crossan007/Prune-FileBeatRegistryFiles.ps1

## Prune-FileBeatRegistryFiles.ps1
$ErrorActionPreference = "Stop"
Function Test-IISLogFile{
    Param(
        $FilePath
    )
    return $($FilePath -Like "*.com\Logs\*") -or $($FilePath -Like "*.com\Log\*")
}
Function Clean-FileBeatRegistry {
    Param(
        $RegistryFile
    )
    $RegistryFile = Resolve-Path -Path $RegistryFile
    $BackupRegistryFile = "$($RegistryFile)$($(Get-Date).ToFileTime())"

    Write-Host "Backing up $RegistryFile to $BackupRegistryFile"
    Copy-Item -Path $RegistryFile -Destination $BackupRegistryFile
    Write-Host "Reading registry file: $RegistryFile"
    $FileBeatProspectedFilesRaw = Get-Content -LiteralPath $RegistryFile

    [void][System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions")
    $jsonserial= New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer
    $jsonserial.MaxJsonLength  = 67108864
    $FileBeatProspectedFiles = $jsonserial.DeserializeObject($FileBeatProspectedFilesRaw)


    Write-Host "Found $($FileBeatProspectedFiles.count) prospected files in $RegistryFile"

    $NonIISLogProspectFiles = $FileBeatProspectedFiles  | Where-Object {-not (Test-IISLogFile -FilePath $_.source)}
    Write-Host "$($NonIISLogProspectFiles.count) files in registry after filtering IIS log prospectors"

    if ($NonIISLogProspectFiles -isnot [Array]) {
        $NonIISLogProspectFiles = @($NonIISLogProspectFiles)
    }
    ConvertTo-Json $NonIISLogProspectFiles -Compress | Out-File -LiteralPath $RegistryFile -Encoding ascii
    Write-Host "Wrote $($NonIISLogProspectFiles.count) prospected files to $($RegistryFile)"
}
Clean-FileBeatRegistry -RegistryFile "C:\ProgramData\filebeat\registry"
	$ErrorActionPreference = "Stop"
	Function Test-IISLogFile{
	Param(
	$FilePath
	)
	return $($FilePath -Like ".com\Logs\") -or $($FilePath -Like ".com\Log\")
	}
	Function Clean-FileBeatRegistry {
	Param(
	$RegistryFile
	)
	$RegistryFile = Resolve-Path -Path $RegistryFile
	$BackupRegistryFile = "$($RegistryFile)$($(Get-Date).ToFileTime())"

	Write-Host "Backing up $RegistryFile to $BackupRegistryFile"
	Copy-Item -Path $RegistryFile -Destination $BackupRegistryFile
	Write-Host "Reading registry file: $RegistryFile"
	$FileBeatProspectedFilesRaw = Get-Content -LiteralPath $RegistryFile

	[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions")
	$jsonserial= New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer
	$jsonserial.MaxJsonLength = 67108864
	$FileBeatProspectedFiles = $jsonserial.DeserializeObject($FileBeatProspectedFilesRaw)


	Write-Host "Found $($FileBeatProspectedFiles.count) prospected files in $RegistryFile"

	$NonIISLogProspectFiles = $FileBeatProspectedFiles \| Where-Object {-not (Test-IISLogFile -FilePath $_.source)}
	Write-Host "$($NonIISLogProspectFiles.count) files in registry after filtering IIS log prospectors"

	if ($NonIISLogProspectFiles -isnot [Array]) {
	$NonIISLogProspectFiles = @($NonIISLogProspectFiles)
	}
	ConvertTo-Json $NonIISLogProspectFiles -Compress \| Out-File -LiteralPath $RegistryFile -Encoding ascii
	Write-Host "Wrote $($NonIISLogProspectFiles.count) prospected files to $($RegistryFile)"
	}
	Clean-FileBeatRegistry -RegistryFile "C:\ProgramData\filebeat\registry"