mirror of
https://github.com/helpsystems/EFTScriptSamples.git
synced 2024-10-19 17:47:05 -05:00
102 lines
3.6 KiB
PowerShell
102 lines
3.6 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
Data collection using tools such Procmon, Procdump and Wireshark
|
|
|
|
.DESCRIPTION
|
|
This script enables an admnistrator to collect data on their server at times when they are unable to observe the issue live.
|
|
|
|
.DISCLAIMER
|
|
This script is provided without warranty. Globalscape/Helpsystems does not assume any liability for unintended functionality as a result of this script.
|
|
.VERSION
|
|
1.0
|
|
1.1 Added wireshark portable and set procmon to close itself. Also removed /nofilter in procmon.
|
|
.AUTHOR
|
|
Jonathan Branan jbranan@globalscape.com jonathan.branan@helpsystems.com
|
|
#>
|
|
|
|
#------------------------------------------------------------
|
|
# Main Variables
|
|
#------------------------------------------------------------
|
|
$working_drive = 'c:'
|
|
$working_directory = 'C:\Users\jbranan\Desktop\scripts\stake_out'
|
|
$total_time = 20
|
|
|
|
#------------------------------------------------------------
|
|
# Procmon related variables
|
|
#------------------------------------------------------------
|
|
$procmon_filename = 'log.pml'
|
|
|
|
#------------------------------------------------------------
|
|
# Wireshark related variables
|
|
#------------------------------------------------------------
|
|
$wireshark_filename = 'capture.pcapng'
|
|
$wireshark_drive = 'c:'
|
|
$wireshark_location = 'C:\Users\jbranan\Desktop\scripts\stake_out\WiresharkPortable'
|
|
$wireshark_filter = 'host 192.168.102.10'
|
|
$total_wireshark_time = $total_time + 15
|
|
|
|
#------------------------------------------------------------
|
|
# Procdump related variables
|
|
#------------------------------------------------------------
|
|
$take_service_dumps = $false
|
|
$take_gui_dumps = $false
|
|
$number_of_dumps = 3
|
|
$total_procdump_time = 60
|
|
$total_procdump_time_close = $total_procdump_time + 15
|
|
|
|
#------------------------------------------------------------
|
|
# Procmon blocks
|
|
#------------------------------------------------------------
|
|
Start-Job -Name procmon -ScriptBlock {
|
|
$using:working_drive
|
|
cd $using:working_directory"\procmon"
|
|
./procmon.exe /accepteula /Quiet /BackingFile $using:working_directory"\dumps\"$using:procmon_filename /Minimized /Runtime $using:total_time
|
|
}
|
|
|
|
#Start-Job -Name kill-procmon -ScriptBlock {
|
|
#sleep -Seconds $using:total_time
|
|
#
|
|
#taskkill /IM "Procmon64.exe" /F
|
|
#Stop-Job -Name procmon
|
|
#exit
|
|
#}
|
|
|
|
#------------------------------------------------------------
|
|
# Wireshark blocks
|
|
#------------------------------------------------------------
|
|
Start-Job -Name wireshark -ScriptBlock {
|
|
$using:wireshark_drive
|
|
cd $using:wireshark_location
|
|
./WiresharkPortable -k -i Ethernet0 -f "$using:wireshark_filter" -a duration:$using:total_time -w $using:working_directory"\dumps\"$using:wireshark_filename
|
|
}
|
|
|
|
Start-Job -Name kill-wireshark -ScriptBlock {
|
|
sleep -Seconds $using:total_wireshark_time
|
|
taskkill /IM "Wireshark.exe" /F
|
|
Stop-Job -Name wireshark
|
|
exit
|
|
}
|
|
|
|
#------------------------------------------------------------
|
|
# Procdump blocks
|
|
#------------------------------------------------------------
|
|
#
|
|
if ($take_service_dumps) {
|
|
Start-Job -Name procdump_EFT_service -ScriptBlock {
|
|
$using:working_drive
|
|
cd $using:working_directory"\procdump"
|
|
./procdump.exe -n $using:number_of_dumps -s $using:total_procdump_time -ma cftpstes.exe $using:working_directory"\dumps" -accepteula
|
|
timeout /T $using:total_procdump_time_close
|
|
exit
|
|
}
|
|
}
|
|
|
|
if ($take_gui_dumps) {
|
|
Start-Job -Name procdump_gui_service -ScriptBlock {
|
|
$using:working_drive
|
|
cd $using:working_directory"\procdump"
|
|
./procdump.exe -n $using:number_of_dumps -s $using:total_procdump_time -ma cftpsai.exe $using:working_directory"\dumps" -accepteula
|
|
timeout /T $using:total_procdump_time_close
|
|
exit
|
|
}
|
|
} |