From 1052a795b1b61091bb98fe7c20dea6048af7faee Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Thu, 17 Apr 2025 23:46:14 +0900
Subject: [PATCH] feat: check size setting

---
 WELA.ps1 | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/WELA.ps1 b/WELA.ps1
index 3067c50c..4cabc2d7 100644
--- a/WELA.ps1
+++ b/WELA.ps1
@@ -1431,28 +1431,28 @@ function AuditLogSetting {
 function AuditFileSize {
     # 対象のイベントログ名をハッシュテーブル化
     $logNames = @{
-        "Application" = @("20MB", "128MB+")
-        "Microsoft-Windows-AppLocker/EXE and DLL" = @("1MB", "256MB+")
-        "Microsoft-Windows-AppLocker/MSI and Script" = @("1MB", "256MB+")
-        "Microsoft-Windows-AppLocker/Packaged app-Deployment" = @("1MB", "256MB+")
-        "Microsoft-Windows-AppLocker/Packaged app-Execution" = @("1MB", "256MB+")
-        "Microsoft-Windows-Bits-Client/Analytic" = @("1MB", "128MB+")
-        "Microsoft-Windows-Bits-Client/Operational" = @("1MB", "128MB+")
-        "Microsoft-Windows-CodeIntegrity/Operational" = @("1MB", "128MB+")
-        "Microsoft-Windows-DriverFrameworks-UserMode/Operational" = @("1MB", "128MB+")
-        "Microsoft-Windows-PowerShell/Operational" = @("20MB", "256MB+")
-        "Microsoft-Windows-PrintService/Admin" = @("1MB", "128MB+")
-        "Microsoft-Windows-PrintService/Operational" = @("1MB", "128MB+")
-        "Microsoft-Windows-Security-Mitigations/KernelMode" = @("1MB", "128MB+")
-        "Microsoft-Windows-Security-Mitigations/UserMode" = @("1MB", "128MB+")
-        "Microsoft-Windows-SmbClient/Security" = @("8MB", "128MB+")
-        "Microsoft-Windows-TaskScheduler/Operational" = @("1MB", "128MB+")
-        "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" = @("1MB", "128MB+")
+        "Application" = @("20 MB", "128 MB+")
+        "Microsoft-Windows-AppLocker/EXE and DLL" = @("1 MB", "256 MB+")
+        "Microsoft-Windows-AppLocker/MSI and Script" = @("1 MB", "256 MB+")
+        "Microsoft-Windows-AppLocker/Packaged app-Deployment" = @("1 MB", "256 MB+")
+        "Microsoft-Windows-AppLocker/Packaged app-Execution" = @("1 MB", "256 MB+")
+        "Microsoft-Windows-Bits-Client/Analytic" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-Bits-Client/Operational" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-CodeIntegrity/Operational" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-DriverFrameworks-UserMode/Operational" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-PowerShell/Operational" = @("20 MB", "256 MB+")
+        "Microsoft-Windows-PrintService/Admin" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-PrintService/Operational" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-Security-Mitigations/KernelMode" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-Security-Mitigations/UserMode" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-SmbClient/Security" = @("8 MB", "128 MB+")
+        "Microsoft-Windows-TaskScheduler/Operational" = @("1 MB", "128 MB+")
+        "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" = @("1 MB", "128 MB+")
         "Microsoft-Windows-Windows Defender/Operational" = @("16MB", "128MB+")
-        "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" = @("1MB", "256MB+")
-        "Security" = @("20MB", "256MB+")
-        "System" = @("20MB", "128MB+")
-        "Windows PowerShell" = @("15MB", "256MB+")
+        "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" = @("1 MB", "256 MB+")
+        "Security" = @("20 MB", "256 MB+")
+        "System" = @("20 MB", "128 MB+")
+        "Windows PowerShell" = @("15 MB", "256 MB+")
     }
 
     $results = @()