/// <summary>
/// Load filters to find in event log
/// </summary>
/// <param name="node">specific XML including filter parameters</param>
static void LoadFilters(XmlNode node)
{
String patternSyslogLevel = "Emergency|Alert|Critical|Error|Warning|Notice|Informational|Debug";
Regex rSyslogLevel = new Regex(patternSyslogLevel, RegexOptions.IgnoreCase);
String patternSyslogFacility = "Kern|User|Mail|Daemon|Auth|Syslog|LPR|News|UUCP|Cron|AuthPriv|FTP|NTP|Audit|Audit2|CRON2|Local0|Local1|Local2|Local3|Local4|Local5|Local6|Local7";
Regex rSyslogFacility = new Regex(patternSyslogFacility, RegexOptions.IgnoreCase);
String[] eventLogName = null;
Filter iFilter = null;
Filter eFilter = null;
foreach (XmlNode childnode in node.ChildNodes)
{
eventLogName = null;
iFilter = new Filter();
eFilter = new Filter();
foreach (XmlNode cnode in childnode.ChildNodes)
{
if (cnode.Name.ToLower().CompareTo("event") == 0)
{
foreach (XmlNode paramNode in cnode.ChildNodes)
{
if (paramNode.Name.ToLower().CompareTo("eventlogname") == 0)
{
ArrayList temp = new ArrayList();
foreach (XmlNode element in paramNode.ChildNodes)
{
if (element.Name.IndexOf("#comment") < 0)
{
temp.Add(element.InnerText);
}
}
eventLogName = new String[temp.Count];
int i = 0;
foreach (String item in temp)
{
eventLogName.SetValue(item, i);
i++;
}
}
else if (paramNode.Name.ToLower().CompareTo("sources") == 0)
{
ArrayList itemp = new ArrayList();
ArrayList etemp = new ArrayList();
foreach (XmlNode element in paramNode.ChildNodes)
{
if (element.Name.IndexOf("include") >= 0)
{
itemp.Add(element.InnerText);
}
else if (element.Name.IndexOf("exclude") >= 0)
{
etemp.Add(element.InnerText);
}
}
if (itemp.Count > 0)
{
String[] strTemp = new String[itemp.Count];
int i = 0;
foreach (String item in itemp)
{
strTemp.SetValue(item, i);
i++;
}
iFilter.EventLogSources = strTemp;
}
if (etemp.Count > 0)
{
String[] strTemp = new String[etemp.Count];
int i = 0;
foreach (String item in etemp)
{
strTemp.SetValue(item, i);
i++;
}
eFilter.EventLogSources = strTemp;
}
}
else if (paramNode.Name.ToLower().CompareTo("id") == 0)
{
ArrayList itemp = new ArrayList();
ArrayList etemp = new ArrayList();
foreach (XmlNode element in paramNode.ChildNodes)
{
if (element.Name.IndexOf("include") >= 0)
{
itemp.Add(element.InnerText);
}
else if (element.Name.IndexOf("exclude") >= 0)
{
etemp.Add(element.InnerText);
}
}
if (itemp.Count > 0)
{
String[] strTemp = new String[itemp.Count];
int i = 0;
foreach (String item in itemp)
{
strTemp.SetValue(item, i);
i++;
}
iFilter.EventLogID = strTemp;
}
if (etemp.Count > 0)
{
String[] strTemp = new String[etemp.Count];
int i = 0;
foreach (String item in etemp)
{
strTemp.SetValue(item, i);
i++;
}
eFilter.EventLogID = strTemp;
}
}
else if (paramNode.Name.ToLower().CompareTo("users") == 0)
{
ArrayList itemp = new ArrayList();
ArrayList etemp = new ArrayList();
foreach (XmlNode element in paramNode.ChildNodes)
{
if (element.Name.IndexOf("include") >= 0)
{
itemp.Add(element.InnerText);
}
else if (element.Name.IndexOf("exclude") >= 0)
{
etemp.Add(element.InnerText);
}
}
if (itemp.Count > 0)
{
String[] strTemp = new String[itemp.Count];
int i = 0;
foreach (String item in itemp)
{
strTemp.SetValue(item, i);
i++;
}
iFilter.User = strTemp;
}
if (etemp.Count > 0)
{
String[] strTemp = new String[etemp.Count];
int i = 0;
foreach (String item in etemp)
{
strTemp.SetValue(item, i);
i++;
}
eFilter.User = strTemp;
}
}
else if (paramNode.Name.ToLower().CompareTo("computers") == 0)
{
ArrayList itemp = new ArrayList();
ArrayList etemp = new ArrayList();
foreach (XmlNode element in paramNode.ChildNodes)
{
if (element.Name.IndexOf("include") >= 0)
{
itemp.Add(element.InnerText);
}
else if (element.Name.IndexOf("exclude") >= 0)
{
etemp.Add(element.InnerText);
}
}
if (itemp.Count > 0)
{
String[] strTemp = new String[itemp.Count];
int i = 0;
foreach (String item in itemp)
{
strTemp.SetValue(item, i);
i++;
}
iFilter.Computer = strTemp;
}
if (etemp.Count > 0)
{
String[] strTemp = new String[etemp.Count];
int i = 0;
foreach (String item in etemp)
{
strTemp.SetValue(item, i);
i++;
}
eFilter.Computer = strTemp;
}
}
else if (paramNode.Name.ToLower().CompareTo("type") == 0)
{
ArrayList itemp = new ArrayList();
ArrayList etemp = new ArrayList();
foreach (XmlNode element in paramNode.ChildNodes)
{
if (element.Name.IndexOf("include") >= 0)
{
itemp.Add(element.InnerText);
}
else if (element.Name.IndexOf("exclude") >= 0)
{
etemp.Add(element.InnerText);
}
}
if (itemp.Count > 0)
{
String[] strTemp = new String[itemp.Count];
int i = 0;
foreach (String item in itemp)
{
strTemp.SetValue(item, i);
i++;
}
iFilter.EventLogType = strTemp;
}
if (etemp.Count > 0)
{
String[] strTemp = new String[etemp.Count];
int i = 0;
foreach (String item in etemp)
{
strTemp.SetValue(item, i);
i++;
}
eFilter.EventLogType = strTemp;
}
}
else if (paramNode.Name.ToLower().CompareTo("descriptions") == 0)
{
ArrayList itemp = new ArrayList();
ArrayList etemp = new ArrayList();
foreach (XmlNode element in paramNode.ChildNodes)
{
if (element.Name.IndexOf("include") >= 0)
{
itemp.Add(element.InnerText);
}
else if (element.Name.IndexOf("exclude") >= 0)
{
etemp.Add(element.InnerText);
}
}
if (itemp.Count > 0)
{
String[] strTemp = new String[itemp.Count];
int i = 0;
foreach (String item in itemp)
{
strTemp.SetValue(item, i);
i++;
}
iFilter.EventLogDescriptions = strTemp;
}
if (etemp.Count > 0)
{
String[] strTemp = new String[etemp.Count];
int i = 0;
foreach (String item in etemp)
{
strTemp.SetValue(item, i);
i++;
}
eFilter.EventLogDescriptions = strTemp;
}
}
}
}
else if (cnode.Name.ToLower().CompareTo("syslog") == 0)
{
foreach (XmlNode paramNode in cnode.ChildNodes)
{
if (paramNode.Name.ToLower().CompareTo("level") == 0)
{
if (rSyslogLevel.IsMatch(paramNode.InnerText))
{
iFilter.SyslogLevel = paramNode.InnerText;
eFilter.SyslogLevel = paramNode.InnerText;
}
else
{
deb.Write("Load filters configuration", "301 - Uncorrect syslog level : \"" + paramNode.InnerText + "\"", DateTime.Now, 1);
}
}
else if (paramNode.Name.ToLower().CompareTo("facility") == 0)
{
if (rSyslogFacility.IsMatch(paramNode.InnerText))
{
iFilter.SyslogFacility = paramNode.InnerText;
eFilter.SyslogFacility = paramNode.InnerText;
}
else
{
deb.Write("Load filters configuration", "301 - Uncorrect syslog facility : \"" + paramNode.InnerText + "\"", DateTime.Now, 1);
}
}
}
}
}
if (eventLogName != null)
{
foreach (String element in eventLogName)
{
ArrayList itemp = null;
itemp = (ArrayList)iFilters[element];
ArrayList etemp = null;
etemp = (ArrayList)eFilters[element];
if ((itemp != null) && !iFilter.IsEmpty())
{
itemp.Add(iFilter);
deb.Write("Load filters configuration", "Add to filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2);
iFilters[element] = itemp;
}
else if ((itemp == null) && !iFilter.IsEmpty())
{
itemp = new ArrayList();
itemp.Add(iFilter);
deb.Write("Load filters configuration", "Add to filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2);
iFilters[element] = itemp;
}
if ((etemp != null) && !eFilter.IsEmpty())
{
etemp.Add(eFilter);
deb.Write("Load filters configuration", "Add to exclude filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2);
eFilters[element] = etemp;
}
else if ((etemp == null) && !eFilter.IsEmpty())
{
etemp = new ArrayList();
etemp.Add(eFilter);
deb.Write("Load filters configuration", "Add to exclude filter list for event log " + element + " evement " + iFilter.ToString(), DateTime.Now, 2);
eFilters[element] = etemp;
}
}
}
}
}