Fermé

Windows Event Log Monitoring

Development of windows services application compatible with: Windows 7,

Windows XP , Windows 2003/2008 (all service pack), Windows Vista.

The following technologies will be used for the project:

1. .NET Delphi / Delphi 2009 or C#

2. XML;

3. Windows Services;

4. Windows Performance Monitor (not mandatory)

5. Windows Cryptography Providers

We request:

-. Source Code

-. Executable file ready to install

-. Copyright tansfer

General Information

The Windows services should be installed on all Windows OS version and starts automatically at boot; at regular intervals service reads the Local Windows Event Log for matching specific Event ID/User Name combination ( an xml configuration file will be described later). If there are new entries the service extracts data and creates syslog message for each entry as follow:

Date and Time | Event ID | User | IP Address | Computer Name

If events are of Audit type then the syslog message should also contains the Logon Type field:

Date and Time | EventID |User | IP Address | Computer Name|Event Type| Logon Type|

Description

The service will send those messages as syslog format to a remote server.

The service will have a dedicated tcp port in order to check remotely its network availability and for sending special TCP commands for gathering windows performances like cpu utilization, memory, disk space, bandwidth ( the sequence of command is explained later in this document) . This feature is not mandatory.

A system for code activation (so that service can be executed only on a specific machine) is mandatory and will be described later. So the final work consist of 4 files – executable for installing the service, encrypted list of MACs (activation file) , configuration XML, certificate file for XML file. Service will keep track on what events was already “seen” in each event log and store last seen event date in Windows Registry to skip seen events in case of restarts.

1. XML Configuration file

1)[url removed, login to view] – service consumes configuration as an XML document

a)1..a Configuration file allows to configure following values:

b)1..b Event log scan period (default value: 5 secs if not specified);

c)1..c Alive responder port (default value: 12000 if not specified);

d)1..d Syslog server entries having IP address to send messages to;

e)1..e List of User entries having name used for message formatting purposes;

f)1..f List of Log entries having Event Log name to read events from;

g)1..g List of Event Id entries specifying which events should be reported to Syslog

server;

h)1..h Several sections for same server, user of event log are allowed – corresponding

lists of settings will be merged

i) When service is running it checks periodically (every 30 seconds) whether configuration

file is modified, by recalculating its hash and if it is modified – overwrites it with inmemory

copy and sends special message to syslog server if it is modified;

j) Configuration’s file hash is stored in a separate certificate file, if it is missing file is

considered changed.

k) Certificate file contains Triple DES encrypted SHA256 hash calculated on the

configuration file.

Configuration file example:

<?xml version="1.0" encoding="UTF-8"?>

<tosyslog IP=’192.168.1.1’ scan_period=’5’>

<user name='PaulC'>

<Log name='Security'>

<EventID>

<Value>540</Value>

<Value>538</Value>

…..

</EventID>

</Log>

<Log name='MyApplication'>

<EventID>

<Value>1000</Value>

…..

</EventID>

</Log>

</user>

<user name='MarkJ'>

<Log name='Security'>

<EventID>

<Value>540</Value>

….

</EventID>

</Log>

</user>

</tosyslog>

2. Activation System

1)[url removed, login to view] – service runs only on machines allowed to run on, specified in activation file

a)2..a Activation file contains list of MAC addresses. If server attempting to start service has at least one Ethernet adapter having MAC address from the list – start will be successful.

Otherwise, error message will be recorded to the System Event log and a special syslog service will be also sent to

Compétences : Programmation C#, Delphi

Voir plus : event log monitoring, windows event log delphi, monitoring events windows, event log delphi running, monitor windows events, delphi event log, event log windows, monitor windows event log, event log monitoring delphi, monitoring windows services, performance monitor, list windows event log, windows event log monitor, windows event log monitoring, windows services file monitoring, monitor security event log, delphi event log windows, monitor event log, windows log monitor, computer programming used, event computer programming, syslog delphi, source formatting, remote data entry services, programming one remote

Concernant l'employeur :
( 0 commentaires ) Italy

N° du projet : #1676715

9 freelance ont fait une offre moyenne de 265 € pour ce travail

AlosDeveloper

Hello, i have 11 years experince in Delphi and 8 in c#. I can make this project fast and properly. Thanks

600 € EUR en 15 jours
(39 Commentaires)
6.6
usamacpp

We are a very experienced team who can tackle this task. Please check PMB for more details.

300 € EUR en 10 jours
(29 Commentaires)
5.7
VONeS

Hi. I have experience in developing applications that works with system log. I will do project in C#. Oleg

100 € EUR en 10 jours
(7 Commentaires)
5.3
outsourcing

Consider it Done. Please check PMB

225 € EUR en 14 jours
(5 Commentaires)
3.6
specialist77

Salve, ho letto tutta la descrizione dell progetto. E possibile parlare in privato ?

200 € EUR en 4 jours
(2 Commentaires)
1.0
devbrasil

At Your service.

250 € EUR en 15 jours
(0 Commentaires)
0.0
charlielo

I'm glad to do it for you!Thanks.

260 € EUR en 15 jours
(0 Commentaires)
0.0
infodevelopment

Hi, I can do this project for you, I have enough experience on this kind of job.

200 € EUR en 5 jours
(0 Commentaires)
0.0
kovis

I am an experienced engineer who has developed applications in C# since 2001. I can deliver a product in the required form and including a source code.

250 € EUR en 20 jours
(0 Commentaires)
0.0