112 lines
3.1 KiB
PowerShell
112 lines
3.1 KiB
PowerShell
################################################################################
|
|
# get Event
|
|
################################################################################
|
|
# Copyright (c) 2020 Artica Soluciones Tecnologicas S.L
|
|
# Jose Antonio Almendros
|
|
################################################################################
|
|
#
|
|
# usage: getEvent.exe -command "get_event.exe [event_source] [log_name] [interval] [*nodatalist] [*sendlog]"
|
|
#
|
|
################################################################################
|
|
|
|
param (
|
|
[switch]$h = $false,
|
|
[switch]$nodatalist = $false,
|
|
[switch]$sendlog = $false
|
|
)
|
|
|
|
if (($h -eq $true) -or ($($Args.Count) -le 2)){
|
|
echo "Plugin to get events from the last N minutes"
|
|
echo "Usage:"
|
|
echo "getEvent.exe [event_source] [log_name] [interval] *[-nodatalist] *[-sendlog]`n"
|
|
echo "event_source:`t`tfield Source of the Event"
|
|
echo "log_name:`t`tfield Log Name of the Event"
|
|
echo "interval:`t`ttime interval from events will be extracted (in minutes)"
|
|
echo "nodatalist [optional]:`tshows all output in same module data"
|
|
echo "sendlog [optional]:`tsends logs to log server"
|
|
echo "Artica ST @ 2020"
|
|
exit
|
|
}
|
|
|
|
|
|
$source = $args[0]
|
|
$logname = $args[1]
|
|
$interval = $args[2]
|
|
|
|
|
|
if (($nodatalist -eq $false) -and ($sendlog -eq $false))
|
|
{
|
|
$Logs = get-EventLog -Source $source -LogName $logname -After $((get-date).AddMinutes(-$interval)) | ft -HideTableHeaders
|
|
$result = foreach ($Log in $Logs)
|
|
{
|
|
|
|
if ($Log)
|
|
{
|
|
echo "<data><value><![CDATA["
|
|
echo $Log
|
|
echo "]]></value></data>"
|
|
echo "`r`n"
|
|
}
|
|
|
|
|
|
}
|
|
|
|
echo "<module>"
|
|
echo "<name>$source Events</name>"
|
|
echo "<type>async_string</type>"
|
|
echo "<datalist>"
|
|
echo $result
|
|
echo "</datalist>"
|
|
echo "<description>Logs with log name $logname in source $source</description>"
|
|
echo "</module>"
|
|
}
|
|
|
|
else
|
|
{
|
|
if ($sendlog -eq $false)
|
|
{
|
|
$Logs = get-EventLog -Source $source -LogName $logname -After $((get-date).AddMinutes(-$interval)) | ft -HideTableHeaders | Out-String
|
|
$result = foreach ($Log in $Logs)
|
|
{
|
|
|
|
echo $Log
|
|
echo "`r`n"
|
|
|
|
|
|
}
|
|
|
|
echo "<module>"
|
|
echo "<name>$source Events</name>"
|
|
echo "<type>async_string</type>"
|
|
echo "<data><![CDATA["
|
|
echo $result
|
|
echo "]]></data>"
|
|
echo "<description>Logs with log name $logname in source $source</description>"
|
|
echo "</module>"
|
|
}
|
|
}
|
|
|
|
if ($sendlog -eq $true)
|
|
{
|
|
$Logs = get-EventLog -Source $source -LogName $logname -After $((get-date).AddMinutes(-$interval)) | ft -HideTableHeaders | Out-String
|
|
$result = foreach ($Log in $Logs)
|
|
{
|
|
|
|
if ($Log)
|
|
{
|
|
echo "<![CDATA["
|
|
echo $Log
|
|
echo "]]>"
|
|
echo "`n"
|
|
}
|
|
|
|
|
|
}
|
|
|
|
echo "<log_module>"
|
|
echo "<source>$source Events</source>"
|
|
echo "<data>"
|
|
echo $result
|
|
echo "</data>"
|
|
echo "</log_module>"
|
|
} |