May 2020
Intermediate to advanced
255 pages
4h 34m
Chinese
Content preview from bash 网络安全运维
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
106
|
第
8
章
8.2 监控 Windows 日志
如前所述,你需要使用 wevtutil 命令来访问 Windows 事件。尽管该命令是通用的,
但它没有类似 tail 的功能,tail 可以在新条目出现时提取它们。幸运的是,一个简
单的 bash 脚本可以提供类似的功能,见例 8-2。
例 8-2:
wintail.sh
#!/bin/bash -
#
# Cybersecurity Ops with bash
# wintail.sh
#
# Description:
# Perform a tail-like function on a Windows log
#
# Usage: ./wintail.sh
#
WINLOG="Application"
❶
LASTLOG=$(wevtutil qe "$WINLOG" //c:1 //rd:true //f:text)
❷
while true
do
CURRENTLOG=$(wevtutil qe "$WINLOG" //c:1 //rd:true //f:text)
❸
if [[ "$CURRENTLOG" != "$LASTLOG" ]]
then
echo "$CURRENTLOG"
echo "----------------------------------"
LASTLOG="$CURRENTLOG"
fi
done
❶
此变量标识要
监控
的 Windows 日志。你可以使用 wevtutil el 获取系统上当前
可用的日志列表。
❷
这将执行 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.