static void Main(string[] args) { try { var serviceToRun = new LogAnalyticsOdsApiHarness(); if (args.Length > 0 && args.Contains("standalone", StringComparer.OrdinalIgnoreCase)) { void cancelAction(object o, ConsoleCancelEventArgs e) { serviceToRun.ManualStop(); Thread.Sleep(200); } Console.CancelKeyPress += cancelAction; serviceToRun.ManualStart(args); Thread.Sleep(Timeout.Infinite); } else { ServiceBase.Run(serviceToRun); } } catch (Exception) { // Implement logging. } }
public void InitializeEtwListener() { payload = GetNewPayloadObject(); var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"]; EtwProviderSession(EtwListenerConfig.SessionName, EtwListenerConfig.ProviderId, true); var _etw = EtwTdhObservable.FromSession(EtwListenerConfig.SessionName); KqlNodeHub = KqlNodeHub.FromKqlQuery(_etw, DefaultOutput, EtwListenerConfig.ObservableName, EtwListenerConfig.KqlQuery); GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001); var textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}")); SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig); if (SentinelApiConfig.UseMmaCertificate) { logAnalyticsX509Certificate2 = CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId); } else { logAnalyticsX509Certificate2 = CertificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine); } GlobalLog.WriteToStringBuilderLog($"SampleData load [{configurationFile}].", 14001); var sampleData = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"XMLFile1.xml")); UploadBatchToLogAnalytics(sampleData, logAnalyticsX509Certificate2); }
private void StartEtwListenerInstances() { // Get the current Sentinel config string configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"]; bool useEventIngest = false; GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001); string textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}")); SentinelApiConfig sentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig); List <EtwListener> etwListeners = new List <EtwListener>(); // Add custom local functions to Rx.Kql ScalarFunctionFactory.AddFunctions(typeof(LogAnalyticsOdsApiHarness)); string etwConfigurationFile = "EtwConfig-DNS-TCP.json"; GlobalLog.WriteToStringBuilderLog($"Loading ETW config [{etwConfigurationFile}].", 14001); string textOfEtwConfigurationFile = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{etwConfigurationFile}")); List <EtwListenerConfig> listEtwListenerConfigs = JsonConvert.DeserializeObject <List <EtwListenerConfig> >(textOfEtwConfigurationFile); foreach (EtwListenerConfig config in listEtwListenerConfigs) { etwListeners.Add(new EtwListener(sentinelApiConfig, config, useEventIngest)); } // Wait for the process to end Thread.Sleep(Timeout.Infinite); }
static EvtxLogSample() { var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"]; GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001); var textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}")); SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig); }