-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlog-collector.ps1
More file actions
133 lines (101 loc) · 3.37 KB
/
Copy pathlog-collector.ps1
File metadata and controls
133 lines (101 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<#
.SYNOPSIS
Unified Log Collector (Sanitized)
.DESCRIPTION
Collects system, network, application, and device‑specific logs into a
single export folder for troubleshooting and escalation.
Supports Windows and macOS (PowerShell 7+).
.RELATED DOCUMENTATION
/docs/troubleshooting-guide.md
/docs/runbook.md
/docs/deployment-overview.md
.NOTES
- Sanitized for portfolio use.
- No internal UPS paths or tooling included.
- Uses only OS‑native log sources.
#>
param(
[Parameter(Mandatory = $false)]
[string]$OutputPath = "$env:TEMP\FixWareLogs",
[Parameter(Mandatory = $false)]
[switch]$IncludeNetwork
)
# -----------------------------
# Utility Functions
# -----------------------------
function Write-Section {
param([string]$Title)
Write-Host "`n==== $Title ====" -ForegroundColor Cyan
}
function Ensure-Directory {
param([string]$Path)
if (-not (Test-Path $Path)) {
New-Item -ItemType Directory -Path $Path | Out-Null
}
}
# -----------------------------
# Begin Log Collection
# -----------------------------
Write-Section "FixWare Log Collector"
Write-Host "Output Path: $OutputPath"
Write-Host "Timestamp : $(Get-Date)"
Ensure-Directory -Path $OutputPath
# -----------------------------
# OS Detection
# -----------------------------
$IsWindows = $PSVersionTable.OS -match "Windows"
$IsMac = $PSVersionTable.OS -match "Darwin"
Write-Section "Detected OS"
if ($IsWindows) {
Write-Host "Windows detected." -ForegroundColor Green
} elseif ($IsMac) {
Write-Host "macOS detected." -ForegroundColor Green
} else {
Write-Host "Unsupported OS." -ForegroundColor Red
exit
}
# -----------------------------
# Windows Log Collection
# -----------------------------
if ($IsWindows) {
Write-Section "Collecting Windows Logs"
# System Event Logs
wevtutil epl System "$OutputPath\system.evtx"
wevtutil epl Application "$OutputPath\application.evtx"
# Network Diagnostics (optional)
if ($IncludeNetwork) {
Write-Host "Collecting network diagnostics..."
ipconfig /all > "$OutputPath\network.txt"
netsh wlan show interfaces >> "$OutputPath\network.txt"
}
# Installed Apps
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
Select-Object DisplayName, DisplayVersion |
Out-File "$OutputPath\installed-apps.txt"
# Running Services
Get-Service | Out-File "$OutputPath\services.txt"
}
# -----------------------------
# macOS Log Collection
# -----------------------------
if ($IsMac) {
Write-Section "Collecting macOS Logs"
# System Log
log show --style syslog --last 1d > "$OutputPath\system.log"
# Wi‑Fi Diagnostics (optional)
if ($IncludeNetwork) {
Write-Host "Collecting Wi‑Fi diagnostics..."
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I \
> "$OutputPath\wifi.txt"
}
# Installed Apps
system_profiler SPApplicationsDataType > "$OutputPath\installed-apps.txt"
# Running Processes
ps aux > "$OutputPath\processes.txt"
}
# -----------------------------
# Final Output
# -----------------------------
Write-Section "Log Collection Complete"
Write-Host "Logs saved to: $OutputPath"
Write-Host "Package ready for troubleshooting or escalation."