public void Delete(AuditEventFilter auditEventFilter) { foreach (IAuditEventRepository auditEventRepository in _auditEventRepositories) { auditEventRepository.Delete(auditEventFilter); } }
/// <summary> /// Returns whether audit event meets filter criteria /// </summary> /// <param name="auditEvent"></param> /// <param name="auditEventFilter"></param> /// <returns></returns> private static bool IsAuditEventMeetsCriteria(AuditEvent auditEvent, AuditEventFilter auditEventFilter) { if (IsAuditEventHeaderMeetsCriteria(auditEvent, auditEventFilter)) // Header meets criteria { if (auditEventFilter.ValueFilters.Count == 0) // No value filters { return(true); } // Check value filters int countFiltersValid = 0; int countFiltersInvalid = 0; foreach (AuditEventValueFilter valueFilter in auditEventFilter.ValueFilters) { AuditEventValue auditEventValue = auditEvent.GetValueByValueTypeId(valueFilter.ValueTypeID); if (auditEventValue == null) // Audit event doesn't have value { countFiltersInvalid++; } else // Has value, check it { if (auditEventValue.Value.Equals(valueFilter.Value)) // Values match { countFiltersValid++; } else { countFiltersInvalid++; } } } return(auditEventFilter.AllFiltersRequired ? (countFiltersValid == auditEventFilter.ValueFilters.Count) : (countFiltersValid > 0)); } return(false); }
/// <summary> /// Returns whether the audit event header meets the filter criteria /// </summary> /// <param name="auditEvent"></param> /// <param name="auditEventFilter"></param> /// <returns></returns> private static bool IsAuditEventHeaderMeetsCriteria(AuditEvent auditEvent, AuditEventFilter auditEventFilter) { if ((auditEvent.TenantID == auditEventFilter.TenantID.GetValueOrDefault(0) || auditEventFilter.TenantID.GetValueOrDefault(0) == 0) && (auditEvent.UserID == auditEventFilter.UserID.GetValueOrDefault(0) || auditEventFilter.UserID.GetValueOrDefault(0) == 0) && (String.IsNullOrEmpty(auditEvent.Source) || String.IsNullOrEmpty(auditEventFilter.Source) || auditEvent.Source.Equals(auditEventFilter.Source, StringComparison.OrdinalIgnoreCase)) && (auditEvent.TimeCreated >= auditEventFilter.MinTimeCreated.GetValueOrDefault(DateTime.MinValue.Date)) && (auditEvent.TimeCreated <= auditEventFilter.MaxTimeCreated.GetValueOrDefault(DateTime.MaxValue.Date)) && (auditEventFilter.EventTypeIds == null || auditEventFilter.EventTypeIds.Count == 0 || auditEventFilter.EventTypeIds.Contains(auditEvent.EventTypeID))) { return(true); } return(false); }
/// <summary> /// Returns events meeting criteria /// </summary> /// <param name="auditEventFilter"></param> /// <returns></returns> public List <AuditEvent> Get(AuditEventFilter auditEventFilter) { var auditEvents = new List <AuditEvent>(); if (String.IsNullOrEmpty(_folder)) { return(auditEvents); } // Get time range of events in system DateTime[] timeRange = GetAuditEventTimeRange(); if (timeRange.Length == 0) { return(auditEvents); } // If their range is wider than the events in the system then reduce range so that we check list files DateTime minTimeCreated = auditEventFilter.MinTimeCreated.GetValueOrDefault(DateTime.MinValue.Date); DateTime maxTimeCreated = auditEventFilter.MaxTimeCreated.GetValueOrDefault(DateTime.MaxValue.Date); if (minTimeCreated < timeRange[0]) { minTimeCreated = timeRange[0]; } if (maxTimeCreated > timeRange[1]) { maxTimeCreated = timeRange[1]; } minTimeCreated = minTimeCreated.AddDays(-1).Date; do { minTimeCreated = minTimeCreated.AddDays(1); string auditEventLog = GetFile(minTimeCreated); Get(auditEventFilter, auditEventLog).ForEach(auditEvent => auditEvents.Add(auditEvent)); } while (minTimeCreated < maxTimeCreated); return(auditEvents.OrderBy(x => x.TimeCreated) .ThenBy(x => x.TenantID) .ThenBy(x => x.UserID) .ToList()); }
/// <summary> /// <para> /// Deserializes AuditEvent from CSV values. As a performance optimization /// then, if AuditEventFilter is passed, we check that the header meets /// the filter criteria and only load the values if it does. /// </para> /// <para>NOTE: We do not currently deserialize complex objects, just /// return as serialized string.</para> /// </summary> /// <param name="headers"></param> /// <param name="values"></param> /// <param name="auditEventFilter"></param> /// <returns></returns> private AuditEvent DeserializeAuditEvent(string[] headers, string[] values, AuditEventFilter auditEventFilter = null) { // Key values by column name so that they're easier to handle Dictionary <string, string> valuesKeyed = new Dictionary <string, string>(); for (int index = 0; index < headers.Length; index++) { valuesKeyed.Add(headers[index], values[index]); } // Deserialize var auditEvent = new AuditEvent { TimeCreated = DateTimeOffset.Parse(valuesKeyed["Time"]).UtcDateTime, TenantID = Convert.ToInt32(valuesKeyed["TenantID"]), UserID = Convert.ToInt32(valuesKeyed["UserID"]), Source = valuesKeyed.ContainsKey("Source") ? Convert.ToString(valuesKeyed["Source"]) : "", // New property EventTypeID = Convert.ToInt32(valuesKeyed["EventTypeID"]) }; // Optimization, return null if header doesn't meet filter criteria, no point in loading values if (auditEventFilter != null && !IsAuditEventHeaderMeetsCriteria(auditEvent, auditEventFilter)) { return(null); } // Deserialize values for (int valueIndex = 0; valueIndex < MaxValues; valueIndex++) { string valueTypeColumn = string.Format("ValueType{0}", valueIndex + 1); string valueColumn = string.Format("Value{0}", valueIndex + 1); if (valuesKeyed.ContainsKey(valueTypeColumn) && !String.IsNullOrEmpty(valuesKeyed[valueTypeColumn])) { auditEvent.Values.Add(DeserializeValue(Convert.ToInt32(valuesKeyed[valueTypeColumn]), valuesKeyed[valueColumn])); } } return(auditEvent); }
/// <summary> /// Deletes all events. /// /// NOTE: At the moment then it deletes ALL events on the dates in the range. It does not respect other filter criteria. /// </summary> /// <param name="auditEventFilter"></param> public void Delete(AuditEventFilter auditEventFilter) { if (String.IsNullOrEmpty(_folder)) { return; } // Get time range of events in system DateTime[] timeRange = GetAuditEventTimeRange(); if (timeRange.Length == 0) { return; } // If their range is wider than the events in the system then reduce range so that we check list files DateTime minTimeCreated = auditEventFilter.MinTimeCreated.GetValueOrDefault(DateTime.MinValue.Date); DateTime maxTimeCreated = auditEventFilter.MaxTimeCreated.GetValueOrDefault(DateTime.MaxValue.Date); if (minTimeCreated < timeRange[0]) { minTimeCreated = timeRange[0]; } if (maxTimeCreated > timeRange[1]) { maxTimeCreated = timeRange[1]; } minTimeCreated = minTimeCreated.AddDays(-1).Date; do { minTimeCreated = minTimeCreated.AddDays(1); string auditEventLog = GetFile(minTimeCreated); if (File.Exists(auditEventLog)) { File.Delete(auditEventLog); } } while (minTimeCreated < maxTimeCreated); }
public void Delete(AuditEventFilter auditEventFilter) { // No action }
public List <AuditEvent> Get(AuditEventFilter auditEventFilter) { throw new NotImplementedException(); }
public void Delete(AuditEventFilter auditEventFilter) { throw new NotImplementedException(); }
/// <summary> /// Returns events meeting criteria from single log file /// </summary> /// <param name="auditEventFilter"></param> /// <param name="auditEventLog"></param> /// <returns></returns> private List <AuditEvent> Get(AuditEventFilter auditEventFilter, string auditEventLog) { var auditEvents = new List <AuditEvent>(); int attempts = 0; string[] delimiter = new[] { _delimiter }; if (!File.Exists(auditEventLog)) { return(auditEvents); } do { attempts++; try { auditEvents.Clear(); using StreamReader reader = new StreamReader(auditEventLog); try { string[] headers = new string[0]; int lineCount = 0; while (!reader.EndOfStream) { string[] values = reader.ReadLine().Split(delimiter, StringSplitOptions.None); lineCount++; if (lineCount == 1) { headers = values; continue; } // Deserialise audit event, check if meets criteria. For optimization // then DeserializeAuditEvent returns null if the audit event header // doesn't meet the filter criteria. try { AuditEvent auditEvent = DeserializeAuditEvent(headers, values, auditEventFilter); if (auditEvent != null) { if (IsAuditEventMeetsCriteria(auditEvent, auditEventFilter)) { if (!auditEventFilter.IncludeValues) { auditEvent.Values.Clear(); } auditEvents.Add(auditEvent); } } } catch { } // Ignore error } attempts = -1; // Done } catch { throw; } finally { reader.Close(); // Close now, not when GC decides } } catch (Exception exception) when(IsExceptionForFileInUse(exception) && attempts < 20) { Thread.Sleep(100); } } while (attempts != -1); return(auditEvents.OrderBy(x => x.TimeCreated) .ThenBy(x => x.TenantID) .ThenBy(x => x.UserID) .ToList()); }
/// <summary> /// Returns all audit events matching criteria /// </summary> /// <param name="auditEventFilter"></param> /// <returns></returns> public List <AuditEvent> Get(AuditEventFilter auditEventFilter) => _auditEventRepositories[0].Get(auditEventFilter);