This repository has been archived by the owner on Jun 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 95
/
welm.bat
90 lines (61 loc) · 1.83 KB
/
welm.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
@echo off
setlocal enabledelayedexpansion enableextensions
set WEVTPATH=%WINDIR%\System32\wevtutil.exe
set LOGS=logs.txt
set PUBLISHERS=publishers.txt
set LOGSERRORLOG=logs_errors.txt
set PUBSERRORLOG=publishers_errors.txt
if exist "%WEVTPATH%" (
if exist wevtutil (
rmdir /S /Q wevtutil
)
mkdir wevtutil
pushd wevtutil
mkdir logs
pushd logs
"%WEVTPATH%" el >%LOGS%
move %LOGS% ..\ >nul
for /f "tokens=*" %%A in ('"%WEVTPATH%" el') do (
set XML_FILENAME=%%A
set XML_FILENAME=!XML_FILENAME:/=--!
"%WEVTPATH%" gl "%%A" /f:xml >"!XML_FILENAME!.xml" 2>>%LOGSERRORLOG%
if !errorlevel! neq 0 (
echo wevtutil returned error code !errorlevel! when running wevutil gl on '%%A'. see above line for details. >>%LOGSERRORLOG%
)
)
move %LOGSERRORLOG% ..\ >nul
popd
mkdir publishers
pushd publishers
"%WEVTPATH%" ep >%PUBLISHERS%
move %PUBLISHERS% ..\ >nul
for /f "tokens=*" %%A in ('"%WEVTPATH%" ep') do (
set XML_FILENAME=%%A
set XML_FILENAME=!XML_FILENAME:/=--!
"%WEVTPATH%" gp "%%A" /ge /gm:true /f:xml >"!XML_FILENAME!.xml" 2>>%PUBSERRORLOG%
if !errorlevel! neq 0 (
echo wevtutil returned error code !errorlevel! when running wevutil gp on '%%A'. see above line for details. >>%PUBSERRORLOG%
)
)
move %PUBSERRORLOG% ..\ >nul
popd
popd
)
set WELMPATH=.
if exist "%~dp0%\welm.exe" (
set WELMPATH=%~dp0%\welm.exe
)
if exist "%~dp0%\WelmConsole.exe" (
set WELMPATH=%~dp0%\WelmConsole.exe
)
if exist welm (
rmdir /S /Q welm
)
mkdir welm
pushd welm
"%WELMPATH%" -e -f all
"%WELMPATH%" -p -f all
"%WELMPATH%" -l -f all
popd
move *.txt .\welm >nul
endlocal