Date | State | Author | Note | Description |
31.07.2004 | DEVELOPMENT | mb | created | This document is currently growing together with the project. |
03.01.2004 | DEVELOPMENT | mb | created | This document is currently growing together with the project. |
The intend is to create a useful, but not too simple tool, to accumulate
The scope of this application is to provide a central database
The service application, implemented as a
Another service, also a
The third
The goals are more-fold:
The setup is a simple commandline program [setup.cmd], which itself uses only xcopy-deployment. There is a documentation, which explains, how to create the web, which is necessary for the viewers. Also, the accounts for the services must be created manually.
There is currently no security for the queues and the remoting interface for the EventlogCollectorService. The remoting service is not published and only used via a web-interface, which could and should be hosted in a protected website. In this case, the remoting service can be restricted to be accessible only local, if the service runs on the same machine as the webserver. In this situation, security can easisly maintained by the web-application.
Regard:The table below contains filenames also, but is not a filelist. A filelist is given later.
This is more or less the synonym or the trade-mark of this whole application. | |
This is a shorthand of the name above and is used nearly everywhere in other names, like in the applications filenames as a prefix. The ServiceApplication for example, is named ECS.ApplicationService.cs/.exe. | |
ApplicationService/ServiceApplication[=now] /CollectorServiceApplication?? /EventlogCollectorApplicationService=ECSA?? /EventlogCollectorServerice??? /EventlogEventCollectorServerice??? |
This is the Windows NT Service for the EventCollectorService. It's filename is ECS.ApplicationService[.cs/.exe] |
CollectorService | This is one of the most importent classes inside this application and the filename is ECS.CollectorService[.cs/.dll] |
Collector | This is the worker class inside this application and queries and receives the events from a watched machine. The filename is ECS.Collector[.cs/.dll] |
EventlogCollectorNotificationService /EventlogCollectorEventNotificationService |
This |
This is first more or less a more detailed overview, or a deeper insight. The following explanations contain links to documents, which explain the real details for a given part of the project. Beneth the Application structure details, this document conatins also the more general concepts and implementation details.
The main structure of the application is build on three parts:
Is resposible for tasks like:
is responsible for loading the runtime-classes from it's [sub]configuration-file and create the configuration-classes for the EventCollector's:
Is responsible to handle most detail work:
Are responsible to display events. There are two different types of eventviewers:
The following table lists all application-parts and it's related detailed documents and one may go directly there.
part | link | note |
The Service-Application | ||
The Server-Service | ||
The EventCollector | ||
The Eventviewer | ||
The DBWriter Service Application | ||
The Site Replication Service Application |
The following table list's the public enums, delegates and classes, contained in each separate namespace.
namespacename | contains |
The top namespace for the application-specific classes. | |
ECS.ServiceApplication.Config |
|
ECS.ServiceApplication |
|
System.Management.Tools |
Extensions to the System.Management namespace. Mainly a class to convert WMI datetime values to DateTime. This class is more or less extracted from the output generated by the VS strict-type class-converter.
|
ECS.ApplicationUtilities |
|
ECS.Structures |
|
ECS.Debugging |
|
ECS.ServerService.Config |
|
ECS.ServerService |
|
ECS.Collector.Config |
|
ECS.Collector |
|
ECS.DBWriter |
|
This part of the document focues on details of classes which are globally used in the EventCollectorService application and the other, related applications. The details on each main classes is found inside the details documents, see table above.
This class is responsible to control the Collector instances and more [see overview]
public class CollectorService:MarshalByRefObject, IDisposable | |
public CollectorService() | |
To use this class in the remoting scenario, this empty constructor is necessary. | |
public CollectorService(ServiceConfig servConf) | |
The ServiceConfig is passed in by the creator. This is mainly to take over the classes runtime configuration from the application-service and to initialize the message queues, which itself might be created by the calling ServiceApplication. | |
~CollectorService() | |
Calls simply Dispose() | |
public void Dispose() | |
If called, stops all running collector instances and realeases all resources. | |
public void Init() | |
|
|
private void BuildEventCollector(StaticConfigItem statCfg, bool delayedAutostart) | |
|
|
public void AddEventCollector(Collector.Config.StaticConfigItem statCfg) | |
This method add's a new EventCollector instance to the existing instances. The StaticConfigItem must be provided. The danymic configuration is build on the usual rules and then the collector might be started, depending on it's settings. | |
public void DelEventCollector(string key) | |
The given instance is simply disposed. Dispose() properly handles the situation, if the instance is currently running. The Collector class. This instance is only added to the runtime configuration not to the static configuration. | |
public void InsertEventCollector(string key) | |
Takes an existing instance from the runtime configuration and add it to the static configuration, which then will be saved. | |
public void RemoveEventCollector(string key) | |
Removes an Collector instance from the runtime configuration and from the static configuration, which will be saved. If this instance is currently running, it will be stopped. | |
public StaticConfigItem GetEventCollectorTemplate(string key) | |
Creates a static config item in memory from a template in the configuration file. This is useful in adding new collectors and building their configuration. | |
public EventCollector this[int index] | |
This indexer is used to have direct read-only access to each collector instance by index. | |
public EventCollector this[string index] | |
This indexer is used to have direct read-only access to each collector instance by name. | |
public int Count | |
This is just to get the number of created collector instances. | |
public void StopEventCollector(string key) | |
This method stops a collector, given it's name. This method exposes a collectors method so it is accessible via remoting, without having to create remoting services for each instance. | |
public void StartEventCollector(string key) | |
This method starts a collector given by name. The instance must naturally be existent. This method exposes a collectors method so it is accessible via remoting, without having to create remoting services for each instance. | |
title | issuer | link | themes |
C#: A Message Queuing Service Application | MS:MSDN | goThere | MSMQ, configuration via xml |
This is just a hint-list, of what can be done with DB triggers, if this application is in use.
Logfile | EventSource | EventId | Action |
System | SaveDump | nn | something ..... |
Security | AccountManagement | 713[fictive!!!!!] | A workstation has just changed it's account's password. This is a moment were you know exactly, this machine is online. Can be used to trigger any action, like an inventory scan. |
filename | location |
ECS.Application.exe | %AppRoot% |
path | what |
D:\Develop\Dev\Experimente\cs\Experimente\Remoting\EventsEnhanced\V01 | The root of the remoting part |
D:\Develop\Dev\Experimente\cs\Experimente\Remoting\EventsEnhanced\V01\MSMQBased_EventInitiator | The special event-provider, reading the MSMQ m1.eventcollectormonitor queue. |
D:\Develop\Dev\Experimente\cs\Projetcs\EventlogCollectorService | The root of the server application development tree |
D:\InetPub\VServer\www.mbg.local\Cont\DevNet\WebClientControls\UserControlWithRemotingDemo | The root of the IE client control using the remoting service |
D:\InetPub\VRoots\www_mbg_local\EventlogCollectorService | The root of all web-relevant parts [Regard:The dir Docs is a hardlink to the application-development tree!!] |
This document uses HTML Components to simplify things. For example, there is a project-wide dictionary, which allows shorthands for keywords and later, these keywords appear inside the document as usual, but always with the same formatting. Additionally, links in this document carry a superscript formatted indicator, to which location it points to. For example, the # [number sign] is used to indicate, that a link is inside this document. Links annotated with a small w, points to a document in the internet and such a link opens in a new window.
mb, jan 2004, manfred.braun@manfbraun.de