From ec6359662f0800a25934abeccabe608a0345568f Mon Sep 17 00:00:00 2001
From: Steffen Pohle <steffen@gulpe.de>
Date: Thu, 5 May 2022 21:26:40 +0200
Subject: [PATCH] adding the windows specific files.

---
 Log-SecurityEvents_Archiving.xml | Bin 0 -> 3952 bytes
 LogPushToServer.cmd              |  45 +++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 Log-SecurityEvents_Archiving.xml
 create mode 100644 LogPushToServer.cmd

diff --git a/Log-SecurityEvents_Archiving.xml b/Log-SecurityEvents_Archiving.xml
new file mode 100644
index 0000000000000000000000000000000000000000..b57ac27a2814cf760f3f2c239ac186a4ad9e3d46
GIT binary patch
literal 3952
zcmbW4Yi|=*5QgU~mHHo6QN^W_<A5kgtrMD(&{zVRg428eR0Z3yqxhy>n<Rg}<$331
zvwL=J%b=C*^_lz3J9EzY|G$>KuxlIJ$P)WveM>E~3!B=+c5TZZ+qUiSn?RXZm-Qah
zi4B~3VjX*B4Y;1c^TPJ*NBhBAte&Cea;3&6t}$4hz$r^ZoAb=<S8MWQ*cxJU?3%Xu
zy<jE9e#Yk<&TaQ*4DXeD)MNb$YSW(J@s2&^ZHM=!%g*_o-+Hxm>t}+0EqjNR0U9#s
zDI9a&6@8n}Id35*@do~VTfj4fl0tjWdmp}Y&rb_0F<tp6WDnp{WGOagcb4|tUP1+?
zc%m5PY3@e?=K`rAdd`s>p(BAh<@*dD#jQ-G{O`GbNlr={wu!Q7t8B*}o{*0=aecJc
z?oERT`*^%?pXYXChmMj7Rx|sTXj7;|EPipT1GklH$#u*A=6M!=l%WAnz+<%rg%2@j
z%opl)=(+gpdFv6Gs=Pq2e5%rNe~XH}hxhZ+n%zg^+<vpaU0X_KUgNV+bRWM(sdFUc
zw&!RMJ$39=8v05#&s#M;;!yRwXisc2*`MtL6})l3)J-3d6T(z2p(SPIcYBK;WB%>h
z1A7A{?zD!TvNnM~bXcQ=fq>Zu_URUlJ${Sov_ai2)8R3l_zOIr?sC#}T;<VJGuA9+
zbsepman*En#p>1lhqy;xzr2bUWFf2ce1V37KXFuroNd`3=;<==7WC>Xa;3O5Wr|ER
z?F7Bb_kq{^3{S(Pm`2jg=wDuA#Z}l|hVn9fT`U3hn)B-5Rox@5m{!h7%P}NGbcuE5
zIV{sd-w9_iPs0Cz{_>10PvaufdA8IqnzGts8epiwMAzGO<*BYz|6kW+6k}|qj*l<{
zwHtKkp&40|FHez^^fGE)$2(9lfw%8-bA*N?@-Xn3t!c5(`WY)DzQdG~?z&W2vpDMc
zEpV}%UanEg`%gQrYBZ=}zQr6^;FIVx$8#G#`KvvrOEeiCOrdC6+z?ejT|QaARXUFD
z0IiwhO7rCkUu8GtyUiZ>7apkN<h?p7@7eNX|2_?|7qU7fdfEJww~(n#tbdziY;~WU
zhNzD`<{sEnlsW;0U0o<F$GVwBY^BKPsUvZ+1c!UXt@)_AB}8o|6Wa+mR?bGCM45bx
zwmCJ``RQ^4tKXv`_CYg56IuJ`YQ%@Bl~+z4=W;qFR8J1;_{!FUR-Jt^YzGXNbyst|
zj<c*+^~n8OA6JVU=ZGpQC?9kp)cLv|-DVQ8Kh?8T8KG5LEU9_e<I$c}%|}d&<?6`D
zGg8&Ejx*MIN<J>}qys*KR8`k9j#$Sbds8?w=V$m15$dd<^NRX-PMpWsc+PHibbAur
zL?*Tqb^!H}G-?JvcU|@MTrPC+sxA;xbhZrlpNx~-OR}JILZ67{eo9@pbGJC}geZ!g
zsMyh^Yh1$HOKy4}>B-_Yl-=Drj@f&3<53la?$r0r)bD&_kfJ!M`V`|md=4F_d&vMT
v%6hn~?AcHDFgji3C$&eeZ<$2UmS-<$)~%r$rTmF=7c!vr4v5lSIIMgHJ%NTH

literal 0
HcmV?d00001

diff --git a/LogPushToServer.cmd b/LogPushToServer.cmd
new file mode 100644
index 0000000..6c369e1
--- /dev/null
+++ b/LogPushToServer.cmd
@@ -0,0 +1,45 @@
+@echo off
+
+set FNSRC=%1
+set FNDEST=%COMPUTERNAME%-%~n1
+set DEST=\\COLLECTSERVER\In
+set LOCKFILE=%DEST%\%COMPUTERNAME%.lock
+set LOGFILE=c:\temp\LogPushToServer.log
+
+echo %DATE% %TIME%	Parameter: "%1" >> %LOGFILE%
+
+IF exist %LOCKFILE% (
+	echo lock file exist, abort.  >> %LOGFILE%
+	exit
+)
+echo "running" > %LOCKFILE%
+
+
+IF NOT EXIST "%FNSRC%" (
+	echo file not found.  >> %LOGFILE%
+	del %LOCKFILE%
+	exit
+)
+
+
+echo %DATE% %TIME%	copy file %FNSRC% %DEST%\%FNDEST%.temp >> %LOGFILE%
+copy "%FNSRC%" "%DEST%\%FNDEST%.temp" >> %LOGFILE%
+del "%FNSRC%" >> %LOGFILE%
+
+echo rename "%DEST%\%FNDEST%.temp" FNDEST%.evtx" >> %LOGFILE%
+
+rename "%DEST%\%FNDEST%.temp" "%FNDEST%.evtx" >> %LOGFILE%
+
+REM
+REM if someone knows why renaming is not possible i will be very happy to know.
+REM
+
+IF NOT EXIST "%DEST%\%FNDEST%.evtx" (
+	echo "ready" > "%DEST%\%FNDEST%.import"
+)
+
+
+del %LOCKFILE%
+
+echo %DATE% %TIME%	finished >> %LOGFILE%
+