Merge pull request #10 from Thumbscrew/dev

dev -> master for 0.2
This commit is contained in:
James 2019-11-09 14:45:24 +00:00 committed by GitHub
commit acdbe702de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 91 additions and 44 deletions

Binary file not shown.

View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="utf-8" ?>
<Configuration>
<ViewDefinitions>
<View>
<Name>FirewallEvent</Name>
<ViewSelectedBy>
<TypeName>PSWinFW.Log.Event</TypeName>
</ViewSelectedBy>
<TableControl>
<TableHeaders>
<TableColumnHeader> <!-- Date -->
<Width>10</Width>
</TableColumnHeader>
<TableColumnHeader> <!-- Time -->
<Width>8</Width>
</TableColumnHeader>
<TableColumnHeader> <!-- Action -->
<Width>6</Width>
</TableColumnHeader>
<TableColumnHeader> <!-- Protocol -->
<Label>Prot</Label>
<Width>4</Width>
</TableColumnHeader>
<TableColumnHeader/> <!-- SourceIP -->
<TableColumnHeader/> <!-- Destination IP -->
<TableColumnHeader> <!-- SourcePort -->
<Label>SrcPt</Label>
<Width>5</Width>
</TableColumnHeader>
<TableColumnHeader> <!-- DestinationPort -->
<Label>DstPt</Label>
<Width>5</Width>
</TableColumnHeader>
<TableColumnHeader/> <!-- Size -->
<TableColumnHeader> <!-- Path -->
<Width>7</Width>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<PropertyName>Date</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Time</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Action</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Protocol</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>SourceIP</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>DestinationIP</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>SourcePort</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>DestinationPort</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Size</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Path</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
</ViewDefinitions>
</Configuration>

View File

@ -16,9 +16,9 @@ function Get-PSFirewallLog {
[string] [string]
$LogFileName, $LogFileName,
# Retrieve a profile's log using registry settings of the local machine # Retrieve a profile's log using registry settings of the local or remote machine
[Parameter(Mandatory = $true, ParameterSetName = 'auto')] [Parameter(Mandatory = $true, ParameterSetName = 'auto')]
[Parameter(ParameterSetName = 'remote')] [Parameter(Mandatory = $true, ParameterSetName = 'remote')]
[ValidateSet('Public','Private','Domain')] [ValidateSet('Public','Private','Domain')]
[string] [string]
$LogProfile, $LogProfile,
@ -28,23 +28,8 @@ function Get-PSFirewallLog {
[int] [int]
$Tail = 0, $Tail = 0,
# Include extended TCP information (TCP Flags, TCP Sequence Number, TCP ACK Number, TCP Window Size). Defaults to false.
[Parameter(Mandatory = $false)]
[switch]
$IncludeTcpInfo,
# Include extended ICMP information (ICMP Type and Code). Defaults to false.
[Parameter(Mandatory = $false)]
[switch]
$IncludeIcmpInfo,
# Include Info field. Defaults to false.
[Parameter(Mandatory = $false)]
[switch]
$IncludeInfo,
# ComputerName to retrieve log from # ComputerName to retrieve log from
[Parameter(Mandatory = $false, ParameterSetName = 'remote')] [Parameter(Mandatory = $true, ParameterSetName = 'remote')]
[string] [string]
$ComputerName $ComputerName
) )
@ -96,34 +81,16 @@ function Get-PSFirewallLog {
"SourcePort" = 6 "SourcePort" = 6
"DestinationPort" = 7 "DestinationPort" = 7
"Size" = 8 "Size" = 8
"TcpFlags" = 9
"TcpSyn" = 10
"TcpAck" = 11
"TcpWin" = 12
"IcmpType" = 13
"IcmpCode" = 14
"Info" = 15
"Path" = 16
} }
if($IncludeTcpInfo) {
$tcpMembers = @{
"TcpFlags" = 9
"TcpSyn" = 10
"TcpAck" = 11
"TcpWin" = 12
}
$members += $tcpMembers
}
if($IncludeIcmpInfo) {
$icmpMembers = @{
"IcmpType" = 13
"IcmpCode" = 14
}
$members += $icmpMembers
}
if($IncludeInfo) {
$members += @{ "Info" = 15 }
}
$members += @{ "Path" = 16 }
$log | ForEach-Object { $log | ForEach-Object {
$line = $_ $line = $_
$split = $line -split ('\s') $split = $line -split ('\s')
@ -134,6 +101,8 @@ function Get-PSFirewallLog {
$fwEvent | Add-Member NoteProperty -Name $member.Name -Value $split[$member.Value] $fwEvent | Add-Member NoteProperty -Name $member.Name -Value $split[$member.Value]
} }
$fwEvent.pstypenames.insert(0, 'PSWinFW.Log.Event')
$fwEvent $fwEvent
} }
} }