Skip to content

`ExternalIpAnalyzer.ps1` is a PowerShell script that processes ETL (Event Trace Log) files generated by Windows Delivery Optimization to extract external IP addresses and output them into a CSV file.

License

Notifications You must be signed in to change notification settings

N4rr34n6/ExternalIpAddressAnalyzer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 

Repository files navigation

ExternalIpAnalyzer.ps1

ExternalIpAnalyzer.ps1 is a PowerShell script that processes ETL (Event Trace Log) files generated by Windows Delivery Optimization to extract external IP addresses and output them into a CSV file. This tool is particularly useful for network administrators and cybersecurity professionals who need to monitor and analyze external IP connections on Windows systems.

Unique Selling Points

  • Automated ETL Processing: The script automates the conversion of ETL files to XML format, streamlining the analysis of network logs without manual intervention.

  • Efficient Data Extraction: It effectively extracts external IP addresses from structured XML files, ensuring accurate and consistent data output.

  • Comprehensive Reporting: The script generates a summary of all extracted IP addresses, including the count of occurrences, providing valuable insights into network traffic.

  • Customizable Output Options: Users can easily configure output directories and file names, enhancing flexibility for different environments and preferences.

Key Features

  • ETL to XML Conversion: Converts ETL log files to XML format using the tracerpt.exe utility, enabling easier data manipulation and extraction.
  • IP Address Extraction: Extracts external IP addresses from the converted XML files, focusing on the relevant event data.
  • CSV Export: Outputs the extracted IP addresses along with their timestamps into a CSV file for further analysis.
  • Summary Reporting: Provides a summary of IP addresses found, detailing how many times each address appears in the logs.

Installation

To use ExternalIpAnalyzer.ps1, you will need a Windows operating system with PowerShell. Ensure you have administrative privileges to access the required log files.

  1. Download the script ExternalIpAnalyzer.ps1.
  2. Open PowerShell with administrative privileges.
  3. Navigate to the location of the script.
  4. Execute the script with the following command:
    .\ExternalIpAnalyzer.ps1 -xmlOutputDir "LogsXML" -csvPath "IP_Addresses.csv"

Prerequisites

  • Windows operating system with PowerShell.
  • Access to the Delivery Optimization ETL log directory: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs.
  • tracerpt.exe must be available, which is typically included with Windows.

Usage

Upon execution, the script performs the following actions:

  1. Creates an XML output directory if it does not exist.
  2. Converts all relevant ETL files to XML format and stores them in the specified directory.
  3. Extracts external IP addresses from the XML files and logs their timestamps.
  4. Exports the collected data into IP_Addresses.csv.
  5. Displays a summary of the found IP addresses and their occurrence counts in the console.
  6. Cleans up by removing temporary XML files after processing.

Additional Configuration

Users can customize the output directory for XML files and the name of the resulting CSV file by modifying the script parameters:

  • -xmlOutputDir: Specify the directory for XML output.
  • -csvPath: Define the desired path and name for the CSV file.

Technical Details

The script utilizes the following processes:

  1. ETL File Handling: Accesses ETL files from the specified log directory, ensuring they are processed in an efficient manner.
  2. XML Data Processing: Employs XML parsing techniques to navigate and extract relevant IP address information from structured log data.
  3. Summary Calculation: Groups and counts occurrences of each IP address, providing valuable insight into network activity.

License

This script is provided under the GNU Affero General Public License v3.0. You can find the full license text in the LICENSE file.

About

`ExternalIpAnalyzer.ps1` is a PowerShell script that processes ETL (Event Trace Log) files generated by Windows Delivery Optimization to extract external IP addresses and output them into a CSV file.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published