diff --git a/TimberWinR/Inputs/IISLog.cs b/TimberWinR/Inputs/IISLog.cs new file mode 100644 index 0000000..c5e92e7 --- /dev/null +++ b/TimberWinR/Inputs/IISLog.cs @@ -0,0 +1,72 @@ +using System; +using System.Collections.Generic; +using System.Globalization; +using System.Text; +using System.Xml.Linq; + +namespace TimberWinR.Inputs +{ + public class IISLog : InputBase + { + public const string ParentTagName = "IISLogs"; + public new const string TagName = "IISLog"; + + public string Name { get; private set; } + public string Location { get; private set; } + public int ICodepage { get; private set; } + public int Recurse { get; private set; } + public string MinDateMod { get; private set; } + public string Locale { get; private set; } + public string ICheckpoint { get; private set; } + public List Fields { get; private set; } + + public static void Parse(List iislogs, XElement iislogElement) + { + iislogs.Add(parseIISLog(iislogElement)); + } + + static IISLog parseIISLog(XElement e) + { + return new IISLog(e); + } + + public IISLog(XElement parent) + { + Name = ParseRequiredStringAttribute(parent, "name"); + Location = ParseRequiredStringAttribute(parent, "location"); + ICodepage = ParseIntAttribute(parent, "iCodepage", -2); + Recurse = ParseIntAttribute(parent, "recurse", 0); + MinDateMod = ParseDateAttribute(parent, "minDateMod"); + Locale = ParseStringAttribute(parent, "locale", "DEF"); + ICheckpoint = ParseStringAttribute(parent, "iCheckpoint"); + parseFields(parent); + } + + private void parseFields(XElement parent) + { + Dictionary allPossibleFields = new Dictionary() + { + { "LogFilename", typeof(string) }, + { "LogRow", typeof(int) }, + { "UserIP", typeof(string) }, + { "UserName", typeof(string) }, + { "Date", typeof(DateTime) }, + { "Time", typeof(DateTime) }, + { "ServiceInstance", typeof(string) }, + { "HostName", typeof(string) }, + { "ServerIP", typeof(string) }, + { "TimeTaken", typeof(int) }, + { "BytesSent", typeof(int) }, + { "BytesReceived", typeof(int) }, + { "StatusCode", typeof(int) }, + { "Win32StatusCode", typeof(int) }, + { "RequestType", typeof(string) }, + { "Target", typeof(string) }, + { "Parameters", typeof(string) } + }; + + Fields = ParseFields(parent, allPossibleFields); + } + + } +} diff --git a/TimberWinR/Inputs/IISW3CLog.cs b/TimberWinR/Inputs/IISW3CLog.cs new file mode 100644 index 0000000..e443bda --- /dev/null +++ b/TimberWinR/Inputs/IISW3CLog.cs @@ -0,0 +1,89 @@ +using System; +using System.Collections.Generic; +using System.Text; +using System.Xml.Linq; + +namespace TimberWinR.Inputs +{ + public class IISW3CLog : InputBase + { + public const string ParentTagName = "IISW3CLogs"; + public new const string TagName = "IISW3CLog"; + + public string Name { get; private set; } + public string Location { get; private set; } + public int ICodepage { get; private set; } + public int Recurse { get; private set; } + public string MinDateMod { get; private set; } + public bool DQuotes { get; private set; } + public bool DirTime { get; private set; } + public bool ConsolidateLogs { get; private set; } + public string ICheckpoint { get; private set; } + public List Fields { get; private set; } + + public static void Parse(List iisw3clogs, XElement iisw3clogElement) + { + iisw3clogs.Add(parseIISW3CLog(iisw3clogElement)); + } + + static IISW3CLog parseIISW3CLog(XElement e) + { + return new IISW3CLog(e); + } + + public IISW3CLog(XElement parent) + { + Name = ParseRequiredStringAttribute(parent, "name"); + Location = ParseRequiredStringAttribute(parent, "location"); + ICodepage = ParseIntAttribute(parent, "iCodepage", -2); + Recurse = ParseIntAttribute(parent, "recurse", 0); + DQuotes = ParseBoolAttribute(parent, "dQuotes", false); + DirTime = ParseBoolAttribute(parent, "dirTime", false); + ConsolidateLogs = ParseBoolAttribute(parent, "consolidateLogs", false); + ICheckpoint = ParseStringAttribute(parent, "iCheckpoint"); + parseFields(parent); + } + + private void parseFields(XElement parent) + { + Dictionary allPossibleFields = new Dictionary() + { + { "LogFilename", typeof(string) }, + { "LogRow", typeof(int) }, + { "date", typeof(DateTime) }, + { "time", typeof(DateTime) }, + { "c-ip", typeof(string) }, + { "cs-username", typeof(string) }, + { "s-sitename", typeof(string) }, + { "s-computername", typeof(int) }, + { "s-ip", typeof(string) }, + { "s-port", typeof(int) }, + { "cs-method", typeof(string) }, + { "cs-uri-stem", typeof(string) }, + { "cs-uri-query", typeof(string) }, + { "sc-status", typeof(int) }, + { "sc-substatus", typeof(int) }, + { "sc-win32-status", typeof(int) }, + { "sc-bytes", typeof(int) }, + { "cs-bytes", typeof(int) }, + { "time-taken", typeof(int) }, + { "cs-version", typeof(string) }, + { "cs-host", typeof(string) }, + { "cs(User-Agent)", typeof(string) }, + { "cs(Cookie)", typeof(string) }, + { "cs(Referer)", typeof(string) }, + { "s-event", typeof(string) }, + { "s-process-type", typeof(string) }, + { "s-user-time", typeof(double) }, + { "s-kernel-time", typeof(double) }, + { "s-page-faults", typeof(int) }, + { "s-total-procs", typeof(int) }, + { "s-active-procs", typeof(int) }, + { "s-stopped-procs", typeof(int) } + }; + + Fields = ParseFields(parent, allPossibleFields); + } + + } +} diff --git a/TimberWinR/Inputs/InputBase.cs b/TimberWinR/Inputs/InputBase.cs index a5dfea6..9b4e116 100644 --- a/TimberWinR/Inputs/InputBase.cs +++ b/TimberWinR/Inputs/InputBase.cs @@ -8,11 +8,11 @@ using System.Xml.Linq; namespace TimberWinR.Inputs { - public abstract class InputBase + public abstract class InputBase : Parsers { public const string TagName = "Inputs"; - internal List parseFields(XElement parent, Dictionary allPossibleFields) + protected static List ParseFields(XElement parent, Dictionary allPossibleFields) { IEnumerable xml_fields = from el in parent.Elements("Fields").Elements("Field") @@ -57,120 +57,6 @@ namespace TimberWinR.Inputs return fields; } - protected static string ParseRequiredStringAttribute(XElement e, string attributeName) - { - XAttribute a = e.Attribute(attributeName); - if (a != null) - return a.Value; - else - throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(e, attributeName); - } - - protected static string ParseStringAttribute(XElement e, string attributeName, string defaultValue = "") - { - string retValue = defaultValue; - XAttribute a = e.Attribute(attributeName); - if (a != null) - retValue = a.Value; - return retValue; - } - - protected static string ParseDateAttribute(XElement e, string attributeName, string defaultValue = "") - { - string retValue = defaultValue; - XAttribute a = e.Attribute(attributeName); - if (a != null) - { - DateTime dt; - if (DateTime.TryParseExact(a.Value, - "yyyy-MM-dd hh:mm:ss", - CultureInfo.InvariantCulture, - DateTimeStyles.None, - out dt)) - { - retValue = a.Value; - } - else - { - throw new TimberWinR.ConfigurationErrors.InvalidAttributeDateValueException(a); - } - } - - return retValue; - } - - protected static bool ParseRequiredBoolAttribute(XElement e, string attributeName) - { - XAttribute a = e.Attribute(attributeName); - if (a == null) - throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(e.Attribute(attributeName)); - - switch (a.Value) - { - case "ON": - case "true": - return true; - - case "OFF": - case "false": - return false; - - default: - throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(e.Attribute(attributeName)); - } - } - - protected static string ParseEnumAttribute(XElement e, string attributeName, IEnumerable values, string defaultValue) - { - XAttribute a = e.Attribute(attributeName); - - if (a != null) - { - string v = a.Value; - if (values.Contains(v)) - return v; - else - throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(e.Attribute(attributeName)); - } - return defaultValue; - } - - protected static int ParseIntAttribute(XElement e, string attributeName, int defaultValue) - { - XAttribute a = e.Attribute(attributeName); - if (a != null) - { - int valInt; - if (int.TryParse(a.Value, out valInt)) - return valInt; - else - throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a); - } - return defaultValue; - } - protected static bool ParseBoolAttribute(XElement e, string attributeName, bool defaultValue) - { - bool retValue = defaultValue; - XAttribute a = e.Attribute(attributeName); - - if (a != null) - { - switch (a.Value) - { - case "ON": - case "true": - retValue = true; - break; - - case "OFF": - case "false": - retValue = false; - break; - } - } - return retValue; - } - public override string ToString() { StringBuilder sb = new StringBuilder(); diff --git a/TimberWinR/Inputs/TailFileInput.cs b/TimberWinR/Inputs/TailFileInput.cs index 0d2a569..ebcdd62 100644 --- a/TimberWinR/Inputs/TailFileInput.cs +++ b/TimberWinR/Inputs/TailFileInput.cs @@ -34,10 +34,10 @@ namespace TimberWinR.Inputs ICodepage = ParseIntAttribute(parent, "iCodepage", 0); Recurse = ParseIntAttribute(parent, "recurse", 0); SplitLongLines = ParseBoolAttribute(parent, "splitLongLines", false); - ParseFields(parent); + parseFields(parent); } - private void ParseFields(XElement parent) + private void parseFields(XElement parent) { Dictionary allPossibleFields = new Dictionary() { @@ -46,7 +46,7 @@ namespace TimberWinR.Inputs { "Text", typeof(string) } }; - Fields = base.parseFields(parent, allPossibleFields); + Fields = ParseFields(parent, allPossibleFields); } } diff --git a/TimberWinR/Inputs/WindowsEvent.cs b/TimberWinR/Inputs/WindowsEvent.cs new file mode 100644 index 0000000..91e0683 --- /dev/null +++ b/TimberWinR/Inputs/WindowsEvent.cs @@ -0,0 +1,75 @@ +using System; +using System.Collections.Generic; +using System.Text; +using System.Xml.Linq; +using Microsoft.SqlServer.Server; + +namespace TimberWinR.Inputs +{ + public class WindowsEvent : InputBase + { + public const string ParentTagName = "WindowsEvents"; + public new const string TagName = "Event"; + + public string Source { get; private set; } + public bool FullText { get; private set; } + public bool ResolveSIDS { get; private set; } + public bool FormatMsg { get; private set; } + public string MsgErrorMode { get; private set; } + public bool FullEventCode { get; private set; } + public string Direction { get; private set; } + public string StringsSep { get; private set; } + public string ICheckpoint { get; private set; } + public string BinaryFormat { get; private set; } + public List Fields { get; private set; } + + public static void Parse(List events, XElement eventElement) + { + events.Add(parseEvent(eventElement)); + } + + static WindowsEvent parseEvent(XElement e) + { + return new WindowsEvent(e); + } + + WindowsEvent(XElement parent) + { + Source = ParseRequiredStringAttribute(parent, "source"); + FullText = ParseBoolAttribute(parent, "fullText", true); + ResolveSIDS = ParseBoolAttribute(parent, "resolveSIDS", true); + FormatMsg = ParseBoolAttribute(parent, "formatMsg", true); + MsgErrorMode = ParseEnumAttribute(parent, "msgErrorMode", new string[] {"NULL", "ERROR", "MSG"}, "MSG"); + FullEventCode = ParseBoolAttribute(parent, "fullEventCode", false); ; + Direction = ParseEnumAttribute(parent, "direction", new string[] { "FW", "BW" }, "FW"); + StringsSep = ParseStringAttribute(parent, "stringsSep", "|"); + BinaryFormat = ParseEnumAttribute(parent, "binaryFormat", new string[] { "ASC", "PRINT", "HEX" }, "PRINT"); + parseFields(parent); + } + + private void parseFields(XElement parent) + { + Dictionary allPossibleFields = new Dictionary() + { + { "EventLog", typeof(string) }, + { "RecordNumber", typeof(int) }, + { "TimeGenerated", typeof(DateTime) }, + { "TimeWritten", typeof(DateTime) }, + { "EventID", typeof(int) }, + { "EventType", typeof(int) }, + { "EventTypeName", typeof(string) }, + { "EventCategory", typeof(int) }, + { "EventCategoryName", typeof(string) }, + { "SourceName", typeof(string) }, + { "Strings", typeof(string) }, + { "ComputerName", typeof(string) }, + { "SID", typeof(string) }, + { "Message", typeof(string) }, + { "Data", typeof(string) } + }; + + Fields = ParseFields(parent, allPossibleFields); + } + + } +} \ No newline at end of file diff --git a/TimberWinR/Parsers.cs b/TimberWinR/Parsers.cs new file mode 100644 index 0000000..bfae4de --- /dev/null +++ b/TimberWinR/Parsers.cs @@ -0,0 +1,124 @@ +using System; +using System.Collections.Generic; +using System.Globalization; +using System.Linq; +using System.Xml; +using System.Xml.Linq; +using TimberWinR.Inputs; + +public abstract class Parsers +{ + protected static string ParseRequiredStringAttribute(XElement e, string attributeName) + { + XAttribute a = e.Attribute(attributeName); + if (a != null) + return a.Value; + else + throw new TimberWinR.ConfigurationErrors.MissingRequiredAttributeException(e, attributeName); + } + + protected static string ParseStringAttribute(XElement e, string attributeName, string defaultValue = "") + { + string retValue = defaultValue; + XAttribute a = e.Attribute(attributeName); + if (a != null) + retValue = a.Value; + return retValue; + } + + protected static string ParseDateAttribute(XElement e, string attributeName, string defaultValue = "") + { + string retValue = defaultValue; + XAttribute a = e.Attribute(attributeName); + if (a != null) + { + DateTime dt; + if (DateTime.TryParseExact(a.Value, + "yyyy-MM-dd hh:mm:ss", + CultureInfo.InvariantCulture, + DateTimeStyles.None, + out dt)) + { + retValue = a.Value; + } + else + { + throw new TimberWinR.ConfigurationErrors.InvalidAttributeDateValueException(a); + } + } + + return retValue; + } + + protected static bool ParseRequiredBoolAttribute(XElement e, string attributeName) + { + XAttribute a = e.Attribute(attributeName); + if (a == null) + throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(e.Attribute(attributeName)); + + switch (a.Value) + { + case "ON": + case "true": + return true; + + case "OFF": + case "false": + return false; + + default: + throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(e.Attribute(attributeName)); + } + } + + protected static string ParseEnumAttribute(XElement e, string attributeName, IEnumerable values, string defaultValue) + { + XAttribute a = e.Attribute(attributeName); + + if (a != null) + { + string v = a.Value; + if (values.Contains(v)) + return v; + else + throw new TimberWinR.ConfigurationErrors.InvalidAttributeValueException(e.Attribute(attributeName)); + } + return defaultValue; + } + + protected static int ParseIntAttribute(XElement e, string attributeName, int defaultValue) + { + XAttribute a = e.Attribute(attributeName); + if (a != null) + { + int valInt; + if (int.TryParse(a.Value, out valInt)) + return valInt; + else + throw new TimberWinR.ConfigurationErrors.InvalidAttributeIntegerValueException(a); + } + return defaultValue; + } + protected static bool ParseBoolAttribute(XElement e, string attributeName, bool defaultValue) + { + bool retValue = defaultValue; + XAttribute a = e.Attribute(attributeName); + + if (a != null) + { + switch (a.Value) + { + case "ON": + case "true": + retValue = true; + break; + + case "OFF": + case "false": + retValue = false; + break; + } + } + return retValue; + } +} diff --git a/TimberWinR/TimberWinR.csproj b/TimberWinR/TimberWinR.csproj index 9da6995..df99707 100644 --- a/TimberWinR/TimberWinR.csproj +++ b/TimberWinR/TimberWinR.csproj @@ -81,6 +81,7 @@ + True