Monday, April 15, 2013

Graphing Event Logs: Muxing Powershell and R Programming


# Powershell 3.0 using .NET access to event logs
function WinEvent($EventLogName,$EL_Limit){
mkdir -ea 0 C:\RProgramming
sl -ea 0 C:\RProgramming
$computername=(gwmi -class Win32_NetworkAdapterConfiguration | % {if ($_.IPAddress -ne $null) {$input}}).PSComputerName
$a=[System.Diagnostics.EventLog]
$b=$a::GetEventLogs($computername)
$b
$b | export-csv -NoTypeInformation C:\RProgramming\EventLogs.csv
$N=((($b.Log) | sls $EventLogName).LineNumber)[0] - 1
$EventLog=$b[$N].get_Entries()[0..($b[$N].entries.count -1)]
if ($EL_Limit -eq "max") {$EL_Limit = $b[$N].entries.count -1}
$EL_fields=$Eventlog[0..$EL_Limit] | Select EventID,Index,CategoryNumber,EntryType,Source,InstanceID,TimeGenerated,TimeWritten,UserName
$EL_fields | export-csv -NoTypeInformation EventLogFile.csv
$EL_fields | group -noelement -property EventID | 
Select @{Name="EventID"; Expression ={[INT]$_.Name}}, Count | sort EventID | ft -auto
}


#WinEvent.R
setwd("C:/RProgramming")
EventLog <- read.csv("EventLogFile.csv")
EventIDs <- sort(unique(EventLog$EventID))
EventID <- (subset(EventLog,EventID !="",select=EventID))
EVT_DF <- data.frame(table(EventID))
# EVT_DF$EventID <- as.numeric(EVT_DF$EventID)
EVT_DF



#base graphics package
plot(EVT_DF,xlab="EventIDs",ylab="Number of Events",type="p")
barplot(EVT_DF$Freq,names=EventIDs,main="EventLog Counts",xlab="EventIDs",ylab="Number of Events")

# uses lattice graphics package
library(lattice)
xyplot(Freq ~ EventID, data=EVT_DF,xlab="EventIDs",ylab="Number of Events",type="p")
barchart(EventID ~ Freq,data=EVT_DF,xlab="Number of Events",ylab="EventIDs",type="s")


Some R output:


   EventID Freq
1        1  189
2        2    4
3        6   12
4       12    4
5       13    3
6       17    2
7       18   12
8       19   42
9       22    3
10      26   19
11      27    3
12      33    5
13      35    4
14      37    4
15      42   88
16      89    4
17     105    1
18     109    3
19     133    1
20     201    4
21     206    4
22     245    1
23    1000   11
24    1001   11
25    1013   10
26    1014   64
27    1074    3
28    1116    1
29    1117    1
30    2000   63
31    2001    2
32    2002    2
33    4000    5
34    4001    2
35    5007    2
36    6005    4
37    6006    3
38    6008    1
39    6009    4
40    6013   35
41    7001    4
42    7002    3
43    7011   26
44    7023    3
45    7030    1
46    7031    2
47    7034    4
48    7036 2948
49    7040  140
50    7042   96
51    7043    1
52    7045    6
53    8033   61
54   10001    4
55   10002    2
56   10010    2
57   20001    9
58   20003   16
59   20010   10
60   50036    4
61   50037    3
62   51046    4
63   51047    3




No comments:

Post a Comment