DSAccessMonitor/DSEvent.cs at master · Neio/DSAccessMonitor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
using System;
using System.Collections.Generic;
using System.Diagnostics.Eventing.Reader;
using System.DirectoryServices;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace PropertyChange
{
    public abstract class DSEvent<T> : IDisposable
        where T :class
    {
        public DSEvent(string remoteComputer, string domain, string username, string password)
        {
            Setup(remoteComputer, domain, username, password);
        }

        public DSEvent(string remoteComputer)
        {
            Setup(remoteComputer, null, null, null);
        }

        public DSEvent()
        {
            Setup(null, null, null, null);
        }

        private void Setup(string remoteComputer, string domain, string username, string password)
        {
            m_watcher = EventLogHelper.GetEventWatcher(remoteComputer, domain, username, password, "Security", GetQueryString());
            m_watcher.EventRecordWritten += (sender, e) =>
            {
                if (e.EventRecord != null && NewEvent != null)
                {
                    NewEvent(Parse(e.EventRecord));
                }
            };
            m_watcher.Enabled = true;
        }

        public void ResetListener()
        {
            if (!m_watcher.Enabled)
            {
                Console.ForegroundColor = ConsoleColor.Yellow;
                Console.WriteLine("Reset listener");
                Console.ResetColor();
                m_watcher.Enabled = true;
            }
        }

        public event Action<T> NewEvent;

        private EventLogWatcher m_watcher;

        public IEnumerable<T> GetRecords(string remoteComputer, string domain, string username, string password)
        {
            return EventLogHelper.GetEvents(remoteComputer, domain, username, password, "Security", GetQueryString()).Select(item => Parse(item));
        }

        protected virtual T Parse(EventRecord item)
        {
            return default(T);
        }

        protected virtual string GetQueryString()
        {
            return "";
        }

        protected static ICache<String> s_objCache = new TimeCache<string>(new TimeSpan(1, 0, 0));

        protected static String GetDN(string guid)
        {
            return s_objCache.Get(guid, () => {
                try
                {
                    var value = new DirectoryEntry(String.Format("LDAP://<GUID={0}>", guid)).Properties["distinguishedName"].Value as string;
                    return value;
                }
                catch
                {
                    return "<Unknown Object>";
                }
            });

        }

        private bool m_disposed = false;

        public void Dispose()
        {
            if (!m_disposed)
            {
                m_disposed = true;
                m_watcher.Enabled = false;
                m_watcher.Dispose();
                m_watcher = null;
            }
        }
    }
}