-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthLogParser doesn't working #1
Comments
Hello @GopalSati |
@GopalSati |
There is no error message, just get the output which was already shared in
the initial email. I haven't seen the results as per the video you shared.
…On Wed, 10 Jan, 2024, 00:45 Eilay Yosfan (DFIR), ***@***.***> wrote:
@GopalSati <https://github.com/GopalSati>
You can screenshot the error you get?
—
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKBCTJDZFC2UCSZLLYHLXETYNWJO5AVCNFSM6AAAAABBTHSXG6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBTGYZTMMBXGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@GopalSati |
@GopalSati Do you still have issues in MasterParser v2.0 ? |
Closing, no answer from @GopalSati |
Hello YosfanEilay,
I have tried to test the tool as per the recommendations on a Windows machine but it didn't work. I have used auth.log from 2 Linux machines. Out as below:
AuthLogParser Banner
Write-Output " ___ __ __ __ "
Write-Output " / | __ __/ // / / / ____ ____ _ "
Write-Output ' / /| |/ / / / __/ __ \ / / / __ / __
/ ' Write-Output " / ___ / /_/ / /_/ / / / / /___/ /_/ / /_/ / " Write-Output "/_/ |_\__,_/\__/_/ /_(_)_____/\____/\__, / " Write-Output " ____ /____/ " Write-Output " / __ \____ ______________ _____ " Write-Output ' / /_/ / __
/ / / _ / / 'Write-Output " / / // / / ( ) __/ / "
Write-Output " // _,// //_/_/ "
Write-Output "
Write-Output " github.com/YosfanEilay"
Write-Output " Version: 1.0v"
Write-Output "
NotFoundHashTable
$NotFoundHashTable = @{}
Variable to store where AuthLogParser is running from.
$RunningPath = Get-Location
save path from execution and move the variable to dot source -> CreateLogCopy.ps1
if statement to check if $args[0] is empty
if ($AuthLogPath.Length -ge 1) {
}
if empty, execute instructions
else {
Write-Output "[!] Auth.Log file not found."
Start-Sleep -Milliseconds 500
Write-Output "How to execute AuthLogParser ?"
Start-Sleep -Milliseconds 500
Write-Output "+----------------------------------------------------------------------------------------+"
Write-Output "| PS C:\Users{user}\Desktop\AuthLogParser> .\AuthLogParser.ps1 C:\PATH\TO\Auth.Log\File |"
Write-Output "+----------------------------------------------------------------------------------------+"
Write-Output ""
Start-Sleep -Milliseconds 500
exit
}
Dot Sourcing -> 01-TimePatch.ps1
. "$RunningPath\03-TimePatch\01-TimePatch.ps1"
if statement to check if TimePatch is needed
if ($CreateLogCopy_Flag -eq "True") {
Dot Sourcing -> CreateLogCopy.ps1
. "$RunningPath\01-LogCopy\CreateLogCopy.ps1"
}
Dot Sourcing -> FileSummaryReport.ps1
. "$RunningPath\02-Features\01-FileSummaryReport.ps1"
Dot Sourcing -> 02-EventNameTable.ps1
. "$RunningPath\02-Features\02-EventNameTable.ps1"
Dot Sourcing -> 03-IPAddressTable.ps1
. "$RunningPath\02-Features\03-IPAddressTable.ps1"
Dot Sourcing -> 04-SSHTable.ps1
. "$RunningPath\02-Features\04-SSHTable.ps1"
Dot Sourcing -> 05-UsersGroupsActivity.ps1
. "$RunningPath\02-Features\05-UsersGroupsActivity.ps1"
Dot Sourcing -> 06-GeneralActivity.ps1
. "$RunningPath\02-Features\06-GeneralActivity.ps1"
if ($NotFoundHashTable.Values.Count -ge 1) {
Element That Does Not Exist in This auth.log File
Write-Output "
Write-Output "Element That Does Not Exist in This auth.log File"
Write-Output "+-----------------------------------------------+"
$NotFoundHashTable.Values
}
delete the auth.log copy after using it.
Start-Sleep -Seconds 1
Remove-Item -Path $AuthLogCopyLocation
Please advise what is wrong with this.
The text was updated successfully, but these errors were encountered: