From b1f4e1979149d641bff104775896b91c5eb1a629 Mon Sep 17 00:00:00 2001
From: Steffen Pohle <steffen@gulpe.de>
Date: Thu, 7 Mar 2024 17:24:26 +0100
Subject: [PATCH] adding debug parameter switch

---
 evtx2sql-convert2sql.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/evtx2sql-convert2sql.php b/evtx2sql-convert2sql.php
index ebf1f38..d2ba305 100755
--- a/evtx2sql-convert2sql.php
+++ b/evtx2sql-convert2sql.php
@@ -10,6 +10,7 @@ global $infile;
 global $configfile;
 global $argv;
 global $argc;
+global $debug;
 
 class EventMeta {
 	public $eventrecordid;
@@ -59,14 +60,33 @@ $edataelement = new EventData();
 $edataarray = array();
 $emeta = new EventMeta();
 $infile = "";
+$debug = false;
 
 
 function sql_addmeta ($data, $darray) {
+	global $debug;
 	$data->status = 0;
 	$data->result = 0;
 
 	if ($data->eventid == 0) {
 		// do something
+		if ($debug == true) {
+			printf ("Ignore EventID==0: eventrecordid:'%s','%s',eventid:'%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s');\n",
+				$data->eventrecordid,
+				$data->time,
+				$data->eventid,
+				$data->task,
+				$data->level,
+				substr($data->keywords, 0, 32),
+				substr($data->computer, 0, 64),
+				substr($data->server, 0, 64),
+				substr($data->username, 0, 64),
+				substr($data->domainname, 0, 64),
+				substr($data->servicename, 0, 64),
+				substr($data->data, 0, 64),
+				substr($data->status, 0, 16)
+			);
+		}
 	}
 	else {
 		// default
@@ -214,6 +234,7 @@ function errorexit($text) {
 
 if (isset ($argv) && isset ($argc)) {
 	global $infile;
+	global $debug;
 
 	$i = 0;
 
@@ -223,6 +244,10 @@ if (isset ($argv) && isset ($argc)) {
 			if ($i >= $argc) ErrorExit ("filename missing\n");
 			$infile = $argv[$i];
 		}
+
+		if (strstr($argv[$i], "-d") <> false) {
+			$debug = true;
+		}
 	}
 };