#Region " Imports "
Imports System
Imports System.Diagnostics.EventLog
Imports Statistics.Cdo
#End Region
Public Class AuditLogger
#Region " Instance Fields "
Shared _appName As String = "myApp" 'must be seven chars or less
Shared _auditMessage = String.Empty
Shared _auditId As Integer = 0
Shared _auditObject As String = String.Empty
Shared _incidentLogName As String = _appName & "Incident"
Shared _securityLogName As String = _appName & "Security"
#End Region
#Region " Properties "
Public WriteOnly Property auditId() As Integer
Set(ByVal Value As Integer)
_auditId = Value
End Set
End Property
Public WriteOnly Property auditMessage() As String
Set(ByVal Value As String)
_auditMessage = Value
_auditMessage = "{" & GetUserName() & "} " & _auditMessage
End Set
End Property
Public WriteOnly Property auditObject() As String
Set(ByVal Value As String)
_auditObject = Value
_auditObject = " (Row No.: " & _auditObject & ")"
End Set
End Property
#End Region
#Region " Public Methods "
'Method to write events to the Application incident log:
' First argument "component" specifies the component relating to the event.
' Second argument "category" specifies the event category.
' Third argument "type" specifies the event type.
Public Shared Sub WriteToIncidentLog(ByVal component As AuditComponent, ByVal category As AuditIncidentCategory, ByVal type As AuditIncidentType)
Dim _source As String = String.Empty
_source = GetComponentName(component)
Dim _auditType As EventLogEntryType
Select Case type
Case AuditIncidentType.Info
_auditType = EventLogEntryType.Information
Case AuditIncidentType.Fault
_auditType = EventLogEntryType.Error
Case AuditIncidentType.Warn
_auditType = EventLogEntryType.Warning
End Select
Try
If Not EventLog.SourceExists(_source) Then
CreateEventSource(_source, _incidentLogName)
End If
Catch ex As Exception
Dim body As String
body = "Error Message:
" & ex.Message
body &= "
Attempted to log:
"
body &= "Source:" & _source.ToString() & "
"
body &= "Message:" & _auditMessage.ToString() & "
"
body &= "Type:" & _auditType.ToString() & "
"
body &= "ID:" & _auditId & "
"
body &= "Category:" & category.ToString() & "
"
SendErrorMessage(body)
End Try
Try
EventLog.WriteEntry(_source, _auditMessage, _auditType, _auditId, category)
Catch ex As Exception
Dim body As String
body = "Error Message:
" & ex.Message
body &= "
Attempted to log:
"
body &= "Source:" & _source.ToString() & "
"
body &= "Message:" & _auditMessage.ToString() & "
"
body &= "Type:" & _auditType.ToString() & "
"
body &= "ID:" & _auditId & "
"
body &= "Category:" & category.ToString() & "
"
SendErrorMessage(body)
End Try
_auditId = 0
_auditMessage = String.Empty
End Sub
'Method to write events to the Application security log:
' First argument "component" specifies the component relating to the event.
' Second argument "category" specifies the event category.
' Third argument "type" specifies the event type.
Public Shared Sub WriteToSecurityLog(ByVal component As AuditComponent, ByVal category As AuditSecurityCategory, ByVal type As AuditSecurityType)
Dim _source As String = String.Empty
_source = GetComponentName(component)
Dim _auditType As EventLogEntryType
Select Case type
Case AuditSecurityType.Failed
_auditType = EventLogEntryType.FailureAudit
Case AuditSecurityType.Info
_auditType = EventLogEntryType.Information
Case AuditSecurityType.Succeeded
_auditType = EventLogEntryType.SuccessAudit
End Select
Try
If Not EventLog.SourceExists(_source) Then
CreateEventSource(_source, _securityLogName)
End If
Catch ex As Exception
Dim body As String
body = "Error Message:
" & ex.Message
body &= "
Attempted to log:
"
body &= "Source:" & _source.ToString() & "
"
body &= "Message:" & _auditMessage.ToString() & "
"
body &= "Type:" & _auditType.ToString() & "
"
body &= "ID:" & _auditId & "
"
body &= "Category:" & category.ToString() & "
"
SendErrorMessage(body)
End Try
Try
EventLog.WriteEntry(_source, _auditMessage, _auditType, _auditId, category)
Catch ex As Exception
Dim body As String
body = "Error Message:
" & ex.Message
body &= "
Attempted to log:
"
body &= "Source:" & _source.ToString() & "
"
body &= "Message:" & _auditMessage.ToString() & "
"
body &= "Type:" & _auditType.ToString() & "
"
body &= "ID:" & _auditId & "
"
body &= "Category:" & category.ToString() & "
"
SendErrorMessage(body)
End Try
_auditId = 0
_auditMessage = String.Empty
End Sub
#End Region
#Region " Private Methods "
'Method to notify application support when auditing is unable to audit:
' First argument "errBody" specifies the message to send to support.
' Returns nothing.
Private Shared Sub SendErrorMessage(ByVal errBody As String)
Cdo.msgSubject = "Failed to audit event"
Cdo.msgBody = errBody
Cdo.Send()
End Sub
'Method to return a string representation from the AuditComponent type:
' First argument "component" specifies the auditComponent type to return.
' Returns a string corresponding with the specified type.
Private Shared Function GetComponentName(ByVal component As AuditComponent) As String
Select Case component
Case AuditComponent.AD
Return "Active Directory"
Case AuditComponent.ADO
Return "Active Data Object"
Case AuditComponent.AppExceptions
Return "Application Exceptions"
Case AuditComponent.AuditLog
Return "Audit Logging"
Case AuditComponent.Cdo
Return "Collaboration Data Object"
Case AuditComponent.DataProvider
Return "Data Provider"
Case AuditComponent.Fso
Return "File System Object"
Case AuditComponent.Pki
Return "Public Key Infrastructure"
Case AuditComponent.PopupCalendar
Return "Popup Calendar"
Case AuditComponent.Security
Return "Security"
Case AuditComponent.Template
Return "Site Template"
Case AuditComponent.Unknown
Return "Unknown Module"
Case Else
Return "INVALID AUDIT EVENT"
End Select
End Function
'Method to return the current username:
' Returns a string containing the current "user"
Private Shared Function GetUserName() As String
If HttpContext.Current.Session("UserName") Is Nothing Then
Return "session expired"
Else
Return LCase(HttpContext.Current.Session("UserName"))
End If
End Function
'Method to return the remote IP:
' Returns a string containing the remote IP.
Private Shared Function GetIP() As String
If HttpContext.Current.Request.ServerVariables("REMOTE_ADDR") Is Nothing Then
Return "No IP Presented"
Else
Return HttpContext.Current.Request.ServerVariables("REMOTE_ADDR")
End If
End Function
#End Region
#Region " Enumerations "
Public Enum AuditComponent As Integer
AD
ADO
AuditLog
Cdo
AppExceptions
Fso
Pki
PopupCalendar
DataProvider
Security
Template
Unknown
End Enum
Public Enum AuditIncidentCategory As Integer
None
Vulnerability
DataDeletion
DataChange
DataView
General
DataError
AppError
End Enum
Public Enum AuditSecurityCategory As Integer
None
LoginLogout
DataChange
DataDeletion
DataView
End Enum
Public Enum AuditIncidentType As Integer
Info
Warn
Fault
End Enum
Public Enum AuditSecurityType As Integer
Info
Succeeded
Failed
End Enum
#End Region
End Class