API tools faq
paste
Advertisement
Sweetening

Windows Real Time Network Logging

Sweetening
Sep 23rd, 2024
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.79 KB | None | 0 0
raw download clone embed print report
  1. # Define the output file and temporary log file for monitoring
  2. $logFile = "C:\NetworkLogs\active_network_logs.txt"
  3. $tempLogFile = "C:\NetworkLogs\temp_network_logs.txt"
  4.  
  5. # Create a directory for the log file if it doesn't exist
  6. if (!(Test-Path "C:\NetworkLogs")) {
  7. New-Item -Path "C:\NetworkLogs" -ItemType Directory
  8. }
  9.  
  10. # Start logging
  11. $header = "===== Active Network Logs Dump - $(Get-Date) ====="
  12. $header | Out-File $logFile
  13. Write-Host $header
  14.  
  15. # 1. Dump all active incoming and outgoing TCP/UDP connections using netstat
  16. $netstatHeader = "--- Active Incoming and Outgoing Network Connections (NetStat) ---"
  17. $netstatHeader | Out-File $logFile -Append
  18. Write-Host $netstatHeader
  19. netstat -an | Tee-Object -FilePath $logFile -Append
  20.  
  21. # 2. Log active TCP/UDP connections using Get-NetTCPConnection
  22. $tcpHeader = "--- Detailed Active TCP/UDP Connections (PowerShell Cmdlet) ---"
  23. $tcpHeader | Out-File $logFile -Append
  24. Write-Host $tcpHeader
  25. Get-NetTCPConnection | Format-List | Tee-Object -FilePath $logFile -Append
  26.  
  27. # 3. Capture real-time connection events using Windows Firewall event logs
  28. $firewallHeader = "--- Real-Time Connection Events from Firewall Logs ---"
  29. $firewallHeader | Out-File $logFile -Append
  30. Write-Host $firewallHeader
  31. $firewallLogs = Get-WinEvent -LogName "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" -MaxEvents 100
  32. $firewallLogs | Format-List | Tee-Object -FilePath $logFile -Append
  33.  
  34. # 4. Log any blocked/allowed incoming/outgoing connections from firewall (audit entries)
  35. $firewallAuditHeader = "--- Windows Firewall: Blocked/Allowed Network Events ---"
  36. $firewallAuditHeader | Out-File $logFile -Append
  37. Write-Host $firewallAuditHeader
  38. Get-WinEvent -LogName "Security" -FilterXPath "*[System[(EventID=5156 or EventID=5157)]]" | Format-List | Tee-Object -FilePath $logFile -Append
  39.  
  40. # 5. Monitor IP addresses, ports, and status of active connections using netstat periodically
  41. function Monitor-NetworkTraffic {
  42. while ($true) {
  43. $monitorHeader = "===== Monitoring Active Connections at $(Get-Date) ====="
  44. $monitorHeader | Out-File $tempLogFile
  45. Write-Host $monitorHeader
  46. netstat -an | Tee-Object -FilePath $tempLogFile -Append
  47.  
  48. # Append temp log to the main log file
  49. Get-Content $tempLogFile | Out-File $logFile -Append
  50.  
  51. # Print the contents of the temp log to the console
  52. Get-Content $tempLogFile | Write-Host
  53.  
  54. Start-Sleep -Seconds 30 # Monitor every 30 seconds
  55. }
  56. }
  57.  
  58. # Start real-time monitoring of network traffic
  59. Start-Job -ScriptBlock { Monitor-NetworkTraffic }
  60.  
  61. # Final log message
  62. $endMessage = "===== End of Initial Network Logs Dump ====="
  63. $endMessage | Out-File $logFile -Append
  64. Write-Host $endMessage
  65.  
  66. # Open the log file
  67. Invoke-Item $logFile
  68.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!