffer = new StringBuilder(); var tmpBuffer = new StringBuilder(); var domainBuffer = new StringBuilder(); var usernameBuffer = new StringBuilder(); var returned = 0; var rec = new CustomBase.Rec(); var audit = new AuditInfo(); isFileFinished = false; try { while (UnsafeNativeMethods.EvtNext(handle, 1, events, int.MaxValue, 0, ref returned)) { PrintT(++total); try { using (Benchmark("GetRender")) { if (!GetRenderValues(hRenderContext, events[0], UnsafeNativeMethods.EvtRenderFlags.EvtRenderEventValues, ref dwBufferSize, ref pRenderedValues, ref dwBufferUsed, ref dwPropertyCount, ref status)) { L.Log(LogType.FILE, LogLevel.ERROR, "EventLogFileAuditRecorder In ReadLocal -- Error Getting Render Event Values Failed: " + status + ")"); continue; } } string description; using (Benchmark("GetFields")) { string meta; using (Benchmark("GetFields P1")) { meta = Marshal.PtrToStringAuto( ((UnsafeNativeMethods.EvtVariant) (Marshal.PtrToStructure(pRenderedValues, typeof(UnsafeNativeMethods.EvtVariant)))) .StringVal); if (meta == null) { L.Log(LogType.FILE, LogLevel.INFORM, "EventLogFileAuditRecorder In ReadLocal -- Event has no meta data. Skipping"); continue; } } using (Benchmark("GetFields P2")) { rec.EventId = ((UnsafeNativeMethods.EvtVariant) Marshal.PtrToStructure( new IntPtr((Int32)pRenderedValues + ((int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemEventID) * Marshal.SizeOf(typeof(UnsafeNativeMethods.EvtVariant))), typeof(UnsafeNativeMethods.EvtVariant))).UShort; L.Log(LogType.FILE, LogLevel.DEBUG, "EventId: " + rec.EventId); } IntPtr metaPtr; using (Benchmark("GetFields P3")) { if (!metaDict.TryGetValue(meta, out metaPtr)) { metaPtr = UnsafeNativeMethods.EvtOpenPublisherMetadata(session, meta, null, LangId, 0); if (metaPtr != IntPtr.Zero) metaDict[meta] = metaPtr; } } using (Benchmark("GetFields P4")) { if (!GetMessageString(metaPtr, events[0], UnsafeNativeMethods.EvtFormatMessageFlags .EvtFormatMessageEvent, ref buffer, out dwBufferUsed, ref status)) { L.Log(LogType.FILE, LogLevel.ERROR, "Get Description failed:" + status); continue; } } using (Benchmark("GetFields P5")) { description = buffer.ToString(); buffer.Remove(0, buffer.Length); //WriteLine(description); //continue; rec.Recordnum = (int) ((UnsafeNativeMethods.EvtVariant) Marshal.PtrToStructure( new IntPtr((Int32)pRenderedValues + ((int) UnsafeNativeMethods.EvtSystemPropertyId .EvtSystemEventRecordId) * Marshal.SizeOf( typeof(UnsafeNativeMethods.EvtVariant))), typeof(UnsafeNativeMethods.EvtVariant))).ULong; last_recordnum = (long)rec.Recordnum; rec.ComputerName = Marshal.PtrToStringAuto( ((UnsafeNativeMethods.EvtVariant) (Marshal.PtrToStructure( new IntPtr((Int32)pRenderedValues + ((int) UnsafeNativeMethods.EvtSystemPropertyId .EvtSystemComputer) * Marshal.SizeOf(typeof(UnsafeNativeMethods.EvtVariant))), typeof(UnsafeNativeMethods.EvtVariant)))) .StringVal); } using (Benchmark("GetFields P6")) { if (!GetMessageString(metaPtr, events[0], UnsafeNativeMethods.EvtFormatMessageFlags .EvtFormatMessageTask, ref buffer, out dwBufferUsed, ref status)) { buffer.Remove(0, buffer.Length); } rec.EventType = buffer.ToString(); if (!GetMessageString(metaPtr, events[0], UnsafeNativeMethods.EvtFormatMessageFlags .EvtFormatMessageLevel, ref buffer, out dwBufferUsed, ref status)) { buffer.Remove(0, buffer.Length); } rec.EventCategory = buffer.ToString(); ulong timeCreated = ((UnsafeNativeMethods.EvtVariant) Marshal.PtrToStructure( new IntPtr((Int32)pRenderedValues + ((int) UnsafeNativeMethods.EvtSystemPropertyId .EvtSystemTimeCreated) * Marshal.SizeOf(typeof(UnsafeNativeMethods.EvtVariant))), typeof(UnsafeNativeMethods.EvtVariant))).FileTime; rec.Datetime = DateTime.FromFileTime((long)timeCreated) .ToString("yyyy/MM/dd HH:mm:ss", CultureInfo.InvariantCulture); rec.LogName = Marshal.PtrToStringAuto( ((UnsafeNativeMethods.EvtVariant) (Marshal.PtrToStructure( new IntPtr((Int32)pRenderedValues + ((int) UnsafeNativeMethods.EvtSystemPropertyId .EvtSystemChannel) * Marshal.SizeOf(typeof(UnsafeNativeMethods.EvtVariant))), typeof(UnsafeNativeMethods.EvtVariant)))) .StringVal); rec.Description = description; } } var sentItems = 0; using (Benchmark("ParseDescriptionForAudit")) { if ( !ParseDescriptionForAudit(audit, description, buffer, domainBuffer, usernameBuffer)) continue; } using (Benchmark("ParseAuditOperations2")) { ParseAuditOperations2(ref rec, audit, buffer, domainBuffer, usernameBuffer, ref sentItems); if (sentItems > 0) continue; if (audit.Reasons.Count == 0 && audit.OriginalRights.Count == 0 && audit.NewRights.Count == 0) continue; } rec.Description = description; rec.CustomStr2 = audit.ObjectType; rec.CustomStr3 = audit.ObjectName; rec.CustomStr4 = audit.Sid; rec.CustomStr5 = audit.Username; rec.CustomStr6 = audit.Process; rec.CustomInt6 = audit.ProcessId; rec.CustomStr7 = audit.AccessMask; using (Benchmark("ParseAuditOperations2")) { if (audit.OriginalRights.Count > 0 && audit.NewRights.Count > 0) SendAccessRightChange(ref rec, audit); //else // SendAudit(ref rec, audit); } } finally { UnsafeNativeMethods.EvtClose(events[0]); events[0] = IntPtr.Zero; } } } finally { foreach (var item in benchmark) { item.Value.Stop(); } //BenchStat(Console.Out); try { var customServiceBase = GetInstanceService("Security Manager Remote Recorder"); L.Log(LogType.FILE, LogLevel.DEBUG, " EventLogFileAuditRecorder In ReadLocal -->> Setting Registry."); customServiceBase.SetReg(Id, last_recordnum.ToString(CultureInfo.InvariantCulture), "-", lastFile, "", LastRecordDate); L.Log(LogType.FILE, LogLevel.DEBUG, " EventLogFileAuditRecorder In ReadLocal -->> Registry Set."); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " EventLogFileAuditRecorder In ReadLocal -->> Setting Registry Error." + exception.Message); } } isFileFinished = true; return true; } finally { CleanupEvtHandle(handle); CleanupEvtHandle(events[0]); CleanupEvtHandle(hRenderContext); CleanupEvtHandle(hRenderContextEvtData); CleanupEvtHandle(metaDict); } } catch (EventLogNotFoundException e) { L.Log(LogType.FILE, LogLevel.ERROR, "EVTX Parser in ReadLocal ERROR." + e.Message); } finally { callable.ReleaseMutex(); } return false; }
void slog_SyslogEvent(LogMgrEventArgs args) { try { if (args.Message !=null && args.Message !="") { CiscoDEVRecorderProcess devrecorder = new CiscoDEVRecorderProcess(); devrecorder.parsingProcess(args, zone); CustomBase.Rec rec = new CustomBase.Rec(); rec = devrecorder.createRec(); InitializeLogger.L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "","","",rec.Datetime); } InitializeLogger.L.Log(LogType.FILE, LogLevel.INFORM, "Finish Sending Data"); } } catch (Exception er) { InitializeLogger.L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); InitializeLogger.L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message); } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); CustomServiceBase s; string readQuery2 = null; IDataReader readReader2 = null; DbCommand cmd2 = null; bool controlofadd = false; bool erroroccured = false; if (usingRegistery) { s = base.GetInstanceService("Security Manager Sender"); } else { s = base.GetInstanceService("Security Manager Remote Recorder"); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Service Started"); int x = 0; try { if (begining) { max_rec_send2 = max_record_send; begining = false; } int i = 0; prevDate = curDate; ffdb_name_last = Get_Ff_Dbname(); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> ffdb_name_last " + ffdb_name_last.ToString()); if (checkDatabaseExists(ffdb_name_last)) { #region MyRegion if (String.IsNullOrEmpty(lastRecordDate) || lastRecordDate == "0") { setLastRecordDate(); } curDate = lastRecordDate; //L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> curDate " + curDate); /* * date max_record_send sayisindan fazla repeat ederse sonsuz loopa giriyor * onu onlemek icin repeat sayisi max_recordu gecerse * max record sayisina repeat sayisini ekliyorum * daha sonra eski haline tekrar getiriyorum * */ if (controlofdoublerecord) { repeat = repeat_recordnum + 1; repeat_recordnum = repeat; controlofadd = true; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Bir arttýrýldý"); } else { repeat = repeat_recordnum; controlofdoublerecord = true; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Ýlk defa girdi ayný kaldý 0"); } if (repeat_recordnum >= max_record_send) { max_record_send += repeat_recordnum; L.Log(LogType.FILE, LogLevel.DEBUG, " Record Number azaltýldý"); repeat = repeat_recordnum - 1; repeat_recordnum = repeat; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> max record sent " + max_record_send); } else { max_record_send = max_rec_send2; } readQuery2 = "Select TOP " + max_record_send + " "; readQuery2 += "[logTime],[servername],[Action],[ClientUserName],[protocol],[resultcode],ClientIP,"; readQuery2 += "DestHostIP,[rule],[SrcNetwork],[DstNetwork],[ClientAgent],[operation],[uri],[SrcPort],"; readQuery2 += "[DestHostPort],[processingtime],[bytessent],[bytesrecvd],[ClientAuthenticate],[FilterInfo],[referredserver] "; readQuery2 += "FROM " + ffdb_name_last + ".." + forefrontTable_name + "(nolock) "; readQuery2 += "WHERE logTime >= '" + curDate + "' ORDER BY logTime"; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Query is " + readQuery2); try { readReader2 = Database.ExecuteReader(db_name, readQuery2, CommandBehavior.CloseConnection, out cmd2); cmd2.CommandTimeout = 1200; } catch (Exception ex) { erroroccured = true; L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 4 : " + ex.Message); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 4 : " + ex.StackTrace); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Finish executing the query"); L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Repeat Record Num Is : " + repeat.ToString()); #region while if (readReader2 != null) { while (readReader2.Read()) { if (repeat < 0) { repeat = 0; } if (repeat == 0) { rec.LogName = "Forefront 2010 WEB"; prevDate = curDate; try { if (!readReader2.IsDBNull(0)) { curDate = readReader2.GetDateTime(0).ToString("yyyy/MM/dd HH:mm:ss.fff"); //lodTime rec.Datetime = curDate; } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 15 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 15 " + ex.StackTrace.ToString()); } try { if (!readReader2.IsDBNull(1)) { rec.ComputerName = readReader2.GetString(1); // servername } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 12 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 12 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>servername IS " + rec.ComputerName); try { if (!readReader2.IsDBNull(2)) { string actionnumber = readReader2.GetInt16(2).ToString(); //Action rec.EventType = ActionText(actionnumber); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 13 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 13 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>Action IS " + rec.EventType); try { if (!readReader2.IsDBNull(3)) { rec.SourceName = readReader2.GetString(3); //ClientUserName } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 14 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 14 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>ClientUserName IS " + rec.SourceName); try { if (!readReader2.IsDBNull(4)) { rec.CustomStr1 = readReader2.GetString(4); //protocol } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 16 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 16 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>protocol IS " + rec.CustomStr1); try { if (!readReader2.IsDBNull(5)) { rec.CustomInt5 = readReader2.GetInt32(5); //resultcode } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 17 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 17 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>resultcode IS " + rec.CustomStr2); try { if (!readReader2.IsDBNull(6)) { rec.CustomStr3 = ResolveIp(readReader2.GetValue(6).ToString()); //ClientIP } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 18 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 18 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>ClientIP IS " + rec.CustomStr3); try { if (!readReader2.IsDBNull(7)) { rec.CustomStr4 = ResolveIp(readReader2.GetValue(7).ToString()); //DestHostIP } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 19 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 19 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>DestHostIP IS " + rec.CustomStr4); try { if (!readReader2.IsDBNull(8)) { rec.CustomStr5 = readReader2.GetString(8).ToString(); //rule } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 20 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 20 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>rule IS " + rec.CustomStr5); try { if (!readReader2.IsDBNull(9)) { rec.CustomStr6 = readReader2.GetString(9).ToString(); // SrcNetwork } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 21 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 21 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>SrcNetwork IS " + rec.CustomStr6); try { if (!readReader2.IsDBNull(10)) { rec.CustomStr7 = readReader2.GetString(10).ToString(); // DstNetwork } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 22 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 22 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>DstNetwork IS " + rec.CustomStr7); try { if (!readReader2.IsDBNull(11)) { rec.CustomStr8 = readReader2.GetString(11).ToString(); // ClientAgent } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 23 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 23 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>ClientAgent IS " + rec.CustomStr8); try { if (!readReader2.IsDBNull(12)) { rec.CustomStr9 = readReader2.GetString(12).ToString(); // operation } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 24 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 24 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->operation IS " + rec.CustomStr9); try { if (!readReader2.IsDBNull(13)) { string tempdata = readReader2.GetString(13).ToString(); // uri if (tempdata.Length > 900) { rec.CustomStr10 = tempdata.Substring(0, 900); } else { rec.CustomStr10 = tempdata; } } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 25 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 25 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->uri IS " + rec.CustomStr9); try { if (!readReader2.IsDBNull(14)) { rec.CustomInt1 = readReader2.GetInt32(14); // SrcPort } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 26 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 26 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->SrcPort IS " + rec.CustomInt1.ToString()); try { if (!readReader2.IsDBNull(15)) { rec.CustomInt2 = readReader2.GetInt32(15); // DestHostPort } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 27 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 27 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->DestHostPort IS " + rec.CustomInt2.ToString()); try { if (!readReader2.IsDBNull(16)) { rec.CustomInt4 = readReader2.GetInt32(16); // processingTime } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 28 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 28 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() --> processingTime IS " + rec.CustomInt4.ToString()); try { if (!readReader2.IsDBNull(17)) { rec.CustomInt8 = readReader2.GetInt64(17); // bytessent } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 29 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 29 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() --> bytessent IS " + rec.CustomInt5.ToString()); try { if (!readReader2.IsDBNull(18)) { rec.CustomInt6 = readReader2.GetInt64(18); //bytesrecvd } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 30 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 30 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() --> bytesrecvd IS " + rec.CustomInt6.ToString()); try { if (!readReader2.IsDBNull(19)) { rec.CustomInt7 = Convert.ToInt64(readReader2.GetInt16(19)); // ClientAuthenticate } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 31 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 31 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() --> ClientAuthenticate IS " + rec.CustomInt7.ToString()); try { if (!readReader2.IsDBNull(20)) { rec.Description = readReader2.GetString(20); // FilterInfo } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 32 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 32 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() --> FilterInfo IS " + rec.Description); try { if (!readReader2.IsDBNull(21)) { rec.CustomStr2 = readReader2.GetString(21); // referredserver } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 33 " + ex.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 33 " + ex.StackTrace.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() --> referredserver IS " + rec.CustomStr2); if (prevDate == curDate) { repeat_recordnum++; } else { repeat_recordnum = 0; } if (usingRegistery) { s.SetData(rec); Set_Registry(curDate); } else { s.SetData(Dal, Virtualhost, rec); Set_Registry(curDate); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Finish Sending Data"); x++; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Number of Sending Data : " + x.ToString()); lastRecordDate = curDate; i++; if (i > max_record_send) { //son bakilan recordu registerye kaydet Set_Registry(lastRecordDate); cmd2.Cancel(); return; } } else { repeat -= 1; } } Set_Registry(lastRecordDate); } #endregion #endregion } else { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> Database is not exist " + ffdb_name_last.ToString()); } } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 6 " + er.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 6 " + er.StackTrace.ToString()); erroroccured = true; } finally { L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> In Finaly " + x + " record was sent is : "); if (x == 0 && controlofadd && !erroroccured) { repeat_recordnum--; L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> There Is No New Record So Waiting For New Record"); if (option == 0) { ffdb_name_last = changeDatabase(ffdb_name_last); } } if (x == 0 && controlofadd && erroroccured) { repeat_recordnum--; L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> An Error Occured And Repeat Record Num -- : " + repeat_recordnum.ToString()); } timer1.Enabled = true; L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> Service Stopped"); Database.Drop(ref cmd2); s.Dispose(); } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { string readQuery = ""; long datacount = 0; int actionType = 0; timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is Started"); IDataReader readReader = null; DbCommand cmd = null; try { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start executing the query"); readQuery = "select COUNT(*) from ARSIV_LOG"; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); cmd.CommandTimeout = 2000; readReader.Read(); datacount = Convert_To_Int64(readReader[0].ToString()); readReader.Close(); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Total data count in sys.enbs_audit table : " + datacount.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Last data number read from sys.enbs_audit table is : " + last_recordnum.ToString(CultureInfo.InvariantCulture)); if (datacount < last_recordnum) { last_recordnum = 0; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> sys.enbs_audit table is truncated. Started to read at the beginning."); } long currentPosition = Convert.ToInt64(last_recordnum) + Convert.ToInt64(max_record_send); //Tablo sıfırlanmış ise yeni dataları okumak için başa dönmek gerekmektedir. if (last_recordnum == 0) { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision == 0 "); //KOMOracle Recorder çalışan Fonksiyon. //readQuery = string.Concat(new object[] { "select * from (select AUDSID, USERNAME, SERVER,SCHEMANAME, OSUSER, PROCESS, MACHINE, "+ // "TERMINAL, PROGRAM, MODULE, LOGON_TIME, LANGUAGE, ISDBA, IP_ADRESS, "+ // "AUTHENTICATION_TYPE, ROWNUM as DATANUM from USER_LOGON_LOGFA"+ // ") where DATANUM >=", this.last_recordnum, " and DATANUM <", this.last_recordnum + this.Convert_To_Int64(this.max_record_send.ToString(CultureInfo.InvariantCulture)), " " }); readQuery = string.Concat(new object[] { "select * from (select LOG_ID,SICIL,ARSIV_DOSYA,ISLEM_TARIHI, ROWNUM as DATANUM from ARSIV_LOG) where DATANUM >=", last_recordnum, " and DATANUM <", last_recordnum + Convert_To_Int64(max_record_send.ToString(CultureInfo.InvariantCulture)), " " }); } else { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision != 0 "); //KOMOracle Recorder çalışan Fonksiyon. //readQuery = string.Concat(new object[] { "select * from (select AUDSID, USERNAME, SERVER,SCHEMANAME, OSUSER, PROCESS, MACHINE, "+ // "TERMINAL, PROGRAM, MODULE, LOGON_TIME, LANGUAGE, ISDBA, IP_ADRESS, "+ // "AUTHENTICATION_TYPE, ROWNUM as DATANUM from USER_LOGON_LOGFA"+ // ") where DATANUM >=", this.last_recordnum, " and DATANUM <", this.last_recordnum + this.Convert_To_Int64(this.max_record_send.ToString(CultureInfo.InvariantCulture)), " " }); readQuery = string.Concat(new object[] { "select * from (select LOG_ID,SICIL,ARSIV_DOSYA,ISLEM_TARIHI, ROWNUM as DATANUM from ARSIV_LOG"+ ") where DATANUM >=", last_recordnum, "" + " and DATANUM <", last_recordnum + Convert_To_Int64(max_record_send.ToString(CultureInfo.InvariantCulture)), " " }); } cmd = null; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); cmd.CommandTimeout = 2000; L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Finish executing the query. Query : " + readQuery); while (readReader.Read()) { rec.LogName = "KOMArsivLogRecorder"; string dateTime; DateTime dt; try { dateTime = readReader["ISLEM_TARIHI"].ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "dateTime : " + dateTime); dt = Convert.ToDateTime(dateTime); rec.Datetime = dt.ToString("yyyy-MM-dd HH:mm:ss"); L.Log(LogType.FILE, LogLevel.DEBUG, "Onur - Datetime : " + rec.Datetime); } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Error on timespam conversion : " + ex.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Data could not be got."); continue; } try { rec.CustomInt1 = Convert_To_Int32(readReader["SICIL"].ToString()); L.Log(LogType.FILE, LogLevel.INFORM, " SICIL -->> : " + readReader["SICIL"]); } catch (Exception ex) { rec.CustomInt1 = 0; L.Log(LogType.FILE, LogLevel.INFORM, " CustomInt1 = 0 " + ex.Message); } try { rec.CustomInt2 = Convert_To_Int32(readReader["LOG_ID"].ToString()); L.Log(LogType.FILE, LogLevel.INFORM, " LOG_ID -->> : " + readReader["LOG_ID"]); } catch (Exception ex) { rec.CustomInt2 = 0; L.Log(LogType.FILE, LogLevel.INFORM, " CustomInt2 = 0 " + ex.Message); } try { rec.CustomInt3 = Convert_To_Int32(readReader["ARSIV_DOSYA"].ToString()); L.Log(LogType.FILE, LogLevel.INFORM, " ARSIV_DOSYA -->> : " + readReader["ARSIV_DOSYA"]); } catch (Exception ex) { rec.CustomInt3 = 0; L.Log(LogType.FILE, LogLevel.INFORM, " CustomInt3 = 0 " + ex.Message); } //---------------- L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1 : " + rec.CustomInt1); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt2 : " + rec.CustomInt2); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr10 : " + rec.CustomStr10); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2 : " + rec.CustomStr2); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3 : " + rec.CustomStr3); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4 : " + rec.CustomStr4); last_recordnum = Convert_To_Int64(readReader["DATANUM"].ToString()); rec.Recordnum = Convert.ToInt32(last_recordnum); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start sending Data. Last Record Number : " + last_recordnum); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Sender -->> : "); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder -->> : "); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder DAL : -->> : " + Dal); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder virtualhost : -->> : " + virtualhost); } L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Finish Sending Data"); LastRecordDate = rec.Datetime; if (usingRegistry) Set_Registry(last_recordnum); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_recordnum.ToString(), "", "", "", LastRecordDate); } } } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Error : " + er.ToString()); } finally { readReader.Close(); timer1.Enabled = true; Database.Drop(ref cmd); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is finished."); } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, "Service Started(Timer Baþladý.)"); string readQuery = null; IDataReader readReader = null; DbCommand cmd = null; try { if (!reg_flag) { if (!Read_Registry()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Reading the Registry "); return; } else if (!Initialize_Logger()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Intialize Logger on OracleDB Recorder functions may not be running"); return; } reg_flag = true; } if (fromend) { if (!Set_LastPosition()) L.Log(LogType.FILE, LogLevel.INFORM, "Error on setting last position see eventlog for more details"); fromend = false; } int i = 0; //readQuery = "select D.RECORD_NUMBER,D.DATE_TIME,US.USER_LOGIN_NAME,C.NAME AS CATEGORY,D.DISPOSITION_CODE,P.NAME AS PROTOCOL,U.URL,D.PORT,D.SOURCE_SERVER_IP_INT,D.DESTINATION_IP_INT,D.SOURCE_IP_INT,D.HITS,D.BYTES_SENT,D.BYTES_RECEIVED from " + wsdb_name + "..URLS AS U(nolock)," + wsdb_name + "..USERS AS US(nolock)," + wsdb_name + "..CATEGORY AS C(nolock)," + wsdb_name + "..PROTOCOLS AS P(nolock), " + wsdb_name_last + "..LOG_DETAILS AS D(nolock) WHERE D.URL_ID= U.URL_ID AND US.USER_ID=D.USER_ID AND C.CATEGORY=D.CATEGORY AND P.ID =D.PROTOCOL_ID AND D.RECORD_NUMBER>" + last_recordnum.ToString(); //readQuery = "SELECT TOP " + max_record_send + " U.NO, O.ADI, O.SOYADI, U.LOGDATE, U.LOGTIME, U.LOGFILE, U.LOGSYSTEM, U.LOGLEVEL, U.LOGPROC, U.LOGTYPE, U.SERVICEID FROM " + location + ".UTIL_USERLOG AS U(nolock) LEFT JOIN " + location + ".UTIL_OPERATOR O ON U.NO = O.NO WHERE U.SERVICEID>" + last_position + " ORDER BY U.SERVICEID"; if (last_position == 0) { readQuery = "SELECT * FROM ( SELECT UTIL_USERLOG.NO, UTIL_OPERATOR.ADI, UTIL_OPERATOR.SOYADI, UTIL_USERLOG.LOGDATE, UTIL_USERLOG.LOGTIME, UTIL_USERLOG.LOGFILE, UTIL_USERLOG.LOGSYSTEM, UTIL_USERLOG.LOGLEVEL, UTIL_USERLOG.LOGPROC, UTIL_USERLOG.LOGTYPE, UTIL_USERLOG.SERVICEID FROM UTIL_USERLOG LEFT JOIN UTIL_OPERATOR ON UTIL_USERLOG.NO = UTIL_OPERATOR.NO WHERE UTIL_USERLOG.SERVICEID > " + last_position + " ORDER BY UTIL_USERLOG.SERVICEID) CPRIV WHERE ROWNUM > 0 AND ROWNUM < " + max_record_send; } else { L.Log(LogType.FILE, LogLevel.DEBUG, " Last Position: " + last_position); readQuery = "SELECT UTIL_USERLOG.NO, UTIL_OPERATOR.ADI, UTIL_OPERATOR.SOYADI, UTIL_USERLOG.LOGDATE, UTIL_USERLOG.LOGTIME, UTIL_USERLOG.LOGFILE, UTIL_USERLOG.LOGSYSTEM, UTIL_USERLOG.LOGLEVEL, UTIL_USERLOG.LOGPROC, UTIL_USERLOG.LOGTYPE, UTIL_USERLOG.SERVICEID FROM UTIL_USERLOG LEFT JOIN UTIL_OPERATOR ON UTIL_USERLOG.NO = UTIL_OPERATOR.NO WHERE UTIL_USERLOG.SERVICEID > " + last_position + " AND ROWNUM <= 100" + " ORDER BY UTIL_USERLOG.SERVICEID"; } L.Log(LogType.FILE, LogLevel.DEBUG, " Query is " + readQuery); L.Log(LogType.FILE, LogLevel.DEBUG, " Dbname is " + db_name); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); cmd.CommandTimeout = 1200; L.Log(LogType.FILE, LogLevel.DEBUG, "Finish executing the query"); if (!readReader.Read()) { L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Reading The Table"); } while (readReader.Read()) { //dbname = readReader.GetString(0).ToString(); rec.LogName = "Beyaz Audit Recorder"; //rec.CustomInt6 = Convert.ToInt64(readReader.GetInt64(0)); if (readReader.IsDBNull(0)) rec.CustomStr1 = ""; else rec.CustomStr1 = readReader.GetString(0).ToString(); string name = ""; string surname = ""; if (readReader.IsDBNull(1)) name = ""; else name = readReader.GetString(1).ToString(); if (readReader.IsDBNull(2)) surname = ""; else surname = readReader.GetString(2).ToString(); rec.UserName = name + " " + surname; L.Log(LogType.FILE, LogLevel.DEBUG, " User Name " + rec.UserName); string tempdate = ""; string temptime = ""; if (readReader.IsDBNull(3) && readReader.IsDBNull(4)) { tempdate = DateTime.Now.ToString(); string[] date1 = tempdate.Split(' '); string[] date2 = date1[0].Split('.'); string date3 = date2[2] + "/" + date2[1] + "/" + date2[0] + " " + date1[1]; string date4 = Convert.ToDateTime(date3).ToString("yyyy/MM/dd HH:mm:ss"); rec.Datetime = date4; L.Log(LogType.FILE, LogLevel.DEBUG, "Datetime : " + rec.Datetime); } else { tempdate = readReader.GetDateTime(3).ToShortDateString();//temdatetime 21.05.2011 29:57 temptime = readReader.GetString(4).ToString(); string time = "00:" + temptime; string[] date2 = tempdate.Split('.'); string date3 = date2[2] + "/" + date2[1] + "/" + date2[0] + " " + time; string datetime = Convert.ToDateTime(date3).ToString("yyyy/MM/dd HH:mm:ss"); rec.Datetime = datetime; L.Log(LogType.FILE, LogLevel.DEBUG, "Datetime : " + rec.Datetime); } //if (readReader.IsDBNull(3)) // tempdate = DateTime.Now.ToShortDateString(); //else // tempdate = readReader.GetDateTime(3).ToShortDateString(); //if (readReader.IsDBNull(4)) // temptime = DateTime.Now.ToString(); //else // temptime = readReader.GetString(4).ToString(); //string[] time = temptime.Split(' '); //string time1 = time[1]; //string temdatetime = tempdate + " " + time1; //L.Log(LogType.FILE, LogLevel.DEBUG, " temdatetime " + temdatetime); //string[] date1 = temdatetime.Split(' '); //string[] date2 = date1[0].Split('.'); //string date3 = date2[2] + "/" + date2[1] + "/" + date2[0] + " " + time1; //string date4 = Convert.ToDateTime(date3).ToString("yyyy/MM/dd HH:mm:ss"); //rec.Datetime = date4; //L.Log(LogType.FILE, LogLevel.DEBUG, "Datetime : " + rec.Datetime); //DateTime _tempdatetime = Convert.ToDateTime(temdatetime).AddMinutes(zone); //string permanentdatetime = _tempdatetime.ToString("yyyy/MM/dd HH:mm:ss"); //rec.Datetime = permanentdatetime; //L.Log(LogType.FILE, LogLevel.DEBUG, "Datetime : " + rec.Datetime); if (readReader.IsDBNull(5)) rec.CustomStr2 = ""; else rec.CustomStr2 = readReader.GetString(5).ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, " CustomStr2 " + rec.CustomStr2); if (readReader.IsDBNull(6)) rec.CustomStr3 = ""; else rec.CustomStr3 = readReader.GetString(6).ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, " CustomStr3 " + rec.CustomStr3); if (readReader.IsDBNull(7)) rec.CustomInt1 = 0; else rec.CustomInt1 = readReader.GetInt32(7); L.Log(LogType.FILE, LogLevel.DEBUG, " CustomInt1 " + rec.CustomInt1.ToString()); if (readReader.IsDBNull(8)) rec.CustomInt2 = 0; else rec.CustomInt2 = readReader.GetInt32(8); L.Log(LogType.FILE, LogLevel.DEBUG, " CustomInt2 " + rec.CustomInt2.ToString()); if (readReader.IsDBNull(9)) rec.CustomInt3 = 0; else rec.CustomInt3 = readReader.GetInt32(9); L.Log(LogType.FILE, LogLevel.DEBUG, " CustomInt3 " + rec.CustomInt3.ToString()); if (readReader.IsDBNull(10)) rec.CustomInt6 = 0; else rec.CustomInt6 = readReader.GetInt64(10); last_position = rec.CustomInt6; L.Log(LogType.FILE, LogLevel.DEBUG, " last_position " + last_position.ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); L.Log(LogType.FILE, LogLevel.DEBUG, "Last Position is " + last_position.ToString()); i++; if (i > max_record_send) { if (usingRegistry) Set_Registry(last_position.ToString()); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_position.ToString(), "", "", "", rec.Datetime.ToString()); } cmd.Cancel(); return; } //last_position = rec.Datetime; if (usingRegistry) Set_Registry(last_position.ToString()); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_position.ToString(), "", "", "", rec.Datetime.ToString()); } } L.Log(LogType.FILE, LogLevel.DEBUG, " Finish getting the data "); } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); } finally { timer1.Enabled = true; L.Log(LogType.FILE, LogLevel.INFORM, "Service Stopped"); readReader.Close(); Database.Drop(ref cmd); } }
public Rec createRec(string type) { CustomBase.Rec rec = new CustomBase.Rec(); if (type == "web") { if (time != null) { //time = time.Trim('"'); //rec.Datetime = Convert.ToDateTime(time).AddMinutes(zone).ToString("yyyy/MM/dd HH:mm:ss"); rec.Datetime = DateTime.Now.ToString("dd/MM/yyyy HH:mm:ss"); } else { rec.Datetime = DateTime.Now.ToString("dd/MM/yyyy HH:mm:ss"); } rec.LogName = "Sonicwall.Web"; rec.EventType = op; rec.EventCategory = Category; rec.CustomInt1 = sent; rec.CustomInt2 = rcvd; rec.CustomInt3 = result; rec.CustomInt4 = code; rec.CustomStr1 = src.Split(':')[0]; rec.CustomStr2 = dst.Split(':')[0]; rec.CustomStr3 = proto; rec.CustomStr4 = src.Split(':')[1]; rec.CustomStr5 = dst.Split(':')[1]; rec.CustomStr6 = dstname; rec.CustomStr7 = arg; string[] srcname = src.Split(':'); if (srcname.Length > 2) { rec.CustomStr8 = srcname[3]; } else { rec.CustomStr8 = ""; } rec.CustomStr10 = info; rec.Description = description +" "+ createDescription(); } if (type == "fw") { if (time != null) { //time = time.Trim('"'); //rec.Datetime = Convert.ToDateTime(time).AddMinutes(zone).ToString("yyyy/MM/dd HH:mm:ss"); rec.Datetime = DateTime.Now.ToString("dd/MM/yyyy HH:mm:ss"); } else { rec.Datetime = DateTime.Now.ToString("dd/MM/yyyy HH:mm:ss"); } rec.LogName = "Sonicwall.FW"; rec.CustomStr1 = src.Split(':')[0]; rec.CustomStr2 = dst.Split(':')[0]; rec.CustomStr3 = proto; rec.CustomStr4 = src.Split(':')[1]; rec.CustomStr5 = dst.Split(':')[1]; string[] srcname = src.Split(':'); if (srcname.Length > 2) { rec.CustomStr8 = srcname[3]; } else { rec.CustomStr8 = ""; } rec.CustomStr9 = msg; rec.CustomStr10 = info; rec.Description = description +" "+ createDescription(); } return rec; }
void slog_SyslogEvent(LogMgrEventArgs args) { CustomBase.Rec rec = new CustomBase.Rec(); string line = args.Message; try { L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); try { rec.LogName = "CheckPointSyslogV_1_0_0Recorder"; rec.Datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss"); if (line.Length > 899) { rec.Description = line.Substring(0, 899); rec.CustomStr10 = line.Substring(899, line.Length - 899); } else { rec.Description = args.Message; } rec.Description = args.Message.Replace("'", "|"); string[] lineArr = line.Split((char[])null, StringSplitOptions.RemoveEmptyEntries); string[] subLineArr = line.Split(':'); if (lineArr.Length > 6) rec.EventCategory = lineArr[6]; #region encrypt OK if (lineArr[6] == "encrypt") { L.Log(LogType.FILE, LogLevel.DEBUG, "encrypt record started."); if (lineArr.Length > 7) { rec.SourceName = lineArr[7]; L.Log(LogType.FILE, LogLevel.DEBUG, "SourceName:" + rec.SourceName); } rec.CustomStr3 = Between(line, "src:", "dst:").Replace(':', ' ').Trim(); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3:" + rec.CustomStr3); rec.CustomStr4 = Between(line, "dst:", "proto:").Replace(':', ' ').Trim(); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4:" + rec.CustomStr4); } #endregion #region allow if (lineArr[6] == "allow") { L.Log(LogType.FILE, LogLevel.DEBUG, "allow record started."); if (lineArr.Length > 7) { rec.SourceName = lineArr[7]; L.Log(LogType.FILE, LogLevel.DEBUG, "SourceName:" + rec.SourceName); } //ok rec.CustomStr10 = Between(line, "resource:", "product:"); //ok L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr10:" + rec.CustomStr10); string[] resourceArr = Between(line, "resource:", "product:").Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries); rec.CustomStr2 = resourceArr[0] + @"//" + resourceArr[1]; //ok L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2:" + rec.CustomStr2); for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "src_user_name") { string[] userNameArr = (subLineArr[i + 1]).Split(new char[] { '(', ')' }, StringSplitOptions.RemoveEmptyEntries); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2:" + subLineArr[i + 1]); rec.UserName = userNameArr[1]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2:" + rec.CustomStr2); rec.CustomStr1 = userNameArr[0]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2:" + rec.CustomStr2); } if (subLineArr[i].Trim() == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "dst") { rec.CustomStr4 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_desc") { rec.CustomStr5 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_category") { rec.CustomStr6 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "matched_category") { rec.CustomStr7 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_risk") { rec.CustomStr8 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_rule_name") { rec.CustomStr9 = subLineArr[i + 1]; } } } #endregion #region monitor OK if (lineArr[6] == "monitor") { if (lineArr.Length > 7) { rec.SourceName = lineArr[7]; } rec.EventType = Between(line, "proto:", "product:").Replace(':', ' ').Trim(); rec.CustomStr3 = Between(line, "src:", "dst:").Replace(':', ' ').Trim(); rec.CustomStr4 = Between(line, "dst:", "proto:").Replace(':', ' ').Trim(); rec.CustomStr5 = Between(line, "product:", "service:").Replace(':', ' ').Trim(); rec.CustomStr6 = Between(line, "service:", "s_port:").Replace(':', ' ').Trim(); } #endregion #region accept if (lineArr[6] == "accept") { if (lineArr.Length > 7) { rec.SourceName = lineArr[7]; } //rec.EventType = Between(line, "proto:", "xlate:"); //rec.CustomStr3 = Between(line, "src:", "dst:").Replace(':', ' ').Trim(); //rec.CustomStr4 = Between(line, "dst:", "proto:").Replace(':', ' ').Trim(); //rec.CustomStr5 = Between(line, "product:", "service:").Replace(':', ' ').Trim(); //rec.CustomStr6 = Between(line, "service:", "s_port:").Replace(':', ' ').Trim(); subLineArr = line.Split(':'); for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "proto") { rec.EventType = subLineArr[i + 1]; L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType); } if (subLineArr[i].Trim() == "src_user_name") { string[] userNameArr = (subLineArr[i + 1]).Split(new char[] { '(', ')' }, StringSplitOptions.RemoveEmptyEntries); rec.UserName = userNameArr[1]; rec.CustomStr1 = userNameArr[0]; } if (subLineArr[i].Trim() == "src") { rec.CustomStr3 = subLineArr[i + 1]; L.Log(LogType.FILE, LogLevel.DEBUG, "lineArr: " + lineArr[i] + lineArr); } if (subLineArr[i].Trim() == "dst") { rec.CustomStr4 = subLineArr[i + 1]; } } } #endregion #region https if (lineArr[6] == "HTTPS") { if (lineArr.Length > 8) { rec.EventCategory = lineArr[6] + " " + lineArr[7]; } rec.SourceName = lineArr[8]; for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "proto") { rec.EventType = subLineArr[i + 1]; L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType); } //if (subLineArr[i].Trim() == "src" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "src") if (subLineArr[i].Trim() == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "dst") { rec.CustomStr4 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_category") { rec.CustomStr6 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "matched_category") { rec.CustomStr7 = subLineArr[i + 1]; } } } #endregion #region logout if (lineArr[6] == "logout") { if (lineArr.Length > 8) { rec.EventCategory = lineArr[6]; } rec.SourceName = lineArr[7]; for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "src" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "src_user_name") { string[] userNameArr = (subLineArr[i + 1]).Split(new char[] { '(', ')' }, StringSplitOptions.RemoveEmptyEntries); rec.UserName = userNameArr[1]; rec.CustomStr1 = userNameArr[0]; } if (subLineArr[i].Trim() == "duration") { rec.CustomStr4 = subLineArr[i + 1]; } } } #endregion #region authcrypt if (lineArr[6] == "authcrypt") { if (lineArr.Length > 7) { rec.EventCategory = lineArr[6]; } rec.SourceName = lineArr[7]; subLineArr = line.Split(':'); for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "src_user_name") { string[] userNameArr = (subLineArr[i + 1]).Split(new char[] { '(', ')' }, StringSplitOptions.RemoveEmptyEntries); rec.UserName = userNameArr[1]; rec.CustomStr1 = userNameArr[0]; } if (subLineArr[i].Trim() == "roles") { rec.CustomStr4 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "auth_status") { rec.CustomStr2 = subLineArr[i + 1]; } } } #endregion #region block if (lineArr[6] == "block") { if (lineArr.Length > 7) { rec.EventCategory = lineArr[6]; } rec.SourceName = lineArr[7]; for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "src_user_name") { string[] userNameArr = (subLineArr[i + 1]).Split(new char[] { '(', ')' }, StringSplitOptions.RemoveEmptyEntries); rec.UserName = userNameArr[1]; rec.CustomStr1 = userNameArr[0]; } if (subLineArr[i].Trim() == "src" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "dst" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "dst") { rec.CustomStr4 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_desc") { rec.CustomStr5 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_category") { rec.CustomStr6 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "matched_category") { rec.CustomStr7 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_risk") { rec.CustomStr8 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_rule_name") { rec.CustomStr9 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "proto") { rec.EventType = subLineArr[i + 1]; } } } #endregion #region drop if (lineArr[6] == "drop") { if (lineArr.Length > 7) { rec.EventCategory = lineArr[6]; } rec.SourceName = lineArr[7]; for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "src" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "dst" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "dst") { rec.CustomStr4 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "proto") { rec.EventType = subLineArr[i + 1]; } } } #endregion #region drop if (lineArr[6] == "drop") { if (lineArr.Length > 7) { rec.EventCategory = lineArr[6]; } rec.SourceName = lineArr[7]; for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "src" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "dst" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "dst") { rec.CustomStr4 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "proto") { rec.EventType = subLineArr[i + 1]; } } } #endregion #region ctl if (lineArr[6] == "ctl") { if (lineArr.Length > 7) { rec.EventCategory = lineArr[6]; } rec.SourceName = lineArr[7]; rec.CustomStr10 = Between(line, "resource:", "product:"); string[] resourceArr = Between(line, "resource:", "product:").Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries); rec.CustomStr2 = resourceArr[0] + @"//" + resourceArr[1]; for (int i = 0; i < subLineArr.Length; i++) { if (subLineArr[i].Trim() == "src_user_name") { string[] userNameArr = (subLineArr[i + 1]).Split(new char[] { '(', ')' }, StringSplitOptions.RemoveEmptyEntries); rec.UserName = userNameArr[1]; rec.CustomStr1 = userNameArr[0]; } if (subLineArr[i].Trim() == "src" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "src") { rec.CustomStr3 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "dst" || subLineArr[i].Split(' ')[subLineArr[i].Split(' ').Length - 1] == "dst") { rec.CustomStr4 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_desc") { rec.CustomStr5 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_category") { rec.CustomStr6 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "matched_category") { rec.CustomStr7 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_risk") { rec.CustomStr8 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "app_rule_name") { rec.CustomStr9 = subLineArr[i + 1]; } if (subLineArr[i].Trim() == "proto") { rec.EventType = subLineArr[i + 1]; } } } #endregion } catch (Exception e) { L.Log(LogType.FILE, LogLevel.DEBUG, "ERROR------------" + line); L.Log(LogType.FILE, LogLevel.DEBUG, e.Message); L.Log(LogType.FILE, LogLevel.DEBUG, e.StackTrace); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message); } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); CustomServiceBase s; string readQuery2 = null; IDataReader readReader2 = null; DbCommand cmd2 = null; bool controlofadd = false; bool erroroccured = false; if (usingRegistery) { s = base.GetInstanceService("Security Manager Sender"); } else { s = base.GetInstanceService("Security Manager Remote Recorder"); } L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> 11111111111"); L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> Service Started"); int x = 0; try { L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> Starting the timer"); if (!reg_flag) { if (usingRegistery) { if (!Read_Registry()) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> Error on Reading the Registry "); return; } } if (!Initialize_Logger()) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> Error on Intialize Logger on Isa Web Database Recorder functions may not be running"); return; } reg_flag = true; } //L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Last Dbname is : " + SMSDb_name); if (begining) { max_rec_send2 = max_record_send; begining = false; } int i = 0; //get date and repeat number separetly // L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Date before splitdate : " + lastRecordDate); prevDate = curDate; // L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> prevDate " + prevDate); setLastRecordDate(); if (String.IsNullOrEmpty(lastRecordDate) || lastRecordDate == "0") { lastRecordDate = "2000-08-19 12:03:48.867"; } curDate = lastRecordDate; //L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> curDate " + curDate); /* * date max_record_send sayisindan fazla repeat ederse sonsuz loopa giriyor * onu onlemek icin repeat sayisi max_recordu gecerse * max record sayisina repeat sayisini ekliyorum * daha sonra eski haline tekrar getiriyorum * */ if (controlofdoublerecord) { repeat = repeat_recordnum + 1; repeat_recordnum = repeat; controlofadd = true; //L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Bir arttýrýldý"); } else { repeat = repeat_recordnum; controlofdoublerecord = true; //L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Ýlk defa girdi ayný kaldý 0"); } if (repeat_recordnum >= max_record_send) { max_record_send += repeat_recordnum; //L.Log(LogType.FILE, LogLevel.DEBUG, " Record Number azaltýldý"); repeat = repeat_recordnum - 1; repeat_recordnum = repeat; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> max record sent " + max_record_send); } else { max_record_send = max_rec_send2; } readQuery2 = "Select TOP " + max_record_send + " "; readQuery2 += "MachineID,InstanceKey,"; readQuery2 += "AgentID,TimeKey,ProdID00,DisplayName00,"; readQuery2 += "Publisher00,Version00 "; readQuery2 += "FROM " + SMSTable_name + "(nolock) "; readQuery2 += "WHERE TimeKey >= '" + curDate + "' ORDER BY TimeKey,InstanceKey"; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Query is " + readQuery2); try { L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>setting readReader"); readReader2 = Database.ExecuteReader(SMSDb_name, readQuery2, CommandBehavior.CloseConnection, out cmd2); cmd2.CommandTimeout = 1200; } catch (Exception ex) { erroroccured = true; L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 4 : " + ex.Message); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 4 : " + ex.StackTrace); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Finish executing the query"); L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Repeat Record Num Is : " + repeat.ToString()); #region while if (readReader2 != null) { while (readReader2.Read()) { if (repeat < 0) { repeat = 0; } if (repeat == 0) { rec.LogName = "SMS Recorder"; try { if (!readReader2.IsDBNull(0)) { rec.ComputerName = readReader2.GetInt32(0).ToString(); //ComputerName As machine id } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 11 " + ex.Message.ToString()); } try { if (!readReader2.IsDBNull(1)) { rec.CustomInt1 = readReader2.GetInt32(1); //CustomInt1 As INSTANCE_KEY } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 12 " + ex.Message.ToString()); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->>INSTANCE_KEY IS " + rec.CustomInt1.ToString()); try { if (!readReader2.IsDBNull(2)) { rec.CustomInt2 = readReader2.GetInt32(2);//AgentID } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 13 " + ex.Message.ToString()); } try { if (!readReader2.IsDBNull(3)) { rec.Datetime = readReader2.GetDateTime(3).AddHours(zone).ToString("yyyy/MM/dd HH:mm:ss.fff"); //date } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 14 " + ex.Message.ToString()); } prevDate = curDate; try { if (!readReader2.IsDBNull(3)) { curDate = readReader2.GetDateTime(3).ToString("yyyy/MM/dd HH:mm:ss.fff"); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 15 " + ex.Message.ToString()); } try { if (!readReader2.IsDBNull(4)) { rec.UserName = readReader2.GetString(4).ToString(); //client ProdID00 } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 16 " + ex.Message.ToString()); } try { if (!readReader2.IsDBNull(5)) { rec.CustomStr4 = readReader2.GetString(5).ToString(); //DisplayName00 } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 17 " + ex.Message.ToString()); } try { if (!readReader2.IsDBNull(6)) { rec.CustomStr6 = readReader2.GetString(6).ToString(); //Publisher00 } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 18 " + ex.Message.ToString()); } try { if (!readReader2.IsDBNull(7)) { rec.CustomStr7 = readReader2.GetString(7).ToString(); //Version00 } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 19 " + ex.Message.ToString()); } if (prevDate == curDate) { repeat_recordnum++; } else { repeat_recordnum = 0; } if (usingRegistery) { s.SetData(rec); Set_Registry(curDate); } else { s.SetData(Dal, Virtualhost, rec); Set_Registry(curDate); } L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Finish Sending Data"); x++; L.Log(LogType.FILE, LogLevel.DEBUG, " In timer1_Tick() -->> Number of Sending Data : " + x.ToString()); lastRecordDate = curDate; i++; if (i > max_record_send) { //son bakilan recordu registerye kaydet Set_Registry(lastRecordDate); cmd2.Cancel(); return; } } else { repeat -= 1; } } Set_Registry(lastRecordDate); } #endregion } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 6 " + er.Message.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " In timer1_Tick() -->> In Catch 6 " + er.StackTrace.ToString()); erroroccured = true; } finally { //L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> In Finaly Repeat Record Num Is : " + repeat_recordnum.ToString()); if (x == 0 && controlofadd && !erroroccured) { repeat_recordnum--; L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> There Is No New Record So Waiting For New Record"); } if (x == 0 && controlofadd && erroroccured) { repeat_recordnum--; L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> An Error Occured And Repeat Record Num -- : " + repeat_recordnum.ToString()); } timer1.Enabled = true; L.Log(LogType.FILE, LogLevel.INFORM, " In timer1_Tick() -->> Service Stopped"); Database.Drop(ref cmd2); s.Dispose(); } }
void slog_SyslogEvent(LogMgrEventArgs args) { CustomBase.Rec rec = new CustomBase.Rec(); try { if (args.Message == "") { L.Log(LogType.FILE, LogLevel.INFORM, "Message is null."); return; } L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); //2011-01-03 13:27:05 Local1.Info 192.168.2.80 Jan 3 13:28:08 brightmail ecelerity: 1294054057|c0a80250-b7b7aae000007fcf-ca-4d21b2a946ae|ACCEPT|209.85.216.191:42532 //192.168.2.80:45924 : local1.info Feb 17 14:28:25 brightmail ecelerity: 1297945705|c0a80250-b7b6bae000000e0e-f8-4d5d1460c093|DELIVERY_FAILURE|550 5.4.4 [internal] null mx domain does not accept mail|[email protected] //192.168.2.80:45924 : local1.info Feb 17 14:24:12 brightmail ecelerity: 1297945452|c0a80250-b7b6bae000000e0e-a0-4d5d136b012b|ORCPTS|[email protected] //*192.168.2.80:48626 : local1.info Mar 1 16:51:34 brightmail ecelerity: 1298991094|c0a80250-b7b8aae000000cca-18-4d65f5d052d6|DELIVERY_FAILURE|554 5.4.7 [internal] exceeded max time without delivery|[email protected] //*192.168.2.80:48626 : local1.info Mar 1 16:53:35 brightmail bmserver: 1298991215|c0a80250-b7ce9ae000000cc1-bf-4d6d086e8648|MSGID| <*****@*****.**> //*192.168.2.80:48626 : local1.info Mar 1 16:48:42 brightmail bmserver: 1298990922|c0a80250-b7ce9ae000000cc1-5e-4d6d072bac0f|ATTACH|image001.jpg|kalite y??netimi ve saha i??nceleme raporu no.12.pdf //*192.168.2.80:55252 : local1.info Feb 23 14:03:48 brightmail bmserver: 1298462628|c0a80250-b7b8aae000000cca-87-4d64f73e0192|ATTACHFILTER|_bbg.exe //192.168.2.80:46689 : security2.info Feb 18 10:57:05 brightmail xinetd[2225]: START: https pid=6620 from=192.168.111.66 //192.168.2.80:54229 : security2.info Feb 18 11:58:50 brightmail xinetd[2225]: START: https pid=13836 from=192.168.111.66 //192.168.2.80:47547 : local1.info May 5 12:05:33 brightmail ecelerity: 1304586333|c0a80250-b7cb8ae000003006-fb-4dc2681d68ec|DELIVERY_FAILURE|554 5.4.4 [internal] domain lookup failed|[email protected] string[] parts = args.Message.Split(new char[]{' '}, StringSplitOptions.RemoveEmptyEntries); rec.LogName = "SymantecBrightmailRecorder"; rec.SourceName = args.Source; rec.EventType = args.EventLogEntType.ToString(); rec.Description = args.Message; rec.Datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss"); try { if (parts.Length > 8) { rec.CustomStr6 = parts[0].Split(':')[1]; rec.CustomStr7 = parts[0].Split(':')[0];// 1[1] rec.CustomStr8 = parts[3] + " " + parts[4] + " " + parts[5]; rec.CustomStr9 = parts[7].TrimEnd(':');//7 if (parts[8].Contains("|")) { string[] pipes = parts[8].Split('|');//8 rec.CustomInt1 = Convert_To_Int32(pipes[0]); rec.EventCategory = ""; try { rec.CustomStr10 = pipes[1]; rec.EventCategory = pipes[2]; } catch (Exception ex) { } if (rec.EventCategory == "ACCEPT") { rec.CustomStr1 = pipes[3].Split(':')[0]; rec.CustomInt2 = Convert_To_Int32(pipes[3].Split(':')[1]); } else if (rec.EventCategory == "SENDER") { rec.CustomStr3 = pipes[3]; } else if (rec.EventCategory == "ORCPTS") { rec.CustomStr4 = pipes[3]; } else if (rec.EventCategory == "SOURCE") { rec.CustomStr4 = pipes[3]; } else if (rec.EventCategory == "SUBJECT") { rec.CustomStr4 = pipes[3]; } else if (rec.EventCategory == "MSGID") { rec.CustomStr4 = pipes[3].Trim().TrimEnd('<').TrimStart('>');//Mail adresi. } else if (rec.EventCategory == "ATTACH") { rec.CustomStr4 = ""; for (int i = 3; i < pipes.Length; i++) { rec.CustomStr4 += pipes[i] + "|"; } rec.CustomStr4 = rec.CustomStr4.TrimEnd('|'); } else if (rec.EventCategory == "UNTESTED") { rec.CustomStr4 = pipes[3]; rec.CustomStr5 = " "; for (int i = 4; i < pipes.Length; i++) { rec.CustomStr5 += pipes[i] + "|"; } rec.CustomStr5 = rec.CustomStr5.Trim(); } else if (rec.EventCategory == "VERDICT") { rec.CustomStr4 = pipes[3]; rec.CustomStr5 = " "; for (int i = 4; i < pipes.Length; i++) { rec.CustomStr5 += pipes[i] + "|"; } rec.CustomStr5 = rec.CustomStr5.Trim(); } else if (rec.EventCategory == "TRACKERID") { rec.CustomStr4 = pipes[3]; rec.CustomStr5 = " "; for (int i = 4; i < pipes.Length; i++) { rec.CustomStr5 += pipes[i] + "|"; } rec.CustomStr5 = rec.CustomStr5.Trim(); } else if (rec.EventCategory == "IRCPTACTION") { rec.CustomStr4 = pipes[3]; rec.CustomStr5 = " "; for (int i = 4; i < pipes.Length; i++) { rec.CustomStr5 += pipes[i] + "|"; } rec.CustomStr5 = rec.CustomStr5.TrimEnd('|'); } else if (rec.EventCategory == "DELIVER") { rec.CustomStr5 = pipes[3]; rec.CustomStr4 = pipes[4]; } else if (rec.EventCategory == "DELIVERY_FAILURE") { rec.CustomStr5 = pipes[3]; rec.CustomStr4 = pipes[4]; } else if (rec.EventCategory == "ATTACHFILTER") { rec.CustomStr4 = ""; for (int i = 3; i < pipes.Length; i++) { rec.CustomStr4 += pipes[i] + "|"; } rec.CustomStr4 = rec.CustomStr4.TrimEnd('|'); } } else { //192.168.2.80:46689 : security2.info Feb 18 10:57:05 brightmail xinetd[2225]: START: https pid=6620 from=192.168.111.66 if (parts[8].Contains("START")) { rec.EventCategory = parts[8].TrimEnd(':'); rec.CustomStr1 = parts[9]; rec.CustomInt3 = Convert_To_Int32(parts[10].Split('=')[1]); rec.CustomStr6 = parts[11].Split('=')[1]; } } } else { L.LogTimed(LogType.FILE, LogLevel.ERROR, " Line format is not like we want. Line : " + args.Message); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, ex.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, " Error line written in description. Line : " + args.Message); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); } catch (Exception er) { L.LogTimed(LogType.FILE, LogLevel.ERROR, er.ToString()); L.LogTimed(LogType.FILE, LogLevel.ERROR, " Hataya düşen line : " + args.Message); } }
public Rec ParseSpecific(String line, bool dontSend, LogMgrEventArgs args) { L.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | Parsing Specific line. Line : " + line); if (string.IsNullOrEmpty(line)) { L.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | Line is Null Or Empty. "); } CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.DEBUG, " Source Is : " + args.Source.ToString()); rec.SourceName = args.Source; L.Log(LogType.FILE, LogLevel.INFORM, " Log : " + args.Message); rec.LogName = "PaloAltoTrafficV_1_0_0Syslog Recorder"; //rec.Datetime = DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss"); rec.EventType = args.EventLogEntType.ToString(); if (!string.IsNullOrEmpty(remote_host)) { rec.ComputerName = remote_host; } rec.Description = args.Message; L.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | ComputerName: " + rec.ComputerName); L.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | Description: " + rec.Description); L.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | LogName: " + rec.LogName); L.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() | SourceName: " + rec.SourceName); //if (rec.Description.Length > 899) //{ // rec.Description = rec.Description.Substring(0, 899); //} //else //{ // rec.Description = rec.Description; //} //rec.Description = args.Message.Replace("'", "|"); if (!dontSend) { // 10 20 30 //threath Domain*,Receive Time*,Serial #*,Type*,Threat/Content Type*,Config Version*,Generate Time*,Source address*,Destination address*,NAT Source IP*,NAT Destination IP*,Rule*,Source User*,Destination User*,Application*,Virtual System*,Source Zone*,Destination Zone*,Inbound Interface*, Outbound Interface*, Log Action*,Time Logged*,Session ID*,Repeat Count*,Source Port*,Destination Port*,NAT Source Port*,NAT Destination Port*,Flags*,IP Protocol*,Action,URL,Threat/Content Name,Category,Severity,Direction //traffic Domain*,Receive Time*,Serial #*,Type*,Threat/Content Type*,Config Version*,Generate Time*,Source address*,Destination address*,NAT Source IP*, NAT Destination IP*,Rule*,Source User*,Destination User*,Application*,Virtual System*,Source Zone*,Destination Zone*,Inbound Interface*,Outbound Interface*, Log Action*,Time Logged*,Session ID*,Repeat Count*,Source Port*,Destination Port*,NAT Source Port*,NAT Destination Port*,Flags*,IP Protocol*, Action,Bytes,Bytes Sent,Bytes Received,Packets,Start Time,Elapsed Time (sec),Category,Padding(39) //1,2011/01/25 05:45:17,0004C100832,THREAT,vulnerability,2,2011/01/25 05:45:12,193.189.142.32,168.216.29.89,192.168.0.12,168.216.29.89,Dis_Web_Server_erisim,,,web-browsing,vsys1,DMZ,Internet,ethernet1/1,ethernet1/4,,2011/01/25 05:45:17,56500,1,80,4149,80,4149,0x40,tcp,alert,,HTTP Non RFC-Compliant Response Found(32880),any,informational,server-to-client string[] parts = line.Split(','); try { try { rec.Datetime = Convert.ToDateTime(parts[6]).ToString("yyyy-MM-dd HH:mm:ss");//Date time conversion requeired. } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | There is a problem converting to date. date : " + parts[4]); } for (int i = 0; i < parts.Length; i++) { L.Log(LogType.FILE, LogLevel.DEBUG, " ParseSpecific() Parts[" + i + "]: " + parts[i]); } try { rec.CustomStr1 = parts[18]; rec.CustomStr2 = parts[19]; rec.CustomStr3 = parts[7]; rec.CustomStr4 = parts[8]; rec.CustomStr5 = parts[9]; rec.CustomStr6 = parts[10]; rec.CustomStr7 = parts[29]; rec.CustomStr8 = parts[4]; /*rec.CustomStr9 = parts[11];*/ rec.CustomStr9 = parts[3]; rec.CustomStr10 = parts[14]; rec.UserName = parts[12]; rec.EventType = parts[30]; rec.EventCategory = parts[37]; rec.CustomInt1 = Convert_to_Int32(parts[0]); rec.CustomInt2 = Convert_to_Int32(parts[23]); rec.CustomInt3 = Convert_to_Int32(parts[24]); rec.CustomInt4 = Convert_to_Int32(parts[25]); rec.CustomInt5 = Convert_to_Int32(parts[26]); rec.CustomInt6 = Convert_to_Int32(parts[27]); rec.CustomInt7 = Convert_to_Int32(parts[22]); /*rec.CustomInt9 = Convert_to_Int32(parts[32]);*/ rec.CustomInt8 = Convert_to_Int32(parts[32]); rec.CustomInt9 = Convert_to_Int32(parts[33]); rec.CustomInt10 = Convert_to_Int32(parts[36]); } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | There is a problem parsing log.: " + ex.Message); } //172.16.55.55:34062 : local7.info Dec 14 11:15:31 1,2012/12/14 11:15:31,002201000312,THREAT,url,1,2012/12/14 11:15:31,10.104.3.241,2.21.90.227,194.27.49.141,2.21.90.227,TR-2-UNT,,,web-browsing,vsys1,trust,untrust,ethernet1/14,ethernet1/15,au_log_profile,2012/12/14 11:15:30,1013217,1,3868,80,34277,80,0x408000,tcp,alert,"px.owneriq.net/ep?sid[]=302333068&sid[]=302334368&rid[]=1612783&rid[]=1612784",(9999),business-and-economy,informational,client-to-server,1652635554,0x0,10.0.0.0-10.255.255.255,European Union,0,text/html } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | " + ex.Message); L.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | " + ex.StackTrace); L.Log(LogType.FILE, LogLevel.ERROR, " ParseSpecific() | Line : " + line); } } return rec; }
private void timerEvent_Tick(object sender, System.Timers.ElapsedEventArgs e) { ValidateMe(); timerEvent.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, "Service Started"); string readQuery = null; AccessConnection ac = new AccessConnection(); OleDbConnection connection = null; OleDbCommand command = null; OleDbDataReader readReader = null; try { if (!reg_flag) { if (!Read_Registry()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Reading the Registry "); return; } else if (!Initialize_Logger()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Intialize Logger on Avira Recorder functions may not be running"); return; } reg_flag = true; } if (fromend) { if (!Set_LastPosition()) L.Log(LogType.FILE, LogLevel.INFORM, "Error on setting last position see eventlog for more details"); fromend = false; } readQuery = "Select TOP " + max_record_send + " Actor_ID,Product_ID,Product_Name,Module_Name,Event_Type,Issue_Time2,Msg,Msg_Index,P1,P2,Event_ID from Events where Event_ID > " + last_recordnumEvent + " ORDER BY Event_ID"; L.Log(LogType.FILE, LogLevel.DEBUG, " Query for EventLogTable is " + readQuery); ac.OpenAccessConnection(mcdb_name); readReader = ac.ExecuteAccessQuery(readQuery); if (!readReader.HasRows) // hatalı access kayıtları için. hatalı kayıtları atlar... { string readQuery1 = "select MAX(Event_ID) FROM Events"; OleDbDataReader readReader22 = ac.ExecuteAccessQuery(readQuery1); long max_record_num = 0; while (readReader22.Read()) { max_record_num = Convert.ToInt64(readReader22.GetDecimal(0)); } L.Log(LogType.FILE, LogLevel.DEBUG, "Maximum Record Num for EventsLog Table is : " + max_record_num); if (!readReader22.IsClosed) { readReader22.Close(); } if (last_recordnumEvent < max_record_num) { last_recordnumEvent += 1; } } while (readReader.Read()) { rec.LogName = "Avira Recorder"; if (!Convert.IsDBNull(readReader["Actor_ID"])) { rec.CustomInt6 = readReader.GetInt64(0); } if (!Convert.IsDBNull(readReader["Product_ID"])) { rec.CustomInt7 = readReader.GetInt64(1); } if (!Convert.IsDBNull(readReader["Product_Name"])) { rec.CustomStr1 = readReader.GetString(2); } if (!Convert.IsDBNull(readReader["Module_Name"])) { rec.CustomStr2 = readReader.GetString(3); } if (!Convert.IsDBNull(readReader["Event_Type"])) { rec.CustomInt8 = readReader.GetInt64(4); } if (!Convert.IsDBNull(readReader["Issue_Time2"])) { rec.Datetime = readReader.GetDateTime(5).ToString("yyyy/MM/dd HH:mm:ss.fff"); } if (!Convert.IsDBNull(readReader["Msg"])) { rec.CustomStr3 = readReader.GetString(6); } if (!Convert.IsDBNull(readReader["Msg_Index"])) { rec.CustomInt9 = readReader.GetInt64(7); } if (!Convert.IsDBNull(readReader["P1"])) { rec.CustomStr4 = readReader.GetString(8); } if (!Convert.IsDBNull(readReader["P2"])) { rec.CustomStr5 = readReader.GetString(9); } if (!Convert.IsDBNull(readReader["Event_ID"])) { rec.CustomInt10 = readReader.GetInt64(10); } L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data for EventLog"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); L.Log(LogType.FILE, LogLevel.DEBUG, "sendingg dataaaa"); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); last_recordnumEvent = rec.CustomInt10; last_recdate = rec.Datetime; L.Log(LogType.FILE, LogLevel.DEBUG, "Record Number is For Event Log " + last_recordnumEvent.ToString()); if (usingRegistry) Set_Registry(last_recordnumEvent.ToString()); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_recordnumEvent.ToString(), "", "", "", last_recdate); } } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish getting the data"); } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); } finally { timerEvent.Enabled = true; L.Log(LogType.FILE, LogLevel.INFORM, "Service Stopped"); if (command != null && connection != null) { command.Dispose(); connection.Close(); } ac.CloseAccessConnection(); } }
void slog_SyslogEvent(LogMgrEventArgs args) { CustomBase.Rec rec = new CustomBase.Rec(); string[] lineArr = SpaceSplit(args.Message, true); try { L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); try { rec.LogName = "CyberoamSyslogV_1_0_0Recorder"; //rec.EventType = args.EventLogEntType.ToString(); #region Description if (args.Message.Length > 899) rec.Description = args.Message.Substring(0, 899); else { rec.Description = args.Message; } L.Log(LogType.FILE, LogLevel.INFORM, "Description: " + args.Message); #endregion string dateString = ""; string timeString = ""; for (int i = 0; i < lineArr.Length; i++) { #region DateTime if (lineArr[i].StartsWith("date")) { dateString = SubLineSplitter(lineArr[i]); } if (lineArr[i].StartsWith("time") && !lineArr[i].StartsWith("timezone")) { timeString = SubLineSplitter(lineArr[i]); } #endregion } L.Log(LogType.FILE, LogLevel.DEBUG, "dateString: " + dateString + " " + timeString); DateTime dt = Convert.ToDateTime(dateString + " " + timeString); rec.Datetime = dt.ToString(dateFormat); L.Log(LogType.FILE, LogLevel.DEBUG, "DateTime: " + rec.Datetime); for (int i = 0; i < lineArr.Length; i++) { #region SOURCENAME if (lineArr[i].StartsWith("device_name")) { rec.SourceName = SubLineSplitter(lineArr[i]); } #endregion #region EVENTCATEGORY if (lineArr[i].StartsWith("log_component")) { rec.EventCategory = SubLineSplitter(lineArr[i]); } #endregion #region EVENTTYPE if (lineArr[i].StartsWith("log_type")) { rec.EventType = SubLineSplitter(lineArr[i]); } #endregion #region USERSID if (lineArr[i].StartsWith("device_id")) { rec.UserName = SubLineSplitter(lineArr[i]); } #endregion #region COMPUTERNAME if (lineArr[i].StartsWith("user_name")) { rec.ComputerName = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR1 if (lineArr[i].StartsWith("protocol")) { rec.CustomStr1 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR2 if (lineArr[i].StartsWith("user_gp")) { rec.CustomStr2 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR3 if (lineArr[i].StartsWith("src_ip")) { rec.CustomStr3 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR4 if (lineArr[i].StartsWith("dst_ip")) { rec.CustomStr4 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR5 if (lineArr[i].StartsWith("category")) { rec.CustomStr5 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR6 if (lineArr[i].StartsWith("contenttype")) { rec.CustomStr6 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR7 if (lineArr[i].StartsWith("domain")) { rec.CustomStr7 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR8 if (lineArr[i].StartsWith("status")) { rec.CustomStr8 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR9 if (lineArr[i].StartsWith("url")) { rec.CustomStr9 = SubLineSplitter(lineArr[i]); } #endregion #region CUSTOMSTR10 if (lineArr[i].StartsWith("log_subtype")) { rec.CustomStr10 = SubLineSplitter(lineArr[i]); } /* if (lineArr[i].StartsWith("log_component")) { rec.EventCategory = SubLineSplitter(lineArr[i]); } L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory);*/ #endregion #region CUSTOMINT1 if (lineArr[i].StartsWith("fw_rule_id")) { rec.CustomInt1 = Convert_To_Int32(SubLineSplitter(lineArr[i])); } #endregion #region CUSTOMINT2 if (lineArr[i].StartsWith("iap")) { rec.CustomInt2 = Convert_To_Int32(SubLineSplitter(lineArr[i])); } #endregion #region CUSTOMINT3 #endregion #region CUSTOMINT4 #endregion #region CUSTOMINT5 if (lineArr[i].StartsWith("src_port")) { rec.CustomInt5 = Convert_To_Int32(SubLineSplitter(lineArr[i])); } #endregion #region CUSTOMINT6 if (lineArr[i].StartsWith("dst_port")) { rec.CustomInt6 = Convert_To_Int32(SubLineSplitter(lineArr[i])); } #endregion #region CUSTOMINT7 if (lineArr[i].StartsWith("httpresponsecode")) { rec.CustomInt7 = Convert_To_Int32(SubLineSplitter(lineArr[i])); } #endregion #region CUSTOMINT8 if (lineArr[i].StartsWith("sent_bytes")) { rec.CustomInt8 = Convert_To_Int32(SubLineSplitter(lineArr[i])); } #endregion #region CUSTOMINT9 if (lineArr[i].StartsWith("recv_bytes")) { rec.CustomInt9 = Convert_To_Int32(SubLineSplitter(lineArr[i])); } #endregion #region CUSTOMINT10 #endregion } L.Log(LogType.FILE, LogLevel.DEBUG, "SourceName: " + rec.SourceName); L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory); L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType); L.Log(LogType.FILE, LogLevel.DEBUG, "UserName: "******"ComputerName: " + rec.ComputerName); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr1: " + rec.CustomStr1); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr6: " + rec.CustomStr6); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr7: " + rec.CustomStr7); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr8: " + rec.CustomStr8); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr9: " + rec.CustomStr9); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr10: " + rec.CustomStr10); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1: " + rec.CustomInt1.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt2: " + rec.CustomInt2.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt6: " + rec.CustomInt6.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt7: " + rec.CustomInt7.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt8: " + rec.CustomInt8.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt9: " + rec.CustomInt9.ToString(CultureInfo.InvariantCulture)); //rec.SourceName = args.Source; if (SendData(rec)) { L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); } } catch (Exception e) { L.Log(LogType.FILE, LogLevel.DEBUG, "ERROR------------"); L.Log(LogType.FILE, LogLevel.DEBUG, e.Message); L.Log(LogType.FILE, LogLevel.DEBUG, e.StackTrace); } } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message); } }
void slog_SyslogEvent(LogMgrEventArgs args) { CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.DEBUG, "slog_SyslogEvent Line: " + args.Message); try { L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); try { rec.LogName = "WSenseSyslogV_1_0_0Recorder"; rec.EventType = args.EventLogEntType.ToString(); L.Log(LogType.FILE, LogLevel.DEBUG, "EventType: " + rec.EventType); if (args.Message.Length > 899) { rec.Description = args.Message.Substring(0, 899); } else { rec.Description = args.Message; } string line = args.Message; string[] lineArr = SpaceSplit(line, false); try { DateTime dt; string dateNow = DateTime.Now.Year.ToString(CultureInfo.InvariantCulture); string myDateTimeString = lineArr[4] + lineArr[3] + "," + dateNow + " ," + lineArr[5]; dt = Convert.ToDateTime(myDateTimeString); rec.Datetime = dt.ToString(dateFormat); L.Log(LogType.FILE, LogLevel.DEBUG, "Datetime: " + rec.Datetime); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "Date Error: " + exception.Message); } //L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory); if (lineArr.Length > 6) { rec.CustomStr1 = lineArr[6]; L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr1: " + rec.CustomStr1); } try { //if (lineArr[i].StartsWith("category")) if (lineArr.Length > 12) { if (lineArr[12].Trim().StartsWith("category")) { rec.EventCategory = SplitedLine(lineArr[12]); //Console.WriteLine("EventCategory: " + rec.EventCategory); L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("category")) { rec.EventCategory = SplitedLine(lineArr[i]); //Console.WriteLine("EventCategory: " + rec.EventCategory); L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + rec.EventCategory); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.DEBUG, "EventCategory: " + exception.Message); } try { //if (lineArr[i].StartsWith("user")) if (lineArr.Length > 13) { if (lineArr[13].Trim().StartsWith("user")) { if (lineArr[13].Contains("://")) { rec.ComputerName = After(SplitedLine(lineArr[13]), "://"); //Console.WriteLine("ComputerName: " + rec.ComputerName); L.Log(LogType.FILE, LogLevel.DEBUG, "ComputerName: " + rec.ComputerName); if (lineArr.Length > 14) { string d = lineArr[14].Split('/')[lineArr[14].Split('/').Length - 1]; rec.UserName = d + " " + lineArr[15]; //Console.WriteLine("UserName: "******"UserName: "******"DC=local"); try { if (df.EndsWith(",")) { rec.SourceName = df.Substring(0, df.Length - 1); //Console.WriteLine("SourceName: " + rec.SourceName); L.Log(LogType.FILE, LogLevel.DEBUG, "SourceName: " + rec.SourceName); } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "SourceName: " + exception.Message); } } } else { L.Log(LogType.FILE, LogLevel.DEBUG, "ComputerName = null"); } } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("user")) { rec.ComputerName = SplitedLine(lineArr[i]); //Console.WriteLine("ComputerName: " + rec.ComputerName); L.Log(LogType.FILE, LogLevel.DEBUG, "ComputerName: " + rec.ComputerName); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.DEBUG, "ComputerName: " + exception.Message); } try { //if (lineArr[i].StartsWith("action")) if (lineArr.Length > 10) { if (lineArr[10].Trim().StartsWith("action")) { rec.CustomStr2 = SplitedLine(lineArr[10]); //Console.WriteLine("CustomStr2: " + rec.CustomStr2); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("action")) { rec.CustomStr2 = SplitedLine(lineArr[i]); //Console.WriteLine("CustomStr2: " + rec.CustomStr2); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr2: " + rec.CustomStr2); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr2: " + exception.Message); } try { //if (lineArr[i].StartsWith("src_host")) if (lineArr.Length > 16) { if (lineArr[10].Trim().StartsWith("src_host")) { rec.CustomStr3 = SplitedLine(lineArr[16]); //Console.WriteLine("CustomStr3: " + rec.CustomStr3); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("src_host")) { rec.CustomStr3 = SplitedLine(lineArr[i]); //Console.WriteLine("CustomStr3: " + rec.CustomStr3); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr3: " + rec.CustomStr3); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr2: " + exception.Message); } try { //if (lineArr[i].StartsWith("dst_ip")) if (lineArr.Length > 19) { if (lineArr[19].Trim().StartsWith("dst_ip")) { rec.CustomStr4 = SplitedLine(lineArr[19]); //Console.WriteLine("CustomStr4: " + rec.CustomStr4); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("dst_ip")) { rec.CustomStr4 = SplitedLine(lineArr[i]); //Console.WriteLine("CustomStr4: " + rec.CustomStr4); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr4: " + rec.CustomStr4); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr4: " + exception.Message); } try { //if (lineArr[i].StartsWith("dst_ip")) if (lineArr.Length > 18) { if (lineArr[18].Trim().StartsWith("dst_host")) { rec.CustomStr5 = SplitedLine(lineArr[18]); //Console.WriteLine("CustomStr5: " + rec.CustomStr5); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("dst_host")) { rec.CustomStr5 = SplitedLine(lineArr[i]); //Console.WriteLine("CustomStr5: " + rec.CustomStr5); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr5: " + rec.CustomStr5); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr5: " + exception.Message); } try { //if (lineArr[i].StartsWith("url")) if (lineArr.Length > 33) { if (lineArr[33].StartsWith("url")) { rec.CustomStr6 = SplitedLine(lineArr[33]); //Console.WriteLine("CustomStr6: " + rec.CustomStr6); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr6: " + rec.CustomStr6); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("url")) { rec.CustomStr6 = SplitedLine(lineArr[i]); //Console.WriteLine("CustomStr6: " + rec.CustomStr6); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr6: " + rec.CustomStr6); } } } } else { rec.CustomStr6 = SplitedLine(lineArr[lineArr.Length - 1]); //Console.WriteLine("CustomStr6: " + rec.CustomStr6); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr6: " + rec.CustomStr6); } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomStr6: " + exception.Message); } //try //{ // if (rec.CustomStr6.Length > 899) // { // rec.CustomStr7 = rec.CustomStr6.Substring(899, 1799); // } //} //catch (Exception exception) //{ // L.Log(LogType.FILE, LogLevel.DEBUG, "CustomStr7: " + exception.Message); //} try { //if (lineArr[i].StartsWith("disposition")) if (lineArr.Length > 29) { if (lineArr[29].StartsWith("disposition")) { rec.CustomInt1 = Convert.ToInt32(SplitedLine(lineArr[29])); //Console.WriteLine("CustomInt1: " + rec.CustomInt1); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1: " + rec.CustomInt1); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("disposition")) { rec.CustomInt1 = Convert.ToInt32(SplitedLine(lineArr[i])); //Console.WriteLine("CustomInt1: " + rec.CustomInt1); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt1: " + rec.CustomInt1); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt1 Casting error, CustomInt1 setted 0 " + exception.Message); rec.CustomInt1 = 0; } try { //if (lineArr[i].StartsWith("http_response")) if (lineArr.Length > 23) { if (lineArr[23].StartsWith("http_response")) { rec.CustomInt3 = Convert.ToInt32(SplitedLine(lineArr[23])); //Console.WriteLine("CustomInt3: " + rec.CustomInt3); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3: " + rec.CustomInt1); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("http_response")) { rec.CustomInt3 = Convert.ToInt32(SplitedLine(lineArr[i])); //Console.WriteLine("CustomInt3: " + rec.CustomInt3); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt3: " + rec.CustomInt3); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt3 Casting error, CustomInt3 setted 0 " + exception.Message); rec.CustomInt3 = 0; } try { //if (lineArr[i].StartsWith("severity")) if (lineArr.Length > 11) { if (lineArr[11].StartsWith("severity")) { rec.CustomInt5 = Convert.ToInt32(SplitedLine(lineArr[11])); //Console.WriteLine("CustomInt5: " + rec.CustomInt5); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("severity")) { rec.CustomInt5 = Convert.ToInt32(SplitedLine(lineArr[i])); //Console.WriteLine("CustomInt5: " + rec.CustomInt5); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt5: " + rec.CustomInt5); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt5 Casting error, CustomInt5 setted 0 " + exception.Message); rec.CustomInt5 = 0; } try { //if (lineArr[i].StartsWith("bytes_out")) if (lineArr.Length > 21) { if (lineArr[21].StartsWith("bytes_out")) { rec.CustomInt7 = Convert.ToInt32(SplitedLine(lineArr[21])); //Console.WriteLine("CustomInt7: " + rec.CustomInt7); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt7: " + rec.CustomInt7); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("bytes_out")) { rec.CustomInt7 = Convert.ToInt32(SplitedLine(lineArr[i])); //Console.WriteLine("CustomInt7: " + rec.CustomInt7); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt7: " + rec.CustomInt7); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt7 Casting error, CustomInt7 setted 0 " + exception.Message); rec.CustomInt7 = 0; } try { //if (lineArr[i].StartsWith("bytes_in")) if (lineArr.Length > 22) { if (lineArr[22].StartsWith("bytes_in")) { rec.CustomInt8 = Convert.ToInt32(SplitedLine(lineArr[22])); //Console.WriteLine("CustomInt8: " + rec.CustomInt8); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt8: " + rec.CustomInt8); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("bytes_in")) { rec.CustomInt8 = Convert.ToInt32(SplitedLine(lineArr[i])); //Console.WriteLine("CustomInt8: " + rec.CustomInt8); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt8: " + rec.CustomInt8); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt8 Casting error, CustomInt8 setted 0 " + exception.Message); rec.CustomInt8 = 0; } try { //if (lineArr[i].StartsWith("src_port")) if (lineArr.Length > 17) { if (lineArr[17].StartsWith("src_port")) { rec.CustomInt9 = Convert.ToInt32(SplitedLine(lineArr[17])); //Console.WriteLine("CustomInt9: " + rec.CustomInt9); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt9: " + rec.CustomInt9); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("src_port")) { rec.CustomInt9 = Convert.ToInt32(SplitedLine(lineArr[i])); ////Console.WriteLine("CustomInt9: " + rec.CustomInt9); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt9: " + rec.CustomInt9); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt9 Casting error, CustomInt9 setted 0 " + exception.Message); rec.CustomInt9 = 0; } try { //if (lineArr[i].StartsWith("dst_port")) if (lineArr.Length > 20) { if (lineArr[20].StartsWith("dst_port")) { rec.CustomInt10 = Convert.ToInt32(SplitedLine(lineArr[20])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt10: " + rec.CustomInt10); } else { for (int i = 0; i < lineArr.Length; i++) { if (lineArr[i].StartsWith("dst_port")) { rec.CustomInt10 = Convert.ToInt32(SplitedLine(lineArr[i])); L.Log(LogType.FILE, LogLevel.DEBUG, "CustomInt10: " + rec.CustomInt10); } } } } } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, "CustomInt10 Casting error, CustomInt10 setted 0 " + exception.Message); rec.CustomInt10 = 0; } //L.Log(LogType.FILE, LogLevel.DEBUG, " Source Is : " + args.Source.ToString()); //rec.SourceName = args.Source; L.Log(LogType.FILE, LogLevel.INFORM, " Log : " + args.Message); } catch (Exception e) { L.Log(LogType.FILE, LogLevel.DEBUG, "ERROR------------"); L.Log(LogType.FILE, LogLevel.DEBUG, e.Message); L.Log(LogType.FILE, LogLevel.DEBUG, e.StackTrace); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); L.Log(LogType.FILE, LogLevel.ERROR, args.EventLogEntType + " " + args.Message); } }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { timer1.Enabled = false; CustomBase.Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, "Service Started"); string readQuery = null; IDataReader readReader = null; DbCommand cmd = null; string ip0 = "", ip1 = "", ip2 = ""; string full_url = ""; int numberofCharecter = 0; int numberofcharecteroverflow = 0; try { // Fill the record fileds with necessary parameters //readQuery = "SELECT UPPER(HOST_NAME) AS HOST_NAME FROM NODE WHERE LAST_UPDATED < (getdate() - CONVERT(datetime,'" + respond_hour + ":" + respond_time + ":0',108)) ORDER BY LAST_UPDATED DESC"; if (!reg_flag) { if (!Read_Registry()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Reading the Registry "); return; } else if (!Initialize_Logger()) { L.Log(LogType.FILE, LogLevel.ERROR, "Error on Intialize Logger on Websense Recorder functions may not be running"); return; } reg_flag = true; } if (fromend) { if (!Set_LastPosition()) L.Log(LogType.FILE, LogLevel.INFORM, "Error on setting last position see eventlog for more details"); fromend = false; } wsdb_name_last = Get_Ws_Dbname(); if (wsdb_name_last == null) wsdb_name_last = lastFile; if (wsdb_name_last == null) wsdb_name_last = wsdb_name; int i = 0; //readQuery = "select D.RECORD_NUMBER,D.DATE_TIME,D.USER_ID,D.CATEGORY,D.DISPOSITION_CODE,D.PROTOCOL_ID,U.URL,D.PORT,D.SOURCE_SERVER_IP_INT,D.DESTINATION_IP_INT,D.SOURCE_IP_INT,D.HITS,D.BYTES_SENT,D.BYTES_RECEIVED from " + wsdb_name + "..URLS AS U(nolock), " + wsdb_name_last + "..LOG_DETAILS AS D(nolock) WHERE D.URL_ID= U.URL_ID AND D.RECORD_NUMBER>" + last_recordnum.ToString();//+" ORDER BY D.RECORD_NUMBER"; #region if if (tableControl("WSE_URLS", wsdb_name) && tableControl("USERS", wsdb_name) && tableControl("CATEGORY", wsdb_name) && tableControl("PROTOCOLS", wsdb_name) && tableControl("LOG_DETAILS", wsdb_name_last)) { readQuery = "select TOP " + max_record_send + " D.RECORD_NUMBER,D.DATE_TIME,US.USER_LOGIN_NAME,C.NAME AS CATEGORY,D.DISPOSITION_CODE,P.NAME AS PROTOCOL,U.NAME,D.PORT,D.SOURCE_SERVER_IP_INT,D.DESTINATION_IP_INT,D.SOURCE_IP_INT,D.HITS,D.BYTES_SENT,D.BYTES_RECEIVED,C.CHILD_NAME,D.FULL_URL from " + wsdb_name + "..WSE_URLS AS U(nolock)," + wsdb_name + "..USERS AS US(nolock)," + wsdb_name + "..CATEGORY AS C(nolock)," + wsdb_name + "..PROTOCOLS AS P(nolock), " + wsdb_name_last + "..LOG_DETAILS AS D(nolock) WHERE D.URL_ID= U.WSE_URL_ID AND US.USER_ID=D.USER_ID AND C.CATEGORY=D.CATEGORY AND P.ID =D.PROTOCOL_ID AND D.RECORD_NUMBER>" + last_position.ToString() + " ORDER BY RECORD_NUMBER"; L.Log(LogType.FILE, LogLevel.DEBUG, " Query is " + readQuery); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); cmd.CommandTimeout = 1200; L.Log(LogType.FILE, LogLevel.DEBUG, "Finish executing the query"); while (readReader.Read()) { //dbname = readReader.GetString(0).ToString(); rec.LogName = "Websense_7_0 Recorder"; rec.CustomInt6 = Convert.ToInt64(readReader.GetInt64(0)); rec.Datetime = readReader.GetDateTime(1).AddMinutes(zone).ToString("yyyy/MM/dd HH:mm:ss.fff"); if (!readReader.IsDBNull(2)) rec.UserName = readReader.GetString(2).ToString(); if (!readReader.IsDBNull(3)) rec.EventCategory = readReader.GetString(3).ToString(); rec.CustomInt1 = Convert.ToInt32(readReader.GetInt16(4)); if (!readReader.IsDBNull(5)) rec.EventType = readReader.GetString(5).ToString(); if (!readReader.IsDBNull(6)) rec.Description = readReader.GetString(6).ToString(); rec.CustomInt3 = Convert.ToInt32(readReader.GetInt32(7)); //rec.CustomInt9 = Convert.ToInt64(readReader.GetInt64(8)); //rec.CustomInt7 = Convert.ToInt64(readReader.GetInt64(9)); //rec.CustomInt8 = Convert.ToInt64(readReader.GetInt64(10)); try { if (!readReader.IsDBNull(8)) { ip0 = readReader.GetValue(8).ToString(); rec.CustomStr1 = System.Net.IPAddress.Parse(ip0.ToString()).ToString(); } } catch (Exception exc) { L.Log(LogType.FILE, LogLevel.DEBUG, exc.Message + " StackTrace: " + exc.StackTrace); L.Log(LogType.FILE, LogLevel.DEBUG, "Parsed value could not convert to IP. Value : " + ip0); L.Log(LogType.FILE, LogLevel.DEBUG, "Value will be saved in string format.."); rec.CustomStr1 = ip0.ToString(); } try { if (!readReader.IsDBNull(9)) { ip1 = readReader.GetValue(9).ToString(); rec.CustomStr4 = System.Net.IPAddress.Parse(ip1.ToString()).ToString(); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.DEBUG, ex.Message + " StackTrace: " + ex.StackTrace); L.Log(LogType.FILE, LogLevel.DEBUG, "Value will be saved in string format.."); rec.CustomStr4 = ip1.ToString(); } try { if (!readReader.IsDBNull(10)) { ip2 = readReader.GetValue(10).ToString(); rec.CustomStr3 = System.Net.IPAddress.Parse(ip2.ToString()).ToString(); } } catch (Exception ec) { L.Log(LogType.FILE, LogLevel.DEBUG, ec.Message + " StackTrace: " + ec.StackTrace); L.Log(LogType.FILE, LogLevel.DEBUG, "Value will be saved in string format.."); rec.CustomStr3 = ip2.ToString(); } rec.CustomInt5 = Convert.ToInt32(readReader.GetInt32(11)); if (!readReader.IsDBNull(14)) rec.CustomStr5 = readReader.GetString(14).ToString(); if (!readReader.IsDBNull(12)) rec.CustomInt7 = Convert.ToInt64(readReader.GetValue(12).ToString().Trim()); // D.BYTES_SENT if (!readReader.IsDBNull(13)) rec.CustomInt8 = Convert.ToInt64(readReader.GetValue(13).ToString().Trim()); // D.BYTES_RECEIVED try { if (!readReader.IsDBNull(15)) { full_url = readReader.GetString(15).ToString(); //FULL_URL numberofCharecter = full_url.Length; if (numberofCharecter > 900) { L.Log(LogType.FILE, LogLevel.DEBUG, "URL Length is greter than 900 character"); rec.CustomStr6 = full_url.Substring(0, 900); numberofcharecteroverflow = numberofCharecter - 900; rec.CustomStr7 = full_url.Substring(900, numberofcharecteroverflow); L.Log(LogType.FILE, LogLevel.DEBUG, "Second Part is " + numberofcharecteroverflow.ToString()); } else { rec.CustomStr6 = full_url; } } } catch (Exception ec) { L.Log(LogType.FILE, LogLevel.DEBUG, ec.Message + " StackTrace: " + ec.StackTrace); L.Log(LogType.FILE, LogLevel.DEBUG, "Value will be saved in string format.."); rec.CustomStr6 = ""; } L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); last_position = rec.CustomInt6; last_recdate = rec.Datetime; L.Log(LogType.FILE, LogLevel.DEBUG, "Record Number is " + last_position.ToString()); i++; if (i > max_record_send) { cmd.Cancel(); return; } lastFile = wsdb_name_last; if (usingRegistry) Set_Registry(last_position); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_position.ToString(), "", lastFile, "", last_recdate); L.Log(LogType.FILE, LogLevel.DEBUG, "Last File Is -->>" + lastFile); } } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish getting the data"); } #endregion #region else else { bool tablecontrolWSE_URLS = tableControl("WSE_URLS", wsdb_name); bool tablecontrolUSERS = tableControl("USERS", wsdb_name); bool tablecontrolCATEGORY = tableControl("CATEGORY", wsdb_name); bool tablecontrolPROTOCOLS = tableControl("PROTOCOLS", wsdb_name); bool tablecontrolLOG_DETAILS = tableControl("LOG_DETAILS", wsdb_name_last); string messageText = ""; if (!tablecontrolWSE_URLS) { messageText = messageText + " WSE_URLS Table In the " + wsdb_name + " Not Found, "; } if (!tablecontrolUSERS) { messageText = messageText + " USERS Table In the " + wsdb_name + " Not Found, "; } if (!tablecontrolCATEGORY) { messageText = messageText + " CATEGORY Table In the " + wsdb_name + " Not Found, "; } if (!tablecontrolPROTOCOLS) { messageText = messageText + " PROTOCOLS Table In the " + wsdb_name + " Not Found, "; } if (!tablecontrolLOG_DETAILS) { messageText = messageText + " LOG_DETAILS Table In the " + wsdb_name_last + " Not Found, "; } messageText = messageText.Trim(); messageText = messageText.Trim(','); L.Log(LogType.FILE, LogLevel.INFORM, messageText); wsdb_name_last = Get_Ws_Dbname(); } #endregion } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, er.ToString()); } finally { timer1.Enabled = true; L.Log(LogType.FILE, LogLevel.INFORM, "Service Stopped"); Database.Drop(ref cmd); } }
void slog_SyslogEvent(LogMgrEventArgs args) { CustomBase.Rec rec = new CustomBase.Rec(); try { L.Log(LogType.FILE, LogLevel.DEBUG, "Start preparing record"); rec.LogName = "SymantecSmsSyslog Recorder"; rec.EventCategory = "sms"; rec.UserName = "******"; rec.EventType = args.EventLogEntType.ToString(); if (args.Message == "") { L.Log(LogType.FILE, LogLevel.INFORM, "Message is null."); return; } String[] Desc = args.Message.Split(':'); if (Desc.Length < 5) { L.Log(LogType.FILE, LogLevel.ERROR, "Length of message too small: " + args.Message); return; } for (Int32 i = 0; i < Desc.Length; ++i) { Desc[i] = Desc[i].Trim(); } rec.ComputerName = Desc[0] + ":" + Desc[1]; rec.SourceName = args.Source; String[] dateArr = SpaceSplit(Desc[2].TrimStart(rec.SourceName.ToCharArray())); if (dateArr.Length < 3) { L.Log(LogType.FILE, LogLevel.ERROR, "Error parsing message for datetime (text too small): " + args.Message); return; } try { StringBuilder dateString = new StringBuilder(); //Date dateString.Append(dateArr[0]).Append(" ").Append(dateArr[1]).Append(" ").Append(DateTime.Now.Year.ToString()).Append(" "); //Time dateString.Append(dateArr[2]).Append(":").Append(Desc[3]).Append(":").Append(Desc[4].Substring(0, 2)); DateTime dt = DateTime.Parse(dateString.ToString()); rec.Datetime = dt.AddMinutes(zone).ToString("yyyy/MM/dd HH:mm:ss"); } catch (Exception) { L.Log(LogType.FILE, LogLevel.ERROR, "Error parsing datetime text: " + args.Message); return; } try { string codeText = Desc[4].Substring(2).Trim().TrimStart(rec.EventCategory.ToCharArray()).Trim(); if (codeText.Contains("[") && codeText.Contains("]")) { rec.CustomStr1 = codeText.Split('[')[0].Trim(); rec.CustomInt1 = int.Parse(codeText.Split('[')[1].Trim().Split(']')[0].Trim()); } else { rec.CustomStr1 = Desc[4].Substring(2).Trim(); //.TrimStart(rec.EventCategory.ToCharArray()).Trim(); //codeText; rec.CustomInt1 = 0; } } catch (Exception) { L.Log(LogType.FILE, LogLevel.ERROR, "Error parsing code text: " + args.Message); return; } int lastIndexForDesc = 5; if (Desc.Length > 5) { if (Desc[5].Contains("ML-HOST_DISCONNECTED")) { try { rec.UserName = "******"; rec.CustomInt2 = int.Parse(Desc[5].Split(']')[0].TrimStart('[').Trim()); rec.EventCategory = "ML-HOST_DISCONNECTED"; if (Desc[7].ToLower().Contains("disconnected")) { rec.CustomStr10 = Desc[6] + ":" + Desc[7].Split(' ')[0]; //disconnected from } lastIndexForDesc = 6; } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for ML-HOST_DISCONNECTED: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("ML-HOST_CONNECTED")) { try { rec.UserName = "******"; rec.CustomInt2 = int.Parse(Desc[5].Split(']')[0].TrimStart('[').Trim()); rec.EventCategory = "ML-HOST_CONNECTED"; if (Desc[7].ToLower().Contains("connected")) { rec.CustomStr10 = Desc[6] + ":" + Desc[7].Split(' ')[0]; //connected to } lastIndexForDesc = 6; } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for ML-HOST_CONNECTED: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("ML-RECEIVED")) { //195.142.175.69:62754 : mail.info Jul 29 15:19:23 mail ecelerity: [18796] ML-RECEIVED_RECIPIENT: Message ID: E0/0C-18796-B45A23E4, Audit ID: c0a8010e-b7bc5ae00000496c-57-4e32a54bb662, recipient: [email protected] try { rec.UserName = "******"; rec.CustomInt2 = int.Parse(Desc[5].Split(']')[0].TrimStart('[').Trim()); rec.EventCategory = "ML-RECEIVED"; if (Desc[6].Contains("Message ID") && Desc[7].Contains("Audit ID")) { try { rec.CustomStr2 = Desc[8] + ":" + Desc[9].TrimEnd(", from host".ToCharArray()); //Received on if (Desc.Length > 10) { rec.CustomStr10 = Desc[10] + ":" + Desc[11].TrimEnd(", sender".ToCharArray()); //from host rec.CustomStr4 = Desc[12].Split(',')[0]; //sender rec.CustomInt3 = int.Parse(Desc[13].TrimEnd(", Note".ToCharArray())); //size } } catch (Exception ex) { rec.CustomStr2 = Desc[8].TrimEnd(", from host".ToCharArray()); //Received on rec.CustomStr10 = Desc[9].TrimEnd(", sender".ToCharArray()); //from host rec.CustomStr4 = Desc[10].Split(',')[0]; //sender rec.CustomInt3 = int.Parse(Desc[11].TrimEnd(", Note".ToCharArray())); //size } finally { rec.CustomStr5 = Desc[7].Split(',')[0]; //Message ID rec.CustomStr6 = Desc[7].Split(',')[1].TrimStart("Audit ID".ToCharArray()).Trim(); //Audit ID } } lastIndexForDesc = 6; } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for ML-RECEIVED: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("ML-REJECT")) { try { rec.UserName = "******"; rec.CustomInt2 = int.Parse(Desc[5].Split(']')[0].TrimStart('[').Trim()); rec.EventCategory = "ML-REJECT"; if (Desc[6].Contains("Rejection") && Desc[10].Contains("Audit ID")) { rec.CustomStr2 = Desc[7] + ":" + Desc[8].TrimEnd(", sent to host".ToCharArray()); //Rejection on rec.CustomStr10 = Desc[9] + ":" + Desc[10].Split(',')[0] + (Desc[10].Split(',')[1].Contains("Audit ID") ? "" : Desc[10].Split(',')[1]); //sent to host rec.CustomStr6 = Desc[10].Split(',')[1].Contains("Audit ID") ? Desc[10].Split(',')[1].TrimStart("Audit ID".ToCharArray()).Trim() : Desc[10].Split(',')[2].TrimStart("Audit ID".ToCharArray()).Trim(); //Audit ID } lastIndexForDesc = 6; } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for ML-REJECT: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("ML-DELIVERY_ATTEMPT")) { try { rec.UserName = "******"; rec.CustomInt2 = int.Parse(Desc[5].Split(']')[0].TrimStart('[').Trim()); rec.EventCategory = "ML-DELIVERY_ATTEMPT"; if (Desc[6].Contains("Message ID") && Desc[7].Contains("Audit ID")) { rec.CustomStr4 = Desc[8]; //sender rec.CustomStr5 = Desc[7].Split(',')[0]; //Message ID rec.CustomStr6 = Desc[7].Split(',')[1].TrimStart("Audit ID".ToCharArray()).Trim(); //Audit ID } lastIndexForDesc = 6; } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for ML-DELIVERY_ATTEMPT: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("ML-DELIVERY")) { try { rec.UserName = "******"; rec.CustomInt2 = int.Parse(Desc[5].Split(']')[0].TrimStart('[').Trim()); rec.EventCategory = "ML-DELIVERY"; if (Desc[6].Contains("Message ID") && Desc[7].Contains("Audit ID")) { rec.CustomStr10 = Desc[8].TrimEnd(", sender".ToCharArray()); //Delivery succeeded to host rec.CustomStr4 = Desc[9].TrimEnd(", Note".ToCharArray()); //sender rec.CustomStr5 = Desc[7].Split(',')[0]; //Message ID rec.CustomStr6 = Desc[7].Split(',')[1].TrimStart("Audit ID".ToCharArray()).Trim(); //Audit ID } lastIndexForDesc = 6; } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for ML-DELIVERY: " + args.Message + " \nEx: " + ex.Message); return; } } else { if (Desc[5].Contains("|SOURCE|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE SOURCE"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID rec.CustomStr2 = descText[3]; //Mail Source (internal / external) } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message SOURCE: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|ACCEPT|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE ACCEPT"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID rec.CustomStr2 = descText[3] + ":" + Desc[6]; // Mail Server IP Address } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message ACCEPT: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|SUBJECT|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE SUBJECT"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID rec.CustomStr8 = descText[3]; // Subject Text for (int i = 6; i < Desc.Length; i++) { rec.CustomStr8 += ":" + Desc[i]; } if (rec.CustomStr8.Length > 900) { rec.CustomStr8 = rec.CustomStr8.Substring(0, 895) + "..."; L.Log(LogType.FILE, LogLevel.INFORM, "Subject length too long. Only 895 characters taken.."); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message SUBJECT: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|VERDICT|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE VERDICT"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID rec.CustomStr2 = descText[3]; // Mail address for (int i = 4; i < descText.Length; i++) { if (descText[i].Contains("@")) { continue; } rec.CustomStr3 += descText[i] + "/"; } rec.CustomStr3 = rec.CustomStr3.TrimEnd("/".ToCharArray()); // Verdict Text if (rec.CustomStr3.Length > 900) { rec.CustomStr3 = rec.CustomStr3.Substring(0, 895) + "..."; L.Log(LogType.FILE, LogLevel.INFORM, "Verdict length too long. Only 895 characters taken.."); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message VERDICT: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|IRCPTACTION|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE IRCPTACTION"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID for (int i = 3; i < descText.Length - 1; i++) { rec.CustomStr2 += descText[i] + ","; } rec.CustomStr2 = rec.CustomStr2.TrimEnd(",".ToCharArray()); // Recipient Addresses rec.CustomStr3 = descText[descText.Length - 1]; // Action if (rec.CustomStr3.Length > 900) { rec.CustomStr3 = rec.CustomStr3.Substring(0, 895) + "..."; L.Log(LogType.FILE, LogLevel.INFORM, "Action length too long. Only 895 characters taken.."); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message IRCPTACTION: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|DELIVER|")) { try { rec.UserName = "******"; string[] descText = args.Message.Split('|'); rec.EventCategory = "MESSAGE DELIVER"; rec.CustomStr5 = descText[descText.Length - 5].Split(':')[descText[descText.Length - 5].Split(':').Length - 1]; //Message ID rec.CustomStr6 = descText[descText.Length - 4]; //Audit ID rec.CustomStr2 = descText[descText.Length - 2]; // Mail Server IP Address rec.CustomStr3 = descText[descText.Length - 1]; // Recipient Address //dali //rec.UserName = "******"; //string[] descText = Desc[5].Split('|'); //rec.EventCategory = "MESSAGE DELIVER"; //rec.CustomStr5 = descText[0]; //Message ID //rec.CustomStr6 = descText[1]; //Audit ID //rec.CustomStr2 = descText[3]; // Mail Server IP Address //rec.CustomStr3 = descText[4]; // Recipient Address } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message DELIVER: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|SENDER|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE SENDER"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID if (descText[3] == "\\") { if (descText.Length > 4) { rec.CustomStr4 = descText[4]; // Sender Address } else { rec.CustomStr4 = "\\"; // Sender Address } } else { rec.CustomStr4 = descText[3]; // Sender Address } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message SENDER: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|ORCPTS|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE ORCPTS"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID for (int i = 3; i < descText.Length; i++) { rec.CustomStr3 += descText[i] + ","; } rec.CustomStr3 = rec.CustomStr3.TrimEnd(",".ToCharArray()); // Recipient Addresses if (rec.CustomStr3.Length >= 6300) { rec.CustomStr4 = rec.CustomStr3.Substring(900, 900); rec.CustomStr7 = rec.CustomStr3.Substring(1800, 900); rec.CustomStr8 = rec.CustomStr3.Substring(2700, 900); rec.CustomStr9 = rec.CustomStr3.Substring(3600, 900); rec.CustomStr10 = rec.CustomStr3.Substring(4500, 900); rec.CustomStr2 = rec.CustomStr3.Substring(5400, 900); rec.CustomStr3 = rec.CustomStr3.Substring(0, 900); L.Log(LogType.FILE, LogLevel.INFORM, "Recipient length longer than 6300. Only 6300 characters taken and data has been shared among other table fields.."); } else if (rec.CustomStr3.Length >= 5400) { rec.CustomStr4 = rec.CustomStr3.Substring(900, 900); rec.CustomStr7 = rec.CustomStr3.Substring(1800, 900); rec.CustomStr8 = rec.CustomStr3.Substring(2700, 900); rec.CustomStr9 = rec.CustomStr3.Substring(3600, 900); rec.CustomStr10 = rec.CustomStr3.Substring(4500, 900); rec.CustomStr2 = rec.CustomStr3.Substring(5400, rec.CustomStr3.Length - 5400); rec.CustomStr3 = rec.CustomStr3.Substring(0, 900); L.Log(LogType.FILE, LogLevel.INFORM, "Recipient length longer than 5400. Data has been shared among other table fields.."); } else if (rec.CustomStr3.Length >= 4500) { rec.CustomStr4 = rec.CustomStr3.Substring(900, 900); rec.CustomStr7 = rec.CustomStr3.Substring(1800, 900); rec.CustomStr8 = rec.CustomStr3.Substring(2700, 900); rec.CustomStr9 = rec.CustomStr3.Substring(3600, 900); rec.CustomStr10 = rec.CustomStr3.Substring(4500, rec.CustomStr3.Length - 4500); rec.CustomStr3 = rec.CustomStr3.Substring(0, 900); L.Log(LogType.FILE, LogLevel.INFORM, "Recipient length longer than 4500. Data has been shared among other table fields."); } else if (rec.CustomStr3.Length >= 3600) { rec.CustomStr4 = rec.CustomStr3.Substring(900, 900); rec.CustomStr7 = rec.CustomStr3.Substring(1800, 900); rec.CustomStr8 = rec.CustomStr3.Substring(2700, 900); rec.CustomStr9 = rec.CustomStr3.Substring(3600, rec.CustomStr3.Length - 3600); rec.CustomStr3 = rec.CustomStr3.Substring(0, 900); L.Log(LogType.FILE, LogLevel.INFORM, "Recipient length longer than 3600. Data has been shared among other table fields."); } else if (rec.CustomStr3.Length >= 2700) { rec.CustomStr4 = rec.CustomStr3.Substring(900, 900); rec.CustomStr7 = rec.CustomStr3.Substring(1800, 900); rec.CustomStr8 = rec.CustomStr3.Substring(2700, rec.CustomStr3.Length - 2700); rec.CustomStr3 = rec.CustomStr3.Substring(0, 900); L.Log(LogType.FILE, LogLevel.INFORM, "Recipient length longer than 2700. Data has been shared among other table fields."); } else if (rec.CustomStr3.Length >= 1800) { rec.CustomStr4 = rec.CustomStr3.Substring(900, 900); rec.CustomStr7 = rec.CustomStr3.Substring(1800, rec.CustomStr3.Length - 1800); rec.CustomStr3 = rec.CustomStr3.Substring(0, 900); L.Log(LogType.FILE, LogLevel.INFORM, "Recipient length longer than 1800. Data has been shared among other table fields."); } else if (rec.CustomStr3.Length > 900) { rec.CustomStr4 = rec.CustomStr3.Substring(900, rec.CustomStr3.Length - 900); rec.CustomStr3 = rec.CustomStr3.Substring(0, 900); L.Log(LogType.FILE, LogLevel.INFORM, "Recipient length longer than 900. Data has been shared among other table fields."); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message ORCPTS: " + args.Message + " \nEx: " + ex.Message); return; } } else if (Desc[5].Contains("|ATTACH|")) { try { rec.UserName = "******"; string[] descText = Desc[5].Split('|'); rec.EventCategory = "MESSAGE ATTACH"; rec.CustomStr5 = descText[0]; //Message ID rec.CustomStr6 = descText[1]; //Audit ID for (int i = 3; i < descText.Length; i++) { rec.CustomStr3 += descText[i] + ","; } rec.CustomStr3 = rec.CustomStr3.TrimEnd(",".ToCharArray()); // Attached Documents if (rec.CustomStr3.Length > 900) { rec.CustomStr3 = rec.CustomStr3.Substring(0, 895) + "..."; L.Log(LogType.FILE, LogLevel.INFORM, "Attachment length too long. Only 895 characters taken.."); } } catch (Exception ex) { L.Log(LogType.FILE, LogLevel.ERROR, "Unknown format for message ATTACH: " + args.Message + " \nEx: " + ex.Message); return; } } else { rec.UserName = "******"; L.Log(LogType.FILE, LogLevel.DEBUG, "Just put in description column. Ignored format: " + args.Message); } lastIndexForDesc = 5; } } else { L.Log(LogType.FILE, LogLevel.DEBUG, "Just put in description column. Very short message: " + args.Message); lastIndexForDesc = 5; } for (int i = lastIndexForDesc; i < Desc.Length; i++) { rec.Description += Desc[i] + ":"; } rec.Description = rec.Description.TrimEnd(":".ToCharArray()); if (rec.Description.Length > 900) { rec.Description = rec.Description.Substring(0, 900); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish preparing record"); L.Log(LogType.FILE, LogLevel.DEBUG, "Start sending Data"); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); s.SetReg(Id, rec.Datetime, "", "", "", rec.Datetime); } L.Log(LogType.FILE, LogLevel.DEBUG, "Finish Sending Data"); } catch (Exception er) { L.LogTimed(LogType.FILE, LogLevel.ERROR, er.ToString()); } }
public CustomBase.Rec createRec() { CustomBase.Rec rec = new CustomBase.Rec(); rec.SourceName = sourceName; rec.Datetime = dateTime; rec.UserName = userName; rec.LogName = log_Name; rec.EventType = event_Type; rec.CustomInt1 = nas_port; rec.CustomInt2 = task_Id; rec.CustomInt3 = system_Memory_Usage; rec.CustomInt4 = system_Free_Disk_Space; rec.CustomInt5 = system_Cpu_Usage; rec.CustomInt6 = Convert.ToInt64(priv_lvl); rec.CustomInt9 = Convert.ToInt64(sourceportNumber); rec.CustomStr1 = acct_session_Id; rec.CustomStr2 = group_Name; rec.CustomStr3 = calling_station_Id; rec.CustomStr4 = framed_ip_Address; rec.CustomStr5 = nas_ip_Address; rec.CustomStr6 = acct_status_Type; rec.CustomStr7 = logType; rec.CustomStr8 = authen_failure_Code; rec.CustomStr9 = caller_Id; rec.CustomStr10 = message_Id; rec.Description = createDescription(); return rec; }
private void timer1_Tick(object sender, System.Timers.ElapsedEventArgs e) { string readQuery = ""; long datacount = 0; int actionType = 0; timer1.Enabled = false; Rec rec = new CustomBase.Rec(); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is Started"); IDataReader readReader = null; DbCommand cmd = null; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Dal: " + Dal); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> virtualhost: " + virtualhost); try { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start executing the query"); readQuery = "SELECT MAX(ID) AS ID From NATEK.V_LOG"; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> db_name : " + db_name); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readReader sonrası."); cmd.CommandTimeout = 2000; readReader.Read(); datacount = Convert_To_Int64(readReader[0].ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> datacount" + datacount); readReader.Close(); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Total data count in sys.enbs_audit table : " + datacount.ToString(CultureInfo.InvariantCulture)); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Last data number read from sys.enbs_audit table is : " + last_recordnum.ToString(CultureInfo.InvariantCulture)); if (datacount < last_recordnum) { last_recordnum = 0; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> sys.enbs_audit table is truncated. Started to read at the beginning."); } /* Onur Sarıkaya tarafından Struct altına alınıp posizyon takibi sağlanmıştır. */ //long currentPosition = Convert.ToInt64(last_recordnum) + Convert.ToInt64(max_record_send); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Last data number read from sys.enbs_audit table is : " + last_recordnum.ToString(CultureInfo.InvariantCulture)); //if (RecordFields.rowCount!=0) if (last_recordnum != 0) { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> rowCount !0"); RecordFields.currentPosition = Convert.ToInt64(last_recordnum) + Convert.ToInt64(max_record_send); } if (last_recordnum == 0) { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision == 0 "); readQuery = "SELECT ID, HOST, IPADDRESS, MODULE, ORALOGINUSER, OSUSER, SISDATE, TERM FROM NATEK.V_LOG WHERE ID > 0 and ID <= " + RecordFields.currentPosition + " ORDER BY ID ASC"; } else { L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> is Last Pozision != 0 "); readQuery = "SELECT ID, HOST, IPADDRESS, MODULE, ORALOGINUSER, OSUSER, SISDATE, TERM FROM NATEK.V_LOG WHERE ID > " + last_recordnum + " and ID <= " + RecordFields.currentPosition + " ORDER BY ID ASC"; } cmd = null; L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> readQuery : " + readQuery); readReader = Database.ExecuteReader(db_name, readQuery, CommandBehavior.CloseConnection, out cmd); cmd.CommandTimeout = 2000; L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Finish executing the query. Query : " + readQuery); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Count: " + readReader.FieldCount.ToString()); RecordFields.rowCount = 0; while (readReader.Read()) { rec.LogName = "ATOOracleAuditV_1_0_0Recorder"; try// { string sisDate = Convert_To_String(readReader["SISDATE"]); DateTime dt; dt = Convert.ToDateTime(sisDate); rec.Datetime = dt.ToString(dateFormat); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Date_Time: " + rec.Datetime); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Date_Time: " + exception.ToString()); } try// { rec.Recordnum = Convert_To_Int32(readReader["ID"].ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Recordnum: " + rec.Recordnum); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Recordnum: " + exception.ToString()); } try// { rec.UserName = Convert_To_String(readReader["OSUSER"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> UserName: "******" timer1_Tick -->> UserName: "******"MODULE"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> EventType: " + rec.EventType); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> EventType: " + exception.ToString()); } try// { rec.CustomStr1 = Convert_To_String(readReader["TERM"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr1: " + rec.CustomStr1); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> CustomStr1: " + exception.ToString()); } try// { rec.CustomStr2 = Convert_To_String(readReader["ORALOGINUSER"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr1: " + rec.CustomStr2); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> CustomStr1: " + exception.ToString()); } try// { rec.CustomStr4 = Convert_To_String(readReader["IPADDRESS"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr4: " + rec.CustomStr4); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> CustomStr4: " + exception.ToString()); } try// { rec.CustomStr5 = Convert_To_String(readReader["HOST"]); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> CustomStr5: " + rec.CustomStr5); } catch (Exception exception) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> CustomStr5: " + exception.ToString()); } rec.Description = Convert_To_String(readReader["ID"]) + " | " + Convert_To_String(readReader["HOST"]) + " | " + Convert_To_String(readReader["IPADDRESS"]) + " | " + Convert_To_String(readReader["MODULE"]) + " | " + Convert_To_String(readReader["ORALOGINUSER"]) + " | " + Convert_To_String(readReader["OSUSER"]) + " | " + Convert_To_String(readReader["SISDATE"]) + " | " + Convert_To_String(readReader["TERM"]); last_recordnum = Convert_To_Int64(readReader["ID"].ToString()); L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Start sending Data. Last Record Number : " + last_recordnum); if (usingRegistry) { CustomServiceBase s = base.GetInstanceService("Security Manager Sender"); s.SetData(rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Sender -->> : "); } else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetData(Dal, virtualhost, rec); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder -->> : "); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder DAL : -->> : " + Dal); L.Log(LogType.FILE, LogLevel.DEBUG, " Security Manager Remote Recorder virtualhost : -->> : " + virtualhost); } L.Log(LogType.FILE, LogLevel.DEBUG, " timer1_Tick -->> Finish Sending Data"); LastRecordDate = rec.Datetime; if (usingRegistry) Set_Registry(last_recordnum); else { CustomServiceBase s = base.GetInstanceService("Security Manager Remote Recorder"); s.SetReg(Id, last_recordnum.ToString(), "", "", "", LastRecordDate); } RecordFields.rowCount++; } if (RecordFields.rowCount == 0 && datacount > last_recordnum) { RecordFields.currentPosition = RecordFields.currentPosition + max_record_send; } } catch (Exception er) { L.Log(LogType.FILE, LogLevel.ERROR, " timer1_Tick -->> Error : " + er.ToString()); } finally { readReader.Close(); timer1.Enabled = true; Database.Drop(ref cmd); L.Log(LogType.FILE, LogLevel.INFORM, " timer1_Tick -->> Timer is finished."); } }