-
Notifications
You must be signed in to change notification settings - Fork 0
/
CEFSyslogEncoded.ps1
62 lines (50 loc) · 3.13 KB
/
CEFSyslogEncoded.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Function CEFSyslogSender ()
{
Param
(
[String]$Destination = $(throw "ERROR: SYSLOG Host Required..."),
[Int32]$Port = 514
)
Try{
$Con = Test-Connection -ComputerName $Destination -Count 1
If($con.IPV4Address){
$Destination = $con.IPV4Address.IPAddressToString
}
Else{
$Destination = $con.Address
}
}
Catch{
"ERROR: SYSLOG Host Required..."
}
$ObjSyslogSender = New-Object PsObject
$ObjSyslogSender.PsObject.TypeNames.Insert(0, "SyslogSender")
$ObjSyslogSender | Add-Member -MemberType NoteProperty -Name UDPClient -Value $(New-Object System.Net.Sockets.UdpClient)
$ObjSyslogSender.UDPClient.Connect($Destination, $Port)
$ObjSyslogSender | Add-Member -MemberType ScriptMethod -Name Send -Value {
Param
(
[String]$CEFVendor = "Generic Vendor",
[String]$CEFProduct = "Generic Product",
[String]$CEFVersion = "1.2.3.4",
[String]$CEFDvcID = "Device Event ID",
[String]$CEFName = "Generic Event Name",
[String]$CEFSeverity = "1",
[String]$Data = $(throw "Error SyslogSender: No data to send!")
)
[String]$CEFHeader = "CEF:0"
[String]$Timestamp = $(get-date -UFormat %b" "%d" "%T)
[String]$Source = "CEF Syslog Sender"
[String]$Hostname = $env:COMPUTERNAME
$PRI = 8
$Message = "<$PRI>$Timestamp : $CEFHeader|$CEFVendor|$CEFProduct|$CEFVersion|$CEFDvcID|$CEFName|$CEFSeverity|$Data"
$Message = $([System.Text.Encoding]::ASCII).GetBytes($message)
if ($Message.Length -gt 1024)
{
$Message = $Message.Substring(0, 1024)
}
$this.UDPClient.Send($Message, $Message.Length) | Out-Null
}
$ObjSyslogSender
}