trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added pre and post checks for installations

Browse Source
This commit is contained in:
hhofs
2018-05-16 14:56:12 +02:00
parent 6f185b558a
commit 387682e809
15 changed files with 336 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
Vagrant/scripts/install-wefsubscriptions.ps1
View File

@@ -4,24 +4,37 @@
Write-Host "Installing WEF Subscriptions"
Write-Host "Copying Custom Event Channels DLL"
Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.dll c:\windows\system32
Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.man c:\windows\system32
if (-not (Test-Path "$env:windir\system32\CustomEventChannels.dll"))
{
Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.dll "$env:windir\system32"
Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.man "$env:windir\system32"
Write-Host "Installing Custom Event Channels Manifest"
wevtutil im "c:\windows\system32\CustomEventChannels.man"
Write-Host "Resizing Channels to 4GB"
$xml = wevtutil el | select-string -pattern "WEC"
foreach ($subscription in $xml) { wevtutil sl $subscription /ms:4294967296 }
Write-Host "Installing Custom Event Channels Manifest"
wevtutil im "c:\windows\system32\CustomEventChannels.man"
Write-Host "Resizing Channels to 4GB"
$xml = wevtutil el | select-string -pattern "WEC"
foreach ($subscription in $xml) { wevtutil sl $subscription /ms:4294967296 }
Write-Host "Starting the Windows Event Collector Service"
net start wecsvc
Write-Host "Starting the Windows Event Collector Service"
net start wecsvc
Write-Host "Creating custom event subscriptions"
cd c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\wef-subscriptions
cmd /c "for /r %i in (*.xml) do wecutil cs %i"
Write-Host "Creating custom event subscriptions"
cd c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\wef-subscriptions
cmd /c "for /r %i in (*.xml) do wecutil cs %i"
Write-Host "Enabling custom event subscriptions"
cmd /c "for /r %i in (*.xml) do wecutil ss %~ni /e:true"
Write-Host "Enabling custom event subscriptions"
cmd /c "for /r %i in (*.xml) do wecutil ss %~ni /e:true"
Write-Host "Enabling WecUtil Quick Config"
wecutil qc /q:true
Write-Host "Enabling WecUtil Quick Config"
wecutil qc /q:true
}
else
{
Write-Host "WEF Subscriptions already installed, moving on"
net start wecsvc
}
Start-Sleep -Seconds 60
if ((Get-Service -Name wecsvc).Status -ne "Running")
{
throw "Windows Event Collector service was not running"
}