Skip to content

Commit 5d8275b

Browse files
YosfanEilayYosfanEilay
committed
change
1 parent 1501640 commit 5d8275b

File tree

3 files changed

+82
-22
lines changed

3 files changed

+82
-22
lines changed

02-LogModules/Auth.Log/03-Features/05-UsersGroupsActivity.ps1

Lines changed: 65 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -168,6 +168,9 @@ if ($useradd_Count -ge 1) {
168168
Write-Output " |"
169169
Write-Output " V User Creation Activity - Statistics Table"
170170

171+
# flag to stop $Border iteration after first iteration
172+
$Flag = "Enable"
173+
171174
# foreach loop to iterate and past each event separate from the hashtable
172175
foreach ($Event in $UsersGroupActivity_HT["useradd"]) {
173176

@@ -181,12 +184,17 @@ if ($useradd_Count -ge 1) {
181184
$UserCreation = $UserCreation.PadRight($MaxChar_UserCreation)
182185

183186
# Output the result for the current event
184-
$Result = Write-Output "| Event: User Creation Activity | Time: $TimeAndDate | Created User Name: $UserCreation |"
187+
$Result = Write-Output "| Time: $TimeAndDate | Event: User Creation Activity | Created User Name: $UserCreation |"
185188

186189
# multiply $Result.Length with "-" hyfen symbol to get the boarder
187190
$Border = '-' * ($Result.Length - 2)
188191

192+
# print the result in a table
193+
if ($Flag -match "Enable") {
189194
Write-Output " +$Border+"
195+
$Flag = "Disable"
196+
}
197+
190198
Write-Output " $Result"
191199
}
192200

@@ -243,6 +251,9 @@ if ($userdel_Count -ge 1) {
243251
Write-Output " |"
244252
Write-Output " V User Deletion Activity - Statistics Table"
245253

254+
# flag to stop $Border iteration after first iteration
255+
$Flag = "Enable"
256+
246257
# foreach loop to iterate and past each event separate from the hashtable
247258
foreach ($Event in $UsersGroupActivity_HT["userdel"]) {
248259

@@ -256,12 +267,17 @@ if ($userdel_Count -ge 1) {
256267
$UserDeletion = $UserDeletion.PadRight($MaxChar_UserDeletion)
257268

258269
# Output the result for the current event
259-
$Result = Write-Output "| Event: User Deletion Activity | Time: $TimeAndDate | Deleted User Name: $UserDeletion |"
270+
$Result = Write-Output "| Time: $TimeAndDate | Event: User Deletion Activity | Deleted User Name: $UserDeletion |"
260271

261272
# multiply $Result.Length with "-" hyfen symbol to get the boarder
262273
$Border = '-' * ($Result.Length - 2)
263274

275+
# print the result in a table
276+
if ($Flag -match "Enable") {
264277
Write-Output " +$Border+"
278+
$Flag = "Disable"
279+
}
280+
265281
Write-Output " $Result"
266282
}
267283

@@ -347,6 +363,9 @@ if ($groupadd_Count -ge 1) {
347363
Write-Output " |"
348364
Write-Output " V Group Creation Activity - Statistics Table"
349365

366+
# flag to stop $Border iteration after first iteration
367+
$Flag = "Enable"
368+
350369
# foreach loop to iterate and past each event separate from the hashtable
351370
foreach ($Event in $UsersGroupActivity_HT["groupadd"]) {
352371

@@ -360,12 +379,17 @@ if ($groupadd_Count -ge 1) {
360379
$CreatedGroup = $CreatedGroup.PadRight($MaxChar_CreatedGroup)
361380

362381
# Output the result for the current event
363-
$Result = Write-Output "| Event: Group Creation Activity | Time: $TimeAndDate | Created Group: $CreatedGroup |"
382+
$Result = Write-Output "| Time: $TimeAndDate | Event: Group Creation Activity | Created Group: $CreatedGroup |"
364383

365384
# multiply $Result.Length with "-" hyfen symbol to get the boarder
366385
$Border = '-' * ($Result.Length - 2)
367386

387+
# print the result in a table
388+
if ($Flag -match "Enable") {
368389
Write-Output " +$Border+"
390+
$Flag = "Disable"
391+
}
392+
369393
Write-Output " $Result"
370394
}
371395

@@ -422,6 +446,9 @@ if ($groudel_Count -ge 1) {
422446
Write-Output " |"
423447
Write-Output " V Group Deletion Activity - Statistics Table"
424448

449+
# flag to stop $Border iteration after first iteration
450+
$Flag = "Enable"
451+
425452
# foreach loop to iterate and past each event separate from the hashtable
426453
foreach ($Event in $UsersGroupActivity_HT["groudel"]) {
427454

@@ -435,12 +462,17 @@ if ($groudel_Count -ge 1) {
435462
$DeletedGroup = $DeletedGroup.PadRight($MaxChar_DeletedGroup)
436463

437464
# Output the result for the current event
438-
$Result = Write-Output "| Event: Group Deletion Activity | Time: $TimeAndDate | Deleted Group: $DeletedGroup |"
465+
$Result = Write-Output "| Time: $TimeAndDate | Event: Group Deletion Activity | Deleted Group: $DeletedGroup |"
439466

440467
# multiply $Result.Length with "-" hyfen symbol to get the boarder
441468
$Border = '-' * ($Result.Length - 2)
442469

470+
# print the result in a table
471+
if ($Flag -match "Enable") {
443472
Write-Output " +$Border+"
473+
$Flag = "Disable"
474+
}
475+
444476
Write-Output " $Result"
445477
}
446478

@@ -500,7 +532,10 @@ if ($AddUserToGroup_Count -ge 1) {
500532

501533
# Strings for the top title of the Statistics Table
502534
Write-Output " |"
503-
Write-Output " V User Removed From A Group Activity - Statistics Table"
535+
Write-Output " V User Added To A Group Activity - Statistics Table"
536+
537+
# flag to stop $Border iteration after first iteration
538+
$Flag = "Enable"
504539

505540
# foreach loop to iterate and past each event separate from the hashtable
506541
foreach ($Event in $UsersGroupActivity_HT["AddUserToGroup"]) {
@@ -519,12 +554,17 @@ if ($AddUserToGroup_Count -ge 1) {
519554
$ToGroup = $ToGroup.PadRight($MaxChar_ToGroup)
520555

521556
# Output the result for the current event
522-
$Result = Write-Output "| Event: User Added To A Group | Time: $TimeAndDate | The User: $AddedUser | To Group: $ToGroup |"
557+
$Result = Write-Output "| Time: $TimeAndDate | Event: User Added To A Group | The User: $AddedUser | To Group: $ToGroup |"
523558

524559
# multiply $Result.Length with "-" hyfen symbol to get the boarder
525560
$Border = '-' * ($Result.Length - 2)
526561

562+
# print the result in a table
563+
if ($Flag -match "Enable") {
527564
Write-Output " +$Border+"
565+
$Flag = "Disable"
566+
}
567+
528568
Write-Output " $Result"
529569
}
530570

@@ -590,6 +630,9 @@ if ($RemoveUserFromGroup_Count -ge 1) {
590630
Write-Output " |"
591631
Write-Output " V User Removed From A Group Activity - Statistics Table"
592632

633+
# flag to stop $Border iteration after first iteration
634+
$Flag = "Enable"
635+
593636
# foreach loop to iterate and past each event separate from the hashtable
594637
foreach ($Event in $UsersGroupActivity_HT["RemoveUserFromGroup"]) {
595638

@@ -610,21 +653,26 @@ if ($RemoveUserFromGroup_Count -ge 1) {
610653
$FromGroup = $FromGroup.PadRight($MaxChar_FromGroup)
611654

612655
# Output the result for the current event
613-
$Result = Write-Output "| Event: User Removed From Group | Time: $TimeAndDate | The User: $RemovedUser | Removed By: $RemovedBy | From Group: $FromGroup |"
656+
$Result = Write-Output "| Time: $TimeAndDate | Event: User Removed From Group | The User: $RemovedUser | Removed By: $RemovedBy | From Group: $FromGroup |"
614657

615658
# multiply $Result.Length with "-" hyfen symbol to get the boarder
616659
$Border = '-' * ($Result.Length - 2)
617660

661+
# print the result in a table
662+
if ($Flag -match "Enable") {
618663
Write-Output " +$Border+"
664+
$Flag = "Disable"
665+
}
666+
619667
Write-Output " $Result"
620668
}
621669

622670
Write-Output " +$Border+"
623671
}
624672

625-
626673
# print out the user information change
627674
if ($UserInformationChange_Count -ge 1) {
675+
628676
Write-Output ""
629677
Write-Output "User Information Change - Raw Events"
630678

@@ -675,15 +723,16 @@ if ($UserInformationChange_Count -ge 1) {
675723
$UserInformationChange[$UserName] = 1
676724
}
677725
}
678-
679-
# print out the title of the table
680726
Write-Output " |"
681727
Write-Output " V User Information Change - Statistics Table"
682728

683729
# Find max lengths for the keys and the values of the hashtable
684730
$MaxCharKey = ($UserInformationChange.Keys | Measure-Object Length -Maximum).Maximum
685731
$MaxCharValue = ($UserInformationChange.Values | Measure-Object -Maximum).Maximum.ToString().Length
686732

733+
# flag to stop $Border iteration after first iteration
734+
$Flag = "Enable"
735+
687736
# iterate through all the keys in the hashtable in a foreach loop
688737
foreach ($Key in $UserInformationChange.Keys) {
689738

@@ -697,13 +746,17 @@ if ($UserInformationChange_Count -ge 1) {
697746
# calculate border
698747
$Border = '-' * ($Final.Length - 2)
699748

700-
# print the result in a table
749+
# Print the boarder once
750+
if ($Flag -match "Enable") {
701751
Write-Output " +$Border+"
752+
$Flag = "Disable"
753+
}
754+
702755
Write-Output " $Final"
756+
703757
}
704758
# last board print outside of the foreach loop
705759
Write-Output " +$Border+"
706-
707760
}
708761

709762
# reset variables

02-LogModules/Auth.Log/03-Features/07-sudoActivity.ps1

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,9 @@ if ($Elevated_Sessions_Opened_Count -ge 1) {
6868
$MaxCharKey = ($Session_HT.Keys | Measure-Object Length -Maximum).Maximum
6969
$MaxCharValue = ($Session_HT.Values | Measure-Object -Maximum).Maximum.ToString().Length
7070

71+
# flag to stop $Border iteration after first iteration
72+
$Flag = "Enable"
73+
7174
# Output table
7275
foreach ($Key in $Session_HT.Keys) {
7376
$SpacedKey = $Key.PadRight($MaxCharKey)
@@ -76,7 +79,12 @@ if ($Elevated_Sessions_Opened_Count -ge 1) {
7679
$Final = "| Sessions opened for user $SpacedKey | Session Count: $SpacedValue |"
7780
$Border = '-' * ($Final.Length - 2)
7881

82+
# Print the boarder once
83+
if ($Flag -match "Enable") {
7984
Write-Output "+$Border+"
85+
$Flag = "Disable"
86+
}
87+
8088
Write-Output $Final
8189
}
8290

@@ -154,10 +162,9 @@ if ($ElevatedCommands_Count -ge 1) {
154162

155163
# the printing of the $NameTag plus the table
156164
Write-Output ""
157-
Write-Output " User Information"
158-
Write-Output " +$BorderHyphenForUser+"
159-
Write-Output " $Key"
160-
Write-Output " +$BorderHyphenForUser+"
165+
Write-Output "User Command History Of:"
166+
Write-Output "+$BorderHyphenForUser+"
167+
Write-Output "$Key"
161168

162169
# Find the maximum character count in $ElevatedCommandsHT[$Key] which is the commands
163170
$MaxCharCount = ($ElevatedCommandsHT[$Key] | Measure-Object Length -Maximum).Maximum
@@ -169,15 +176,14 @@ if ($ElevatedCommands_Count -ge 1) {
169176
$Commands = $ElevatedCommandsHT[$Key].PadRight($MaxCharCount)
170177

171178
# the printing of the whole table with the commands
172-
Write-Output " |"
173-
Write-Output " V User Command History (Total Executions:$($ElevatedCommandsHT[$Key].Count))"
174-
Write-Output " +$BorderHyphen+"
179+
Write-Output "+$BorderHyphen+"
180+
175181
foreach ($Command in $Commands) {
176-
Write-Output " |$Command|"
177-
Write-Output " +$BorderHyphen+"
182+
183+
Write-Output "|$Command|"
178184
}
185+
Write-Output "+$BorderHyphen+"
179186
}
180-
181187
}
182188

183189
# reset

MasterParser.ps1

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,3 +170,4 @@ switch ($O) {
170170
exit
171171
}
172172
}
173+

0 commit comments

Comments
 (0)