internal static void Start_EVTX_Process() { try { Read_EventLog EvntLogSearch = new Read_EventLog(); PARSE_Commandline_Input(EvntLogSearch); Search_EventLog search_Obj = new Search_EventLog(EvntLogSearch.EVTX_File_Logs); Settings.SWELF_Events_Of_Interest_Matching_EventLogs = search_Obj.Search(Settings.CMDLine_EVTX_File); if (Settings.output_csv) { File_Operation.Write_Ouput_CSV(Settings.CMDLine_Output_CSV, Settings.SWELF_Events_Of_Interest_Matching_EventLogs); } else { Start_Write_To_SWELF_EventLogs(); } if (Settings.CMDLine_Dissolve) { Settings.Dissolve(); } Error_Operation.WRITE_Stored_Errors(); } catch (Exception e) { Settings.Stop(Settings.SWELF_CRIT_ERROR_EXIT_CODE, "Start_EVTX_Process() ", e.Message.ToString(), e.StackTrace.ToString()); } }
internal static void Start_Output_Post_Run() { if (Settings.SWELF_Events_Of_Interest_Matching_EventLogs.Count > 0) { try { if (Settings.output_csv && Program_Start_Args.Count >= 3 && (Settings.Log_Forwarders_HostNames.Count < 1)) { File_Operation.Write_Ouput_CSV(Settings.CMDLine_Output_CSV, Settings.SWELF_Events_Of_Interest_Matching_EventLogs); } else { Log_Network_Forwarder.SEND_Logs(Settings.SWELF_Events_Of_Interest_Matching_EventLogs); } } catch (Exception e) { Error_Operation.Log_Error("Start_Output_Post_Run() Network_Forwarder.SEND_Logs() File_Operation.Write_Ouput_CSV()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } if (Settings.Logs_Sent_to_ALL_Collectors) { Start_Write_To_SWELF_EventLogs(); } Sec_Checks.Post_Run_Sec_Checks(); } Settings.UPDATE_EventLog_w_PlaceKeeper_File(); }