You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.1 KiB
64 lines
1.1 KiB
#!/bin/bash
|
|
|
|
# parameter 1: source file
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "Source File not defined"
|
|
exit 1
|
|
fi
|
|
|
|
|
|
TEMPFILE=`mktemp`
|
|
TEMPSQL=`mktemp`
|
|
SQLDB=EventData
|
|
|
|
echo "Source File: $1"
|
|
echo "Temporary File: $TEMPFILE"
|
|
echo "Destination File: $2"
|
|
|
|
echo ""
|
|
date
|
|
echo "Reading input file to temp.xml"
|
|
|
|
echo "<xml>" > $TEMPFILE
|
|
evtxexport $1 -t security -f xml | tail -n +2 >> $TEMPFILE
|
|
echo "</xml>" >> $TEMPFILE
|
|
|
|
echo ""
|
|
date
|
|
echo "Converting temp.xml to output SQL file"
|
|
|
|
evtx2sql-convert2sql.php -in $TEMPFILE | grep INSERT > $TEMPSQL
|
|
|
|
rm -f $TEMPFILE
|
|
|
|
date
|
|
echo ""
|
|
echo "Importing Data into SQL Database"
|
|
echo "
|
|
|
|
CREATE TABLE IF NOT EXISTS tbl_EventMeta (
|
|
eventrecordid INT,
|
|
time DATETIME(6) NOT NULL,
|
|
eventid INT NULL,
|
|
task INT NULL,
|
|
level INT NULL,
|
|
keywords VARCHAR(32),
|
|
computer VARCHAR(64) DEFAULT NULL,
|
|
server VARCHAR(64) DEFAULT NULL,
|
|
username VARCHAR(64) DEFAULT NULL,
|
|
domainname VARCHAR(64) DEFAULT NULL,
|
|
servicename VARCHAR(64) DEFAULT NULL,
|
|
data VARCHAR(64) DEFAULT NULL,
|
|
status VARCHAR(16)
|
|
);
|
|
" | mysql $SQLDB
|
|
mysql $SQLDB < $TEMPSQL
|
|
|
|
rm -f $TEMPSQL
|
|
|
|
date
|
|
echo "Finished"
|
|
|
|
|