public Addrs Aggregate(DateTime _fromUtc) { var logprefix = "Scan: "; Log(logprefix + "in"); var timer = DateTime.UtcNow; try { var provider = "Security"; using (var db = new LiteDatabase("Filename=" + Utils.MyPath("RdpMon.db") + ";utc=true")) { var _lastDbModif = DbProps.Get(db, "LastAddrChange"); var lastDbModif = (_lastDbModif != null ? (DateTime)_lastDbModif : DateTime.MinValue); var fromUtc = (_fromUtc == DateTime.MinValue ? lastDbModif : _fromUtc); //var fromLocal = fromUtc.ToLocalTime(); var query = "*[" + "(System/EventID=" + SuccessEvtId.ToString() + " or " + "System/EventID=" + FailureEvtId.ToString() + ")" + " and " + "System[TimeCreated[@SystemTime>'" + fromUtc.ToString("yyyy-MM-dd") + "T" + fromUtc.ToString("HH:mm:ss") + ".000000000Z" + "']]" + "]"; // Skip if DB hasn't changed since fromUtc if (lastDbModif != null && lastDbModif < fromUtc) { Log(logprefix + "out: DB unchanged, skipping"); iteration++; return(addrs); } var addrTable = db.GetCollection <Addr>("Addr"); if (updateDb) { var eventsQuery = new EventLogQuery(provider, PathType.LogName, query); if (dbg) { var rand = new Random(Environment.TickCount); var dbgRand = true; for (int i = 0; i < 200; i++) { var success = ((dbgRand ? rand.Next(200) : i) > 400); var ip = string.Format("{0}.{1}.{2}.{3}", 132, 154, 255, (dbgRand ? rand.Next(50) : i) + 1); var now = DateTime.UtcNow; var utcTime = dbgRand ? now.Subtract(TimeSpan.FromMinutes(rand.Next(60))) : new DateTime(now.Year, now.Month, now.Day, now.Hour, 0, 0); var userName = "******" + (dbgRand ? rand.Next(9) : i) + 1; if (utcTime > fromUtc) { addrs.Aggregate(addrTable, ip, utcTime, success, userName); } } } else { var logReader = new EventLogReader(eventsQuery); for (var evt = logReader.ReadEvent(); evt != null; evt = logReader.ReadEvent()) { addrs.Aggregate(addrTable, evt, dbg); } } if (addrs.lastDbChange != null) { DbProps.Set(db, "LastAddrChange", DateTime.UtcNow); } } } } catch (Exception ex) { Log(logprefix + "* exception: " + ex.ToString()); } var perfDuration = DateTime.UtcNow.Subtract(timer); Log(logprefix + "out: " + addrs.Items.Count.ToString() + " addrs found, took " + perfDuration.TotalSeconds + " seconds"); iteration++; return(addrs); }
void RefreshSessionsLV(bool initialLoad, List <WTS.SessionInfo> activeSessions) { //var logprefix = "RefreshSessionsLV: "; var startedLvUpdate = false; var lv = sessionsLv; // Initial load or update? if (initialLoad) { lastSessionsRefresh = DateTime.MinValue; startedLvUpdate = true; lv.BeginUpdate(); lv.ListViewItemSorter = null; lv.Items.Clear(); } var now = DateTime.UtcNow; using (var db = new LiteDatabase("Filename=" + Utils.MyPath("RdpMon.db") + ";utc=true")) { var _lastDbModif = DbProps.Get(db, "LastSessionChange"); var lastDbModif = (_lastDbModif != null ? (DateTime)_lastDbModif : DateTime.MinValue); var table = db.GetCollection <Session>("Session"); foreach (var dbSession in table.FindAll()) { if (dbSession.Start < lastSessionsRefresh && dbSession.End != null) { if (DateTime.UtcNow.Subtract(dbSession.End.Value) < TimeSpan.FromSeconds(60) && FindSessionLvItem(dbSession.SessionUid, out var lvi)) { // Update just-ended session lvi.SubItems[ColSessionState.DisplayIndex].Text = "Ended"; lvi.SubItems[ColSessionEnded.DisplayIndex].Text = (dbSession.End != null ? dbSession.End.Value.ToLocalTime().ToString("MM/dd HH:mm:ss") : ""); lvi.ImageIndex = -1; } continue; } var equivalentActiveSession = GetEquivalentActiveSession(dbSession, activeSessions); if (!startedLvUpdate) { startedLvUpdate = true; lv.BeginUpdate(); lv.ListViewItemSorter = null; } var existingFound = false; if (equivalentActiveSession != null) { if (FindSessionLvItem(dbSession.SessionUid, out var lvi)) { lvi.SubItems[ColSessionStarted.DisplayIndex].Text = dbSession.Start.ToLocalTime().ToString("MM/dd HH:mm:ss"); lvi.SubItems[ColSessionState.DisplayIndex].Text = equivalentActiveSession.StateStr(); lvi.Tag = dbSession; existingFound = true; } } if (existingFound) { continue; } // Add / update in list { var adding = false; if (!FindSessionLvItem(dbSession.SessionUid, out var lvi)) // Special case: sometimes LvItem may be found in list if the DB has missed its Ended time (i.e. if the service was down while the session ended) { // Usual case lvi = new ListViewItem(); lvi.SubItems.AddRange(new[] { "", "", "", "", "", "", "" }); adding = true; } lvi.SubItems[ColWtsSessionId.DisplayIndex].Text = dbSession.WtsSessionId.ToString(); lvi.SubItems[ColSessionUser.DisplayIndex].Text = (dbSession.User ?? "").ToString(); lvi.SubItems[ColSessionStarted.DisplayIndex].Text = dbSession.Start.ToLocalTime().ToString("MM/dd HH:mm:ss"); if (dbSession.End != null) { lvi.SubItems[ColSessionState.DisplayIndex].Text = "Ended"; } if (equivalentActiveSession != null) { lvi.ImageIndex = 1; lvi.SubItems[ColSessionEnded.DisplayIndex].Text = "ongoing"; } else { lvi.SubItems[ColSessionEnded.DisplayIndex].Text = (dbSession.End != null ? dbSession.End.Value.ToLocalTime().ToString("MM/dd HH:mm:ss") : ""); } lvi.SubItems[ColSessionAddr.DisplayIndex].Text = (dbSession.Addr == "127.0.0.1" ? "localhost" : dbSession.Addr); lvi.Tag = dbSession; if (adding) { lv.Items.Add(lvi); } } } } if (startedLvUpdate) { lv.ListViewItemSorter = sessionsSorter; lv.Sort(); lv.EndUpdate(); lv.ListViewItemSorter = null; } lastSessionsRefresh = now; }