-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy pathArcSightClient.cs
More file actions
81 lines (72 loc) · 3.24 KB
/
ArcSightClient.cs
File metadata and controls
81 lines (72 loc) · 3.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
using System;
using System.IO;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using Polly;
using SyslogNet.Client.Serialization;
using ViennaNET.ArcSight.Configuration;
using ViennaNET.ArcSight.Exceptions;
using ViennaNET.Utils;
namespace ViennaNET.ArcSight
{
/// <inheritdoc />
public class ArcSightClient : IArcSightClient
{
private readonly ArcSightSection _cefConfig;
private readonly ICefSenderFactory _cefSenderFactory;
private readonly ILogger<ArcSightClient> _logger;
private readonly ISyncPolicy _policy;
private readonly CefMessageSerializer _serializer;
/// <summary>
/// Инициализирует экземпляр <see cref="ArcSightClient" /> ссылками на экземпляры <see cref="IConfiguration" />,
/// <see cref="IErrorHandlingPoliciesFactory" />, <see cref="ICefSenderFactory" />.
/// </summary>
/// <param name="configuration">Ссылка на интерфейс, предоставляющий доступ к конфигурации</param>
/// <param name="policiesFactory">Ссылка на интерфейс фабрики по созданию политик вызовов</param>
/// <param name="cefSenderFactory">Ссылка на интерфейс фабрики по созданию классов для доступа к каналу отправки</param>
/// <param name="logger">Logger interface</param>
public ArcSightClient(IConfiguration configuration, IErrorHandlingPoliciesFactory policiesFactory,
ICefSenderFactory cefSenderFactory, ILogger<ArcSightClient> logger)
{
_logger = logger;
_cefConfig = configuration.ThrowIfNull(nameof(configuration))
.GetSection("arcSight")
.Get<ArcSightSection>()
.ThrowIfNull(new InvalidOperationException("Can not find CEF configuration"));
_policy = policiesFactory.ThrowIfNull(nameof(policiesFactory))
.CreateStdCommunicationPolicy();
_cefSenderFactory = cefSenderFactory.ThrowIfNull(nameof(cefSenderFactory));
_serializer = CreateSerializer();
}
/// <inheritdoc />
public void Send(CefMessage message)
{
var syslogMessage = _serializer.Serialize(message);
var stream = new MemoryStream(_serializer.Serialize(syslogMessage));
var syslogMessageStr = new StreamReader(stream).ReadToEnd();
_logger.LogInformation("Send syslog message: {SyslogMessage}", syslogMessageStr);
_policy.Execute(() => SendInternal(message));
}
private CefMessageSerializer CreateSerializer()
{
switch (_cefConfig.SyslogVersion)
{
case "rfc3164":
return new CefMessageSerializer(new SyslogRfc3164MessageSerializer());
case "rfc5424":
return new CefMessageSerializer(new SyslogRfc5424MessageSerializer());
default:
throw new ArcSightConfigurationException($"The syslog version {_cefConfig.SyslogVersion} has not supported");
}
}
private void SendInternal(CefMessage message)
{
_logger.LogDebug("Call SendInternal...");
using (var sender = _cefSenderFactory.CreateSender(_cefConfig))
{
sender.Send(message, _serializer);
}
_logger.LogDebug("Call SendInternal done");
}
}
}