Created
November 22, 2017 14:59
-
-
Save ShekharReddy4/fd177e9d4f4536859647c7302e6165c7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.IO; | |
using System.Linq; | |
using System.Text; | |
using System.Threading.Tasks; | |
namespace ConsoleApplication9 | |
{ | |
public static class Configs | |
{ | |
// Log Mes sages | |
public static string TimerStarted = "Timer Started **********************************************"; | |
public static string TimerEnded = "Timer Ended **********************************************"; | |
public static string SettingsUpdateStarted = "Updating Settings Started"; | |
public static string SettingsUpdateEnded = "Updating Settings Completed"; | |
public static string ServiceUpdateStarted = "Service Update Started"; | |
public static string ServiceUpdateEnded = "Service Update Completed"; | |
public static string SWInfoStarted = "Software Info Started"; | |
public static string SWInfoEnded = "Software Info Completed"; | |
public static string AssetInfoStarted = "Asset Info Started"; | |
public static string AssetInfoEnded = "Asset Info Completed"; | |
public static string ResetLocalDBStarted = "Reset Local DB Started"; | |
public static string ResetLocalDBEnded = "Reset Local DB Completed"; | |
public static string ResetLocalDBSucessfull = "Local DB Resetted Sucessfully"; | |
public static string EventMessageLogonText = "New Logon:"; | |
public static string EventMessageLogonIDText = "Logon ID:"; | |
public static string EventMessageAccountNameSystemText = "Account Name:\t\tSYSTEM"; | |
public static string EventMessageAccountNameText = "Account Name:"; | |
public static string EventMessageAccountDomainText = "Account Domain:\t\tGGKTECH"; | |
public static string EventDomainName = "GGKTECH"; | |
// Routes | |
public static string GetSettingsByTypeRoute = "Settings/GetSettingsByType?type={0}&assetTag={1}"; | |
public static string AddUpdateSoftwaresRoute = "Software/AddUpdateSoftwares"; | |
public static string GetSoftwaresByAssetRoute = "Software/GetSoftwaresByAsset?assetTag={0}"; | |
public static string SWInstallationRoute = "Software/SWInstallation"; | |
public static string GetLatestVersion = "ServiceUpdate/GetLatestVersion"; | |
public static string DownloadServiceRoute = "ServiceUpdate/DownloadService?version={0}"; | |
public static string UpdateSWLastUpdateDateRoute = "Software/UpdateSWLastUpdateDate?assetTag={0}"; | |
public static string GetAssetInfoRoute = "AssetInfo/GetAssetInfo?assetTag={0}"; | |
public static string UpdateAILastUpdateDateRoute = "AssetInfo/UpdateAILastUpdateDate?assetTag={0}"; | |
public static string UpdateAssetInfoRoute = "AssetInfo/UpdateAssetInfo"; | |
public static string UpdateResetLocalDB = "ServiceUpdate/ChangeResetLocalDBStatus?assetTag={0}"; | |
public static string EventContains = "Installation"; | |
public static string EventReplace = "Product: "; | |
public static string EventInsReplace = " -- Installation completed successfully."; | |
public static string EventUnInsReplace = " -- Removal completed successfully."; | |
public static string WorkingDirectoryPath = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName; | |
public static string Version = @"Version : {0}"; | |
public static string SettingNotFound = @"Unable to get settings from API"; | |
public static double IntervalMin = 5; | |
public static string EventFired = @"Event : {0} ---------------------------------"; | |
public static string EventFiredCompleted = @"---------------------------------------------"; | |
public static string SoftwareName = @"Software Name : {0}"; | |
public static string MailSendingStarted = @"Mail Sending Started"; | |
public static string UserMailSendingStarted = @"User Mail Sending Started"; | |
public static string MailSendingEnded = @"Mail Sending Completed"; | |
public static string UserMailSendingEnded = @"User Mail Sending Completed"; | |
public static string LogPath = @"Log Path {0}"; | |
//Notificattioon Service | |
//SNA mail subject | |
public static string SNAAssetsSubject = "SNA Assets Report " + DateTime.Now.ToShortDateString(); | |
public static string SNASASubject = "SNA Service Version Report " + DateTime.Now.ToShortDateString(); | |
public static string SNAEmailBody = "Hi <br/><br/> Please find the below attachments <br/><br/> " + | |
" 1. Total assets by location <br/> 2. Softwares installed/uninstalled report of last week"; | |
public static string SNASAEmailBody = "Hi <br/><br/> Please find the below attachments <br/><br/> " + | |
" 1. The Following Assets Service Version is not updated from past 3 days <br/>  "; | |
//SNA folder path | |
public static string SNAFolderPath = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName | |
.Replace("\\bin\\Debug", "") | |
.Replace("\\bin\\Release", "") | |
+ "\\Reports\\SNA\\"; | |
//SNA mail attchments paths | |
public static string SNAAssetAttachmentUppal = SNAFolderPath + @"Uppal-SNAAssets.xlsx"; | |
public static string SNAAssetAttachmentJH = SNAFolderPath + @"JH-SNAAssets.xlsx"; | |
public static string SNAAssetAttachmentWaveRock = SNAFolderPath + @"WR-SNAAssets.xlsx"; | |
public static string SNASWAttachmentUppal = SNAFolderPath + @"Uppal-SNASW.xlsx"; | |
public static string SNASWAttachmentJH = SNAFolderPath + @"JH-SNASW.xlsx"; | |
public static string SNASWAttachmentWaveRock = SNAFolderPath + @"WR-SNASW.xlsx"; | |
public static string SNAWSAttachmentUppal = SNAFolderPath + @"Uppal-SNAWS.xlsx"; | |
public static string SNAWSAttachmentJH = SNAFolderPath + @"JH-SNAWS.xlsx"; | |
public static string SNAWSAttachmentWaveRock = SNAFolderPath + @"WR-SNAWS.xlsx"; | |
public static string SNASAAttachmentUppal = SNAFolderPath + @"Uppal-SNASA.xlsx"; | |
public static string SNASAAttachmentWaveRock = SNAFolderPath + @"WR-SNASA.xlsx"; | |
public static string SNASAAttachmentJH = SNAFolderPath + @"JH-SNASA.xlsx"; | |
//SNA folder path | |
public static string AdminFolderPath = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName | |
.Replace("\\bin\\Debug", "") | |
.Replace("\\bin\\Release", "") | |
+ "\\Reports\\Admin\\"; | |
//Admin mail subject | |
public static string AdminSubject = "Admin Assets Report " + DateTime.Now.ToShortDateString(); | |
public static string AdminEmailBody = "Hi <br/><br/> Please find the below attachments <br/><br/> " + | |
" 1. Total assets by location <br/>"; | |
//Admin mail attchments paths | |
public static string AdminAssetAttachmentUppal = AdminFolderPath + @"Uppal-AdminAssets.xlsx"; | |
public static string AdminAssetAttachmentJH = AdminFolderPath + @"JH-AdminAssets.xlsx"; | |
public static string AdminAssetAttachmentWaveRock = AdminFolderPath + @"WR-AdminAssets.xlsx"; | |
public static string AdminWSAttachmentUppal = AdminFolderPath + @"Uppal-AdminWS.xlsx"; | |
public static string AdminWSAttachmentJH = AdminFolderPath + @"JH-AdminWS.xlsx"; | |
public static string AdminWSAttachmentWaveRock = AdminFolderPath + @"WR-AdminWS.xlsx"; | |
public static string SNAReportsStarted = "Started generating SNA reports"; | |
public static string SNAReportsCompleted = "Completed generating SNA reports"; | |
public static string AdminReportsStarted = "Started generating Admin reports"; | |
public static string AdminReportsCompleted = "Completed generating Admin reports"; | |
// local DB folder path | |
public static string LocalDBConnString = new FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).DirectoryName | |
.Replace("\\bin\\Debug", "") | |
.Replace("\\bin\\Release", "") | |
+ @"\\App_Data\\AMS.db;password=AMS@1234;"; | |
// DomainGroupAdmin Strings | |
public static string DomainName = "GGKTECH"; | |
public static string GroupName = "GGKTECH\\Domain Admins"; | |
// SNAEmailTempalte | |
public static string SNAUserEmailTempalte = "Please revert back with the approved ticket to {0} for this action"; | |
public static string SNAEmailTempalte = "User Name : {0} <br/>" + | |
"Time : {1} <br/>" + | |
"Machine : {2} <br/>" + | |
"Status : {3} <br/>"; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Microsoft.Win32; | |
using System; | |
using System.Diagnostics; | |
using System.IO; | |
using System.Linq; | |
using System.Threading; | |
namespace ConsoleApplication9 | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ | |
Program p = new Program(); | |
p.SetEventHandlers(); | |
DisplayEventLogProperties(); | |
while (true) | |
{ | |
Thread.Sleep(TimeSpan.FromHours(1)); | |
} | |
Console.ReadLine(); | |
} | |
internal void SetEventHandlers() | |
{ | |
try | |
{ | |
// capturing 11707;11724 events | |
EventLog applicationLog = new EventLog("Application"); | |
applicationLog.EnableRaisingEvents = true; | |
//applicationLog.ModifyOverflowPolicy(OverflowAction.OverwriteOlder, 1); | |
applicationLog.EntryWritten += new EntryWrittenEventHandler(ApplicationLog_EntryWritten); | |
// capturing 4634;4647;4624;4625;4648 events | |
EventLog secuirityLog = new EventLog("Security"); | |
secuirityLog.EnableRaisingEvents = true; | |
secuirityLog.EntryWritten += new EntryWrittenEventHandler(SecurityLog_EntryWritten); | |
} | |
catch (Exception ex) | |
{ | |
Console.WriteLine("in the catch block of set event handlers"); | |
Console.WriteLine(ex.Message); | |
} | |
} | |
/// <summary> | |
/// capturing 11707;11724 events | |
/// </summary> | |
/// <param name="sender"></param> | |
/// <param name="e"></param> | |
internal void ApplicationLog_EntryWritten(object sender, EntryWrittenEventArgs e) | |
{ | |
try | |
{ | |
long eventID = e.Entry.EventID; | |
if (eventID == 11707 || eventID == 11724) | |
{ | |
Console.WriteLine("event occured {0}", eventID); | |
Console.WriteLine(string.Format(Configs.EventFired, eventID)); | |
string softwareName = string.Empty; | |
if (e.Entry.Message.Contains(Configs.EventContains)) | |
{ | |
softwareName = e.Entry.Message.Replace(Configs.EventReplace, ""). | |
Replace(Configs.EventInsReplace, ""); | |
} | |
else | |
{ | |
softwareName = e.Entry.Message.Replace(Configs.EventReplace, ""). | |
Replace(Configs.EventUnInsReplace, ""); | |
} | |
Console.WriteLine(string.Format(Configs.SoftwareName, softwareName)); | |
} | |
} | |
catch (Exception ex) | |
{ | |
Console.WriteLine("in the catch block of ApplicationLog_EntryWritten"); | |
Console.WriteLine(ex.Message); | |
} | |
} | |
/// <summary> | |
/// capturing 4634;4647;4624;4625;4648 events | |
/// </summary> | |
/// <param name="sender"></param> | |
/// <param name="e"></param> | |
internal void SecurityLog_EntryWritten(object sender, EntryWrittenEventArgs e) | |
{ | |
try | |
{ | |
long eventID = e.Entry.EventID; | |
string logMessage = e.Entry.Message; | |
string logontype = string.Empty; | |
int logontypeint = 99; | |
foreach (var myString in logMessage.Split(new string[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries)) | |
{ | |
if (myString.Contains("Logon Type:")) | |
{ | |
logontype = myString; | |
logontypeint = Int32.Parse(logontype.Split(':')[1].Trim()); | |
} | |
} | |
if (eventID == 4624 && logMessage.Contains("New Logon:") && logontypeint == 7) | |
{ | |
Console.WriteLine("event occured {0}", eventID); | |
// parsing the string for NewLogon Text | |
int indexFrom = logMessage.IndexOf(Configs.EventMessageLogonText); | |
string logonString = logMessage.Substring(indexFrom, logMessage.Length - indexFrom); | |
int indexTo = logonString.IndexOf(Configs.EventMessageLogonIDText); | |
string specificString = logonString.Substring(0, indexTo); | |
// check if the accoutnvDomainName has GGKTECH and then parse the account domain name | |
if (specificString.Contains(Configs.EventMessageAccountDomainText)) | |
{ | |
string[] lines = specificString.Split(new string[] { Environment.NewLine }, StringSplitOptions.None); | |
string line = lines.SingleOrDefault(l => l.Contains(Configs.EventMessageAccountDomainText)); | |
string[] temp = line.Split(':'); | |
string domainName = temp[1].Trim(); | |
// Check if the DomainName is GGKTech | |
if (domainName.Equals(Configs.EventDomainName)) | |
{ | |
Console.WriteLine(string.Format(Configs.EventFired, eventID)); | |
lines = specificString.Split(new string[] { Environment.NewLine }, StringSplitOptions.None); | |
line = lines.SingleOrDefault(l => l.Contains(Configs.EventMessageAccountNameText)); | |
temp = line.Split(':'); | |
string userName = temp[1].Trim().ToLower(); | |
Console.WriteLine(userName); | |
Console.WriteLine(e.Entry.TimeGenerated.ToString()); | |
//if (e.Entry.TimeGenerated > DateTime.Now.AddMinutes(-1)) | |
//{ | |
Console.WriteLine(DateTime.Now.AddMinutes(-1)); | |
Console.WriteLine(DateTime.Now.AddMinutes(-1).ToString()); | |
//} | |
} | |
} | |
} | |
} | |
catch (Exception ex) | |
{ | |
Console.WriteLine("in the catch block of SecurityLog_EntryWritten"); | |
Console.WriteLine(ex.Message); | |
} | |
} | |
static void DisplayEventLogProperties() | |
{ | |
// Iterate through the current set of event log files, | |
// displaying the property settings for each file. | |
EventLog[] eventLogs = EventLog.GetEventLogs(); | |
foreach (EventLog e in eventLogs) | |
{ | |
Int64 sizeKB = 0; | |
Console.WriteLine(); | |
Console.WriteLine("{0}:", e.LogDisplayName); | |
Console.WriteLine(" Log name = \t\t {0}", e.Log); | |
Console.WriteLine(" Number of event log entries = {0}", e.Entries.Count.ToString()); | |
// Determine if there is an event log file for this event log. | |
RegistryKey regEventLog = Registry.LocalMachine.OpenSubKey("System\\CurrentControlSet\\Services\\EventLog\\" + e.Log); | |
if (regEventLog != null) | |
{ | |
Object temp = regEventLog.GetValue("File"); | |
if (temp != null) | |
{ | |
Console.WriteLine(" Log file path = \t {0}", temp.ToString()); | |
FileInfo file = new FileInfo(temp.ToString()); | |
// Get the current size of the event log file. | |
if (file.Exists) | |
{ | |
sizeKB = file.Length / 1024; | |
if ((file.Length % 1024) != 0) | |
{ | |
sizeKB++; | |
} | |
Console.WriteLine(" Current size = \t {0} kilobytes", sizeKB.ToString()); | |
} | |
} | |
else | |
{ | |
Console.WriteLine(" Log file path = \t <not set>"); | |
} | |
} | |
// Display the maximum size and overflow settings. | |
sizeKB = e.MaximumKilobytes; | |
Console.WriteLine(" Maximum size = \t {0} kilobytes", sizeKB.ToString()); | |
Console.WriteLine(" Overflow setting = \t {0}", e.OverflowAction.ToString()); | |
switch (e.OverflowAction) | |
{ | |
case OverflowAction.OverwriteOlder: | |
Console.WriteLine("\t Entries are retained a minimum of {0} days.", | |
e.MinimumRetentionDays); | |
break; | |
case OverflowAction.DoNotOverwrite: | |
Console.WriteLine("\t Older entries are not overwritten."); | |
break; | |
case OverflowAction.OverwriteAsNeeded: | |
Console.WriteLine("\t If number of entries equals max size limit, a new event log entry overwrites the oldest entry."); | |
break; | |
default: | |
break; | |
} | |
} | |
} | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment