/// <summary> /// Load filters to find in event log /// </summary> /// <param name="node">specific XML including filter parameters</param> static void LoadFilters(XmlNode node) { String patternSyslogLevel = "Emergency|Alert|Critical|Error|Warning|Notice|Informational|Debug"; Regex rSyslogLevel = new Regex(patternSyslogLevel, RegexOptions.IgnoreCase); String patternSyslogFacility = "Kern|User|Mail|Daemon|Auth|Syslog|LPR|News|UUCP|Cron|AuthPriv|FTP|NTP|Audit|Audit2|CRON2|Local0|Local1|Local2|Local3|Local4|Local5|Local6|Local7"; Regex rSyslogFacility = new Regex(patternSyslogFacility, RegexOptions.IgnoreCase); String[] eventLogName = null; Filter iFilter = null; Filter eFilter = null; foreach (XmlNode childnode in node.ChildNodes) { eventLogName = null; iFilter = new Filter(); eFilter = new Filter(); foreach (XmlNode cnode in childnode.ChildNodes) { if (cnode.Name.ToLower().CompareTo("event") == 0) { foreach (XmlNode paramNode in cnode.ChildNodes) { if (paramNode.Name.ToLower().CompareTo("eventlogname") == 0) { ArrayList temp = new ArrayList(); foreach (XmlNode element in paramNode.ChildNodes) { if (element.Name.IndexOf("#comment") < 0) { temp.Add(element.InnerText); } } eventLogName = new String[temp.Count]; int i = 0; foreach (String item in temp) { eventLogName.SetValue(item, i); i++; } } else if (paramNode.Name.ToLower().CompareTo("sources") == 0) { ArrayList itemp = new ArrayList(); ArrayList etemp = new ArrayList(); foreach (XmlNode element in paramNode.ChildNodes) { if (element.Name.IndexOf("include") >= 0) { itemp.Add(element.InnerText); } else if (element.Name.IndexOf("exclude") >= 0) { etemp.Add(element.InnerText); } } if (itemp.Count > 0) { String[] strTemp = new String[itemp.Count]; int i = 0; foreach (String item in itemp) { strTemp.SetValue(item, i); i++; } iFilter.EventLogSources = strTemp; } if (etemp.Count > 0) { String[] strTemp = new String[etemp.Count]; int i = 0; foreach (String item in etemp) { strTemp.SetValue(item, i); i++; } eFilter.EventLogSources = strTemp; } } else if (paramNode.Name.ToLower().CompareTo("id") == 0) { ArrayList itemp = new ArrayList(); ArrayList etemp = new ArrayList(); foreach (XmlNode element in paramNode.ChildNodes) { if (element.Name.IndexOf("include") >= 0) { itemp.Add(element.InnerText); } else if (element.Name.IndexOf("exclude") >= 0) { etemp.Add(element.InnerText); } } if (itemp.Count > 0) { String[] strTemp = new String[itemp.Count]; int i = 0; foreach (String item in itemp) { strTemp.SetValue(item, i); i++; } iFilter.EventLogID = strTemp; } if (etemp.Count > 0) { String[] strTemp = new String[etemp.Count]; int i = 0; foreach (String item in etemp) { strTemp.SetValue(item, i); i++; } eFilter.EventLogID = strTemp; } } else if (paramNode.Name.ToLower().CompareTo("users") == 0) { ArrayList itemp = new ArrayList(); ArrayList etemp = new ArrayList(); foreach (XmlNode element in paramNode.ChildNodes) { if (element.Name.IndexOf("include") >= 0) { itemp.Add(element.InnerText); } else if (element.Name.IndexOf("exclude") >= 0) { etemp.Add(element.InnerText); } } if (itemp.Count > 0) { String[] strTemp = new String[itemp.Count]; int i = 0; foreach (String item in itemp) { strTemp.SetValue(item, i); i++; } iFilter.User = strTemp; } if (etemp.Count > 0) { String[] strTemp = new String[etemp.Count]; int i = 0; foreach (String item in etemp) { strTemp.SetValue(item, i); i++; } eFilter.User = strTemp; } } else if (paramNode.Name.ToLower().CompareTo("computers") == 0) { ArrayList itemp = new ArrayList(); ArrayList etemp = new ArrayList(); foreach (XmlNode element in paramNode.ChildNodes) { if (element.Name.IndexOf("include") >= 0) { itemp.Add(element.InnerText); } else if (element.Name.IndexOf("exclude") >= 0) { etemp.Add(element.InnerText); } } if (itemp.Count > 0) { String[] strTemp = new String[itemp.Count]; int i = 0; foreach (String item in itemp) { strTemp.SetValue(item, i); i++; } iFilter.Computer = strTemp; } if (etemp.Count > 0) { String[] strTemp = new String[etemp.Count]; int i = 0; foreach (String item in etemp) { strTemp.SetValue(item, i); i++; } eFilter.Computer = strTemp; } } else if (paramNode.Name.ToLower().CompareTo("type") == 0) { ArrayList itemp = new ArrayList(); ArrayList etemp = new ArrayList(); foreach (XmlNode element in paramNode.ChildNodes) { if (element.Name.IndexOf("include") >= 0) { itemp.Add(element.InnerText); } else if (element.Name.IndexOf("exclude") >= 0) { etemp.Add(element.InnerText); } } if (itemp.Count > 0) { String[] strTemp = new String[itemp.Count]; int i = 0; foreach (String item in itemp) { strTemp.SetValue(item, i); i++; } iFilter.EventLogType = strTemp; } if (etemp.Count > 0) { String[] strTemp = new String[etemp.Count]; int i = 0; foreach (String item in etemp) { strTemp.SetValue(item, i); i++; } eFilter.EventLogType = strTemp; } } else if (paramNode.Name.ToLower().CompareTo("descriptions") == 0) { ArrayList itemp = new ArrayList(); ArrayList etemp = new ArrayList(); foreach (XmlNode element in paramNode.ChildNodes) { if (element.Name.IndexOf("include") >= 0) { itemp.Add(element.InnerText); } else if (element.Name.IndexOf("exclude") >= 0) { etemp.Add(element.InnerText); } } if (itemp.Count > 0) { String[] strTemp = new String[itemp.Count]; int i = 0; foreach (String item in itemp) { strTemp.SetValue(item, i); i++; } iFilter.EventLogDescriptions = strTemp; } if (etemp.Count > 0) { String[] strTemp = new String[etemp.Count]; int i = 0; foreach (String item in etemp) { strTemp.SetValue(item, i); i++; } eFilter.EventLogDescriptions = strTemp; } } } } else if (cnode.Name.ToLower().CompareTo("syslog") == 0) { foreach (XmlNode paramNode in cnode.ChildNodes) { if (paramNode.Name.ToLower().CompareTo("level") == 0) { if (rSyslogLevel.IsMatch(paramNode.InnerText)) { iFilter.SyslogLevel = paramNode.InnerText; eFilter.SyslogLevel = paramNode.InnerText; } else { deb.Write("Load filters configuration", "301 - Uncorrect syslog level : \"" + paramNode.InnerText + "\"", DateTime.Now, 1); } } else if (paramNode.Name.ToLower().CompareTo("facility") == 0) { if (rSyslogFacility.IsMatch(paramNode.InnerText)) { iFilter.SyslogFacility = paramNode.InnerText; eFilter.SyslogFacility = paramNode.InnerText; } else { deb.Write("Load filters configuration", "301 - Uncorrect syslog facility : \"" + paramNode.InnerText + "\"", DateTime.Now, 1); } } } } } if (eventLogName != null) { foreach (String element in eventLogName) { ArrayList itemp = null; itemp = (ArrayList)iFilters[element]; ArrayList etemp = null; etemp = (ArrayList)eFilters[element]; if ((itemp != null) && !iFilter.IsEmpty()) { itemp.Add(iFilter); deb.Write("Load filters configuration", "Add to filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2); iFilters[element] = itemp; } else if ((itemp == null) && !iFilter.IsEmpty()) { itemp = new ArrayList(); itemp.Add(iFilter); deb.Write("Load filters configuration", "Add to filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2); iFilters[element] = itemp; } if ((etemp != null) && !eFilter.IsEmpty()) { etemp.Add(eFilter); deb.Write("Load filters configuration", "Add to exclude filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2); eFilters[element] = etemp; } else if ((etemp == null) && !eFilter.IsEmpty()) { etemp = new ArrayList(); etemp.Add(eFilter); deb.Write("Load filters configuration", "Add to exclude filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2); eFilters[element] = etemp; } } } } }