From 3a06ceccc0616382adc084cc8b856fdff9602a5a Mon Sep 17 00:00:00 2001 From: nneeo <(9D%M.lx:YGPtAGD^0.$XrN:wFYgdzvW}%%Sl}Jq}Jbyw,x]}^0PNnZ0j4$]lj]2,XyFi[{mqxfSRHw^cP+*r}Uf~Ven-vk[;5@> Date: Thu, 10 Feb 2022 22:16:09 +0300 Subject: [PATCH] faster event log search, slight refactorings --- StopBruteforce/Miscs.fs | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/StopBruteforce/Miscs.fs b/StopBruteforce/Miscs.fs index 79fa4c3..b1daf82 100644 --- a/StopBruteforce/Miscs.fs +++ b/StopBruteforce/Miscs.fs @@ -41,18 +41,18 @@ module EventLog = && log.EntryType = EventLogEntryType.FailureAudit && log.TimeWritten > timeFilter && log.ReplacementStrings.[3] = "0x0" then - - match log.ReplacementStrings.[19] |> IPAddress.TryParse with - | false, _ -> () - | true, x -> - yield - { IpAddress = x - Name = log.ReplacementStrings.[5] } |] + yield log |] + |> Array.Parallel.choose + (fun log -> + match log.ReplacementStrings.[19] |> IPAddress.TryParse with + | true, x when x <> IPAddress.Loopback -> + { IpAddress = x + Name = log.ReplacementStrings.[5] } + |> Some + | _ -> None) |> Array.groupBy (fun i -> i.IpAddress) |> Array.Parallel.map - (fun i -> - let ip, entries = i - + (fun (ip, entries) -> { Attempts = entries.Length IpAddress = ip HostName = tryResolve ip @@ -68,11 +68,11 @@ module EventLog = if log.InstanceId = 4624L && log.EntryType = EventLogEntryType.SuccessAudit && log.TimeWritten > timeFilter then - match log.ReplacementStrings.[18] |> IPAddress.TryParse with - | true, x when x <> IPAddress.Loopback -> yield x - | _ -> () |] + yield log |] + |> Array.Parallel.choose + (fun log -> + match log.ReplacementStrings.[18] |> IPAddress.TryParse with + | true, x when x <> IPAddress.Loopback -> Some x + | _ -> None) |> Array.groupBy id - |> Array.Parallel.map - (fun i -> - let a, _ = i - a) + |> Array.Parallel.map fst