AuthLogParser doesn't working #1
Assignees
Labels
question
Further information is requested
Comments
|
Hello @GopalSati |
|
@GopalSati |
|
There is no error message, just get the output which was already shared in
the initial email. I haven't seen the results as per the video you shared.
…On Wed, 10 Jan, 2024, 00:45 Eilay Yosfan (DFIR), ***@***.***> wrote:
@GopalSati <https://github.com/GopalSati>
You can screenshot the error you get?
—
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKBCTJDZFC2UCSZLLYHLXETYNWJO5AVCNFSM6AAAAABBTHSXG6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBTGYZTMMBXGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@GopalSati |
|
@GopalSati Do you still have issues in MasterParser v2.0 ? |
|
Closing, no answer from @GopalSati |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello YosfanEilay,
I have tried to test the tool as per the recommendations on a Windows machine but it didn't work. I have used auth.log from 2 Linux machines. Out as below:
AuthLogParser Banner
Write-Output " ___ __ __ __ "
Write-Output " / | __ __/ // / / / ____ ____ _ "
Write-Output ' / /| |/ / / / __/ __ \ / / / __ / __
/ ' Write-Output " / ___ / /_/ / /_/ / / / / /___/ /_/ / /_/ / " Write-Output "/_/ |_\__,_/\__/_/ /_(_)_____/\____/\__, / " Write-Output " ____ /____/ " Write-Output " / __ \____ ______________ _____ " Write-Output ' / /_/ / __/ / / _ / / 'Write-Output " / / // / / ( ) __/ / "
Write-Output " // _,// //_/_/ "
Write-Output "
Write-Output " github.com/YosfanEilay"
Write-Output " Version: 1.0v"
Write-Output "
NotFoundHashTable
$NotFoundHashTable = @{}
Variable to store where AuthLogParser is running from.
$RunningPath = Get-Location
save path from execution and move the variable to dot source -> CreateLogCopy.ps1
if statement to check if $args[0] is empty
if ($AuthLogPath.Length -ge 1) {
}
if empty, execute instructions
else {
Write-Output "[!] Auth.Log file not found."
Start-Sleep -Milliseconds 500
Write-Output "How to execute AuthLogParser ?"
Start-Sleep -Milliseconds 500
Write-Output "+----------------------------------------------------------------------------------------+"
Write-Output "| PS C:\Users{user}\Desktop\AuthLogParser> .\AuthLogParser.ps1 C:\PATH\TO\Auth.Log\File |"
Write-Output "+----------------------------------------------------------------------------------------+"
Write-Output ""
Start-Sleep -Milliseconds 500
exit
}
Dot Sourcing -> 01-TimePatch.ps1
. "$RunningPath\03-TimePatch\01-TimePatch.ps1"
if statement to check if TimePatch is needed
if ($CreateLogCopy_Flag -eq "True") {
Dot Sourcing -> CreateLogCopy.ps1
. "$RunningPath\01-LogCopy\CreateLogCopy.ps1"
}
Dot Sourcing -> FileSummaryReport.ps1
. "$RunningPath\02-Features\01-FileSummaryReport.ps1"
Dot Sourcing -> 02-EventNameTable.ps1
. "$RunningPath\02-Features\02-EventNameTable.ps1"
Dot Sourcing -> 03-IPAddressTable.ps1
. "$RunningPath\02-Features\03-IPAddressTable.ps1"
Dot Sourcing -> 04-SSHTable.ps1
. "$RunningPath\02-Features\04-SSHTable.ps1"
Dot Sourcing -> 05-UsersGroupsActivity.ps1
. "$RunningPath\02-Features\05-UsersGroupsActivity.ps1"
Dot Sourcing -> 06-GeneralActivity.ps1
. "$RunningPath\02-Features\06-GeneralActivity.ps1"
if ($NotFoundHashTable.Values.Count -ge 1) {
Element That Does Not Exist in This auth.log File
Write-Output "
Write-Output "Element That Does Not Exist in This auth.log File"
Write-Output "+-----------------------------------------------+"
$NotFoundHashTable.Values
}
delete the auth.log copy after using it.
Start-Sleep -Seconds 1
Remove-Item -Path $AuthLogCopyLocation
Please advise what is wrong with this.
The text was updated successfully, but these errors were encountered: