Class EventLogCollector

Collects system event logs.

Inheritance
System.Object
BaseCollector
EventLogCollector
Implements
Inherited Members
Namespace: Microsoft.CST.AttackSurfaceAnalyzer.Collectors
Assembly: AsaLib.dll
Syntax
public class EventLogCollector : BaseCollector, IPlatformRunnable

Constructors

| Improve this Doc View Source

EventLogCollector(CollectorOptions, Nullable<Action<CollectObject>>)

Declaration
public EventLogCollector(CollectorOptions opts = null, Action<CollectObject>? changeHandler = null)
Parameters
Type Name Description
CollectorOptions opts
System.Nullable<Action<CollectObject>> changeHandler

Methods

| Improve this Doc View Source

CanRunOnPlatform()

Declaration
public override bool CanRunOnPlatform()
Returns
Type Description
System.Boolean
Overrides
| Improve this Doc View Source

ExecuteLinux(CancellationToken)

Parses /var/log/auth.log and /var/log/syslog (no way to distinguish severity)

Declaration
public void ExecuteLinux(CancellationToken cancellationToken)
Parameters
Type Name Description
CancellationToken cancellationToken
| Improve this Doc View Source

ExecuteMacOs(CancellationToken)

Collect event logs on macOS using the 'log' utility

Declaration
public void ExecuteMacOs(CancellationToken cancellationToken)
Parameters
Type Name Description
CancellationToken cancellationToken
| Improve this Doc View Source

ExecuteWindows(CancellationToken)

Collect event logs on Windows using System.Diagnostics.EventLog

Declaration
public void ExecuteWindows(CancellationToken cancellationToken)
Parameters
Type Name Description
CancellationToken cancellationToken

Implements