From c7d81b75a11d897fdfd0212e2454865723f25bd9 Mon Sep 17 00:00:00 2001
From: Thumbscrew <james@intmain.co.uk>
Date: Tue, 5 Nov 2019 20:36:08 +0000
Subject: [PATCH 1/2] Created format ps1xml. Needs tweaking some more.

---
 PSWinFW.psd1                        | Bin 8068 -> 8138 bytes
 formats/FirewallEvent.Format.ps1xml |  75 ++++++++++++++++++++++++++++
 public/Get-PSFirewallLog.ps1        |   2 +
 3 files changed, 77 insertions(+)
 create mode 100644 formats/FirewallEvent.Format.ps1xml

diff --git a/PSWinFW.psd1 b/PSWinFW.psd1
index 128309da12abeed4c76b884841024de456cf5a1f..926927d51623d54a2e40b8f41c2c71eb8a3c89be 100644
GIT binary patch
delta 90
zcmZp%KV`q+1pnkS{92ys3~3Dc3`GpN42cXS48;sF3~mgWKz=GiIZz}A2wfS<fV@1Q
ctR7Gfp;nKf0I1%Op#rEkhe3VwSN?u}02%BRk^lez

delta 28
kcmX?Q-(tVv1pnj>Y%G&K_<1H@;g_4-$IG|bOQ3-t0HNm!0{{R3

diff --git a/formats/FirewallEvent.Format.ps1xml b/formats/FirewallEvent.Format.ps1xml
new file mode 100644
index 0000000..223ff5a
--- /dev/null
+++ b/formats/FirewallEvent.Format.ps1xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<Configuration>
+    <ViewDefinitions>
+        <View>
+            <Name>FirewallEvent</Name>
+            <ViewSelectedBy>
+                <TypeName>PSWinFW.Log.Event</TypeName>
+            </ViewSelectedBy>
+            <TableControl>
+                <TableHeaders>
+                    <TableColumnHeader> <!-- Date -->
+                        <Width>10</Width>
+                    </TableColumnHeader>
+                    <TableColumnHeader> <!-- Time -->
+                        <Width>8</Width>
+                    </TableColumnHeader>
+                    <TableColumnHeader> <!-- Action -->
+                        <Width>5</Width>
+                    </TableColumnHeader>
+                    <TableColumnHeader> <!-- Protocol -->
+                        <Width>4</Width>
+                    </TableColumnHeader>
+                    <TableColumnHeader/> <!-- SourceIP -->
+                    <TableColumnHeader/> <!-- Destination IP -->
+                    <TableColumnHeader> <!-- SourcePort -->
+                        <Width>5</Width>
+                    </TableColumnHeader>
+                    <TableColumnHeader> <!-- DestinationPort -->
+                        <Width>5</Width>
+                    </TableColumnHeader>
+                    <TableColumnHeader/> <!-- Size -->
+                    <TableColumnHeader> <!-- Path -->
+                        <Width>7</Width>
+                    </TableColumnHeader>
+                </TableHeaders>
+                <TableRowEntries>
+                    <TableRowEntry>
+                        <TableColumnItems>
+                            <TableColumnItem>
+                                <PropertyName>Date</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>Time</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>Action</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>Protocol</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>SourceIP</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>DestinationIP</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>SourcePort</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>DestinationPort</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>Size</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>Path</PropertyName>
+                            </TableColumnItem>
+                        </TableColumnItems>
+                    </TableRowEntry>
+                </TableRowEntries>
+            </TableControl>
+        </View>
+    </ViewDefinitions>
+</Configuration>
\ No newline at end of file
diff --git a/public/Get-PSFirewallLog.ps1 b/public/Get-PSFirewallLog.ps1
index e55e033..d406ee3 100644
--- a/public/Get-PSFirewallLog.ps1
+++ b/public/Get-PSFirewallLog.ps1
@@ -134,6 +134,8 @@ function Get-PSFirewallLog {
                         $fwEvent | Add-Member NoteProperty -Name $member.Name -Value $split[$member.Value]
                     }
 
+                    $fwEvent.pstypenames.insert(0, 'PSWinFW.Log.Event')
+
                     $fwEvent
                 }
             }

From 4419df1e5b8a8f6871a5d1044d4821f3aef2da29 Mon Sep 17 00:00:00 2001
From: Thumbscrew <james@intmain.co.uk>
Date: Wed, 6 Nov 2019 19:35:16 +0000
Subject: [PATCH 2/2] Adjusted Table width, added labels. Removed Include
 switches as no longer required.

---
 PSWinFW.psd1                        | Bin 8138 -> 8186 bytes
 formats/FirewallEvent.Format.ps1xml |   5 ++-
 public/Get-PSFirewallLog.ps1        |  49 +++++-----------------------
 3 files changed, 12 insertions(+), 42 deletions(-)

diff --git a/PSWinFW.psd1 b/PSWinFW.psd1
index 926927d51623d54a2e40b8f41c2c71eb8a3c89be..f19fb4bb23bcffa1af9c3dc2b5f63ef5a86a9ec0 100644
GIT binary patch
delta 117
zcmX?Q|I2<u6Qg+$Lp~6eF!%z=6oyiU9EMZ|1qNFnR%g&-h+zm|2xbUp$YjW4a0AkM
z3<V6u47m)3n-?-lGf$qxtg!hM%QN1|IwD4lI+J5Xd^hhCa%1FI25NT(DoX(yS2DR#
LOndVx5e04lXa^h`

delta 81
zcmexmf69JC6C<-SgTmxSM%l?cJbar^F!C_-CNiWj<T7M3<S}G1WNiM-@|<__IWfM?
lQNnJF+|EFm6owpzRECnt8^vTN-x4yK%qQ%#`Id+RHvrrW7yJMK

diff --git a/formats/FirewallEvent.Format.ps1xml b/formats/FirewallEvent.Format.ps1xml
index 223ff5a..35d36c2 100644
--- a/formats/FirewallEvent.Format.ps1xml
+++ b/formats/FirewallEvent.Format.ps1xml
@@ -15,17 +15,20 @@
                         <Width>8</Width>
                     </TableColumnHeader>
                     <TableColumnHeader> <!-- Action -->
-                        <Width>5</Width>
+                        <Width>6</Width>
                     </TableColumnHeader>
                     <TableColumnHeader> <!-- Protocol -->
+                        <Label>Prot</Label>
                         <Width>4</Width>
                     </TableColumnHeader>
                     <TableColumnHeader/> <!-- SourceIP -->
                     <TableColumnHeader/> <!-- Destination IP -->
                     <TableColumnHeader> <!-- SourcePort -->
+                        <Label>SrcPt</Label>
                         <Width>5</Width>
                     </TableColumnHeader>
                     <TableColumnHeader> <!-- DestinationPort -->
+                        <Label>DstPt</Label>
                         <Width>5</Width>
                     </TableColumnHeader>
                     <TableColumnHeader/> <!-- Size -->
diff --git a/public/Get-PSFirewallLog.ps1 b/public/Get-PSFirewallLog.ps1
index d406ee3..a3f4d9b 100644
--- a/public/Get-PSFirewallLog.ps1
+++ b/public/Get-PSFirewallLog.ps1
@@ -28,21 +28,6 @@ function Get-PSFirewallLog {
         [int]
         $Tail = 0,
 
-        # Include extended TCP information (TCP Flags, TCP Sequence Number, TCP ACK Number, TCP Window Size). Defaults to false.
-        [Parameter(Mandatory = $false)]
-        [switch]
-        $IncludeTcpInfo,
-
-        # Include extended ICMP information (ICMP Type and Code). Defaults to false.
-        [Parameter(Mandatory = $false)]
-        [switch]
-        $IncludeIcmpInfo,
-
-        # Include Info field. Defaults to false.
-        [Parameter(Mandatory = $false)]
-        [switch]
-        $IncludeInfo,
-
         # ComputerName to retrieve log from
         [Parameter(Mandatory = $false, ParameterSetName = 'remote')]
         [string]
@@ -96,34 +81,16 @@ function Get-PSFirewallLog {
                     "SourcePort" = 6
                     "DestinationPort" = 7
                     "Size" = 8
+                    "TcpFlags" = 9
+                    "TcpSyn" = 10
+                    "TcpAck" = 11
+                    "TcpWin" = 12
+                    "IcmpType" = 13
+                    "IcmpCode" = 14
+                    "Info" = 15
+                    "Path" = 16
                 }
 
-                if($IncludeTcpInfo) {
-                    $tcpMembers = @{
-                        "TcpFlags" = 9
-                        "TcpSyn" = 10
-                        "TcpAck" = 11
-                        "TcpWin" = 12
-                    }
-
-                    $members += $tcpMembers
-                }
-
-                if($IncludeIcmpInfo) {
-                    $icmpMembers = @{
-                        "IcmpType" = 13
-                        "IcmpCode" = 14
-                    }
-
-                    $members += $icmpMembers
-                }
-
-                if($IncludeInfo) {
-                    $members += @{ "Info" = 15 }
-                }
-
-                $members += @{ "Path" = 16 }
-
                 $log | ForEach-Object {
                     $line = $_
                     $split = $line -split ('\s')