CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #26 from Yamato-Security/3-check-log-full-rotated

Browse Source 
feat: Check for full logs and rotated events
This commit is contained in:
Zach Mathis (田中ザック)
2025-04-21 08:32:32 +09:00
committed by GitHub
parent 1cd6ae8a66 4ac0385842
commit 66e1beecd6
1 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
WELA.ps1
View File

@@ -1463,7 +1463,9 @@ function AuditFileSize {
$logInfo = Get-WinEvent -ListLog $logName -ErrorAction Stop $logInfo = Get-WinEvent -ListLog $logName -ErrorAction Stop
$maxLogSize = [math]::Floor($logInfo.MaximumSizeInBytes / 1MB) $maxLogSize = [math]::Floor($logInfo.MaximumSizeInBytes / 1MB)
$recommendedSize = [int]($logNames[$logName][1] -replace " MB\+?", "") $recommendedSize = [int]($logNames[$logName][1] -replace " MB\+?", "")
$correctSetting = if ($maxLogSize -ge $recommendedSize) { "Y" } else { "N" } $logIsFull = $logInfo.FileSize -gt $logInfo.MaximumSizeInBytes
$logMode = if ($logInfo.LogMode -eq "Retain") { "NoOverwrite" } else { $logInfo.LogMode }
$correctSetting = if ($maxLogSize -ge $recommendedSize -and $logMode -ne "NoOverwrite") { "Y" } else { "N" }
$results += [PSCustomObject]@{ $results += [PSCustomObject]@{
LogFile = Split-Path $logInfo.LogFilePath -Leaf LogFile = Split-Path $logInfo.LogFilePath -Leaf
@@ -1471,26 +1473,34 @@ function AuditFileSize {
MaxLogSize = "$maxLogSize MB" MaxLogSize = "$maxLogSize MB"
Default = $logNames[$logName][0] Default = $logNames[$logName][0]
Recommended = $logNames[$logName][1] Recommended = $logNames[$logName][1]
IsLogFull = $logIsFull
LogMode = $logMode
CorrectSetting = $correctSetting CorrectSetting = $correctSetting
} }
} }
# Format-Tableには色つき出力の機能はないので、Write-Hostで色をつける # Format-Tableには色つき出力の機能はないので、Write-Hostで色をつける
$tableLayout = "{0,-75} {1,-15} {2,-15} {3,-15} {4,-15} {5,-10}" $tableLayout = "{0,-75} {1,-15} {2,-10} {3,-10} {4,-15} {5,-10} {6,-15} {7,-10}"
Write-Host ($tableLayout -f ` Write-Host ($tableLayout -f `
"Log File", ` "Log File", `
"Current Size", ` "Current Size", `
"Max Size", ` "Max Size", `
"Default", ` "Default", `
"Recommended", ` "Recommended", `
"Correct Setting") "Is Full", `
"Log Mode", `
"Correct Setting" `
)
Write-Host ($tableLayout -f ` Write-Host ($tableLayout -f `
"--------", ` "--------", `
"------------", ` "------------", `
"--------", ` "--------", `
"------", ` "------", `
"-----------", ` "-----------", `
"--------------") "-------", `
"--------", `
"--------------" `
)
foreach ($result in $results) { foreach ($result in $results) {
$color = if ($result.CorrectSetting -eq "Y") { "Green" } else { "Red" } $color = if ($result.CorrectSetting -eq "Y") { "Green" } else { "Red" }
Write-Host ($tableLayout -f ` Write-Host ($tableLayout -f `
@@ -1499,7 +1509,10 @@ function AuditFileSize {
$result.MaxLogSize, ` $result.MaxLogSize, `
$result.Default, ` $result.Default, `
$result.Recommended, ` $result.Recommended, `
$result.CorrectSetting) -ForegroundColor $color $result.IsLogFull, `
$result.LogMode, `
$result.CorrectSetting `
) -ForegroundColor $color
} }
$results | Export-Csv -Path "WELA-FileSize-Result.csv" -NoTypeInformation $results | Export-Csv -Path "WELA-FileSize-Result.csv" -NoTypeInformation