diff --git a/README.md b/README.md index 0f87d80..191db3a 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ The current supported Input format sources are: 2. [Tcp](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/TcpInput.md) (listens on a port for JSON messages) 3. [IISW3C](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/IISW3CInput.md)(Internet Information Services W3C Format) 4. [WindowsEvents](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/WindowsEvents.md) (Windows Event Viewer) + 5. [Stdin](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/StdInput.md) (Standard Input for Debugging) ## Filters The current list of supported filters are: diff --git a/TimberWinR.ServiceHost/config.json b/TimberWinR.ServiceHost/config.json index ed19c09..af54e40 100644 --- a/TimberWinR.ServiceHost/config.json +++ b/TimberWinR.ServiceHost/config.json @@ -1,6 +1,11 @@ { "TimberWinR": { "Inputs": { + "Stdin": [ + { + "codec": "json" + } + ], "WindowsEvents": [ { "source": "System,Application", diff --git a/TimberWinR/Configuration.cs b/TimberWinR/Configuration.cs index 15dec00..d395db0 100644 --- a/TimberWinR/Configuration.cs +++ b/TimberWinR/Configuration.cs @@ -58,6 +58,13 @@ namespace TimberWinR get { return _iisw3clogs; } } + + private List _stdins = new List(); + public IEnumerable Stdins + { + get { return _stdins; } + } + private List _filters = new List(); public IEnumerable Filters @@ -95,6 +102,8 @@ namespace TimberWinR c._events = x.TimberWinR.Inputs.WindowsEvents.ToList(); if (x.TimberWinR.Inputs.IISW3CLogs != null) c._iisw3clogs = x.TimberWinR.Inputs.IISW3CLogs.ToList(); + if (x.TimberWinR.Inputs.Stdins != null) + c._stdins = x.TimberWinR.Inputs.Stdins.ToList(); if (x.TimberWinR.Inputs.Logs != null) c._logs = x.TimberWinR.Inputs.Logs.ToList(); if (x.TimberWinR.Inputs.Tcps != null) diff --git a/TimberWinR/Inputs/StdinListener.cs b/TimberWinR/Inputs/StdinListener.cs new file mode 100644 index 0000000..2ebaa1d --- /dev/null +++ b/TimberWinR/Inputs/StdinListener.cs @@ -0,0 +1,48 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; +using NLog; + +namespace TimberWinR.Inputs +{ + public class StdinListener : InputListener + { + private Thread _listenThread; + + public StdinListener(CancellationToken cancelToken) + : base(cancelToken, "Win32-Console") + { + _listenThread = new Thread(new ThreadStart(ListenToStdin)); + _listenThread.Start(); + } + + public override void Shutdown() + { + base.Shutdown(); + } + + private void ListenToStdin() + { + LogManager.GetCurrentClassLogger().Info("StdIn Ready"); + + while (!CancelToken.IsCancellationRequested) + { + string line = Console.ReadLine(); + if (line != null) + { + string msg = ToPrintable(line); + JObject jo = new JObject(); + jo["message"] = msg; + ProcessJson(jo); + } + else + break; + } + Finished(); + } + } +} diff --git a/TimberWinR/Manager.cs b/TimberWinR/Manager.cs index a04bbb0..83044fe 100644 --- a/TimberWinR/Manager.cs +++ b/TimberWinR/Manager.cs @@ -107,6 +107,16 @@ namespace TimberWinR foreach (var output in Outputs) output.Connect(elistner); } + + + foreach (var tcp in Config.Stdins) + { + var elistner = new StdinListener(cancelToken); + Listeners.Add(elistner); + foreach (var output in Outputs) + output.Connect(elistner); + } + } /// diff --git a/TimberWinR/Parser.cs b/TimberWinR/Parser.cs index 7ecc0ed..8a4f97a 100644 --- a/TimberWinR/Parser.cs +++ b/TimberWinR/Parser.cs @@ -275,6 +275,14 @@ namespace TimberWinR.Parser } } + public class Stdin : IValidateSchema + { + public void Validate() + { + + } + } + public class Log : IValidateSchema { [JsonProperty(PropertyName = "location")] @@ -432,6 +440,9 @@ namespace TimberWinR.Parser [JsonProperty("IISW3CLogs")] public IISW3CLog[] IISW3CLogs { get; set; } + + [JsonProperty("Stdin")] + public Stdin[] Stdins { get; set; } } public partial class Grok : LogstashFilter, IValidateSchema diff --git a/TimberWinR/TimberWinR.csproj b/TimberWinR/TimberWinR.csproj index a196196..278e2cb 100644 --- a/TimberWinR/TimberWinR.csproj +++ b/TimberWinR/TimberWinR.csproj @@ -74,6 +74,7 @@ + diff --git a/TimberWinR/mdocs/StdinInput.md b/TimberWinR/mdocs/StdinInput.md new file mode 100644 index 0000000..c7ec234 --- /dev/null +++ b/TimberWinR/mdocs/StdinInput.md @@ -0,0 +1,28 @@ +# Input: Stdin + +The Stdin Input will read from the console (Console.ReadLine) and build a simple message for testing. + +## Parameters +There are no Parameters at this time. + +```json +{ + "TimberWinR": { + "Inputs": { + "Stdin": [ + { + "_comment": "Read from Console" + } + ] + } + } +} +``` +## Fields + +A field: "type": "Win32-Stdin" is automatically appended, and the entire JSON is passed on vertabim +| Name | Type | Description | +| ---- |:-----| :-----------------------------------------------------------------------| +| type | STRING |Win32-Stdin +| message | STRING | The message typed in | +