Results 1 to 12 of 12
Thread: Èçõîä îò power shell script
Hybrid View
-
9th December 2016 22:08 #1Registered User
Join Date: Jun:2013
Location: >.<
Posts: 6,182
Èçõîä îò power shell script
Äàéòå ñúâåò çà ñîðòèðàíå è èçâåæäàíå íà èçõîäà îò òîçè ôàéë â äîáðå ïîäðåäåí xls ôàéë (íàáúðçî íà êîéòî íå ìó ñå ÷åòå - êîäà ñúáèðà îò ëîãîâåòå âñè÷êè logoff/login ïî çàäàäåí èíòåðâàë îò âðåìå, è ãè èçâåæäà â êîíçîëàòà êàòî ñòàòèñòèêà (ïîòðåáèòåë, òèï íà îïåðàöèÿòà, àäðåñ è ò.í.):
Code:# Authors: Ryan DeVries, Drew Bonasera, Scott Smith # Rochester Institute of Technology - Computer System Forensics # Variables # Reads the hostname, sets to the local hostname if left blank $hostname = read-host "Enter the IP or hostname of the computer you wish to scan (Leave blank for local)" if ($hostname.length -eq 0){$hostname = $env:computername} # Reads the start date, sets to 1/1/2000 if left blank $startTmp = read-host "Enter the start date to scan from (MM/DD/YYYY, default 1/1/2000)" if ($startTmp.length -eq 0){$startTmp = "1/1/2000"} $startDate = get-date $startTmp # Reads the end date, sets to the current date and time if left blank $endTmp = read-host "Enter the end date to scan to (MM/DD/YYYY, default current time)" if ($endTmp.length -eq 0){$endTmp = get-date} $endDate = get-date $endTmp # Reads a Yes or No response to print only the failed login attempts, defaults to No $scope = read-host "Print only failed logins (Y/N, default N)" if ($scope.length -eq 0){$scope = "N"} # Writes a line with all the parameters selected for report write-host "Hostname: "$hostname "`tStart: "$startDate "`tEnd: "$endDate "`tOnly Failed Logins: "$scope "`n" # Store each event from the Security Log with the specificed dates and computer in an array $log = Get-Eventlog -LogName Security -ComputerName $hostname -after $startDate -before $endDate # Loop through each security event, print only failed login attempts if ($scope -match "Y"){ foreach ($i in $log){ # Logon Failure Events, marked red # Local if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 2)){ write-host "Type: Local Logon`tDate: "$i.TimeGenerated "`tStatus: Failure`tUser: "$i.ReplacementStrings[5] -foregroundcolor "red" } # Remote if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 10)){ write-host "Type: Remote Logon`tDate: "$i.TimeGenerated "`tStatus: Failure`tUser: "$i.ReplacementStrings[5] "`tIP Address: "$i.ReplacementStrings[19] -foregroundcolor "red" } } } # Loop through each security event, print all login/logoffs with type, date/time, status, account name, and IP address if remote else{ foreach ($i in $log){ # Logon Successful Events # Local (Logon Type 2) if (($i.EventID -eq 4624 ) -and ($i.ReplacementStrings[8] -eq 2)){ write-host "Type: Local Logon`tDate: "$i.TimeGenerated "`tStatus: Success`tUser: "$i.ReplacementStrings[5] } # Remote (Logon Type 10) if (($i.EventID -eq 4624 ) -and ($i.ReplacementStrings[8] -eq 10)){ write-host "Type: Remote Logon`tDate: "$i.TimeGenerated "`tStatus: Success`tUser: "$i.ReplacementStrings[5] "`tIP Address: "$i.ReplacementStrings[18] } # Logon Failure Events, marked red # Local if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 2)){ write-host "Type: Local Logon`tDate: "$i.TimeGenerated "`tStatus: Failure`tUser: "$i.ReplacementStrings[5] -foregroundcolor "red" } # Remote if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 10)){ write-host "Type: Remote Logon`tDate: "$i.TimeGenerated "`tStatus: Failure`tUser: "$i.ReplacementStrings[5] "`tIP Address: "$i.ReplacementStrings[19] -foregroundcolor "red" } # Logoff Events if ($i.EventID -eq 4647 ){ write-host "Type: Logoff`t`tDate: "$i.TimeGenerated "`tStatus: Success`tUser: "$i.ReplacementStrings[1] } } }
-
10th December 2016 09:52 #2
Íÿìà ëåñåí íà÷èí äà ãåíåðèðàø èñòèíñêè åêñåëñêè ôàéë ñ powershell, çàòîâà òîâà êîåòî òè òðÿáâà å export-csv òîåñò äà çàïèøåø èçõîäà îò òîçè ñêðèïò â .csv ôàéë êîéòî ïîñëå ñå ÷åòå â åêñåë. Ðàçãëåäàé ïðèìåðèòå àêî çàäúëáàåø ìîæå äà ïðàâèø ôîðìàò íà äàííèòå îò ñêðèïòà è ïîñëå äà ñå çàïèñâàò èëè "àïåíäâàø" êúì ôàéë. Âàðèàíòèòå ñà ìíîãî.
-
10th December 2016 13:16 #3Registered User
Join Date: Jun:2013
Location: >.<
Posts: 6,182
-
10th December 2016 14:41 #4
Íèùî íå òè ïðå÷è äà âèäèø êàê ùå èçãëåæäà .csv ñè å ñòàíäàðòåí ôîðìàò êîéòî ñå ÷åòå îò åêñåëà. Ïúê ïîñëå ñè ðåøàâàé êàêâî äà ãî ïðàâèø

Code:PS C:\>èìåòî íà ñêðèïòà | Export-Csv -Path "logdata.csv"
-
11th December 2016 23:56 #5
Ñ òîçè êîä íÿìà äà ñòàíå çàùîòî "write-host" ïèøå ñàìî íà êîíçîëàòà ùå òè òðÿáâà write-output. È òåçè 0 êúäåòî ãè å íàáèë íàâñÿêúäå ... Òðÿáâà äà ñå ïðàâè ïðîâåðêà çà âúâåäåíèòå äàííè è äà òå âðúùà äà ïîâòàðÿø àêî íå ñè âúâåë íèùî - ïðîâåðêà çà ïðàçåí ñòðèíã, ïàðñâàíå íà ïðîìåíëèâèòå è ò.í.
Êàòî öÿëî ñêðèïòà íå å íàïèñàí çà òîâà çà êîåòî òè ãî èñêàø è àêî ñúì òè ðàçáðàë èäåÿòà òðÿáâà äà ñå ïðåíàïèøå è äà ìó ñå ïðîìåíè ëîãèêàòà.
Èíà÷å íà ìàøèíà ñ èíñòàëèðàí Åêñåë ìîæåø äà ãåíåðèðàø COM îáåêò çà Åêñåë è ïðîãðàìíî äà ñè ïîïúëíèø ôàèëà ïðåç âñè÷êî .NET-ñêî âêëþ÷èòåëíî PowerShell. È íå òå ñúâåòâàì äà ïîëçâàø xls, à xlsx.
Êîÿ âåðñèÿ íà PowerShell èìàø íà ìàøèíèòå?Last edited by autosvet; 12th December 2016 at 01:34.
-
12th December 2016 10:33 #6Registered User
Join Date: Jun:2013
Location: >.<
Posts: 6,182
Ñêðèïòà íå å ïèñàí îò ìåí, è çà òîâà óìèøëåíî ñúì áîëäíàë è ïîñî÷èë ñ ÷åðâåíî àâòîðèòå (âñå ïàê êîãàòî íåùî íå å ìîå, òðÿáâà äà ñå ïîñî÷àò àâòîðèòå).
Èíàê ñêðèïòà ïðàâè òî÷íî òîâà êîåòî ñúì îïèñàë: çà îïðåäåëåí èíòåðâàë îò âðåìå ïîñî÷âà âñåêè îïèò çà ëîãèí (óñïåøåí è íåóñïåøåí (âòîðèÿ å â ÷åðâåíî êàêòî ñå âèæäà â êîäà)), èìåòî íà ïîòðåáèòåëÿ è ò.í.
ÍÅ ðàáîòè íà PS1 (ïîíå ïðè ìåí îòêàçà), íî îò 2ðà íàãîðå ðàáîòè. Èíàê ñúì ñ PS1 íà åäíàòà ìàøèíà, è PS2+ íà äðóãèòå 7 ÎÑ-à íà êîèòî ìè òðÿáâà òàçè ïðîâåðêà.
Àêî èìàø íÿêàêâî ïðåäëîæåíèå, ùå ñúì äîâîëåí äà ñïîäåëèø. Çà ìåí íå å ïðîáëåì èçõîäíèÿ ðåçóëòàò äà å âúâ âñÿêî ïðåãëåäíî íà âèä ñúñòîÿíèå, çàùîòî âúç îñíîâà íà íåãî ùå ñå îïðåäåëÿò çàäà÷è íà íÿêîëêî ÷îâåêà.
Ïðèìåðíà ìàøèíà íà êîÿòî òåñòâàì:
è èçõîäà íà íåÿ:Code:PS D:\> Get-Host Name : ConsoleHost Version : 5.1.14393.206 InstanceId : 752a9633-eb52-4da1-bcc2-b8cecc2ec0d5 UI : System.Management.Automation.Internal.Host.InternalHostUserInterface CurrentCulture : en-US CurrentUICulture : en-US PrivateData : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy DebuggerEnabled : True IsRunspacePushed : False Runspace : System.Management.Automation.Runspaces.LocalRunspace
Code:PS D:\> .\test.ps1 Enter the IP or hostname of the computer you wish to scan (Leave blank for local): Enter the start date to scan from (MM/DD/YYYY, default 1/1/2000): 11/12/2016 Enter the end date to scan to (MM/DD/YYYY, default current time): Print only failed logins (Y/N, default N): Hostname: ss4 Start: 11.12.2016 12:00:00 AM End: 12.12.2016 10:53:35 AM Only Failed Logins: N Type: Local Logon Date: 12.12.2016 10:53:25 AM Status: Success User: nav1 Type: Local Logon Date: 12.12.2016 10:53:25 AM Status: Success User: nav1 Type: Local Logon Date: 12.12.2016 10:53:17 AM Status: Success User: DWM-3 Type: Local Logon Date: 12.12.2016 10:53:17 AM Status: Success User: DWM-3 Type: Logoff Date: 12.12.2016 10:53:16 AM Status: Success User: 1 Type: Local Logon Date: 12.12.2016 10:52:40 AM Status: Success User: 1 Type: Local Logon Date: 12.12.2016 10:52:37 AM Status: Success User: 1 Type: Local Logon Date: 12.12.2016 10:52:13 AM Status: Success User: DWM-2 Type: Local Logon Date: 12.12.2016 10:52:13 AM Status: Success User: DWM-2 Type: Local Logon Date: 12.12.2016 10:50:35 AM Status: Success User: nav1 Type: Local Logon Date: 12.12.2016 10:50:35 AM Status: Success User: nav1 Type: Local Logon Date: 12.12.2016 10:12:05 AM Status: Success User: nav1 Type: Local Logon Date: 12.12.2016 10:12:05 AM Status: Success User: nav1 PS D:\> PS D:\> .\test.ps1




Reply With Quote

Lenovo ThinkPad 15 èëè IdeaPad 15
5th May 2023, 22:16 in Ìîáèëíè êîìïþòðè