protected void SendToSyslog(SyslogMessage message, ISyslogMessageSerializer serializer) { int priority = CalculatePriorityValue(message.Facility, message.Severity); serializer = EnsureValidSerializer(serializer); byte[] data = serializer.Serialize(message); syslog(priority, "%s", data); }
public void Send(IEnumerable <SyslogMessage> messages, ISyslogMessageSerializer serializer) { // Slightly tricky, since we need to get the appName out of the first message before // looping, so we can't just use foreach(). Using an explicit iterator works, though. IntPtr ident = IntPtr.Zero; using (IEnumerator <SyslogMessage> iterator = messages.GetEnumerator()) { try { if (iterator.MoveNext()) { SyslogMessage message = iterator.Current; ident = MarshalIdent(message.AppName); openlog(ident, (int)SyslogOptions.LogPid, CalculatePriorityValue(message.Facility, 0)); SendToSyslog(message, serializer); } while (iterator.MoveNext()) { SendToSyslog(iterator.Current, serializer); } } finally { closelog(); DisposeOfIdent(ident); } } }
public static void Main(string[] args) { try { var options = new Options(); if (new CommandLineParser().ParseArguments(args, options)) { // string exceptionMessage = CreateExceptionMessageLevel1(); ISyslogMessageSerializer serializer = options.SyslogVersion == "5424" ? (ISyslogMessageSerializer) new SyslogRfc5424MessageSerializer() : new SyslogRfc3164MessageSerializer(); ISyslogMessageSender sender = options.NetworkProtocol == "tcp" ? (ISyslogMessageSender) new SyslogEncryptedTcpSender(options.SyslogServerHostname, options.SyslogServerPort) : new SyslogUdpSender(options.SyslogServerHostname, options.SyslogServerPort); SyslogMessage msg1 = CreateSyslogMessage(options); sender.Send(msg1, serializer); Console.WriteLine("Sent message 1"); Thread.Sleep(5000); SyslogMessage msg2 = CreateSyslogMessage(options); sender.Send(msg2, serializer); Console.WriteLine("Sent message 2"); } } catch (Exception ex) { Console.WriteLine("ERROR: " + ex); } }
private static void Server_MessageReceived(object sender, MessageReceivedArgs e) { var receivedData = Encoding.ASCII.GetString(e.Data, 0, e.Data.Length); var msg = SyslogMessage.Parse(e.IPEndPoint, receivedData); Console.WriteLine(msg.ToString()); }
public void TestWritingToQueuingWriter() { var msg = new SyslogMessage { Facility = SyslogFacility.ClockDaemon1, Severity = SyslogSeverity.Alert }; var mockRepo = new MockRepository(MockBehavior.Strict); Mock <ISyslogMessageWriter> syslogMessageWriterMock = mockRepo.Create <ISyslogMessageWriter>(); using (AutoResetEvent evt = new AutoResetEvent(false)) { syslogMessageWriterMock.Setup(w => w.Write(msg)).Callback(() => { // ReSharper disable once AccessToDisposedClosure evt.Set( ); }); var queuingWriter = new SyslogQueueingMessageWriter(syslogMessageWriterMock.Object, 2); queuingWriter.Write(msg); evt.WaitOne(3000); } mockRepo.VerifyAll(); }
/// <summary> /// Parses the <see cref="SyslogMessage"/> into its individual data fields. /// </summary> /// <param name="message">The <see cref="SyslogMessage"/> to process.</param> /// <returns>Returns a string array of the parsed fields. Returns <see cref="null"/> if there is an error processing the messages.</returns> string[] IParser.Parse(SyslogMessage message) { if (message == null || message.Message == null) { return(null); } string[] msgParts = message.Message.Split(' '); string[] msg = null; if (msgParts.Length >= 26) { msg = new string[18]; msg[0] = message.Timestamp.ToString(); //MsgDateTime msg[1] = msgParts[3]; //SourceIP msg[2] = msgParts[4]; //DestIP msg[3] = msgParts[5]; //ContentType msg[4] = msgParts[7]; //URL msg[5] = msgParts[10]; //Action msg[6] = msgParts[11]; //Reason msg[7] = msgParts[13]; //FormatVersion msg[8] = msgParts[14]; //MatchFlag msg[9] = msgParts[15]; //TQFlag msg[10] = msgParts[16]; //ActionType msg[11] = msgParts[17]; //SrcType //SrcDetail int srcDetailPartsCount; if (msgParts[18].Contains("(") && msgParts[18].Contains(")")) { srcDetailPartsCount = 0; msg[12] = msgParts[18].Replace("(", string.Empty).Replace(")", string.Empty); } else { srcDetailPartsCount = -1; do { srcDetailPartsCount++; msg[12] += msgParts[18 + srcDetailPartsCount] + " "; } while (!msgParts[18 + srcDetailPartsCount].Contains(")")); msg[12] = msg[12].TrimEnd(' '); msg[12] = msg[12].Replace("(", string.Empty).Replace(")", string.Empty); msg[12] = msg[12].Substring(msg[12].IndexOf(':') + 1, msg[12].Length - 1 - msg[12].IndexOf(':')); } msg[13] = msgParts[19 + srcDetailPartsCount]; //DestType msg[14] = msgParts[21 + srcDetailPartsCount]; //SpyType msg[15] = msgParts[24 + srcDetailPartsCount]; //MatchedPart msg[16] = msgParts[25 + srcDetailPartsCount]; //MatchedCategory //UserInfo msg[17] = msgParts[26 + srcDetailPartsCount].Substring(msgParts[26 + srcDetailPartsCount].IndexOf(':') + 1, msgParts[26 + srcDetailPartsCount].Length - 1 - msgParts[26 + srcDetailPartsCount].IndexOf(':') - 1); } return(msg); }
static void SendMessage(EventRecordWrittenEventArgs e) { lock (monitor) { try { String message = e.EventRecord.ToXml(); ISyslogMessageSerializer serializer = (ISyslogMessageSerializer) new SyslogRfc5424MessageSerializer(); //: options.SyslogVersion == "3164" // ? (ISyslogMessageSerializer)new SyslogRfc3164MessageSerializer() // : (ISyslogMessageSerializer)new SyslogLocalMessageSerializer(); SyslogMessage msg1 = CreateSyslogMessage(e); // System.Diagnostics.Trace.WriteLine(e.EventRecord.ToXml()); Console.WriteLine("New Event " + e.EventRecord.Id + "\n"); //msg1= if (client == null) { client = (ISyslogMessageSender) new SyslogTcpSender(syslogServerHostname, port); } client.Send(msg1, serializer); } catch (Exception ex) { // monitor = "0"; Console.WriteLine("Eroare 10 " + ex.Message); } } }
bool IFilter.IsMatch(SyslogMessage message) { SyslogAttributes attrs = message.GetAdvancedAttributes(); if (Host != null) { if (Host != (message.Host ?? string.Empty)) { return(false); } } if (Process != null) { if (Process != (message.ProcessID ?? string.Empty)) { return(false); } } if (Logger != null) { if (Logger != (attrs.LogName ?? string.Empty)) { return(false); } } if (Module != null) { if (Module != (attrs.ModuleName ?? string.Empty)) { return(false); } } if (Class != null) { if (Class != (attrs.ClassName ?? string.Empty)) { return(false); } } if (Method != null) { if (Method != (attrs.MethodName ?? string.Empty)) { return(false); } } if (FfdaOnly) { return((message.MessageId == "FFDA" && message.Severity == SyslogSeverity.Info) || (message.MessageId == "HEARTBEAT" && message.Severity == SyslogSeverity.Debug)); } return(true); }
// syslog 형식에 맞춰서 메시지를 만든 후 udp로 asyncronous 하게 전송 public static async void portableSyslogUdpSend(String host, int port, String msg) { var process = Process.GetCurrentProcess(); SyslogRfc5424MessageSerializer syslogRfc5424MessageSerializerUtf8 = new SyslogRfc5424MessageSerializer(Encoding.UTF8); // making syslog(rfc5424, rfc3164) message format var message = new SyslogMessage(DateTime.Now, facility: Facility.UserLevelMessages, severity: Severity.Debug, hostName: process.MachineName, procId: process.Id.ToString(), appName: process.ProcessName, msgId: "hyundai motors security log", message: msg); try { // asynchronous communication because of performance using (var sender = new AsyncSyslogUdpSender(host, port)) { await sender.ConnectAsync(); await sender.SendAsync(message, syslogRfc5424MessageSerializerUtf8); await sender.DisconnectAsync(); } } catch (Exception e) { _localLog.WriteEntry("upd send error : " + e.ToString(), EventLogEntryType.Error); } }
protected void Send(SyslogMessage message, ISyslogMessageSerializer serializer, bool flush = true) { if (transportStream == null) { throw new System.IO.IOException("No transport stream exists"); } using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream()) { byte[] datagramBytes = serializer.Serialize(message); if (messageTransfer.Equals(MessageTransfer.OctetCounting)) { byte[] messageLength = System.Text.Encoding.ASCII.GetBytes(datagramBytes.Length.ToString(System.Globalization.CultureInfo.InvariantCulture)); memoryStream.Write(messageLength, 0, messageLength.Length); memoryStream.WriteByte(32); // Space } memoryStream.Write(datagramBytes, 0, datagramBytes.Length); if (messageTransfer.Equals(MessageTransfer.NonTransparentFraming)) { memoryStream.WriteByte(trailer); // LF } transportStream.Write(memoryStream.GetBuffer(), 0, (int)memoryStream.Length); } if (flush && !(transportStream is System.Net.Sockets.NetworkStream)) { transportStream.Flush(); } }
protected override void OnMessageReceived(SyslogMessage message) { if (OnServerMessageReceived != null) { OnServerMessageReceived(message); } }
protected void Send(SyslogMessage message, ISyslogMessageSerializer serializer, bool flush = true) { if (transportStream == null) { throw new IOException("No transport stream exists"); } var datagramBytes = serializer.Serialize(message); if (messageTransfer.Equals(MessageTransfer.OctetCounting)) { byte[] messageLength = Encoding.ASCII.GetBytes(datagramBytes.Length.ToString()); transportStream.Write(messageLength, 0, messageLength.Length); transportStream.WriteByte(32); // Space } transportStream.Write(datagramBytes, 0, datagramBytes.Length); if (messageTransfer.Equals(MessageTransfer.NonTransparentFraming)) { transportStream.WriteByte(trailer); // LF } if (flush && !(transportStream is NetworkStream)) { transportStream.Flush(); } }
public string[] Parse(SyslogMessage message) { Trace.WriteLine("Parsing message"); lock (typeRegex) { if (message == null || String.IsNullOrWhiteSpace(message.Message)) { Trace.WriteLine("Empty message"); return(null); } // Is this an interesting message? if (!typeRegex.IsMatch(message.Message) || !subtypeRegex.IsMatch(message.Message)) { Trace.WriteLine("Message rejected - no regex match"); return(null); } // Get the bits we want string[] result = new string[5]; result[0] = message.Timestamp.ToString("yyyy-MM-dd HH:mm:ss"); result[1] = srcRegex.Match(message.Message).Groups[1].Value; result[2] = dstRegex.Match(message.Message).Groups[1].Value; result[3] = sentRegex.Match(message.Message).Groups[1].Value; result[4] = rcvdRegex.Match(message.Message).Groups[1].Value; Trace.WriteLine("Message parsed"); return(result); } }
public void SubmitMessageTest() { using (SyslogTlsReceiver receiver = new SyslogTlsReceiver { Port = 7614, Log = new SimpleLogImpl(new NullCollector()) }) { receiver.MessageReceived += (sender, e) => _messageReceived.Set(); receiver.Start(); using (SyslogTlsCollector target = new SyslogTlsCollector { Configuration = new Dictionary <string, string> { { "host", "localhost" }, { "port", "7614" } } }) { SyslogMessage message = new SyslogMessage("localhost", SyslogFacility.Local0, SyslogSeverity.Critical, "Hello log!"); ((ILogCollector)target).SubmitMessage(message); if (!_messageReceived.WaitOne(5000)) { Assert.Fail("Waiting too much..."); } } } }
public SyslogMessage Parse(string text) { if (text == null) { return(null); } SyslogMessage result = new SyslogMessage(); Regex rfc3164 = new Regex("^" + RFC3164Format + "$", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.IgnorePatternWhitespace); Regex rfc5424 = new Regex("^" + RFC5424Format + "$", RegexOptions.IgnoreCase | RegexOptions.CultureInvariant | RegexOptions.IgnorePatternWhitespace); text = text.Trim(); Match m = rfc3164.Match(text); if (m.Success) { GetRFC3164Results(result, m); return(result); } else { m = rfc5424.Match(text); if (m.Success) { GetRFC5424Results(result, m); return(result); } } return(null); }
private void t2_thread_Client(object Logbus) { try { ILogBus ctrl = Logbus as ILogBus; ctrl.CreateChannel("simple", "Simple", new TrueFilter(), "Very simple channel", 0); Dictionary <string, string> input; input = new Dictionary <string, string>(); IEnumerable <KeyValuePair <string, string> > output; input.Add("ip", "127.0.0.1"); input.Add("port", t2_client_port.ToString()); string clientid = ctrl.SubscribeClient("simple", "udp", input, out output); TestContext.WriteLine("Client ID obtained by logbus: {0}", clientid); //Go ahead and send t2_step1.Set(); //Only 6 messages expected IPEndPoint remote_ep = new IPEndPoint(IPAddress.Any, 0); using (UdpClient client = new UdpClient(t2_client_port)) { byte[] payload = client.Receive(ref remote_ep); TestContext.WriteLine("Time occurred for a message to traverse the bus: {0} milliseconds", (DateTime.Now - t2_start).TotalMilliseconds.ToString(CultureInfo.CurrentUICulture)); SyslogMessage msg = SyslogMessage.Parse(payload); } ctrl.UnsubscribeClient(clientid); t2_finish.Set(); } catch (Exception ex) { Assert.Fail("Test failed: {0}", ex); } }
private void t1_thread_Client(object Logbus) { try { ILogBus ctrl = Logbus as ILogBus; ctrl.CreateChannel("simple", "Simple", new TrueFilter(), "Very simple channel", 0); Dictionary <string, string> input; input = new Dictionary <string, string>(); IEnumerable <KeyValuePair <string, string> > output; input.Add("ip", "127.0.0.1"); input.Add("port", t1_client_port.ToString()); string clientid = ctrl.SubscribeClient("simple", "udp", input, out output); TestContext.WriteLine("Client ID obtained by logbus: {0}", clientid); //Go ahead and send t1_step1.Set(); //Only 6 messages expected IPEndPoint remote_ep = new IPEndPoint(IPAddress.Any, 0); using (UdpClient client = new UdpClient(t1_client_port)) for (int i = 0; i < 5; i++) { byte[] payload = client.Receive(ref remote_ep); SyslogMessage msg = SyslogMessage.Parse(payload); Assert.AreEqual(SyslogFacility.Audit, msg.Facility); } ctrl.UnsubscribeClient(clientid); t1_finish.Set(); } catch (Exception ex) { Assert.Fail("Test failed: {0}", ex); } }
/// <summary> /// Implements ILogCollector.SubmitMessage /// </summary> public void SubmitMessage(SyslogMessage message) { if (MessageReceived != null) { MessageReceived(this, new SyslogMessageEventArgs(message)); } }
[Test] public void MessageLength() { string host = "localhost"; string message = new string('x', 2048); SyslogMessage m = new SyslogMessage(host, message); Assert.AreEqual(1024, m.ToString().Length, "Max message Length"); }
private void thread_Client(object Logbus) { try { ILogBus ctrl = Logbus as ILogBus; ctrl.CreateChannel("simple", "Simple", new TrueFilter(), "Very simple channel", 0); Dictionary <string, string> input; input = new Dictionary <string, string>(); IEnumerable <KeyValuePair <string, string> > output; input.Add("ip", "127.0.0.1"); input.Add("port", MONITOR_PORT.ToString()); string clientid = ctrl.SubscribeClient("simple", "udp", input, out output); TestContext.WriteLine("Client ID obtained by logbus: {0}", clientid); //Go ahead and send step1.Set(); IPEndPoint remote_ep = new IPEndPoint(IPAddress.Any, 0); using (UdpClient client = new UdpClient(MONITOR_PORT)) { byte[] payload = client.Receive(ref remote_ep); SyslogMessage msg = SyslogMessage.Parse(payload); TestContext.WriteLine("Message1: {0}", msg); payload = client.Receive(ref remote_ep); msg = SyslogMessage.Parse(payload); TestContext.WriteLine("Message2: {0}", msg); } ctrl.UnsubscribeClient(clientid); finish.Set(); } catch (Exception ex) { Assert.Fail("Test failed: {0}", ex); } }
public string[] Parse(SyslogMessage message) { lock (colMatchers) { if (message == null || String.IsNullOrWhiteSpace(message.Message)) { return(null); } // Is this an interesting message? if (acceptRegex != null && !acceptRegex.IsMatch(message.Message)) { return(null); } // Date is always column 0 string[] result = new string[] { message.Timestamp.ToUniversalTime().ToString("yyyy-MM-DD hh:mm:ss") }; // Get the bits we want result = result.Concat( colMatchers.Select(regex => { Match match = regex.Match(message.Message); return(match != null ? match.Value : null); } )).ToArray(); return(result); } }
private static void UsingSyslog() { var payload = new LogEntity { IntField = 7, LongField = 1200400, StringField = "Connection error with endpoint", }; ISyslogMessageSender sender = new SyslogUdpSender(syslogAddress, syslogPort); ISyslogMessageSerializer serializer = new SyslogRfc5424MessageSerializer(); var msg = new SyslogMessage( DateTimeOffset.Now, //DatetimeOffset Facility.UserLevelMessages, //Facility Severity.Debug, //Severity Environment.MachineName, //HostName "Open", //Appname "0", //ProcId "0", //MsgId JsonConvert.SerializeObject(payload) //Message ); for (int counter = 0; counter < 1; counter++) { sender.Send(msg, new SyslogRfc5424MessageSerializer()); } }
void ILogCollector.SubmitMessage(SyslogMessage message) { if (_disposed) { throw new ObjectDisposedException(GetType().FullName); } _queue.Enqueue(message); if (!_configured) { if (string.IsNullOrEmpty(_host)) { throw new InvalidOperationException("Unable to use SyslogTlsCollector without host name"); } else { lock (this) if (!_configured) { _deliveryThread.Start(); _configured = true; } } } }
void ILogCollector.SubmitMessage(SyslogMessage message) { using (StreamWriter sw = new StreamWriter(File.Open(_absoluteFilePath, FileMode.Append, FileAccess.Write, FileShare.Write))) { sw.WriteLine(message.ToRfc5424String()); } }
/// <summary> /// Heartbeat callback /// </summary> /// <param name="state"></param> private void HeartbeatCallback(object state) { try { if (Collector != null) { String host = Environment.MachineName; String procid = Process.GetCurrentProcess().Id.ToString(CultureInfo.InvariantCulture); String appname = Process.GetCurrentProcess().ProcessName; SyslogMessage msg = new SyslogMessage(host, Facility, SyslogSeverity.Debug, null) { ProcessID = procid, ApplicationName = appname, MessageId = "HEARTBEAT" }; PreProcessMessage(msg); msg.Data.Remove("origin"); msg.Data.Remove("timeQuality"); if (msg.Data["meta"].ContainsKey("syUpTime")) { msg.Data["meta"].Remove("sysUpTime"); } Collector.SubmitMessage(msg); } } catch { } }
protected void Send(SyslogMessage message, ISyslogMessageSerializer serializer, bool flush = true) { if(transportStream == null) { throw new IOException("No transport stream exists"); } var datagramBytes = serializer.Serialize(message); if (messageTransfer.Equals(MessageTransfer.OctetCounting)) { byte[] messageLength = Encoding.ASCII.GetBytes(datagramBytes.Length.ToString()); transportStream.Write(messageLength, 0, messageLength.Length); transportStream.WriteByte(32); // Space } transportStream.Write(datagramBytes, 0, datagramBytes.Length); if (messageTransfer.Equals(MessageTransfer.NonTransparentFraming)) { transportStream.WriteByte(trailer); // LF } if (flush && !(transportStream is NetworkStream)) transportStream.Flush(); }
public void Serialize(SyslogMessage message, System.IO.Stream stream) { int priorityValue = CalculatePriorityValue(message.Facility, message.Severity); string timestamp = null; if (message.DateTimeOffset.HasValue) { System.DateTimeOffset dt = message.DateTimeOffset.Value; string day = dt.Day < 10 ? " " + dt.Day.ToString(System.Globalization.CultureInfo.InvariantCulture) : dt.Day.ToString(System.Globalization.CultureInfo.InvariantCulture); // Yes, this is stupid but it's in the spec timestamp = string.Concat(dt.ToString("MMM' '", System.Globalization.CultureInfo.InvariantCulture), day, dt.ToString("' 'HH':'mm':'ss", System.Globalization.CultureInfo.InvariantCulture)); } System.Text.StringBuilder headerBuilder = new System.Text.StringBuilder(); headerBuilder.Append("<").Append(priorityValue).Append(">"); headerBuilder.Append(timestamp).Append(" "); headerBuilder.Append(message.HostName).Append(" "); headerBuilder.Append(message.AppName.IfNotNullOrWhitespace(x => x.EnsureMaxLength(32) + ":")); if (!this.m_useUtf8) { headerBuilder.Append(message.Message ?? ""); } byte[] asciiBytes = System.Text.Encoding.ASCII.GetBytes(headerBuilder.ToString()); stream.Write(asciiBytes, 0, asciiBytes.Length); if (this.m_useUtf8) { stream.Write(System.Text.Encoding.UTF8.GetPreamble(), 0, System.Text.Encoding.UTF8.GetPreamble().Length); asciiBytes = System.Text.Encoding.UTF8.GetBytes(message.Message ?? ""); stream.Write(asciiBytes, 0, asciiBytes.Length); } }
/// <summary> /// Send event to Syslog /// </summary> /// <returns></returns> public bool SendLog(string _server, string _port, string msg) { Options options = new Options(); options.SyslogServerHostname = _server; options.SyslogServerPort = Convert.ToInt32(_port); options.Message = msg; options.NetworkProtocol = "tcp"; try { ISyslogMessageSerializer serializer = (ISyslogMessageSerializer) new SyslogRfc5424MessageSerializer(); ISyslogMessageSender sender = (ISyslogMessageSender) new SyslogTcpSender(options.SyslogServerHostname, options.SyslogServerPort, true); SyslogMessage msg1 = CreateSyslogMessage(options); File.AppendAllText("C:\\Jakkl_log.txt", msg1.Facility.ToString() + msg1.Severity.ToString()); sender.Send(msg1, serializer); return(true); } catch (Exception e) { Debug.WriteLine("ArgumentNullException: {0}", e); File.AppendAllText("C:\\Jakkl_log.txt", e.Message); return(false); } }
public void IsMatchTest() { PropertyFilter target = new PropertyFilter(); SyslogMessage message = new SyslogMessage { Facility = SyslogFacility.Internally, Severity = SyslogSeverity.Error, Text = "FFDA WOW!" }; target.value = "Internally"; target.propertyName = Property.Facility; target.comparison = ComparisonOperator.eq; bool expected = true; bool actual; actual = target.IsMatch(message); Assert.AreEqual(expected, actual); target.value = "Alert"; target.propertyName = Property.Severity; target.comparison = ComparisonOperator.neq; expected = true; actual = target.IsMatch(message); Assert.AreEqual(expected, actual); }
private void Log(SyslogMessage message) { foreach (var device in Devices.Where(device => device.IsOpened)) { device.Broadcast(message); } }
public void Serialize(SyslogMessage message, Stream stream) { var priorityValue = CalculatePriorityValue(message.Facility, message.Severity); string timestamp = null; if (message.DateTimeOffset.HasValue) { var dt = message.DateTimeOffset.Value; var day = dt.Day < 10 ? " " + dt.Day : dt.Day.ToString(); // Yes, this is stupid but it's in the spec timestamp = string.Concat(dt.ToString("MMM ", CultureInfo.InvariantCulture), day, dt.ToString(" HH:mm:ss")); } var headerBuilder = new StringBuilder(); headerBuilder.Append("<") .Append(priorityValue) .Append(">"); headerBuilder.Append(timestamp) .Append(" "); headerBuilder.Append(message.HostName) .Append(" "); headerBuilder.Append(message.AppName.IfNotNullOrWhitespace(x => x.EnsureMaxLength(32) + ":")); headerBuilder.Append(message.Message ?? ""); var asciiBytes = Encoding.UTF8.GetBytes(headerBuilder.ToString()); stream.Write(asciiBytes, 0, asciiBytes.Length); }
private void RunnerLoop() { IPEndPoint remoteEndpoint = new IPEndPoint(IPAddress.Any, 0); while (true) { try { byte[] payload = _client.Receive(ref remoteEndpoint); try { SyslogMessage newMessage = SyslogMessage.Parse(payload); OnMessageReceived(new SyslogMessageEventArgs(newMessage)); } catch (FormatException) { //Skip } } catch (SocketException) { //We are closing, or an I/O error occurred //if (Stopped) //Yes, we are closing return; } catch (Exception) { } //Really do nothing? Shouldn't we stop the service? } }
/// <summary> /// Writes the specified audit log entry. /// </summary> /// <param name="entryData">The entry data.</param> /// <exception cref="System.ArgumentNullException">entryData</exception> public void Write(IAuditLogEntryData entryData) { if (entryData == null) { throw new ArgumentNullException(nameof(entryData)); } using (new SecurityBypassContext()) { var syslogMessage = new SyslogMessage { Facility = SyslogFacility.LogAudit, Severity = ConvertToSyslogSeverity(entryData.SeverityEnum), Timestamp = new DateTimeOffset(entryData.CreatedDate), HostName = _hostName, AppName = _applicationName, ProcId = _processName, MsgId = entryData.AuditLogEntryMetadata.MessageId }; syslogMessage.StructuredDataElements.Add(CreateBaseMsgData(entryData)); syslogMessage.StructuredDataElements.Add(CreateSpecificMsgData(entryData)); syslogMessage.StructuredDataElements.Add(CreateSystemInfoData()); syslogMessage.StructuredDataElements.Add(CreateOriginData(_ipHostEntry)); _syslogMessageWriter.Write(syslogMessage); } }
[Test] public void SendMessage() { SyslogMessage msg = new SyslogMessage("localhost", "testing"); SyslogUdpClient cl = new SyslogUdpClient(); cl.Connect(IPAddress.Loopback); cl.Send(msg); cl.Close(); }
public void Serialize(SyslogMessage message, Stream stream) { // Local syslog serialization only cares about the Message string if (!String.IsNullOrWhiteSpace(message.Message)) { byte[] streamBytes = Encoding.GetBytes(message.Message); stream.Write(streamBytes, 0, streamBytes.Length); } }
public void SendMessageUsing() { SyslogMessage msg = new SyslogMessage("localhost", "testing"); using (SyslogUdpClient cl = new SyslogUdpClient()) { cl.Connect(IPAddress.Loopback); cl.Send(msg); } }
/// <summary> /// Raise the OnMessageReceived method. /// </summary> /// <param name="message">The <see cref="SyslogMessage"/> used with the event.</param> public void FireMessageReceived(SyslogMessage message) { try { OnMessageReceived(message); } catch (Exception ex) { EventLogger.LogEvent("Could not fire OnMessageReceived because: " + ex.Message, System.Diagnostics.EventLogEntryType.Warning); } }
public static string Serialize(this SyslogRfc5424MessageSerializer serializer, SyslogMessage message) { using (var stream = new MemoryStream()) { serializer.Serialize(message, stream); stream.Flush(); stream.Position = 0; using (var reader = new StreamReader(stream, Encoding.UTF8)) return reader.ReadLine(); } }
[Test] public void Construction() { string host = "localhost"; string message = "test message!"; SyslogMessage m = new SyslogMessage(host, message); Assert.AreEqual(m.LocalHost, host, "Hostnames differ"); Assert.AreEqual(m.Message, message, "Messages differ"); Assert.AreEqual(SyslogMessage.SeverityCode.Notice, m.Severity, "Default severity incorrect"); Assert.AreEqual(SyslogMessage.FacilityCode.UserLevel, m.Facility, "Default facility incorrect"); }
public static byte[] Serialize(this ISyslogMessageSerializer serializer, SyslogMessage message) { byte[] datagramBytes; using (var stream = new MemoryStream()) { serializer.Serialize(message, stream); stream.Position = 0; datagramBytes = new byte[stream.Length]; stream.Read(datagramBytes, 0, (int)stream.Length); } return datagramBytes; }
public void Send(SyslogMessage message, ISyslogMessageSerializer serializer) { IntPtr ident = IntPtr.Zero; try { ident = MarshalIdent(message.AppName); openlog(ident, (int)SyslogOptions.LogPid, CalculatePriorityValue(message.Facility, 0)); SendToSyslog(message, serializer); } finally { closelog(); DisposeOfIdent(ident); } }
[Test] public void StringConversion() { string host = "localhost"; string message = "test message!"; DateTime time1 = new DateTime(2000,12,1,16,12,15,0); SyslogMessage m1 = new SyslogMessage(host, message, SyslogMessage.FacilityCode.UserLevel, SyslogMessage.SeverityCode.Notice, time1); Assert.AreEqual("<13>Dec 1 16:12:15 localhost test message!", m1.ToString(), "String conversion"); DateTime time2 = new DateTime(2000,12,25,16,12,15,0); SyslogMessage m2 = new SyslogMessage(host, message, SyslogMessage.FacilityCode.UserLevel, SyslogMessage.SeverityCode.Notice, time2); Assert.AreEqual("<13>Dec 25 16:12:15 localhost test message!", m2.ToString(), "String conversion"); }
/// <summary> /// Raises the <see cref="MessageReceivedCallback"/> event for all subscribers /// </summary> /// <param name="message">The syslog message to use when raising the event.</param> public static void FireNewMessageReceived(SyslogMessage message) { if (_eventSubscribers != null) { try { _eventSubscribers(message); } catch (System.Runtime.Remoting.RemotingException) { //Traps an exception when the client IPC channel has been closed //and pending events were still being written to the channel } catch (Exception ex) { EventLogger.LogEvent("Could not send new messages to IPC subscribers because: " + ex.Message, System.Diagnostics.EventLogEntryType.Warning); } } }
public void Serialize(SyslogMessage message, Stream stream) { var priorityValue = CalculatePriorityValue(message.Facility, message.Severity); string timestamp = null; if (message.DateTimeOffset.HasValue) { var dt = message.DateTimeOffset.Value; var day = dt.Day < 10 ? " " + dt.Day : dt.Day.ToString(); // Yes, this is stupid but it's in the spec timestamp = String.Concat(dt.ToString("MMM "), day, dt.ToString(" HH:mm:ss")); } var headerBuilder = new StringBuilder(); headerBuilder.Append("<").Append(priorityValue).Append(">"); headerBuilder.Append(timestamp).Append(" "); headerBuilder.Append(message.HostName).Append(" "); headerBuilder.Append(message.AppName.IfNotNullOrWhitespace(x => x.EnsureMaxLength(32) + ":")); headerBuilder.Append(message.Message ?? ""); byte[] asciiBytes = Encoding.ASCII.GetBytes(headerBuilder.ToString()); stream.Write(asciiBytes, 0, asciiBytes.Length); }
public void Send(SyslogMessage message, ISyslogMessageSerializer serializer) { Send(message, serializer, true); }
public void Send(SyslogMessage message, ISyslogMessageSerializer serializer) { byte[] datagramBytes = serializer.Serialize(message); udpClient.Send(datagramBytes, datagramBytes.Length); }
public void Serialize(SyslogMessage message, Stream stream) { var priorityValue = CalculatePriorityValue(message.Facility, message.Severity); // Note: The .Net ISO 8601 "o" format string uses 7 decimal places for fractional second. Syslog spec only allows 6, hence the custom format string var timestamp = message.DateTimeOffset.HasValue ? message.DateTimeOffset.Value.ToString("yyyy-MM-ddTHH:mm:ss.ffffffK") : null; var messageBuilder = new StringBuilder(); messageBuilder.Append("<").Append(priorityValue).Append(">"); messageBuilder.Append(message.Version); messageBuilder.Append(" ").Append(timestamp.FormatSyslogField(NilValue)); messageBuilder.Append(" ").Append(message.HostName.FormatSyslogAsciiField(NilValue, 255, asciiCharsBuffer)); messageBuilder.Append(" ").Append(message.AppName.FormatSyslogAsciiField(NilValue, 48, asciiCharsBuffer)); messageBuilder.Append(" ").Append(message.ProcId.FormatSyslogAsciiField(NilValue, 128, asciiCharsBuffer)); messageBuilder.Append(" ").Append(message.MsgId.FormatSyslogAsciiField(NilValue, 32, asciiCharsBuffer)); writeStream(stream, Encoding.ASCII, messageBuilder.ToString()); // Structured data foreach(StructuredDataElement sdElement in message.StructuredDataElements) { messageBuilder.Clear() .Append(" ") .Append("[") .Append(sdElement.SdId.FormatSyslogSdnameField(asciiCharsBuffer)); writeStream(stream, Encoding.ASCII, messageBuilder.ToString()); foreach(System.Collections.Generic.KeyValuePair<string, string> sdParam in sdElement.Parameters) { messageBuilder.Clear() .Append(" ") .Append(sdParam.Key.FormatSyslogSdnameField(asciiCharsBuffer)) .Append("=") .Append("\"") .Append( sdParam.Value != null ? sdParam.Value .Replace("\\", "\\\\") .Replace("\"", "\\\"") .Replace("]", "\\]") : String.Empty ) .Append("\""); writeStream(stream, Encoding.UTF8, messageBuilder.ToString()); } // ] stream.WriteByte(93); } if (!String.IsNullOrWhiteSpace(message.Message)) { // Space stream.WriteByte(32); stream.Write(Encoding.UTF8.GetPreamble(), 0, Encoding.UTF8.GetPreamble().Length); writeStream(stream, Encoding.UTF8, message.Message); } }
[Test] public void TransferTest() { using (SyslogServer srv = new SyslogServer()) { srv.SyslogMessageReceived += new SyslogServer.SyslogMessageDelegate (OnSyslogMessageReceived); srv.Connect(); _messageCount = 0; SyslogMessage msg = new SyslogMessage("localhost", MessageText); using (SyslogUdpClient cl = new SyslogUdpClient()) { cl.Connect(IPAddress.Loopback); for (int i=0; i<MessagesToSend; i++) { cl.Send(msg); // Allow a small delay so not to overload Thread.Sleep(10); } } // Sleep until message counts are settled int prevCount = -1; int newCount = 0; while (prevCount != newCount) { Thread.Sleep(100); lock (this) { prevCount = newCount; newCount = _messageCount; } } Assert.AreEqual(MessagesToSend, _messageCount, "Messages received"); } }
// Convenience overloads since there's only one possible serializer for local syslog messages public void Send(SyslogMessage message) { Send(message, defaultSerializer); }
/// <summary> /// Method called after a message received event. /// </summary> /// <param name="message">The <see cref="SyslogMessage"/> used with the event.</param> /// <remarks>This method must be overridden.</remarks> protected abstract void OnMessageReceived(SyslogMessage message);