-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAddITSServerLog.ps1
88 lines (73 loc) · 2.17 KB
/
AddITSServerLog.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
[CmdletBinding()]
param(
[Parameter(Mandatory=$false)]
[switch]
$Remove
)
[xml]$ITSSSMAP=`
'<FieldInfo>
<EventRules>
<Source Name="Quest.ITSecuritySearch.Server.Executor">
<Event EventID="1">
<Field Name="Who" Index="7"></Field>
<Field Name="What" Index="12"></Field>
<Field Name="Where" CopyFrom="SourceComputer"></Field>
</Event>
</Source>
</EventRules>
</FieldInfo>'
$regasm = gci 'C:\Windows\Microsoft.NET\Framework' -Filter 'regasm.exe' -Recurse | Sort-Object Directory -Descending | select -First 1
gci ${env:CommonProgramFiles(x86)} -Filter 'Interop.InTrustEnvironment.dll' -Recurse |%{[Reflection.Assembly]::LoadFrom($_.FullName)}
function Connect-ToServer([string]$serverName=$Env:ComputerName){
$inTrustEnvironment = New-Object Interop.InTrustEnvironment.InTrustEnvironmentClass
$inTrustServer = $inTrustEnvironment.ConnectToServer($serverName)
return $inTrustServer
}
function Add-LogToEventory
{
param
(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]
$LogName,
[xml]
$XmlLogContent,
[string]
$ServerName=$Env:ComputerName
)
$intrustServer = Connect-ToServer -serverName $ServerName
$Error.Clear()
try{
$Log = $inTrustServer.Organization.Eventory.Logs.Add($LogName, $XmlLogContent.OuterXml)
}
catch {
return $Error
}
return $Log
}
function Remove-EventoryLog
{
param
(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
[string]
$LogName,
[string]
$ServerName=$Env:ComputerName
)
$inTrustServer = Connect-ToServer -serverName $ServerName
$RemoveLogs = $inTrustServer.Organization.Eventory.Logs | Where-Object {$_.Name -like "$LogName"}
$RemoveLogs | % {$inTrustServer.Organization.Eventory.Logs.Remove($_.Name)}
}
if($Remove)
{
Write-Host "Remove ITSS Log from eventory"
Remove-EventoryLog -LogName 'ITSS Server Log'
}
else
{
Write-Host "Add ITSS Log to eventory"
Add-LogToEventory -LogName 'ITSS Server Log' -XmlLogContent $ITSSSMAP -ServerName localhost
}