pex7hfbnt
/
apt-hunter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ADD file via upload

Browse Source
pull/1/head
pex7hfbnt 1 month ago
parent 752b08d79a
commit 7784ac2f5b
1 changed files with 101 additions and 0 deletions
Show Stats Download Patch File Download Diff File

101
source/windows-log-collector-full-v3-CSV.ps1
Unescape View File

@ -0,0 +1,101 @@
try{
New-Item -ItemType "directory" -Path "wineventlog"
}
catch
{
echo "can't create a new directory"
}
try{
get-eventlog -log Security | export-csv wineventlog/Security.csv
}
catch
{
echo "Can't retrieve Security Logs"
}
try
{
Get-WinEvent -LogName System | export-csv wineventlog/System.csv
}
catch
{
echo "Can't retrieve System Logs"
}
try{
Get-WinEvent -LogName Application | export-csv wineventlog/Application.csv
}
catch
{
echo "Can't retrieve Application Logs"
}
try{
Get-WinEvent -LogName "Windows PowerShell" | export-csv wineventlog/Windows_PowerShell.csv
}
catch
{
echo "Can't retrieve Windows PowerShell Logs"
}
try{
Get-WinEvent -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" | export-csv wineventlog/LocalSessionManager.csv
}
catch
{
echo "Can't retrieve Microsoft-Windows-TerminalServices-LocalSessionManager/Operational Logs"
}
try{
Get-WinEvent -LogName "Microsoft-Windows-Windows Defender/Operational" | export-csv wineventlog/Windows_Defender.csv
}
catch
{
echo "Can't retrieve Microsoft-Windows-Windows Defender/Operational Logs"
}
try{
Get-WinEvent -LogName Microsoft-Windows-TaskScheduler/Operational | export-csv wineventlog/TaskScheduler.csv
}
catch
{
echo "Can't retrieve Microsoft-Windows-TaskScheduler/Operational Logs"
}
try{
Get-WinEvent -LogName Microsoft-Windows-WinRM/Operational | export-csv wineventlog/WinRM.csv
}
catch
{
echo "Can't retrieve Microsoft-Windows-WinRM/Operational Logs"
}
try{
Get-WinEvent -LogName Microsoft-Windows-Sysmon/Operational | export-csv wineventlog/Sysmon.csv
}
catch
{
echo "Can't retrieve Microsoft-Windows-Sysmon/Operational Logs"
}
try{
Get-WinEvent -LogName Microsoft-Windows-PowerShell/Operational | export-csv wineventlog/Powershell_Operational.csv
}
catch
{
echo "Can't retrieve Microsoft-Windows-PowerShell/Operational Logs"
}
try
{
Compress-Archive -Path wineventlog -DestinationPath ./logs.zip
}
catch
{
echo "couldn't compress the the log folder "
}
Write Preview
Loading…
Cancel
Save