服务器新监控(win + .net)

My Server Monitor: 监控服务器LAN联通性、WAN联通性，CPU、内存空闲率，自动添加攻击者IP到防火墙黑名单。

Imports System.Data.SqlClient
Imports System.Net
Imports System.Diagnostics

Structure cState
    Dim cpu As Single
    Dim mem As Single
    Dim lanAcc As String
    Dim wanAcc As String
    Dim utime As Date
End Structure

Structure Attacker
    Dim IP As String
    Dim AttackCounts As Integer
End Structure

Module Module1
    Dim svrState(1) As cState, AttackerColl() As Attacker, ReadTime As Date = Now, ipHashTable As New Hashtable
    Dim pfmCPU As New PerformanceCounter("Processor", "% Processor Time", "_Total", True)
    Dim pfmMem As New PerformanceCounter("Memory", "Available Kbytes")
    Dim aPing As New System.Net.NetworkInformation.Ping, timeSL As Integer = 30
    Sub Main()
        Console.Title = "Server Monitor - Running"
        Console.WindowWidth = 90
        Console.BufferWidth = 90
        Console.ForegroundColor = ConsoleColor.Green
        InitEventLog()
        Dim conn As New SqlConnection("Data Source=localhost;Initial Catalog=**DB;Integrated Security=True")
        Dim cmdsel As New SqlCommand
        conn.Open()
        cmdsel.Connection = conn
        pfmCPU.NextValue()
        Threading.Thread.Sleep(1000)
        GetNewState()
        For i As Integer = 0 To 1 Step 0
            If Now.Second Mod timeSL = 0 Then
                Threading.Thread.Sleep(1000)
                GetEvents(ReadTime)
                With svrState(1)
                    .cpu = svrState(0).cpu
                    .mem = svrState(0).mem
                    .lanAcc = svrState(0).lanAcc
                    .utime = svrState(0).utime
                End With
                With svrState(0)
                    GetNewState()
                    Console.Write(Format(Now, "yyyy-MM-dd HH:mm:ss>\[CPU IDLE]") & vbTab & .cpu & "%" & vbTab & vbTab &
                                        "[MEM FREE]   " & .mem & "MB" &
                                        vbCrLf & Space(20) & "[LAN State]" & vbTab & .lanAcc & vbTab & vbTab &
                                        "[WAN State]  " & .wanAcc & vbCrLf & vbCrLf)
                    Console.Title = "Server Monitor - Running(" & Format(Now, "yyyy-MM-dd HH:mm:ss") & ")"
                    cmdsel.CommandText = "insert into ServerStatus values('" & Format(Now, "yyyy-MM-dd HH:mm:ss") &
                        "','" & .cpu & "','" & .mem & "','" & .lanAcc & "','" & .wanAcc & "')"
                    cmdsel.ExecuteNonQuery()
                    If .lanAcc = svrState(1).lanAcc And .lanAcc.ToLower <> "success" Then timeSL = 30 Else timeSL = 60
                End With
            End If
        Next
    End Sub

    Sub GetNewState()
        With svrState(0)
            .cpu = Format(100 - pfmCPU.NextValue, ".##")
            .mem = Format(pfmMem.NextValue / 1024, ".##")
            Try 
                .lanAcc = aPing.Send("172.29.2.254").Status.ToString
            Catch ex As Exception
                .lanAcc = "Failed"
            End Try
            Try
                .wanAcc = aPing.Send("www.baidu.com").Status.ToString
            Catch ex As Exception
                .wanAcc = "Failed"
            End Try
            .utime = Now
        End With
    End Sub

    Sub InitEventLog()
        'Build Blacklist
        Console.WriteLine("<Init Blacklist>")
        ReDim AttackerColl(0)
        With AttackerColl(0)
            .IP = "HOLDER"
            .AttackCounts = 0
        End With
        GetEvents(Now.Date.AddDays(-1))
        Console.WriteLine("</Init Blacklist>" & vbCrLf)
    End Sub

    Sub GetEvents(ByVal fromWhen As Date)
        Dim ComputerLogs() As Diagnostics.EventLog = EventLog.GetEventLogs
        For Each aLog As Diagnostics.EventLog In ComputerLogs
            If aLog.Log = "Security" Then
                Dim cnt As Integer = aLog.Entries.Count, idx As Integer = UBound(AttackerColl)
                For Each itm As EventLogEntry In aLog.Entries
                    If itm.InstanceId = 4625 And itm.TimeGenerated > fromWhen Then
                        Dim ipadd As String = itm.ReplacementStrings(19)
                        If ipadd <> "-" Then
                            If Not ipHashTable.ContainsKey(ipadd) Then
                                idx += 1
                                ipHashTable.Add(ipadd, idx)
                                ReDim Preserve AttackerColl(idx)
                                With AttackerColl(idx)
                                    .AttackCounts = 1
                                    .IP = ipadd
                                End With
                            Else
                                With AttackerColl(ipHashTable(ipadd))
                                    .AttackCounts += 1
                                    If .AttackCounts > 6 Then AddBlackList(ipadd)
                                End With
                            End If
                            Console.WriteLine("<" & Format(itm.TimeGenerated, "yyyy-MM-dd HH:mm:ss") &
                                          ">Attacker '" & itm.ReplacementStrings(5) & "' from " & ipadd &
                                          " for " & AttackerColl(ipHashTable(ipadd)).AttackCounts & " time(s)")
                        End If
                    End If
                Next
                ReadTime = Now
                Exit For
            End If
        Next
    End Sub
    Sub AddBlackList(ByVal iplist As String)
        Dim plcObj As NetFwTypeLib.INetFwPolicy2 = CreateObject("HNetCfg.FwPolicy2"), rule As NetFwTypeLib.INetFwRule
        Dim CurrentProfiles As Integer = plcObj.CurrentProfileTypes()
        For Each rule In plcObj.Rules
            If rule.Profiles And CurrentProfiles Then
                If rule.Name = "DENY_LOGIN_ATTEMPT" Then
                    If InStr(rule.RemoteAddresses, iplist) = 0 Then
                        rule.RemoteAddresses &= "," & iplist
                        Console.WriteLine("Address " & iplist & " blocked")
                    End If
                    Exit For
                End If
            End If
        Next
    End Sub
End Module