mirror of
https://github.com/Thumbscrew/PSWinFW.git
synced 2025-01-18 17:45:47 +00:00
GitHub
commit
acdbe702de
BIN
PSWinFW.psd1
BIN
PSWinFW.psd1
Binary file not shown.
78
formats/FirewallEvent.Format.ps1xml
Normal file
78
formats/FirewallEvent.Format.ps1xml
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8" ?>
|
||||||
|
<Configuration>
|
||||||
|
<ViewDefinitions>
|
||||||
|
<View>
|
||||||
|
<Name>FirewallEvent</Name>
|
||||||
|
<ViewSelectedBy>
|
||||||
|
<TypeName>PSWinFW.Log.Event</TypeName>
|
||||||
|
</ViewSelectedBy>
|
||||||
|
<TableControl>
|
||||||
|
<TableHeaders>
|
||||||
|
<TableColumnHeader> <!-- Date -->
|
||||||
|
<Width>10</Width>
|
||||||
|
</TableColumnHeader>
|
||||||
|
<TableColumnHeader> <!-- Time -->
|
||||||
|
<Width>8</Width>
|
||||||
|
</TableColumnHeader>
|
||||||
|
<TableColumnHeader> <!-- Action -->
|
||||||
|
<Width>6</Width>
|
||||||
|
</TableColumnHeader>
|
||||||
|
<TableColumnHeader> <!-- Protocol -->
|
||||||
|
<Label>Prot</Label>
|
||||||
|
<Width>4</Width>
|
||||||
|
</TableColumnHeader>
|
||||||
|
<TableColumnHeader/> <!-- SourceIP -->
|
||||||
|
<TableColumnHeader/> <!-- Destination IP -->
|
||||||
|
<TableColumnHeader> <!-- SourcePort -->
|
||||||
|
<Label>SrcPt</Label>
|
||||||
|
<Width>5</Width>
|
||||||
|
</TableColumnHeader>
|
||||||
|
<TableColumnHeader> <!-- DestinationPort -->
|
||||||
|
<Label>DstPt</Label>
|
||||||
|
<Width>5</Width>
|
||||||
|
</TableColumnHeader>
|
||||||
|
<TableColumnHeader/> <!-- Size -->
|
||||||
|
<TableColumnHeader> <!-- Path -->
|
||||||
|
<Width>7</Width>
|
||||||
|
</TableColumnHeader>
|
||||||
|
</TableHeaders>
|
||||||
|
<TableRowEntries>
|
||||||
|
<TableRowEntry>
|
||||||
|
<TableColumnItems>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>Date</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>Time</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>Action</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>Protocol</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>SourceIP</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>DestinationIP</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>SourcePort</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>DestinationPort</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>Size</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
<TableColumnItem>
|
||||||
|
<PropertyName>Path</PropertyName>
|
||||||
|
</TableColumnItem>
|
||||||
|
</TableColumnItems>
|
||||||
|
</TableRowEntry>
|
||||||
|
</TableRowEntries>
|
||||||
|
</TableControl>
|
||||||
|
</View>
|
||||||
|
</ViewDefinitions>
|
||||||
|
</Configuration>
|
||||||
@ -16,9 +16,9 @@ function Get-PSFirewallLog {
|
|||||||
[string]
|
[string]
|
||||||
$LogFileName,
|
$LogFileName,
|
||||||
|
|
||||||
# Retrieve a profile's log using registry settings of the local machine
|
# Retrieve a profile's log using registry settings of the local or remote machine
|
||||||
[Parameter(Mandatory = $true, ParameterSetName = 'auto')]
|
[Parameter(Mandatory = $true, ParameterSetName = 'auto')]
|
||||||
[Parameter(ParameterSetName = 'remote')]
|
[Parameter(Mandatory = $true, ParameterSetName = 'remote')]
|
||||||
[ValidateSet('Public','Private','Domain')]
|
[ValidateSet('Public','Private','Domain')]
|
||||||
[string]
|
[string]
|
||||||
$LogProfile,
|
$LogProfile,
|
||||||
@ -28,23 +28,8 @@ function Get-PSFirewallLog {
|
|||||||
[int]
|
[int]
|
||||||
$Tail = 0,
|
$Tail = 0,
|
||||||
|
|
||||||
# Include extended TCP information (TCP Flags, TCP Sequence Number, TCP ACK Number, TCP Window Size). Defaults to false.
|
|
||||||
[Parameter(Mandatory = $false)]
|
|
||||||
[switch]
|
|
||||||
$IncludeTcpInfo,
|
|
||||||
|
|
||||||
# Include extended ICMP information (ICMP Type and Code). Defaults to false.
|
|
||||||
[Parameter(Mandatory = $false)]
|
|
||||||
[switch]
|
|
||||||
$IncludeIcmpInfo,
|
|
||||||
|
|
||||||
# Include Info field. Defaults to false.
|
|
||||||
[Parameter(Mandatory = $false)]
|
|
||||||
[switch]
|
|
||||||
$IncludeInfo,
|
|
||||||
|
|
||||||
# ComputerName to retrieve log from
|
# ComputerName to retrieve log from
|
||||||
[Parameter(Mandatory = $false, ParameterSetName = 'remote')]
|
[Parameter(Mandatory = $true, ParameterSetName = 'remote')]
|
||||||
[string]
|
[string]
|
||||||
$ComputerName
|
$ComputerName
|
||||||
)
|
)
|
||||||
@ -96,34 +81,16 @@ function Get-PSFirewallLog {
|
|||||||
"SourcePort" = 6
|
"SourcePort" = 6
|
||||||
"DestinationPort" = 7
|
"DestinationPort" = 7
|
||||||
"Size" = 8
|
"Size" = 8
|
||||||
}
|
|
||||||
|
|
||||||
if($IncludeTcpInfo) {
|
|
||||||
$tcpMembers = @{
|
|
||||||
"TcpFlags" = 9
|
"TcpFlags" = 9
|
||||||
"TcpSyn" = 10
|
"TcpSyn" = 10
|
||||||
"TcpAck" = 11
|
"TcpAck" = 11
|
||||||
"TcpWin" = 12
|
"TcpWin" = 12
|
||||||
}
|
|
||||||
|
|
||||||
$members += $tcpMembers
|
|
||||||
}
|
|
||||||
|
|
||||||
if($IncludeIcmpInfo) {
|
|
||||||
$icmpMembers = @{
|
|
||||||
"IcmpType" = 13
|
"IcmpType" = 13
|
||||||
"IcmpCode" = 14
|
"IcmpCode" = 14
|
||||||
|
"Info" = 15
|
||||||
|
"Path" = 16
|
||||||
}
|
}
|
||||||
|
|
||||||
$members += $icmpMembers
|
|
||||||
}
|
|
||||||
|
|
||||||
if($IncludeInfo) {
|
|
||||||
$members += @{ "Info" = 15 }
|
|
||||||
}
|
|
||||||
|
|
||||||
$members += @{ "Path" = 16 }
|
|
||||||
|
|
||||||
$log | ForEach-Object {
|
$log | ForEach-Object {
|
||||||
$line = $_
|
$line = $_
|
||||||
$split = $line -split ('\s')
|
$split = $line -split ('\s')
|
||||||
@ -134,6 +101,8 @@ function Get-PSFirewallLog {
|
|||||||
$fwEvent | Add-Member NoteProperty -Name $member.Name -Value $split[$member.Value]
|
$fwEvent | Add-Member NoteProperty -Name $member.Name -Value $split[$member.Value]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$fwEvent.pstypenames.insert(0, 'PSWinFW.Log.Event')
|
||||||
|
|
||||||
$fwEvent
|
$fwEvent
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user