Created
November 21, 2017 07:33
-
-
Save ShekharReddy4/054db670168b4212d5457e54f42ffbfd to your computer and use it in GitHub Desktop.
Event handling for logged in user and instllation and uninstallation of software
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.IO; | |
using System.Linq; | |
using System.Text; | |
using System.Threading.Tasks; | |
namespace ConsoleApplication9 | |
{ | |
public static class Configs | |
{ | |
// Log Mes sages | |
public static string TimerStarted = "Timer Started **********************************************"; | |
public static string TimerEnded = "Timer Ended **********************************************"; | |
public static string SettingsUpdateStarted = "Updating Settings Started"; | |
public static string SettingsUpdateEnded = "Updating Settings Completed"; | |
public static string ServiceUpdateStarted = "Service Update Started"; | |
public static string ServiceUpdateEnded = "Service Update Completed"; | |
public static string SWInfoStarted = "Software Info Started"; | |
public static string SWInfoEnded = "Software Info Completed"; | |
public static string AssetInfoStarted = "Asset Info Started"; | |
public static string AssetInfoEnded = "Asset Info Completed"; | |
public static string ResetLocalDBStarted = "Reset Local DB Started"; | |
public static string ResetLocalDBEnded = "Reset Local DB Completed"; | |
public static string ResetLocalDBSucessfull = "Local DB Resetted Sucessfully"; | |
public static string EventMessageLogonText = "New Logon:"; | |
public static string EventMessageLogonIDText = "Logon ID:"; | |
public static string EventMessageAccountNameSystemText = "Account Name:\t\tSYSTEM"; | |
public static string EventMessageAccountNameText = "Account Name:"; | |
public static string EventMessageAccountDomainText = "Account Domain:\t\tGGKTECH"; | |
public static string EventDomainName = "GGKTECH"; | |
// Routes | |
public static string GetSettingsByTypeRoute = "Settings/GetSettingsByType?type={0}&assetTag={1}"; | |
public static string AddUpdateSoftwaresRoute = "Software/AddUpdateSoftwares"; | |
public static string GetSoftwaresByAssetRoute = "Software/GetSoftwaresByAsset?assetTag={0}"; | |
public static string SWInstallationRoute = "Software/SWInstallation"; | |
public static string GetLatestVersion = "ServiceUpdate/GetLatestVersion"; | |
public static string DownloadServiceRoute = "ServiceUpdate/DownloadService?version={0}"; | |
public static string UpdateSWLastUpdateDateRoute = "Software/UpdateSWLastUpdateDate?assetTag={0}"; | |
public static string GetAssetInfoRoute = "AssetInfo/GetAssetInfo?assetTag={0}"; | |
public static string UpdateAILastUpdateDateRoute = "AssetInfo/UpdateAILastUpdateDate?assetTag={0}"; | |
public static string UpdateAssetInfoRoute = "AssetInfo/UpdateAssetInfo"; | |
public static string UpdateResetLocalDB = "ServiceUpdate/ChangeResetLocalDBStatus?assetTag={0}"; | |
public static string EventContains = "Installation"; | |
public static string EventReplace = "Product: "; | |
public static string EventInsReplace = " -- Installation completed successfully."; | |
public static string EventUnInsReplace = " -- Removal completed successfully."; | |
public static string WorkingDirectoryPath = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName; | |
public static string Version = @"Version : {0}"; | |
public static string SettingNotFound = @"Unable to get settings from API"; | |
public static double IntervalMin = 5; | |
public static string EventFired = @"Event : {0} ---------------------------------"; | |
public static string EventFiredCompleted = @"---------------------------------------------"; | |
public static string SoftwareName = @"Software Name : {0}"; | |
public static string MailSendingStarted = @"Mail Sending Started"; | |
public static string UserMailSendingStarted = @"User Mail Sending Started"; | |
public static string MailSendingEnded = @"Mail Sending Completed"; | |
public static string UserMailSendingEnded = @"User Mail Sending Completed"; | |
public static string LogPath = @"Log Path {0}"; | |
//Notificattioon Service | |
//SNA mail subject | |
public static string SNAAssetsSubject = "SNA Assets Report " + DateTime.Now.ToShortDateString(); | |
public static string SNASASubject = "SNA Service Version Report " + DateTime.Now.ToShortDateString(); | |
public static string SNAEmailBody = "Hi <br/><br/> Please find the below attachments <br/><br/> " + | |
" 1. Total assets by location <br/> 2. Softwares installed/uninstalled report of last week"; | |
public static string SNASAEmailBody = "Hi <br/><br/> Please find the below attachments <br/><br/> " + | |
" 1. The Following Assets Service Version is not updated from past 3 days <br/>  "; | |
//SNA folder path | |
public static string SNAFolderPath = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName | |
.Replace("\\bin\\Debug", "") | |
.Replace("\\bin\\Release", "") | |
+ "\\Reports\\SNA\\"; | |
//SNA mail attchments paths | |
public static string SNAAssetAttachmentUppal = SNAFolderPath + @"Uppal-SNAAssets.xlsx"; | |
public static string SNAAssetAttachmentJH = SNAFolderPath + @"JH-SNAAssets.xlsx"; | |
public static string SNAAssetAttachmentWaveRock = SNAFolderPath + @"WR-SNAAssets.xlsx"; | |
public static string SNASWAttachmentUppal = SNAFolderPath + @"Uppal-SNASW.xlsx"; | |
public static string SNASWAttachmentJH = SNAFolderPath + @"JH-SNASW.xlsx"; | |
public static string SNASWAttachmentWaveRock = SNAFolderPath + @"WR-SNASW.xlsx"; | |
public static string SNAWSAttachmentUppal = SNAFolderPath + @"Uppal-SNAWS.xlsx"; | |
public static string SNAWSAttachmentJH = SNAFolderPath + @"JH-SNAWS.xlsx"; | |
public static string SNAWSAttachmentWaveRock = SNAFolderPath + @"WR-SNAWS.xlsx"; | |
public static string SNASAAttachmentUppal = SNAFolderPath + @"Uppal-SNASA.xlsx"; | |
public static string SNASAAttachmentWaveRock = SNAFolderPath + @"WR-SNASA.xlsx"; | |
public static string SNASAAttachmentJH = SNAFolderPath + @"JH-SNASA.xlsx"; | |
//SNA folder path | |
public static string AdminFolderPath = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName | |
.Replace("\\bin\\Debug", "") | |
.Replace("\\bin\\Release", "") | |
+ "\\Reports\\Admin\\"; | |
//Admin mail subject | |
public static string AdminSubject = "Admin Assets Report " + DateTime.Now.ToShortDateString(); | |
public static string AdminEmailBody = "Hi <br/><br/> Please find the below attachments <br/><br/> " + | |
" 1. Total assets by location <br/>"; | |
//Admin mail attchments paths | |
public static string AdminAssetAttachmentUppal = AdminFolderPath + @"Uppal-AdminAssets.xlsx"; | |
public static string AdminAssetAttachmentJH = AdminFolderPath + @"JH-AdminAssets.xlsx"; | |
public static string AdminAssetAttachmentWaveRock = AdminFolderPath + @"WR-AdminAssets.xlsx"; | |
public static string AdminWSAttachmentUppal = AdminFolderPath + @"Uppal-AdminWS.xlsx"; | |
public static string AdminWSAttachmentJH = AdminFolderPath + @"JH-AdminWS.xlsx"; | |
public static string AdminWSAttachmentWaveRock = AdminFolderPath + @"WR-AdminWS.xlsx"; | |
public static string SNAReportsStarted = "Started generating SNA reports"; | |
public static string SNAReportsCompleted = "Completed generating SNA reports"; | |
public static string AdminReportsStarted = "Started generating Admin reports"; | |
public static string AdminReportsCompleted = "Completed generating Admin reports"; | |
// local DB folder path | |
public static string LocalDBConnString = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName | |
.Replace("\\bin\\Debug", "") | |
.Replace("\\bin\\Release", "") | |
+ @"\\App_Data\\AMS.db;password=AMS@1234;"; | |
// DomainGroupAdmin Strings | |
public static string DomainName = "GGKTECH"; | |
public static string GroupName = "GGKTECH\\Domain Admins"; | |
// SNAEmailTempalte | |
public static string SNAUserEmailTempalte = "Please revert back with the approved ticket to {0} for this action"; | |
public static string SNAEmailTempalte = "User Name : {0} <br/>" + | |
"Time : {1} <br/>" + | |
"Machine : {2} <br/>" + | |
"Status : {3} <br/>"; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Linq; | |
using System.Threading; | |
namespace ConsoleApplication9 | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ | |
Program p = new Program(); | |
p.SetEventHandlers(); | |
while (true) | |
{ | |
Thread.Sleep(TimeSpan.FromHours(1)); | |
} | |
Console.ReadLine(); | |
} | |
internal void SetEventHandlers() | |
{ | |
try | |
{ | |
// capturing 11707;11724 events | |
EventLog applicationLog = new EventLog("Application"); | |
applicationLog.EnableRaisingEvents = true; | |
applicationLog.EntryWritten += ApplicationLog_EntryWritten; | |
// capturing 4634;4647;4624;4625;4648 events | |
EventLog secuirityLog = new EventLog("Security"); | |
secuirityLog.EnableRaisingEvents = true; | |
secuirityLog.EntryWritten += SecurityLog_EntryWritten; | |
} | |
catch (Exception ex) | |
{ | |
Console.WriteLine("in the catch block of set event handlers"); | |
Console.WriteLine(ex.Message); | |
} | |
} | |
/// <summary> | |
/// capturing 11707;11724 events | |
/// </summary> | |
/// <param name="sender"></param> | |
/// <param name="e"></param> | |
internal async void ApplicationLog_EntryWritten(object sender, EntryWrittenEventArgs e) | |
{ | |
try | |
{ | |
long eventID = e.Entry.EventID; | |
if (eventID == 11707 || eventID == 11724) | |
{ | |
Console.WriteLine("event occured {0}", eventID); | |
Console.WriteLine(string.Format(Configs.EventFired, eventID)); | |
string softwareName = string.Empty; | |
if (e.Entry.Message.Contains(Configs.EventContains)) | |
{ | |
softwareName = e.Entry.Message.Replace(Configs.EventReplace, ""). | |
Replace(Configs.EventInsReplace, ""); | |
} | |
else | |
{ | |
softwareName = e.Entry.Message.Replace(Configs.EventReplace, ""). | |
Replace(Configs.EventUnInsReplace, ""); | |
} | |
Console.WriteLine(string.Format(Configs.SoftwareName, softwareName)); | |
} | |
} | |
catch (Exception ex) | |
{ | |
Console.WriteLine("in the catch block of ApplicationLog_EntryWritten"); | |
Console.WriteLine(ex.Message); | |
} | |
} | |
/// <summary> | |
/// capturing 4634;4647;4624;4625;4648 events | |
/// </summary> | |
/// <param name="sender"></param> | |
/// <param name="e"></param> | |
internal async void SecurityLog_EntryWritten(object sender, EntryWrittenEventArgs e) | |
{ | |
try | |
{ | |
long eventID = e.Entry.EventID; | |
string logMessage = e.Entry.Message; | |
if (eventID == 4624 && logMessage.Contains("New Logon:")) | |
{ | |
Console.WriteLine("event occured {0}", eventID); | |
// parsing the string for NewLogon Text | |
int indexFrom = logMessage.IndexOf(Configs.EventMessageLogonText); | |
string logonString = logMessage.Substring(indexFrom, logMessage.Length - indexFrom); | |
int indexTo = logonString.IndexOf(Configs.EventMessageLogonIDText); | |
string specificString = logonString.Substring(0, indexTo); | |
// check if the accoutnvDomainName has GGKTECH and then parse the account domain name | |
if (specificString.Contains(Configs.EventMessageAccountDomainText)) | |
{ | |
string[] lines = specificString.Split(new string[] { Environment.NewLine }, StringSplitOptions.None); | |
string line = lines.SingleOrDefault(l => l.Contains(Configs.EventMessageAccountDomainText)); | |
string[] temp = line.Split(':'); | |
string domainName = temp[1].Trim(); | |
// Check if the DomainName is GGKTech | |
if (domainName.Equals(Configs.EventDomainName)) | |
{ | |
Console.WriteLine(string.Format(Configs.EventFired, eventID)); | |
lines = specificString.Split(new string[] { Environment.NewLine }, StringSplitOptions.None); | |
line = lines.SingleOrDefault(l => l.Contains(Configs.EventMessageAccountNameText)); | |
temp = line.Split(':'); | |
string userName = temp[1].Trim().ToLower(); | |
Console.WriteLine(userName); | |
} | |
} | |
} | |
} | |
catch (Exception ex) | |
{ | |
Console.WriteLine("in the catch block of SecurityLog_EntryWritten"); | |
Console.WriteLine(ex.Message); | |
} | |
} | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment