Stephen Ferrero StephenFerrero
StephenFerrero
/ logparser.ps1
Last active
January 26, 2019 00:46
— forked from exp0se/logparser.ps1
Logparser log parsing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logparser | |
| ############### | |
| # Security Log | |
| ############### | |
| # Find Event id | |
| & 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'" |
StephenFerrero
/ powershell_eventlog_parsing.ps1
Created
April 24, 2018 20:51
— forked from exp0se/powershell_eventlog_parsing.ps1
Powershell log parsing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Security log | |
| #============ | |
| #### | |
| #4624 - Logon & Logoff events successful | |
| #4625 - Logon unsucceful | |
| #### | |
| # Get usernames | |
| Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique | |
| # Get domains |
StephenFerrero
/ NXLog_to_OMS
Created
May 7, 2017 17:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## This is a sample NXLog configuration file | |
| ## This configuration can be used to collect syslog messages from any RFC 5426 capable device | |
| ## and write those logs to a file which can be picked up by the Log Analytics agent | |
| ## Thanks to jorritfolmer for initial inspiration here: https://gist.github.com/jorritfolmer/bc6374b48bde2ba99f983cc0889da8a9 | |
| ## | |
| define ROOT C:\Program Files (x86)\nxlog | |
| Moduledir %ROOT%\modules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module Active Directory | |
| Get-ADUser -Properties * -LDAPFilter '(name=*)' -SearchBase "OU=Employees,OU=CON - User Accounts,DC=contoso,DC=com" | Select Name , SamAccountName , LastLogonDate | Export-Csv C:\Users.csv |
StephenFerrero
/ gist:ba04e7acf528ed6a767c4de59054f59f
Created
July 15, 2016 05:20
Add mailbox folder permissions in Exchange
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-MailboxFolderPermission -Identity ayla@contoso.com:\Marketing -User Ed@contoso.com -AccessRights Owner |