From 35a2d59151b9d597e600d92ff2f88bf9aa7d4646 Mon Sep 17 00:00:00 2001
From: alejandro <alejandro.sanchez@pandorafms.com>
Date: Thu, 23 Jun 2022 11:56:47 +0200
Subject: [PATCH] adding log event plugin

---
 pandora_plugins/Log_event/getEvent.ps1 | 112 +++++++++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 pandora_plugins/Log_event/getEvent.ps1

diff --git a/pandora_plugins/Log_event/getEvent.ps1 b/pandora_plugins/Log_event/getEvent.ps1
new file mode 100644
index 0000000000..19d4237421
--- /dev/null
+++ b/pandora_plugins/Log_event/getEvent.ps1
@@ -0,0 +1,112 @@
+################################################################################
+# get Event
+################################################################################
+# Copyright (c) 2020 Artica Soluciones Tecnologicas S.L
+# Jose Antonio Almendros 
+################################################################################
+# 
+# usage: getEvent.exe -command "get_event.exe [event_source] [log_name] [interval] [*nodatalist] [*sendlog]"			 
+#				
+################################################################################
+
+param (
+[switch]$h = $false,
+[switch]$nodatalist = $false,
+[switch]$sendlog = $false
+)
+
+if (($h -eq $true) -or ($($Args.Count) -le 2)){
+	echo "Plugin to get events from the last N minutes" 
+	echo "Usage:" 
+	echo "getEvent.exe [event_source] [log_name] [interval] *[-nodatalist] *[-sendlog]`n"
+    echo "event_source:`t`tfield Source of the Event"
+    echo "log_name:`t`tfield Log Name of the Event"
+    echo "interval:`t`ttime interval from events will be extracted (in minutes)"
+    echo "nodatalist [optional]:`tshows all output in same module data"
+    echo "sendlog [optional]:`tsends logs to log server"
+	echo "Artica ST @ 2020" 
+	exit
+}
+
+
+$source = $args[0]
+$logname = $args[1]
+$interval = $args[2]
+ 
+
+if (($nodatalist -eq $false) -and ($sendlog -eq $false))
+    {
+    $Logs = get-EventLog  -Source $source -LogName $logname -After $((get-date).AddMinutes(-$interval)) | ft -HideTableHeaders
+        $result = foreach ($Log in $Logs)
+        {
+
+	          if ($Log)
+                {
+                echo "<data><value><![CDATA["
+                echo $Log
+                echo "]]></value></data>"
+                echo "`r`n"
+                }
+
+
+        }
+
+		echo "<module>" 
+		echo "<name>$source Events</name>" 
+		echo "<type>async_string</type>" 
+		echo "<datalist>"
+        echo $result
+        echo "</datalist>" 
+		echo "<description>Logs with log name $logname in source $source</description>"
+        echo "</module>" 
+    }
+         
+else 
+    {
+        if ($sendlog -eq $false)
+        {
+            $Logs = get-EventLog  -Source $source -LogName $logname -After $((get-date).AddMinutes(-$interval)) | ft -HideTableHeaders | Out-String
+            $result = foreach ($Log in $Logs)
+            {
+
+                echo $Log
+                echo "`r`n"
+
+
+            }
+
+		echo "<module>" 
+		echo "<name>$source Events</name>" 
+		echo "<type>async_string</type>"
+        echo "<data><![CDATA[" 
+        echo $result
+        echo "]]></data>"
+		echo "<description>Logs with log name $logname in source $source</description>"
+        echo "</module>" 
+        }
+    } 
+
+if ($sendlog -eq $true) 
+    {
+        $Logs = get-EventLog  -Source $source -LogName $logname -After $((get-date).AddMinutes(-$interval)) | ft -HideTableHeaders | Out-String
+        $result = foreach ($Log in $Logs)
+        {
+        
+	          if ($Log)
+                {
+                echo "<![CDATA["
+                echo $Log
+                echo "]]>"
+                echo "`n"
+                }
+
+
+        }
+
+		echo "<log_module>" 
+		echo "<source>$source Events</source>"
+        echo "<data>" 
+        echo $result 
+        echo "</data>"
+        echo "</log_module>" 
+    }
\ No newline at end of file