Reorganized directory structure

2026-04-04 06:02:24 -04:00 · 2020-04-14 18:52:03 -04:00
commit d751eee8e6
32 changed files with 2813 additions and 0 deletions
--- a/cli/EventParser_ConsoleApp/App.config
+++ b/cli/EventParser_ConsoleApp/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <startup>
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
+  </startup>
+</configuration>
--- a/cli/EventParser_ConsoleApp/DataRecord.cs
+++ b/cli/EventParser_ConsoleApp/DataRecord.cs
@@ -0,0 +1,14 @@
+using System;
+
+namespace EventParser.ConsoleApp
+{
+    internal class DataRecord
+    {
+        public String Level { get; set; }
+        public String DateAndTime { get; set; }
+        public String Source { get; set; }
+        public String EventID { get; set; }
+        public String TaskCategory { get; set; }
+        public String InformationDump { get; set; }
+    }
+}
--- a/cli/EventParser_ConsoleApp/EventParser_CLI.csproj
+++ b/cli/EventParser_ConsoleApp/EventParser_CLI.csproj
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{0B61EE2C-2F75-4D41-BF75-A235E11309BC}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>EventParser_ConsoleApp</RootNamespace>
+    <AssemblyName>EventParser_ConsoleApp</AssemblyName>
+    <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <PublishUrl>D:\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <ApplicationRevision>1</ApplicationRevision>
+    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <PublishWizardCompleted>true</PublishWizardCompleted>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ManifestCertificateThumbprint>3F3076ECA4354C6804FCB68F0E0F981B9026B920</ManifestCertificateThumbprint>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ManifestKeyFile>EventParser_CLI_TemporaryKey.pfx</ManifestKeyFile>
+  </PropertyGroup>
+  <PropertyGroup>
+    <GenerateManifests>true</GenerateManifests>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SignManifests>true</SignManifests>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="CommandLineArgumentsParser, Version=3.0.20.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\CommandLineArgumentsParser.3.0.20\lib\net452\CommandLineArgumentsParser.dll</HintPath>
+    </Reference>
+    <Reference Include="CsvHelper, Version=12.0.0.0, Culture=neutral, PublicKeyToken=8c4959082be5c823, processorArchitecture=MSIL">
+      <HintPath>..\packages\CsvHelper.12.1.2\lib\net45\CsvHelper.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.ValueTuple, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.ValueTuple.4.4.0\lib\net461\System.ValueTuple.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="DataRecord.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config">
+      <SubType>Designer</SubType>
+    </None>
+    <None Include="packages.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.6.1">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.6.1 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>
--- a/cli/EventParser_ConsoleApp/Program.cs
+++ b/cli/EventParser_ConsoleApp/Program.cs
@@ -0,0 +1,197 @@
+using CommandLineParser.Arguments;
+using CommandLineParser.Exceptions;
+using CsvHelper;
+using System;
+using System.Collections;
+using System.Data;
+using System.Data.SqlClient;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Text.RegularExpressions;
+
+namespace EventParser.ConsoleApp
+{
+    public static class Arguments
+    {
+        public static string connString;
+        public static string input;
+        public static string output;
+    }
+
+    internal class Program
+    {
+        // Logfile is generated with five column headers instead of six. This method ensures the logfile matches the column name headings specified in DataRecords.
+        private static void AddMissingHeader()
+        {
+            Console.WriteLine("Replacing log file header...");
+            StreamReader reader = new StreamReader(Arguments.input);
+            string content = reader.ReadToEnd();
+            reader.Close();
+
+            content = Regex.Replace(content, "Level,Date and Time,Source,Event ID,Task Category", "Level,DateAndTime,Source,EventID,TaskCategory,InformationDump");
+
+            StreamWriter writer = new StreamWriter(Arguments.input); //overwrites existing file instead of creating new file
+            writer.Write(content);
+            writer.Close();
+        }
+
+        // Extracts account name and generates Unique ID. Writes parsed CSV file to specified output.
+        private static void ParseLog()
+        {
+            Console.WriteLine("Parsing log file...");
+
+            using (var sr = new StreamReader(Arguments.input))
+            {
+                using (var sw = new StreamWriter(Arguments.output))
+                {
+                    // CSVHelper initialization.
+                    var reader = new CsvReader(sr);
+                    var writer = new CsvWriter(sw);
+
+                    // Counters for records processed, and unique-ID logic respectively.
+                    int i = 0;
+                    int x = 0;
+
+                    // CSVReader will  read the whole file into an enumerable.
+                    IEnumerable records = reader.GetRecords<DataRecord>().ToList();
+
+                    foreach (DataRecord record in records)
+                    {
+                        // RegEx to extract account name.
+                        string pattern1 = @"(?<=New Logon:\r\n\tSecurity\ ID\:\t\t).*";
+                        //string pattern2 = @"REGEX GOES HERE";
+
+                        string uniqueID_timestamp = record.DateAndTime;
+
+                        // Logic for UniqueID.
+                        var uniqueID = $"{uniqueID_timestamp}-{x++}";
+
+                        // Order columns in CSV file will be written.
+                        writer.WriteField(uniqueID);
+                        writer.WriteField(record.Level);
+                        writer.WriteField(record.DateAndTime);
+                        writer.WriteField(record.Source);
+                        writer.WriteField(record.EventID);
+                        writer.WriteField(record.TaskCategory);
+
+                        string str = record.InformationDump;
+                        if (Regex.IsMatch(str, pattern1))
+                        {
+                            var matches = Regex.Matches(str, pattern1);
+                            foreach (Match m in matches)
+                            {
+                                string accountName = m.Value;
+                                writer.WriteField(accountName);
+                            }
+                        }
+                        else
+                        {
+                            // There are instances where a record has no account name to be extracted.
+                            writer.WriteField("Account name unavailable.");
+                        }
+
+                        //if (Regex.IsMatch(str, pattern2))
+                        //{
+                        //    var matches = Regex.Matches(str, pattern2);
+                        //    foreach (Match m in matches)
+                        //    {
+                        //        string extractedField = m.Value;
+
+                        //        //extractedField = extractedField.Replace(@"", "");
+                        //        writer.WriteField(extractedField);
+                        //    }
+                        //}
+                        //else
+                        //{
+                        //    writer.WriteField("Extracted field unavailable.");
+                        //}
+
+                        // Ensure end-of-record is specified when using WriteField method.
+                        writer.NextRecord();
+
+                        // Display number of records processed.
+                        // i++
+                        //i = i + 1;
+                        //Console.WriteLine($"Records processed: {i}");
+                    }
+                }
+            }
+        }
+
+        // Imports parsed CSV file into MS SQL Server through a Stored Procedure.
+        private static void ImportToMSSQL()
+        {
+            Console.WriteLine("Importing log file into MSSQL server...");
+
+            string connectionString = Arguments.connString;
+
+            using (SqlConnection connection = new SqlConnection(connectionString))
+            {
+                using (SqlCommand cmd = new SqlCommand("ImportLogs", connection))
+                {
+                    cmd.CommandType = CommandType.StoredProcedure;
+
+                    // See Stored Procedure.
+                    cmd.Parameters.Add("@filepath", SqlDbType.VarChar).Value = Arguments.output;
+
+                    connection.Open();
+
+                    cmd.ExecuteNonQuery();
+                }
+
+                connection.Close();
+            }
+        }
+
+        private static void Main(string[] args)
+        {
+            CommandLineParser.CommandLineParser parser = new CommandLineParser.CommandLineParser();
+
+            ValueArgument<string> inputLogFile = new ValueArgument<string>('i', "input", "Specify filepath of CSV file to process");
+            inputLogFile.Optional = false;
+            ValueArgument<string> outputLogFile = new ValueArgument<string>('o', "output", "Specify filepath to save CSV file");
+            outputLogFile.Optional = false;
+            ValueArgument<string> connectionString = new ValueArgument<string>('c', "connection", "Specify connection string");
+            connectionString.Optional = false;
+
+            parser.Arguments.Add(inputLogFile);
+            parser.Arguments.Add(outputLogFile);
+            parser.Arguments.Add(connectionString);
+
+            //parser.ShowUsageHeader = "Welcome to EventParser!";
+            //parser.ShowUsageFooter = "Thank you for using the application.";
+            //parser.ShowUsage();
+
+            try
+            {
+                parser.ParseCommandLine(args);
+                if (inputLogFile.Parsed)
+                { Arguments.input = inputLogFile.Value; }
+                if (outputLogFile.Parsed)
+                { Arguments.output = outputLogFile.Value; }
+                if (connectionString.Parsed)
+                { Arguments.connString = connectionString.Value; }
+            }
+            catch (CommandLineException e)
+            {
+                Console.WriteLine(e.Message);
+                parser.ShowUsage();
+            }
+
+            // Validation
+            if (Arguments.input != null && Arguments.output != null && Arguments.connString != null)
+            {
+                Console.WriteLine($"PROCESSING: {Arguments.input}");
+                Stopwatch sw = Stopwatch.StartNew();
+
+                AddMissingHeader();
+                ParseLog();
+                ImportToMSSQL();
+
+                Console.WriteLine("Success.");
+                Console.WriteLine($"Time elapsed: {sw.ElapsedMilliseconds} ms");
+            }
+        }
+    }
+}
--- a/cli/EventParser_ConsoleApp/Properties/AssemblyInfo.cs
+++ b/cli/EventParser_ConsoleApp/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("EventParser_ConsoleApp")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("EventParser_ConsoleApp")]
+[assembly: AssemblyCopyright("Copyright ©  2019")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("0b61ee2c-2f75-4d41-bf75-a235e11309bc")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/cli/EventParser_ConsoleApp/packages.config
+++ b/cli/EventParser_ConsoleApp/packages.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="CommandLineArgumentsParser" version="3.0.20" targetFramework="net461" />
+  <package id="CsvHelper" version="12.1.2" targetFramework="net461" />
+  <package id="System.ValueTuple" version="4.4.0" targetFramework="net461" />
+</packages>