-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathProgram.cs
More file actions
127 lines (105 loc) · 3.95 KB
/
Program.cs
File metadata and controls
127 lines (105 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
using System;
using System.Collections.Generic;
using System.Diagnostics.Eventing.Reader;
using System.DirectoryServices;
using System.Linq;
using System.Security;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace PropertyChange
{
class Program
{
private static bool s_keepRunning = true;
static void Main(string[] args)
{
string computer = null;
if (args.Length == 1)
{
Console.WriteLine("Active Directory Changes in Remote Event Logs from {0}", args[0]);
computer = args[0];
}
else
{
Console.WriteLine("Active Directory Changes in Local Event Logs");
}
Console.WriteLine("-- Press Ctrl+C to exit --");
Console.CancelKeyPress += delegate(object sender, ConsoleCancelEventArgs e)
{
e.Cancel = true;
s_keepRunning = false;
};
TimeSpan eventResetTime = new TimeSpan(1, 0, 0);
using (DSAccess access = new DSAccess(computer))
{
using (DSModify modify = new DSModify(computer))
{
using (DSCreated created = new DSCreated(computer))
{
access.NewEvent += AccessNewEvent;
modify.NewEvent += ObjectModified;
created.NewEvent += ObjectCreated;
while (s_keepRunning)
{
DateTime resetTime = DateTime.Now + eventResetTime;
while (s_keepRunning && resetTime > DateTime.Now)
{
Thread.Sleep(100);
}
created.ResetListener();
modify.ResetListener();
access.ResetListener();
}
}
}
}
Console.WriteLine("Stopped");
}
static void ObjectCreated(DSCreatedRecord item)
{
lock (typeof(Program))
{
Console.WriteLine("[Time] {0}", item.Time);
Console.WriteLine("[Operator] {0}", item.Operator);
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("[Target] Created: {0}", item.Target);
Console.ResetColor();
Console.WriteLine();
}
}
static void ObjectModified(DSModifyRecord item)
{
lock (typeof(Program))
{
Console.WriteLine("[Time] {0}", item.Time);
Console.WriteLine("[Operator] {0}", item.Operator);
Console.WriteLine("[Target] {0}", item.Target);
if (item.Operation == DSModifyType.ValueCreated)
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("[{0}] Added: {1}", item.Property, item.Value);
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("[{0}] Removed: {1}", item.Property, item.Value);
}
Console.ResetColor();
Console.WriteLine();
}
}
static void AccessNewEvent(DSAccessRecord item)
{
lock (typeof(Program))
{
Console.WriteLine("[Time] {0}", item.Time);
Console.WriteLine("[Operator] {0}", item.Operator);
Console.WriteLine("[Target] {0}", item.Target);
Console.WriteLine("[Operation] {0}", item.Operation);
Console.WriteLine("[Properties] {0}", String.Join(",", item.Properties));
Console.WriteLine();
}
}
}
}