Read stream of json log objects using c# -


i'm using modsecurity , audit log logs stream of json objects ones below:

{"transaction":{"time":"28/mar/2017:15:39:04 +0200","transaction_id":"18158513699705323558","remote_address":"","remote_port":80,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"get /iisstart.htm http/1.1","headers":{"connection":"keep-alive","content-length":"0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","accept-encoding":"gzip, deflate, sdch, br","accept-language":"sv-se,sv;q=0.8,en-us;q=0.6,en;q=0.4","cookie":"__requestverificationtoken_l1ryawdnzxjmaxnoq2hly2tlcg2=5nsh5scvpvljkp2yty6wfyqzakvxa29eunbnnic_c_mvrn2mcbmzidocq08zivizusi66el47gprmhugsxqp80iesdfwrqbs9shlf8fjia01; .aspnet.applicationcookie=rurcshk7kll_zqlpmebpfjdu3pah-k__4wpyefzrps_fe6idvszzwp2mrzhlybswcgv0f8mitngmkm6bhcif1g1hhjcom-sryik6_f4jiafrh4bw95dcberunajsxhi72jleugm9cifuiyxrwfjdcddq5ks6qvs8i359h_gxyjyuytfaktp90mgpnhvv8z3jrihcggiwvb0un7qc0mxt_09fux7ya2pzxn5qevfahyoheb1buiiearftlzqidecw_09bqxocdo6srg3nzhiq_udguveiblg06vfvv6rgpmix_t7dbqiukbd3xrk-hacwrpwfgmke6hai1dda8y3dfljof4bx_gfat4293u7etexn1siia0y120iuwug8eo3dx0mofm292xtve_9zcgdestvjseuk6yncjrkuvdpfdzh8bnt_oyqwrurv_wmp-kc7ju_4rxnma3yx1k2psc5yn4asmyctihrzrrxd50ahvnjezn3ysozzwjp9hkdytv4r","host":"localhost","user-agent":"mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, gecko) chrome/56.0.2924.87 safari/537.36","upgrade-insecure-requests":"1"},"body":[]},"response":{"protocol":"http/1.1","status":0,"headers":{}},"audit_data":{"messages":["collections_remove_stale: failed access dbm file \"c:/inetpub/temp/global\": access denied.  ","collections_remove_stale: failed access dbm file \"c:/inetpub/temp/ip\": access denied.  "],"handler":"iis","stopwatch":{"p1":0,"p2":10052,"p3":0,"p4":0,"p5":501,"sr":0,"sw":0,"l":0,"gc":501},"producer":["modsecurity iis (stable)/2.9.1 (http://www.modsecurity.org/)","owasp_crs/2.2.9","owasp_crs/3.0.0"],"server":"modsecurity standalone","engine_mode":"detection_only"}} {"transaction":{"time":"28/mar/2017:15:39:04 +0200","transaction_id":"18158513699705323558","remote_address":"","remote_port":80,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"get / http/1.1","headers":{"connection":"keep-alive","content-length":"0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","accept-encoding":"gzip, deflate, sdch, br","accept-language":"sv-se,sv;q=0.8,en-us;q=0.6,en;q=0.4","cookie":"__requestverificationtoken_l1ryawdnzxjmaxnoq2hly2tlcg2=5nsh5scvpvljkp2yty6wfyqzakvxa29eunbnnic_c_mvrn2mcbmzidocq08zivizusi66el47gprmhugsxqp80iesdfwrqbs9shlf8fjia01; .aspnet.applicationcookie=rurcshk7kll_zqlpmebpfjdu3pah-k__4wpyefzrps_fe6idvszzwp2mrzhlybswcgv0f8mitngmkm6bhcif1g1hhjcom-sryik6_f4jiafrh4bw95dcberunajsxhi72jleugm9cifuiyxrwfjdcddq5ks6qvs8i359h_gxyjyuytfaktp90mgpnhvv8z3jrihcggiwvb0un7qc0mxt_09fux7ya2pzxn5qevfahyoheb1buiiearftlzqidecw_09bqxocdo6srg3nzhiq_udguveiblg06vfvv6rgpmix_t7dbqiukbd3xrk-hacwrpwfgmke6hai1dda8y3dfljof4bx_gfat4293u7etexn1siia0y120iuwug8eo3dx0mofm292xtve_9zcgdestvjseuk6yncjrkuvdpfdzh8bnt_oyqwrurv_wmp-kc7ju_4rxnma3yx1k2psc5yn4asmyctihrzrrxd50ahvnjezn3ysozzwjp9hkdytv4r","host":"localhost","user-agent":"mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, gecko) chrome/56.0.2924.87 safari/537.36","upgrade-insecure-requests":"1"},"body":[]},"response":{"protocol":"http/1.1","status":0,"headers":{}},"audit_data":{"messages":["ipmatch: bad ipv4 specification \"\".","rule processing failed."],"handler":"iis","stopwatch":{"p1":499,"p2":12501,"p3":0,"p4":0,"p5":0,"sr":0,"sw":0,"l":0,"gc":0},"producer":["modsecurity iis (stable)/2.9.1 (http://www.modsecurity.org/)","owasp_crs/2.2.9","owasp_crs/3.0.0"],"server":"modsecurity standalone","engine_mode":"detection_only"}} {"transaction":{"time":"28/mar/2017:15:39:04 +0200","transaction_id":"18158513699705323558","remote_address":"","remote_port":80,"local_address":"127.0.0.1","local_port":80},"request":{"request_line":"get / http/1.1","headers":{"connection":"keep-alive","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","accept-encoding":"gzip, deflate, sdch, br","accept-language":"sv-se,sv;q=0.8,en-us;q=0.6,en;q=0.4","cookie":"__requestverificationtoken_l1ryawdnzxjmaxnoq2hly2tlcg2=5nsh5scvpvljkp2yty6wfyqzakvxa29eunbnnic_c_mvrn2mcbmzidocq08zivizusi66el47gprmhugsxqp80iesdfwrqbs9shlf8fjia01; .aspnet.applicationcookie=rurcshk7kll_zqlpmebpfjdu3pah-k__4wpyefzrps_fe6idvszzwp2mrzhlybswcgv0f8mitngmkm6bhcif1g1hhjcom-sryik6_f4jiafrh4bw95dcberunajsxhi72jleugm9cifuiyxrwfjdcddq5ks6qvs8i359h_gxyjyuytfaktp90mgpnhvv8z3jrihcggiwvb0un7qc0mxt_09fux7ya2pzxn5qevfahyoheb1buiiearftlzqidecw_09bqxocdo6srg3nzhiq_udguveiblg06vfvv6rgpmix_t7dbqiukbd3xrk-hacwrpwfgmke6hai1dda8y3dfljof4bx_gfat4293u7etexn1siia0y120iuwug8eo3dx0mofm292xtve_9zcgdestvjseuk6yncjrkuvdpfdzh8bnt_oyqwrurv_wmp-kc7ju_4rxnma3yx1k2psc5yn4asmyctihrzrrxd50ahvnjezn3ysozzwjp9hkdytv4r","host":"localhost","user-agent":"mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, gecko) chrome/56.0.2924.87 safari/537.36","upgrade-insecure-requests":"1"}},"response":{"protocol":"http/1.1","status":0,"headers":{}},"audit_data":{"messages":["ipmatch: bad ipv4 specification \"\".","rule processing failed."],"handler":"iis","stopwatch":{"p1":1003,"p2":20520,"p3":0,"p4":0,"p5":0,"sr":0,"sw":0,"l":0,"gc":0},"producer":["modsecurity iis (stable)/2.9.1 (http://www.modsecurity.org/)","owasp_crs/2.2.9","owasp_crs/3.0.0"],"server":"modsecurity standalone","engine_mode":"detection_only"}} 

they not in list , not comma separated.

the way got working using method below. method requires stream open when i'm using result metod , think may causing trouble in application due closed streams. there better way read stream of json objects file?

public ienumerable<modsecuritylogentry> readauditlog() {     string path = "c:\\inetpub\\logs\\modsec_audit.log";      using (filestream filestream = new filestream(path, filemode.open, fileaccess.read, fileshare.readwrite))     {         using (streamreader streamreader = new streamreader(filestream))         {             var serializer = new jsonserializer();             using (var jsontextreader = new jsontextreader(streamreader))             {                 jsontextreader.supportmultiplecontent = true;                  while (jsontextreader.read())                 {                     yield return serializer.deserialize<modsecuritylogentry>(jsontextreader);                 }             }         }     } } 

solved this, not prettiest solution don't have worry closed streams. there problems if log file gets big handled separately.

public ienumerable<modsecuritylogentry> readauditlog() {     var path = "c:\\inetpub\\logs\\modsec_audit.log";      var list = new list<modsecuritylogentry>();      using (filestream filestream = new filestream(path, filemode.open, fileaccess.read, fileshare.readwrite))     {         using (streamreader streamreader = new streamreader(filestream))         {             var serializer = new jsonserializer();             using (var jsontextreader = new jsontextreader(streamreader))             {                 jsontextreader.supportmultiplecontent = true;                  while (jsontextreader.read())                 {                     jobject obj = jobject.load(jsontextreader);                     var logentry = jsonconvert.deserializeobject<modsecuritylogentry>(obj.tostring());                     list.add(logentry);                 }             }         }     }      return list;  } 

Comments

Popular posts from this blog

javascript - Clear button on addentry page doesn't work -

c# - Selenium Authentication Popup preventing driver close or quit -

tensorflow when input_data MNIST_data , zlib.error: Error -3 while decompressing: invalid block type -